Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Argosoft mail and Cisco Pix 506e

Status
Not open for further replies.
Bizounett

Bizounett

IS-IT--Management
Nov 25, 2008
62
CA
Hi everyone,

I Have a mail server (Argosoft mail). I have 3 domains on it. I had a LinkSys Wrt54G, all was working fine. But the LinkSys is not stable as a Pix 506e. Then I decide to install a Pix506e with the same open port. I can receive E-Mail without problem, but when I try to send I get this error :

SMTP server response: 551 User not local. We don't relay

If I send an E-Mail from the web interface it's working. It seems to be between the client and the server. I try to figure out what port I forgot to open because with the LinkSys it was working fine.

Anyone have an idea ?

Thanks
 
Sort by date Sort by votes
Can you post a full scrubbed config of the 506??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Here it is.

: Saved
: Written by enable_15 at 13:14:11.548 EDT Tue Jan 6 2009
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password encrypted
passwd encrypted
hostname PixZone
domain-name lzi.ca
clock timezone EDT -5
clock summer-time EDT recurring 2 Sun Mar 3:00 1 Sun Nov 1:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name x.x.x.50 Serveur
access-list 100 permit tcp any any eq 5959
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq pop3
access-list 100 permit tcp any any eq finger
access-list 100 permit tcp any any eq 8075
access-list 100 permit udp any any eq 25
access-list 100 permit udp any any eq 110
access-list 100 permit tcp any any eq 8081
access-list 100 permit tcp any any eq https
access-list 100 permit udp any any eq 443
access-list 100 permit tcp any any eq 8181
access-list 100 permit icmp any interface outside
access-list 100 deny ip any any
pager lines 24
icmp deny any echo outside
icmp permit any unreachable outside
mtu outside 1500
mtu inside 1500
ip address outside y.y.y.180 255.255.255.192
ip address inside x.x.x.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location Serveur 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 5959 Serveur 5959 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface ftp Serveur ftp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp Serveur smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 Serveur pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 255.255.255.255 0 0
static (inside,outside) tcp interface 8075 Serveur 8075 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8081 Serveur 8081 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8181 Serveur 8181 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https Serveur https netmask 255.255.255.255 0 0
static (inside,outside) udp interface 443 Serveur 443 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 110 Serveur 110 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 25 Serveur 25 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface finger Serveur finger netmask 255.255.255.255 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 y.y.y.129 1
route outside y.y.y.0 255.255.255.192 y.y.y.180 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http x.x.x.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet x.x.x.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
management-access inside
console timeout 0
dhcpd address x.x.x.155-x.x.x.205 inside
dhcpd dns y.y.y.9 y.y.y.8
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80

The E-Mail server are on x.x.x.50.

Thanks
 
Upvote 0 Downvote
your config looks fine. Have you checked the relaying options on the mail server??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
The checked box allow relay is enabled. My SMTP authentication is enabled and it use the POP3 user name and password to authenticate.

If I put back my LinkSys it's work perfect without any change in my mail server. Then I guess it's a Pix's problem.

Thanks
 
Upvote 0 Downvote
UPDATE

If I remove the SMTP authentication it's work. Seems to be a problem between the client and the server. It is the PIX !

Let me know if you have any idea.

Thanks
 
Upvote 0 Downvote
try removing smtp inspection:
Code: 
no fixup protocol smtp 25

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Yes, it's work. Thanks a lot. But what it is doing exactly this command :

fixup protocol smtp 25

I want to understand ?

Thanks again for your quick help on that issue.

Bizz
 
Upvote 0 Downvote
it is inspecting the SMTP traffic and allows only a few of the SMTP commands to be used. It's main purpose is to minimize the number of attack vectors hackers/spammers can use against you. While it is a great feature to have, as you can see, sometimes it causes more problems than it solves.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
681
Sameer258
Sameer258
MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
494
MottoK
MottoK
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
588
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
641
intel233
intel233
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
314
AllenH12
AllenH12

Part and Inventory Search

Sponsor

Back
Top