Cisco MailGuard and Exchange 2000 - Confusion

Posted on 2004-11-02
Last Modified: 2013-11-16
I will be implementing an Exchange 2000 server in a new environment.
Right now, mailguard is enabled on the Cisco PIX.  

Does anyone know what this will do if the only mail received on this connector is outside email?
All other instances I have seen have disabled the mailguard feature.

Should it be disabled or enabled????

From a Microsoft article:;en-us;q320027
It says that there may be issues if mailguard is disabled but then goes on to mention only clients that need to authenticate with the ESMTP server.

This is from a Cisco article:
Note: If you have an ESMTP server behind the PIX, you may need to turn off the Mailguard feature to allow mail to flow properly. Also, doing Telnet to port 25 may not work with the fixup protocol smtp command, especially with a Telnet client that does character mode.

From the following website:

Question by:testtest25
    1 Comment
    LVL 79

    Accepted Solution

    Bottom line - if you want your Exchange server to work, disable the fixup (old term "mailguard")
      no fixup protocol smtp 25

    If you only receive email from specific servers, then you can control that with the access-lists and not worry about the fixup.

    Notice that Microsoft article only tells you that the resolution is to disable the mailguard feature, it does not tell you that you can disable those features in the Exchange server (don't ask me how, I'm not an Exchange guru, but I'll bet it can be done)

    The next version of PIX OS may address this issue and allow the ESMTP commands within the fixup inspection..

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Let’s list some of the technologies that enable smooth teleworking. 
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now