Re: [exim] Exim and auth behind Cisco kit?

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: David
CC: exim-users
Subject: Re: [exim] Exim and auth behind Cisco kit?


David wrote:

>
> The 550 is expected, because no AUTH was attempted. As I understand
> it AUTH is only accepted after EHLO anyway. Connecting to
> localhost:25 using nc on the server shows a proper initial 220 and
> accepts 'EHLO test', advertising AUTH PLAIN LOGIN.
>
> An nmap scan from outside shows that port 25 is "Cisco PIX sanatized
> smtpd" which I find interesting. Could it be that the above is
> explained by some strange behaviour of the router or firewall? If so,
> can somebody suggest how to stop it interfering with my SMTP sessions?


Cisco Pix smtp "fixup" protocol is broken in many ways. You probably
want to just disable it. It has been also suggested to put AUTH on port
587, which is indeed wise. But you should still disable the
malfunctionning Cisco smtp, as it not only blocks AUTH, but also every
extension (like SIZE, STARTTLS,...). Also following RFC2821, "recent"
SMTP implementations MUST speak ESMTP.