?
Solved

Cannot Send SMTP after Installing PIX 515

Posted on 2005-05-06
4
Medium Priority
?
958 Views
Last Modified: 2008-01-09
I recently changed my Firewall to a Cisco 515.  I had someone test yesterday from a remote site, and they said they could send and receive, but I came home and tested POP3 access, and though I can receive email via POP3, I can't send via SMTP.  I get the following error:

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'Eleczion POP3', Server: 'mail.eleczion.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0F

I tested from both Outllook 2003 and Outlook Express.  I tried different combinations of "Secure Passwod Authentication" no help.  I can access my webmail page and send & receive just fine.  I can also connect via RPC over HTTP and that connects and I can send and receive fine.  Of course a local MAPI connection from in the office is fine.  I just cannot send via SMTP.  I did insert the following line in my PIX 515

remove the "no fixup protocol smtp 25

to deal with the "Mailguard" problem with Exchange and PIX Firewalls, but I cannot send email va SMTP.

Here are the config lines I have on my Cisco:

interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
ip address outside xxx.xxx.20.98 255.255.255.240
ip address inside 192.168.0.1 255.255.255.0
route outside 0.0.0.0 0.0.0.0 xxx.xxx.20.97 1

no fixup protocol smtp 25

global (outside) 1 xxx.xxx.20.100-xxx.xxx.20.110
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0


static (inside,outside) xxx.xxx.20.98 192.168.0.12 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.20.101 192.168.0.120 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.20.102 192.168.0.121 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.20.103 192.168.0.10 netmask 255.255.255.255 0 0


access-list public_access_in permit tcp any host xxx.xxx.20.98 eq pop3
access-list public_access_in permit tcp any host xxx.xxx.20.98 eq www
access-list public_access_in permit tcp any host xxx.xxx.20.98 eq https
access-list public_access_in permit tcp any host xxx.xxx.20.98 eq smtp
access-list public_access_in permit tcp any host xxx.xxx.20.101 eq pcanywhere-data
access-list public_access_in permit udp any host xxx.xxx.20.101 eq pcanywhere-status
access-list public_access_in permit tcp any host xxx.xxx.20.102 eq 5633
access-list public_access_in permit udp any host xxx.xxx.20.102 eq 5634
access-list public_access_in permit udp any host xxx.xxx.20.103 eq tftp

access-group public_access_in in interface outside
0
Comment
Question by:Javier196
4 Comments
 
LVL 1

Accepted Solution

by:
wattsuputah earned 2000 total points
ID: 13945200
I successfully connected to your server via telnet and sent a message to your postmaster account.   The error does indicate SSL is the problem?

It appears that your server is not configured to provide SMTPS connections.

Out of curiosity I tried to make an SSL connection (on port 25) using Outlook Express and found the following result:

The server does not support a SSL connection. Account: 'Friend', Server: 'mail.eleczion.com', Protocol: SMTP, Server Response: '250 OK', Port: 25, Secure(SSL): Yes, Server Error: 250, Error Number: 0x800CCC7D

Regards

Wattsup
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13945298
wattsup has a good point. It does not appear to be a PIX issue, but rather an Exchange issue...
Some handy links to keep bookmarked...

http://www.mxtoolbox.com/Diagnostic.aspx?HOST=mail.eleczion.com&IP=64.163.20.98
http://www.dnsreport.com/tools/dnsreport.ch?domain=eleczion.com
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 13946421
Do you have SPA ( secure password authentication ) enabled on your smtp virtual server ?
If so enable it on the client and you should be able to send.
0
 
LVL 1

Author Comment

by:Javier196
ID: 13947259
Well, it looks like I am the only person to have this problem.  I called my remote site when I got in and they were not having any issues sending and reciveing email.  Strange.  Actually, I have a person here today from my remote office, and and she was able to send and receive just fine.

What happened?  Well, I was using this laptop for testing my RPC over HTTP, and that may have something to do with it.  In any case, I did install a certificate for RPC over HTTP on my Exchange server.  I applied that same certificate to the SMTP Protocol.  

Unfortunately, I applied this certificate before I tested my laptop inside my network.  I am now able to send and receive just fine, but I am within my network.  I will test again later from home.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question