{"id":53,"date":"2006-09-05T14:43:12","date_gmt":"2006-09-05T13:43:12","guid":{"rendered":"http:\/\/blogs.igalia.com\/eocanha\/?p=53"},"modified":"2015-11-08T00:21:12","modified_gmt":"2015-11-07T23:21:12","slug":"smtp-and-cisco-pix-firewall","status":"publish","type":"post","link":"https:\/\/eocanha.org\/blog\/2006\/09\/05\/smtp-and-cisco-pix-firewall\/","title":{"rendered":"SMTP and Cisco PIX firewall"},"content":{"rendered":"<p>Some months ago, I configured a complete mail gateway and other services for a client. As for almost every deployment, there were things that had to be investigated and one always learn something new.<\/p>\n<p>One of the most surprising &#8220;curiosities&#8221; I found was about SMTP. When I telneted the SMTP gateway at port 25 from inside the intranet or localhost, the usual welcome message was displayed. But when  I did the same from the internet, I received this weird welcome string:<\/p>\n<p><tt>220 **************************************<\/tt><\/p>\n<p>And when I tried to issue an ESMTP command (like EHLO), the server said that it wasn&#8217;t supported. What the hell??!! It can&#8217;t be! Someone or something is changing my packets!<\/p>\n<p>After doing some searching at Google, I <a href=\"http:\/\/www.debian-administration.org\/articles\/382\">discovered who was the little guilty<\/a>: a Cisco PIX firewall configured with the &#8220;fixup protocol smtp 25&#8221; option turned on. That was preventing internet users from authenticating and using TLS.<\/p>\n<p>Thank you <a href=\"http:\/\/www.debian-administration.org\">debian-administration.org<\/a> guys!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some months ago, I configured a complete mail gateway and other services for a client. As for almost every deployment, there were things that had to be investigated and one always learn something new. One of the most surprising &#8220;curiosities&#8221; I found was about SMTP. When I telneted the SMTP gateway at port 25 from &hellip; <a href=\"https:\/\/eocanha.org\/blog\/2006\/09\/05\/smtp-and-cisco-pix-firewall\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SMTP and Cisco PIX firewall<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/posts\/53"}],"collection":[{"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/comments?post=53"}],"version-history":[{"count":1,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/posts\/53\/revisions"}],"predecessor-version":[{"id":446,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/posts\/53\/revisions\/446"}],"wp:attachment":[{"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/media?parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/categories?post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/tags?post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}