SMTP Fixup problems

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
Line 15: Line 15:
500 5.5.1 Command unrecognized: "XXXX SBPMMAP100"..
500 5.5.1 Command unrecognized: "XXXX SBPMMAP100"..
-
A Cisco PIX between the host and our mail relay is performing SMTP inspection ("SMTP Fixup"). The SMTP inspection rule converts any "illegal" command--a command that is not listed in RFC 821--to "XXXX".
+
A Cisco PIX between the host and our mail relay is performing SMTP inspection ("SMTP Fixup"). The SMTP inspection rule converts any "illegal" command--a command that is not listed in RFC 821--to "XXXX". In this case, the "illegal" command was EHLO.
The sending MTA apparently does not know how to handle a "500 5.5.1" response from our MTA, and keeps the connection open for one hour (default ''Timeout.command'' in sendmail). After one hour, our MTA closes the connection.
The sending MTA apparently does not know how to handle a "500 5.5.1" response from our MTA, and keeps the connection open for one hour (default ''Timeout.command'' in sendmail). After one hour, our MTA closes the connection.
-
As a workaround, enable ESMTP inspection, or disable SMTP inspection. ESMTP inspection allows commands described in [http://www.faqs.org/rfcs/rfc2821.html RFC 2821].
+
As a workaround, enable ESMTP inspection, or disable SMTP inspection. ESMTP inspection allows commands described in [http://www.faqs.org/rfcs/rfc2821.html RFC 2821]. Note that ESMTP inspection and SMTP inspection are mutually exclusive.
Links:
Links:

Revision as of 22:11, 10 October 2007

We were asked to investigate problems relaying mail from a certain IP. Looking through the MTA logs, we see:

Oct 10 11:47:19 hostname sendmail[26335]: l9AFlKNt026335: [10.207.1.42] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 10 11:47:19 hostname sendmail[26335]: l9AFlKNt026335: timeout waiting for input from [10.207.1.42] during server cmd read

An ngrep capture reveals:

T 192.168.128.30:25 -> 10.207.1.42:2312 [AP]
  220 hostname.example.com ESMTP Wed, 10 Oct 2007 14:14:09 -0500..       

T 10.207.1.42:2312 -> 192.168.128.30:25 [AP]
  XXXX SBPMMAP100..                                                          

T 192.168.128.30:25 -> 10.207.1.42:2312 [AP]
  500 5.5.1 Command unrecognized: "XXXX SBPMMAP100".. 

A Cisco PIX between the host and our mail relay is performing SMTP inspection ("SMTP Fixup"). The SMTP inspection rule converts any "illegal" command--a command that is not listed in RFC 821--to "XXXX". In this case, the "illegal" command was EHLO.

The sending MTA apparently does not know how to handle a "500 5.5.1" response from our MTA, and keeps the connection open for one hour (default Timeout.command in sendmail). After one hour, our MTA closes the connection.

As a workaround, enable ESMTP inspection, or disable SMTP inspection. ESMTP inspection allows commands described in RFC 2821. Note that ESMTP inspection and SMTP inspection are mutually exclusive.

Links:

Personal tools