Fixup SMTP 25 ?

[rwieting]

We are trying to setup TLS encryption between our site and a clients. I've come to the realization that the Fixup SMTP 25 is causing problems between the two sites. If I set the Pix with the no fixup smtp 25 setting, what should I do to protect our Exchange server from malicious commands? Are there additional rules to add to the Pix to compensate for not having the fixup setting? Any guidance would be greatly appreciated.
Thanks.

 

[ChrisAC]

You should just follow Microsoft guidelines for configuring your mail server and ensure that it only accepts RPC complient SMTP commands. There's not a whole lot that you can do on the Pix to help with that. It's far more important that your mail server is correctly configured.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[rwieting]

Thanks for your help Chris. Could you suggest a few websites or articles to follow?
Thanks

 

[ChrisAC]

http://www.microsoft.com/exchange/default.mspx

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[dhenry]

It looks like PIX IOS 7.0 has support for esmtp (command: inspect esmtp) if that route is available to you. Since that is what Exchange uses, I would hope that it would be compatible, unless Cisco or Microsoft does something nonstandard.

I have not seen anything from Microsoft or Cisco that says one way or the other.