Randy in Nevis

Michael K. Smith - Adhost mksmith at adhost.com
Mon Sep 27 19:20:43 UTC 2010

> -----Original Message-----
> From: Lyndon Nerenberg [mailto:lyndon at orthanc.ca]
> Sent: Monday, September 27, 2010 9:30 AM
> To: nanog at nanog.org
> Subject: Re: Randy in Nevis
> On 10-09-27 7:20 AM, Robert E. Seastrom wrote:
> > "Cannot establish SSL with SMTP server" does not
> > sound like a 587 problem to me.
> >
> > netalyzr folks?  comment?
> Sorry, I hit send too soon ...
> I've heard from a couple of people that the PIX will remap 587 (and
> to oddball ports if you fiddle the config just right.  Given all the
> other bogosity that box does with SMTP I wonder if there's truth to
> rumour. (I haven't found anyone who can reproduce this on demand, so
> it's still apocryphal for now.)

Static (inside,outside) tcp <outside ip> 25 <inside ip> 65535
Access-list outside_acl permit tcp any any eq 25
No fixup smtp

That will redirect port 25 to port 65535, allow port 25 through the
firewall, and remove the fixup that changes the server banner to
*************, which breaks most mail communications.



More information about the NANOG mailing list