On Mon, 12 Sep 2005, Lars Hansson wrote:
On Sun, 11 Sep 2005 15:48:12 -0500
Justin Krejci <[EMAIL PROTECTED]> wrote:
If anyone has any know how on tweaking Cisco's smtp fixup protocol, that would
be great.
I don't know of *anyone* with an even remotely serious mail system that has
been able to use Cisco's "fixup" features for anything. Perhaps it should be
called "breakdown" instead.
Just leave it off and take Jason's advice to use PF for connection limiting.
Yes please! Lars is right.
"no fixup protocol smtp 25" from a config prompt on the PIX.
Cisco implemented their SMTP proxy less than poorly. I waste a great
deal of time dealing with mail admins or their firewall admins that have
it enabled and break when we try to mail them.
Additionally, they are known to do really retarded things like sending RST
to mailhosts during sessions that they INITIATED, for no good reason.
Seeing things in tcpdumps like "MAIL FROM: <[EMAIL PROTECTED]>" then "RST" with
no QUIT tend to raise blood pressures.
Do the Internet a favor and shut that feature off.
*tongue-in-cheek* Or better yet, replace the PIX with a PF implementation.
*grin* (Yes, I know this is not always possible.)
--
Signing off,
Joseph C. Bender
<[EMAIL PROTECTED]>
"Does the government fear us? Or do we fear the government? When the
people fear the government, tyranny has found victory. The federal
government is our servant, not our master." ---Thomas Jefferson
