Re: Connection Refused on Port 25

[Jeroen Geilman]

On 07/03/2010 11:38 PM, /dev/rob0 wrote:
On Sat, Jul 03, 2010 at 02:24:20PM -0700, Asai wrote:
   
Jeroen Geilman wrote:
     
On 07/03/2010 11:20 PM, Asai wrote:
       
Jeroen Geilman wrote:
         
On 07/03/2010 09:14 PM, Charles Marcus wrote:
           
On 2010-07-02 7:20 PM, Asai wrote:
             
OK.  Has anyone successfully been able to work around this
issue?
               
What issue? It seems that the original issue was misunderstood,
and/or misdiagnosed. You (Asai) have yet to post anything here with
which we can assist you.
http://www.postfix.org/DEBUG_README.html#mail

   
The only way is to have the admin for the CISCO PIX disable
the stupid smtp fixup garbage on the CISCO box.

As far as I know, there is NEVER any reason to have this
enabled on an internet facing box that receives mail from
'wherever'...
             
"fixup protocol smtp" on a Cisco PIX firewall does several
things:

1. it inspects every single SMTP packet it sees
           
How is this inspection a good thing?

   
2. it disallows all but the SMTP commands explicitly stated
in RFC [8|28|53]21
           
This is NOT a good thing. It breaks the features of ESMTP.
   

I'm not claiming it is a good thing.

   
and
3. it replaces the SMTP greeting banner with a generic one

It is obviously the latter you have an issue with :)

While I agree that it should never be enabled *by default*, it's
hardly stupid, predating modern anti-spam measures such as
policydaemons and DNSBLs by at least 10 years.
           
I'll admit that most/all of what I know about it is from reading here
and other forums, but I don't see any value in Cisco's SMTP "fixup".
   

The value was that $bigco could invest in Cisco firewalls and protect 
their mail servers from some abuse, assuming their mail admins were stupid.

You should know that the latter happens more often than we'd like :)

   
Thank you for your responses.
Is there anything I can do on my end?  As far as the SMTP
greeting banner?
         
Have you already established that this is, in fact, the issue ?

       
No, I am basing this assumption on your comment, "It is obviously
the latter you have an issue with :)"
     
I think you missed a bit of sarcasm. No, the banner is not causing
problems, it merely pointed out to us one of the potential problems
you're facing.
   

I think you also missed the fact that I wasn't responding to the OP, 
robb0 :)

J.