Re: Delivery to the following recipients has been delayed when behind firewall
- From: Ben Jitima <bjitima@xxxxxxxxx>
- Date: Fri, 4 Jan 2008 13:59:36 -0800 (PST)
Sorry about the tl;dr question. If anyone did read it and is
interested in the solution, the Cisco PIX was doing stateful
application inspection (fixup) on ESMTP. From what I understand, when
applied to outgoing e-mail, the inspection modifies the e-mails in
order to "protect" sensitive information. I also got this from the
Cisco website after figuring out that was the problem.
"The fixup protocol smtp command enables the Mail Guard feature. This
restricts mail servers to receiving the seven minimal commands defined
in RFC 821, section 4.5.1 (HELO, MAIL, RCPT, DATA, RSET, NOOP, and
QUIT). All other commands are rejected.
Microsoft Exchange server does not strictly comply with RFC 821
section 4.5.1, using extended SMTP commands such as EHLO. PIX Firewall
will convert any such commands into NOOP commands, which as specified
by the RFC, forces SMTP servers to fall back to using minimal SMTP
commands only. This may cause Microsoft Outlook clients and Exchange
servers to function unpredictably when their connection passes through
PIX Firewall."
So if you run an Exchange server, and you are using a Cisco PIX, do
NOT use the [fixup protocol smtp 25] or for 7.x in our case [policy-
map] \ [class] \ [inspect ESMTP] because it may make things act screwy.
.
- References:
- Prev by Date: Re: Why is nothing appearing in my Queue?
- Next by Date: Re: MS Exchange 2003 & Outlook 2000
- Previous by thread: Delivery to the following recipients has been delayed when behind firewall
- Next by thread: Re: MS Exchange 2003 & Outlook 2000
- Index(es):
Relevant Pages
|
