Difference between revisions of "SMTP Fixup Issue"

From Roaring Penguin
Jump to: navigation, search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
This is also referred to as SMTP Inspection and is a feature on Cisco firewalls. Unfortunately it cause often hard to diagnose blocking of email passing through the firewall and is considered a useless anti-spam feature by most.  
+
This may also be referred to as SMTP Inspection and is a feature on Cisco firewalls. Unfortunately it causes what are often hard to diagnose intermittent blocking of email passing through the firewall and is considered a useless anti-spam feature by most. The following article contains more detail:
  
  root@colo4(~)# telnet server.at.some.domain 25
+
https://blogs.it.ox.ac.uk/networks/2009/11/26/cisco-firewall-smtp-fixup-considered-harmful/
  Trying 1.2.3.4...
 
  Connected to server.at.some.domain.
 
  Escape character is '^]'.
 
  220 *************************************************************************************************
 
  
 +
To determine if this feature is in the mail delivery path for your mail server go to an external computer and open a terminal window. Then telnet to your mail server on port 25 as shown below:
 +
 +
root@colo4(~)# telnet server.at.some.domain 25
 +
Trying 1.2.3.4...
 +
Connected to server.at.some.domain.
 +
Escape character is '^]'.
 +
220 *************************************************************************************************
 +
 +
The long line of "*" is the indicator of the feature being in place. We strongly recommend that the feature be disabled on the firewall.
  
 
<div style="float:right; clear:both; margin-right:0.5em">[[Support Wiki | [Home]]]</div>
 
<div style="float:right; clear:both; margin-right:0.5em">[[Support Wiki | [Home]]]</div>
 
[[category:All]][[category:Errors]][[category:Configuration]]
 
[[category:All]][[category:Errors]][[category:Configuration]]

Latest revision as of 13:23, 15 March 2016

This may also be referred to as SMTP Inspection and is a feature on Cisco firewalls. Unfortunately it causes what are often hard to diagnose intermittent blocking of email passing through the firewall and is considered a useless anti-spam feature by most. The following article contains more detail:

https://blogs.it.ox.ac.uk/networks/2009/11/26/cisco-firewall-smtp-fixup-considered-harmful/

To determine if this feature is in the mail delivery path for your mail server go to an external computer and open a terminal window. Then telnet to your mail server on port 25 as shown below:

root@colo4(~)# telnet server.at.some.domain 25
Trying 1.2.3.4...
Connected to server.at.some.domain.
Escape character is '^]'.
220 *************************************************************************************************

The long line of "*" is the indicator of the feature being in place. We strongly recommend that the feature be disabled on the firewall.