• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 960
  • Last Modified:

Cannot Send SMTP after Installing PIX 515

I recently changed my Firewall to a Cisco 515.  I had someone test yesterday from a remote site, and they said they could send and receive, but I came home and tested POP3 access, and though I can receive email via POP3, I can't send via SMTP.  I get the following error:

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'Eleczion POP3', Server: 'mail.eleczion.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0F

I tested from both Outllook 2003 and Outlook Express.  I tried different combinations of "Secure Passwod Authentication" no help.  I can access my webmail page and send & receive just fine.  I can also connect via RPC over HTTP and that connects and I can send and receive fine.  Of course a local MAPI connection from in the office is fine.  I just cannot send via SMTP.  I did insert the following line in my PIX 515

remove the "no fixup protocol smtp 25

to deal with the "Mailguard" problem with Exchange and PIX Firewalls, but I cannot send email va SMTP.

Here are the config lines I have on my Cisco:

interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
ip address outside xxx.xxx.20.98 255.255.255.240
ip address inside 192.168.0.1 255.255.255.0
route outside 0.0.0.0 0.0.0.0 xxx.xxx.20.97 1

no fixup protocol smtp 25

global (outside) 1 xxx.xxx.20.100-xxx.xxx.20.110
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0


static (inside,outside) xxx.xxx.20.98 192.168.0.12 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.20.101 192.168.0.120 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.20.102 192.168.0.121 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.20.103 192.168.0.10 netmask 255.255.255.255 0 0


access-list public_access_in permit tcp any host xxx.xxx.20.98 eq pop3
access-list public_access_in permit tcp any host xxx.xxx.20.98 eq www
access-list public_access_in permit tcp any host xxx.xxx.20.98 eq https
access-list public_access_in permit tcp any host xxx.xxx.20.98 eq smtp
access-list public_access_in permit tcp any host xxx.xxx.20.101 eq pcanywhere-data
access-list public_access_in permit udp any host xxx.xxx.20.101 eq pcanywhere-status
access-list public_access_in permit tcp any host xxx.xxx.20.102 eq 5633
access-list public_access_in permit udp any host xxx.xxx.20.102 eq 5634
access-list public_access_in permit udp any host xxx.xxx.20.103 eq tftp

access-group public_access_in in interface outside
0
Javier196
Asked:
Javier196
1 Solution
 
wattsuputahCommented:
I successfully connected to your server via telnet and sent a message to your postmaster account.   The error does indicate SSL is the problem?

It appears that your server is not configured to provide SMTPS connections.

Out of curiosity I tried to make an SSL connection (on port 25) using Outlook Express and found the following result:

The server does not support a SSL connection. Account: 'Friend', Server: 'mail.eleczion.com', Protocol: SMTP, Server Response: '250 OK', Port: 25, Secure(SSL): Yes, Server Error: 250, Error Number: 0x800CCC7D

Regards

Wattsup
0
 
lrmooreCommented:
wattsup has a good point. It does not appear to be a PIX issue, but rather an Exchange issue...
Some handy links to keep bookmarked...

http://www.mxtoolbox.com/Diagnostic.aspx?HOST=mail.eleczion.com&IP=64.163.20.98
http://www.dnsreport.com/tools/dnsreport.ch?domain=eleczion.com
0
 
Ron MalmsteadInformation Services ManagerCommented:
Do you have SPA ( secure password authentication ) enabled on your smtp virtual server ?
If so enable it on the client and you should be able to send.
0
 
Javier196Author Commented:
Well, it looks like I am the only person to have this problem.  I called my remote site when I got in and they were not having any issues sending and reciveing email.  Strange.  Actually, I have a person here today from my remote office, and and she was able to send and receive just fine.

What happened?  Well, I was using this laptop for testing my RPC over HTTP, and that may have something to do with it.  In any case, I did install a certificate for RPC over HTTP on my Exchange server.  I applied that same certificate to the SMTP Protocol.  

Unfortunately, I applied this certificate before I tested my laptop inside my network.  I am now able to send and receive just fine, but I am within my network.  I will test again later from home.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now