RE: RE:Exchange Server 2000 and Cisco Pix (Christoph Puetz)

["Jason Lewis" <jlewis () jasonlewis net>]

Ditto.  I use Postfix.  The Postfix box is the only path for mail in and out
of the network.  Never had a problem with it and the PIX.

I also use it to offload spamfiltering.

jas

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of John Adams
Sent: Thursday, May 24, 2001 6:39 PM
To: Smith, Gary (SCOTAM)
Cc: 'firewall-wizards () nfr com'
Subject: Re: [fw-wiz] RE:Exchange Server 2000 and Cisco Pix (Christoph
Puetz)


On Thu, 24 May 2001, Smith, Gary (SCOTAM) wrote:

> Christoph:
>
> Add:
>
> no fixup protocol smtp 25
>
> to your configuration file.
>
> The Mailguard facility in the PIX _sounds_ like a good idea but it seems
to
> break every SMTP MTA that I ever tried it with.

We have had no problems using fixup with qmail and sendmail. Because of
the insecurity of the exchange server, we typically place a qmail host out
on the edge, harden that host, and place an appropriate smtproute to it to
forward to exchange.

For users sending mail through the smtp part of exchange, we force them to
use VPN or webmail. You really don't want exchange exposed to the
Internet, but that's my opinion.

-john

> Message: 4
> Date: Mon, 21 May 2001 09:54:39 -0700 (PDT)
> From: Christoph Puetz <puetzc () yahoo com>
> Reply-To: puetz () mho net
> To: firewall-wizards () nfr com
> Subject: [fw-wiz] Exchange Server 2000 and Cisco Pix
>
> Hello wizards,
>
> I have a newly installed Exchange Server 2000 behind
> my Pix and did receive an error from a mail client
> when trying to connect to the Exchange server.
> Microsoft refers to Cisco without really being
> specific - at least I could not find the solution at
> Cisco's web page. Anyone here knows what I have to do?
>
> Here's MS solution (Article ID: Q295164) for the
> problem:
>
> "RESOLUTION
> To resolve this issue, disable SMTP inspection on the
> firewall. If you do not know the command to disable
> SMTP inspection, contact Cisco."
>
> Is this the fixup command I have to use and disable
> smtp?
>
> Thanks for your help in advance!
>
>
>
> **********************************************************************
> Information contained herein is the sole responsibility of the Individual
> sending the message. No responsibility is admitted by Scottish Amicable
> for any loss or damage incurred through use of the email. In addition, no
> statement should be construed as giving investment advice within or
> outside the United Kingdom.
> An email reply to this address may be subject to interception or
monitoring
> for operational reasons or for lawful business practices.
> *********************************************************************
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://www.nfr.com/mailman/listinfo/firewall-wizards

--
J. Adams                                        http://www.retina.net/~jna
... and god divided the light from the darkness, and god called the
light day and the darkness he called night... and god created man, and
man created machine; and machine, machine created music, and the
machine saw everything it had made, and it said, "Behold."




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards