Skip to Main Content
Exchange Server Cookbook
book

Exchange Server Cookbook

by Paul Robichaux, Missy Koslosky, Devin L. Ganger
June 2005
Intermediate to advanced content levelIntermediate to advanced
464 pages
13h 2m
English
O'Reilly Media, Inc.
Content preview from Exchange Server Cookbook

8.24. Making Exchange Work Behind a Cisco PIX Firewall

Problem

You have a Cisco PIX firewall solution, and you want to make sure that you can send and receive SMTP mail from your Exchange server through it and want to ensure that it is configured to work properly with your Exchange deployment.

Solution

On the Cisco PIX, disable the MailGuard ("SMTP fixup") feature on the PIX firewall, which is on by default. Run the following command from the PIX command line:

no fixup protocol smtp 25

Discussion

While the Cisco PIX firewall is generally a capable firewall, the MailGuard SMTP proxy feature has long been a source of problems, not just for Exchange, but for SMTP servers in general. The MailGuard functionality works by acting as a semi-transparent proxy for incoming SMTP sessions. MailGuard replaces the outgoing connection banner with a characteristic string of asterisks. Note that even if you believe in the value of banner obfuscation, the PIX-provided banner is distinctive and will immediately alert any potential attacker to the nature of the protection you are using.

It also restricts the incoming SMTP verbs to HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. It will not allow any other verbs, even valid ESMTP verbs. This will break much of the higher-level SMTP functionality taken for granted in today's Internet:

  • SMTP authentication for clients.

  • The 8-bit MIME SMTP extension, to allow binary attachments to be transmitted without first requiring conversion to 7-bit ASCII and taking more ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Microsoft® Exchange Server 2010: Best Practices

Microsoft® Exchange Server 2010: Best Practices

Siegfried Jagott, Joel Stidley
Microsoft® Exchange Server 2003 Unleashed

Microsoft® Exchange Server 2003 Unleashed

Rand H. Morimoto - MCSE, Joe R. Coca, CISSP Kenton Gardinier - MCSE MCSA, MCSA Michael Noel - MCSE+I
Microsoft® Exchange Server 2013 Unleashed

Microsoft® Exchange Server 2013 Unleashed

Rand Morimoto, Michael Noel, Guy Yardeni, Chris Amaris, Andrew Abbate

Publisher Resources

ISBN: 0596007175Errata Page