Cannot Send SMTP after Installing PIX 515

Posted on 2005-05-06
Last Modified: 2008-01-09
I recently changed my Firewall to a Cisco 515.  I had someone test yesterday from a remote site, and they said they could send and receive, but I came home and tested POP3 access, and though I can receive email via POP3, I can't send via SMTP.  I get the following error:

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'Eleczion POP3', Server: '', Protocol: SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0F

I tested from both Outllook 2003 and Outlook Express.  I tried different combinations of "Secure Passwod Authentication" no help.  I can access my webmail page and send & receive just fine.  I can also connect via RPC over HTTP and that connects and I can send and receive fine.  Of course a local MAPI connection from in the office is fine.  I just cannot send via SMTP.  I did insert the following line in my PIX 515

remove the "no fixup protocol smtp 25

to deal with the "Mailguard" problem with Exchange and PIX Firewalls, but I cannot send email va SMTP.

Here are the config lines I have on my Cisco:

interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
ip address outside
ip address inside
route outside 1

no fixup protocol smtp 25

global (outside) 1
global (outside) 1 interface
nat (inside) 1 0 0

static (inside,outside) netmask 0 0
static (inside,outside) netmask 0 0
static (inside,outside) netmask 0 0
static (inside,outside) netmask 0 0

access-list public_access_in permit tcp any host eq pop3
access-list public_access_in permit tcp any host eq www
access-list public_access_in permit tcp any host eq https
access-list public_access_in permit tcp any host eq smtp
access-list public_access_in permit tcp any host eq pcanywhere-data
access-list public_access_in permit udp any host eq pcanywhere-status
access-list public_access_in permit tcp any host eq 5633
access-list public_access_in permit udp any host eq 5634
access-list public_access_in permit udp any host eq tftp

access-group public_access_in in interface outside
Question by:Javier196
    LVL 1

    Accepted Solution

    I successfully connected to your server via telnet and sent a message to your postmaster account.   The error does indicate SSL is the problem?

    It appears that your server is not configured to provide SMTPS connections.

    Out of curiosity I tried to make an SSL connection (on port 25) using Outlook Express and found the following result:

    The server does not support a SSL connection. Account: 'Friend', Server: '', Protocol: SMTP, Server Response: '250 OK', Port: 25, Secure(SSL): Yes, Server Error: 250, Error Number: 0x800CCC7D


    LVL 79

    Expert Comment

    wattsup has a good point. It does not appear to be a PIX issue, but rather an Exchange issue...
    Some handy links to keep bookmarked...
    LVL 25

    Expert Comment

    by:Ron M
    Do you have SPA ( secure password authentication ) enabled on your smtp virtual server ?
    If so enable it on the client and you should be able to send.
    LVL 1

    Author Comment

    Well, it looks like I am the only person to have this problem.  I called my remote site when I got in and they were not having any issues sending and reciveing email.  Strange.  Actually, I have a person here today from my remote office, and and she was able to send and receive just fine.

    What happened?  Well, I was using this laptop for testing my RPC over HTTP, and that may have something to do with it.  In any case, I did install a certificate for RPC over HTTP on my Exchange server.  I applied that same certificate to the SMTP Protocol.  

    Unfortunately, I applied this certificate before I tested my laptop inside my network.  I am now able to send and receive just fine, but I am within my network.  I will test again later from home.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Let’s list some of the technologies that enable smooth teleworking. 
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now