SMTP Fixup problems


Jump to: navigation, search

We were asked to investigate problems relaying mail from a certain IP. Looking through the MTA logs, we see:

Oct 10 11:47:19 hostname sendmail[26335]: l9AFlKNt026335: [] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 10 11:47:19 hostname sendmail[26335]: l9AFlKNt026335: timeout waiting for input from [] during server cmd read

An ngrep capture reveals:

T -> [AP]
  220 ESMTP Wed, 10 Oct 2007 14:14:09 -0500..       

T -> [AP]
  XXXX SBPMMAP100..                                                          

T -> [AP]
  500 5.5.1 Command unrecognized: "XXXX SBPMMAP100".. 

A Cisco PIX between the host and our mail relay is performing SMTP inspection ("SMTP Fixup"). The SMTP inspection rule converts any "illegal" command--a command that is not listed in RFC 821--to "XXXX". In this case, the "illegal" command was EHLO.

The sending MTA apparently does not know how to handle a "500 5.5.1" response from our MTA, and keeps the connection open for one hour (default Timeout.command in sendmail). After one hour, our MTA closes the connection.

As a workaround, enable ESMTP inspection, or disable SMTP inspection. ESMTP inspection allows commands described in RFC 2821. Note that ESMTP inspection and SMTP inspection are mutually exclusive.


Personal tools