Re: Receiving 220 ********** on telnet to port 25

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

David Lozzi <dlozzi@xxxxxxxxxxxxx> wrote:
Excellent. Thank you. This worked great!

You're most welcome - glad it worked.



"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:O6NeeXY9HHA.600@xxxxxxxxxxxxxxxxxxxxxxx
David Lozzi <dlozzi@xxxxxxxxxxxxx> wrote:
Howdy,

I have an Exhange 2003 server behind a Cisco PIX-501 6.3 firewall. I
have SMTP port 25 traffic open from external to the Exchange server.
When I run the command "telnet mail.domain.com 25" I get the
following response
220
**********************************************************************0****0
**********************2*****200*********2**0*00

Yep - this is a known issue. Disable MailGuard on the Pix. See KB
295725for more info.



helo command doesn't work, only thing that does is quit. If I run
the same command at the console, "telnet 192.168.0.10 25" I get:

220 mail.domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790
.3959 ready at Wed, 12 Sep 2007 17:05:15 -0400

This is the response I should be seeing...

If I VPN in, using the Cisco client, and run the same command,
"telnet 192.168.0.10 25" i get the 220 ***** response as seen above.

Clients on the internal network running "telnet 192.168.0.10 25" see
the correct response 220 mail.domain.com and so on.


I'm not sure what to do with this. The biggest issue is that users
connecting via POP3 cannot send emails getting unable to relay
errors, and i'm guessing this is the issue. If I setup the same
exact POP3 account on the server using Outlook Express, I can send
emails fine, outside I cannot.
I read a KB article on MS site about turning off the SMTP command
filter in the PIX firewall. I cannot find this command anywhere.

See the KB article above or google for

pix mailguard disable exchange

You'll get a lot of hits.

Thanks!!

David Lozzi



.

Relevant Pages

  • Re: Exchange and Firewall
    ... Exchange will accept mail as long as the TCP connection and the SMTP ... > We are running Exchange 2000 on Windows 2000 advanced server. ... We had been> running a Netscreen 10 firewall to protect the network. ... Last week we got a> Cisco Pix 506E to replace the Netscreen 10. ...
    (microsoft.public.exchange.connectivity)
  • Exchange and Firewall
    ... We are running Exchange 2000 on Windows 2000 advanced server. ... Cisco Pix 506E to replace the Netscreen 10. ... The Cisco techs used telnet to get into the firewall and checked the config. ... 302015: Built outbound UDP connection 1544 for outside:209.116.241.10/53 ...
    (microsoft.public.exchange.connectivity)
  • Firewall Admin Needed!
    ... Position: CISCO FIREWALL ADMIN ... Installation and administration of the following firewall server ... and installation of the following VPN client technologies:(Symantec VPN ...
    (comp.security.firewalls)
  • ftp on different port than 21
    ... I have two FTP servers begind a firewall. ... forward traffic on prot 41279 to the second server. ... COMMAND:> USER root ... ERROR:> Socket error: Unknown socket error ...
    (comp.unix.sco.misc)
  • Re: Software Firewall
    ... All 65535 scanned ports on ghotto.phx.az.us are: ... There is no firewall on ghotto. ... not running a web server... ... Even windoze supposedly has that command, ...
    (comp.security.firewalls)