This problem also happens with CISCO routers (ie. not only PIX firewalls).
We had a similar problem with a CISCO 837 ADSL Router here. The firewall
checks "normal" behaviour for SMTP traffic & seems to interfere with ESMTP &
hence TLS etc.
Procedure to resolve it on the router is the same command.
Regards,
Olivier
--
Olivier MJ Crepin-Leblond, Ph.D.
E-mail:<[EMAIL PROTECTED]> | http://www.gih.com/ocl.html
----- Original Message -----
From: "Diego Ledesma" <[EMAIL PROTECTED]>
To: "Алексей Доморадов" <[EMAIL PROTECTED]>
Cc: <postfix-users@postfix.org>
Sent: Friday, September 12, 2008 8:51 PM
Subject: Re: Re[2]: Issues enabling SASL in Postfix
2008/9/12 Алексей Доморадов <[EMAIL PROTECTED]>:
Finally it's working!.
You where right. There was something interfering.
Turns out that our cisco firewall had some smtp fix-up feature
enabled. After disabling it i could telnet smtp from the outside as i
did from the inside.
cisco pix?
FYI
Question Background:
I have a Cisco PIX firewall in place. I am trying to force SMTP
authentication so that remote users can relay through my server without
having to open my server up to true relay. The problem is, no one outside
my firewall can use SMTPAuth. Why is this?
Answer:
This likely because your firewall is using the SMTP Fixup protocol. This
is stopping the EHLO command sent by the clients being passed on to the
server. As the EHLO command is rejected the clients then correctly go on
to use HELO and thus can not authenticate.
Disable fixup on your router and the clients will then be able to send
the EHLO Command correctly.
If your firewall is a Cisco PIX then you should be able to use the
command:
no fixup protocol smtp 25
Thanks for that. Yes, it´s a Cisco PIX 501 firewall and yes, the ehlo
command was not working from the outside only helo thus i couldn´t
authenticate.
I still don´t know what is the purpose of this fixup thing, segurity
messure i guess but not sure. Anyways, that´s off-topic.
Thanks.
