现象:
telnet
mail.aaaaaaaaaaaaaa.com 25
Trying ddd.ddd.ddd.ddd…
Connected to mail.aaaaaaaaaaaaaa.com.
Escape character is ‘^]‘.
220 ****0**********************************
ehlo aaaaaaaaaaaaaa.com
502 Error: command not implemented
helo aaaaaaaaaaaaaa.com
250 mail01.aaaaaaaaaaaaaa.com
ehlo aaaaaaaaaaaaaa.com
502 Error: command not implemented
连接后出现
220 ****0**********************************
并且不支持ESMTP
解决办法:
no fixup protocol smtp 25
If you‘re getting the *** banner, and EHLO not recognised and you have a PIX
in the way, it‘s fixup, and there‘s nothing else you can do. To give ammo if
you need it, Cisco deprecated fixup in v7 of the PIX OS, due to it not
understanding anything beyond RFC 821.
From their own docs:
The fixup protocol smtp command enables the Mail Guard feature. This restricts
mail servers to receiving the seven minimal commands defined in RFC 821,
section 4.5.1 (HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT)。 All other
commands are rejected.
Microsoft Exchange server does not strictly comply with RFC 821 section 4.5.1,
using extended SMTP commands such as EHLO. PIX Firewall will convert any such
commands into NOOP commands, which as specified by the RFC, forces SMTP
servers to fall back to using minimal SMTP commands only. This may cause
Microsoft Outlook clients and Exchange servers to function unpredictably when
their connection passes through PIX Firewall.
telnet
mail.aaaaaaaaaaaaaa.com 25
Trying ddd.ddd.ddd.ddd…
Connected to mail.aaaaaaaaaaaaaa.com.
Escape character is ‘^]‘.
220 ****0**********************************
ehlo aaaaaaaaaaaaaa.com
502 Error: command not implemented
helo aaaaaaaaaaaaaa.com
250 mail01.aaaaaaaaaaaaaa.com
ehlo aaaaaaaaaaaaaa.com
502 Error: command not implemented
连接后出现
220 ****0**********************************
并且不支持ESMTP
解决办法:
no fixup protocol smtp 25
If you‘re getting the *** banner, and EHLO not recognised and you have a PIX
in the way, it‘s fixup, and there‘s nothing else you can do. To give ammo if
you need it, Cisco deprecated fixup in v7 of the PIX OS, due to it not
understanding anything beyond RFC 821.
From their own docs:
The fixup protocol smtp command enables the Mail Guard feature. This restricts
mail servers to receiving the seven minimal commands defined in RFC 821,
section 4.5.1 (HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT)。 All other
commands are rejected.
Microsoft Exchange server does not strictly comply with RFC 821 section 4.5.1,
using extended SMTP commands such as EHLO. PIX Firewall will convert any such
commands into NOOP commands, which as specified by the RFC, forces SMTP
servers to fall back to using minimal SMTP commands only. This may cause
Microsoft Outlook clients and Exchange servers to function unpredictably when
their connection passes through PIX Firewall.
上一篇:MPLSVPN技术原理和配置解析 下一篇:远程连接PIX防火墙