Internally I get the typical ESMTP response from the server. All e-mail is coming through fine. However the problem is that my e-mail is not supposed to be going directly to Exchange. We have a 3rd party solution to filter e-mail and it's not working. Routing on the server is setup properly to go to the spam server. I'm trying to figure out where this response is coming from.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Telneting to Port 25 gets me: 220***************0***0 - ???
- Thread starter tberte
- Start date
So your MX record publicly should point to a public IP that is your firewall that should then route through the firewall to your spam product but is currently hitting your Exchange server.
You are seeing an obfuscated response from the Exchange server which might mean you are using a Cisco Pix firewall with an SMTP fixup.
You are seeing an obfuscated response from the Exchange server which might mean you are using a Cisco Pix firewall with an SMTP fixup.
- Thread starter
- #3
I am definitely using a Cisco PIX. I have no access-lists setup on it. This is the exact setup I had before though. My static route is setup as follows:
static (inside,outside) tcp x.x.x.131 smtp 192.168.1.19 smtp netmask 255.255.255.255
What needs to change in the Fixup protocol? This is exactly how it was setup before. What am I missing?
static (inside,outside) tcp x.x.x.131 smtp 192.168.1.19 smtp netmask 255.255.255.255
What needs to change in the Fixup protocol? This is exactly how it was setup before. What am I missing?
Right at the top of the setup you'll have something about fixup SMTP 25 or similar. It is entirely fine to leave it in but that is the reason you see the 220.
If you want inbound email to hit your spam server (I assume it is internal), telnet on port 25 to the spam server and manually send an email. Confirm it gets delivered to your mailbox otherwise the spam to email link isn't working.
Don't carry on until that works...
Then on the Pix change the line you quoted from 192.168.1.19 to the internal IP of the spam server and test.
If the spam server is external then your ISP needs to change the MX record from your public IP .131 to the external / public IP of the spam server which in turn forwards clean emails to .131.
If you want inbound email to hit your spam server (I assume it is internal), telnet on port 25 to the spam server and manually send an email. Confirm it gets delivered to your mailbox otherwise the spam to email link isn't working.
Don't carry on until that works...
Then on the Pix change the line you quoted from 192.168.1.19 to the internal IP of the spam server and test.
If the spam server is external then your ISP needs to change the MX record from your public IP .131 to the external / public IP of the spam server which in turn forwards clean emails to .131.
- Thread starter
- #5
The line "220***************0***0" when you telnet to the external IP is a response you would get from PIX with mailgaurd enabled.
The PIX forwards to the spam filter.
The spam filter should have in internal setting telling it the internal IP of the mail server. What that setting is depends on the specific spam filter.
If things don't flow correctly, I'd investigate the PIX first. the response you get and mailflow failure is a known issue.
The PIX forwards to the spam filter.
The spam filter should have in internal setting telling it the internal IP of the mail server. What that setting is depends on the specific spam filter.
If things don't flow correctly, I'd investigate the PIX first. the response you get and mailflow failure is a known issue.
You must turn off SMTP inspection (fixup) on the Pix. Not only does it cause the problem you're seeing, but it can cause mail connections to your server to be dropped without explanation. And troubleshooting that is a real pain.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
- Thread starter
- #11
All of your answers helped. Thanks a lot guys. Turns out that the Microsoft support link helped more then anything. I turned off Fixup Protocol, and it allowed me to telnet to Exchange immediately.
What ended up fixing it though, was a 'Clear xlate' command. There was obviously a setting somewhere that was still somehow pointing to 1.11.
Any ideas now, on how to get a POP3 port open? I've created a static route to 'pop3', and am getting through, but am just getting a blank response from the server.
What ended up fixing it though, was a 'Clear xlate' command. There was obviously a setting somewhere that was still somehow pointing to 1.11.
Any ideas now, on how to get a POP3 port open? I've created a static route to 'pop3', and am getting through, but am just getting a blank response from the server.
Ah, you didn't mention that you'd made the change recently! Yes, clear the translation buffer will help though I tend to favour a reboot.
Do you have POP3 enabled and configured on the Exchange server? Are you doing a static inside outside to Exchange or the spam server?
Do you have POP3 enabled and configured on the Exchange server? Are you doing a static inside outside to Exchange or the spam server?
- Status
Similar threads
- Locked
- Helpful tip
- Locked
- Question
- Locked
- Question