Randy in Nevis

Michael K. Smith - Adhost mksmith at adhost.com
Mon Sep 27 14:20:43 CDT 2010


> -----Original Message-----
> From: Lyndon Nerenberg [mailto:lyndon at orthanc.ca]
> Sent: Monday, September 27, 2010 9:30 AM
> To: nanog at nanog.org
> Subject: Re: Randy in Nevis
> 
> On 10-09-27 7:20 AM, Robert E. Seastrom wrote:
> > "Cannot establish SSL with SMTP server 67.202.37.63:465" does not
> > sound like a 587 problem to me.
> >
> > netalyzr folks?  comment?
> 
> Sorry, I hit send too soon ...
> 
> I've heard from a couple of people that the PIX will remap 587 (and
25)
> to oddball ports if you fiddle the config just right.  Given all the
> other bogosity that box does with SMTP I wonder if there's truth to
the
> rumour. (I haven't found anyone who can reproduce this on demand, so
> it's still apocryphal for now.)

Static (inside,outside) tcp <outside ip> 25 <inside ip> 65535
Access-list outside_acl permit tcp any any eq 25
No fixup smtp

That will redirect port 25 to port 65535, allow port 25 through the
firewall, and remove the fixup that changes the server banner to
*************, which breaks most mail communications.

Regards,

Mike





More information about the NANOG mailing list