SMTP Fixup -- On or Off???

SMTP Fixup -- On or Off???
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
SMTP Fixup -- On or Off??? papem 03-31-2005
Posted by on March 31, 2005, 3:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options
We've been experiencing some issues with receiving mail from an on-line
survey company (ZARCA). Up to a third of the messages are bounced with
the "unknown user" response. The funny thing is, there are no log
entries on our mail exchangers indicating that the bounced emails ever
hit the servers, and there are no log entries for the DSNs that are
apparently being sent back to ZARCA. After a month with dealing with
ZARCA they have yet to produce the DSNs so that we can verify where
they are coming from. There solution is to open our mail exchangers to
relay mail from their domain/mail server.

Our SPAM solution provider (Canit) says to shut off the SMTP fixup
option on our Cisco PIX 525 firewall. From what I've read on-line, a
lot of sites are turning this option off, however our network
administrator is against doing this and feels that it is a substantial
security risk.

Is shutting off the SMTP fixup option a large security risk? Larger or
smaller than opening up a relay to the ZARCA mail server?

Thanks,
Mike



Posted by Sam on March 31, 2005, 6:13 am
If you were  Registered and logged in, you could reply and use other advanced thread options
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-commodore.email-scan.com-26024-1112271230-0001
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg

papem@union.edu writes:

> Our SPAM solution provider (Canit) says to shut off the SMTP fixup
> option on our Cisco PIX 525 firewall. From what I've read on-line, a
> lot of sites are turning this option off, however our network

Correct. This so-called =E2=80=9Coption=E2=80=9D is a known laughing stock.=
It basically
screws up all SMTP connections, without really getting of value in return.
It's just pure luck that some SMTP sessions manage to complete succesfully,
despite Cisco's best efforts otherwise.

> administrator is against doing this and feels that it is a substantial
> security risk.

Fire your network administrator, for incompetence, and hire someone who
knows what he's doing.

> Is shutting off the SMTP fixup option a large security risk? Larger or

No. Do you even know what this =E2=80=9CSMTP fixup option=E2=80=9D really d=
oes?





--=_mimegpg-commodore.email-scan.com-26024-1112271230-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBCS+l+x9p3GYHlUOIRAuKQAJ4pHkUVq3xkHypAxDB+KxAJ9P0ihgCdGmwv
nq6HSoZuye7SoPmZ9/0ejMg=
=eeDs
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-26024-1112271230-0001--


Posted by David F. Skoll on March 31, 2005, 8:48 am
If you were  Registered and logged in, you could reply and use other advanced thread options
papem@union.edu wrote:

> Our SPAM solution provider (Canit) says to shut off the SMTP fixup
> option on our Cisco PIX 525 firewall.

Hi, Mike.

(I'm the CanIt guy... :-)

I think the other responses to your question pretty much back up
our position. Cisco's "SMTP fixup" option is disruptive, invasive,
badly thought-out, badly implemented, irritating, and useless from
a security perspective.

Regards,

David.


Posted by ynotssor on March 31, 2005, 11:39 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Our SPAM solution provider (Canit) says to shut off the SMTP fixup
> option on our Cisco PIX 525 firewall. From what I've read on-line, a
> lot of sites are turning this option off, however our network
> administrator is against doing this and feels that it is a substantial
> security risk.

Turn off the fixup and get a competent network administrator.


Posted by John Mason Jr on March 31, 2005, 12:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
papem@union.edu wrote:
> We've been experiencing some issues with receiving mail from an on-line
> survey company (ZARCA). Up to a third of the messages are bounced with
> the "unknown user" response. The funny thing is, there are no log
> entries on our mail exchangers indicating that the bounced emails ever
> hit the servers, and there are no log entries for the DSNs that are
> apparently being sent back to ZARCA. After a month with dealing with
> ZARCA they have yet to produce the DSNs so that we can verify where
> they are coming from. There solution is to open our mail exchangers to
> relay mail from their domain/mail server.
>
> Our SPAM solution provider (Canit) says to shut off the SMTP fixup
> option on our Cisco PIX 525 firewall. From what I've read on-line, a
> lot of sites are turning this option off, however our network
> administrator is against doing this and feels that it is a substantial
> security risk.
>
> Is shutting off the SMTP fixup option a large security risk? Larger or
> smaller than opening up a relay to the ZARCA mail server?
>
> Thanks,
> Mike
>


Read the response of Walter Roberson in this thread

<http://tinyurl.com/47wsg>


The folks at CanIt are correct


John


Similar ThreadsPosted
PIX / SMTP question - Help? January 5, 2006, 10:00 am
Firewall and SMTP May 17, 2007, 3:00 am
Can a router act as an smtp proxy ?? December 1, 2004, 11:38 pm
SMTP Problems on watchguard July 5, 2005, 10:59 am
SMTP Traffic Routing January 20, 2007, 5:05 pm
Re: CheckPoint SmartDefense and SMTP August 28, 2007, 9:01 pm
Netopia Firewall + SMTP Traffic December 15, 2004, 2:24 am
Sonicwall not forwading SMTP correctly.. November 7, 2006, 8:52 pm
Belkin, Firewall won't let SMTP or POP3 pass December 23, 2004, 9:52 pm
How to Control SMTP heading on firewall Checkpoint? May 27, 2005, 8:32 am

The site map in XML format XML site map

Contact Us | Privacy Policy