RE: [Exim] delivery stalls

Top Page
Delete this message
Reply to this message
Author: Chris Sleep
Date:  
To: john, exim users
Subject: RE: [Exim] delivery stalls
> John Ward wrote:
> hmm... if i had a beer for every asshole who thinks that they now
> how pix's
> work.. i'd be permanently pissed


Well, thanks for your great insight, that's most helpful.

Since you're obviously well versed in the ways of PIX, perhaps you can
enlighten the rest of us (and me in particular) as to the correct method for
ensuring that nothing in mailguard will interfere in SMTP transactions.
I've only attended CCPF, so I don't know the deepest ins and outs of the
smtp fixup mechanism, and since I'll be working with a couple of Pixes
shortly (with an exim hub behind), I'd like to be sure that we don't break
any of our external connectivity. If you have any useful comments, please
feel free to share them.

regards,

Chris Sleep,
The Natural History Museum

> On Wednesday 04 July 2001 14:07, Suresh Ramasubramanian wrote:
> > Randy Bush [exim-users] <04/07/01 05:09 -0700>:
> > > >> Connecting to mail-h.tacky.com [666.101.52.22.25] ... connected
> > > >> SMTP<< 220
> > > >>
> > > >>
> **********************************************************************
> > > >>******2*************
> > > >
> > > > This is the sign of a Cisco Pix "Mailguard" smtp firewall.
> > >
> > > and all failures seem to be with those!
> >
> > Broken by design I guess - and hiding a broken mailer behind
> them. If I
> > had a beer for every cisco pix hidden mailserver I've seen refusing
> > connections (and there's a local - and popular - webmail service which
> > hides a perfectly secure qmail install behind a pix) I'd be
> tolerably drunk
> > :)
> >
> > > one where postings to public lists do not compromise privacy
> of people's
> > > mail sources or destinations.
> >
> > oh i see - you had me thrown a bit.
> >
> > The solution is for whoever's running that PiX to
> >
> > 1. upgrade and secure his MTA
> > 2. stop pix from monitoring port 25 (no fixup protocol smtp 25 I think)
> >
> >      -suresh

>
> --
> ## List details at

http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##