SMTP Fixup problems

From Brandonhutchinson.com

Revision as of 19:26, 10 October 2007 by Hutch (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

We were asked to investigate problems relaying mail from a certain IP. Looking through the MTA logs, we see:

Oct 10 11:47:19 hostname sendmail[26335]: l9AFlKNt026335: [10.207.1.42] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 10 11:47:19 hostname sendmail[26335]: l9AFlKNt026335: timeout waiting for input from [10.207.1.42] during server cmd read

An ngrep capture reveals:

T 192.168.128.30:25 -> 10.207.1.42:2312 [AP]
  220 hostname.example.com ESMTP Wed, 10 Oct 2007 14:14:09 -0500..       

T 10.207.1.42:2312 -> 192.168.128.30:25 [AP]
  XXXX SBPMMAP100..                                                          

T 192.168.128.30:25 -> 10.207.1.42:2312 [AP]
  500 5.5.1 Command unrecognized: "XXXX SBPMMAP100".. 

A Cisco PIX between the host and our mail relay is using "SMTP Fixup" to convert the valid EHLO into "XXXX".

Links:

Personal tools