Connection Refused on Port 25
in [Postfix]
|
Prev: postfix architectural diagram
Next: Postfix.org SPF
From: Asai on 3 Jul 2010 17:24 Jeroen Geilman wrote: > On 07/03/2010 11:20 PM, Asai wrote: >> Jeroen Geilman wrote: >>> On 07/03/2010 09:14 PM, Charles Marcus wrote: >>>> On 2010-07-02 7:20 PM, Asai wrote: >>>>> OK. Has anyone successfully been able to work around this issue? >>>> The only way is to have the admin for the CISCO PIX disable the stupid >>>> smtp fixup garbage on the CISCO box. >>>> >>>> As far as I know, there is NEVER any reason to have this enabled on an >>>> internet facing box that receives mail from 'wherever'... >>>> >>> >>> "fixup protocol smtp" on a Cisco PIX firewall does several things: >>> >>> 1. it inspects every single SMTP packet it sees >>> 2. it disallows all but the SMTP commands explicitly stated in RFC >>> [8|28|53]21 >>> and >>> 3. it replaces the SMTP greeting banner with a generic one >>> >>> It is obviously the latter you have an issue with :) >>> >>> While I agree that it should never be enabled *by default*, it's >>> hardly stupid, predating modern anti-spam measures such as >>> policydaemons and DNSBLs by at least 10 years. >>> >>> J. >>> >> Thank you for your responses. >> Is there anything I can do on my end? As far as the SMTP greeting >> banner? >> > > Have you already established that this is, in fact, the issue ? > > J. > No, I am basing this assumption on your comment, "It is obviously the latter you have an issue with :)" -- asai
From: Jeroen Geilman on 3 Jul 2010 17:28 On 07/03/2010 11:24 PM, Asai wrote: > > > Jeroen Geilman wrote: >> On 07/03/2010 11:20 PM, Asai wrote: >>> Jeroen Geilman wrote: >>>> On 07/03/2010 09:14 PM, Charles Marcus wrote: >>>>> On 2010-07-02 7:20 PM, Asai wrote: >>>>>> OK. Has anyone successfully been able to work around this issue? >>>>> The only way is to have the admin for the CISCO PIX disable the >>>>> stupid >>>>> smtp fixup garbage on the CISCO box. >>>>> >>>>> As far as I know, there is NEVER any reason to have this enabled >>>>> on an >>>>> internet facing box that receives mail from 'wherever'... >>>>> >>>> >>>> "fixup protocol smtp" on a Cisco PIX firewall does several things: >>>> >>>> 1. it inspects every single SMTP packet it sees >>>> 2. it disallows all but the SMTP commands explicitly stated in RFC >>>> [8|28|53]21 >>>> and >>>> 3. it replaces the SMTP greeting banner with a generic one >>>> >>>> It is obviously the latter you have an issue with :) >>>> >>>> While I agree that it should never be enabled *by default*, it's >>>> hardly stupid, predating modern anti-spam measures such as >>>> policydaemons and DNSBLs by at least 10 years. >>>> >>>> J. >>>> >>> Thank you for your responses. >>> Is there anything I can do on my end? As far as the SMTP greeting >>> banner? >>> >> >> Have you already established that this is, in fact, the issue ? >> >> J. >> > No, I am basing this assumption on your comment, "It is obviously the > latter you have an issue with :)" > But I wasn't replying to you. J.
From: /dev/rob0 on 3 Jul 2010 17:38 On Sat, Jul 03, 2010 at 02:24:20PM -0700, Asai wrote: > Jeroen Geilman wrote: >> On 07/03/2010 11:20 PM, Asai wrote: >>> Jeroen Geilman wrote: >>>> On 07/03/2010 09:14 PM, Charles Marcus wrote: >>>>> On 2010-07-02 7:20 PM, Asai wrote: >>>>>> OK. Has anyone successfully been able to work around this >>>>>> issue? What issue? It seems that the original issue was misunderstood, and/or misdiagnosed. You (Asai) have yet to post anything here with which we can assist you. http://www.postfix.org/DEBUG_README.html#mail >>>>> The only way is to have the admin for the CISCO PIX disable >>>>> the stupid smtp fixup garbage on the CISCO box. >>>>> >>>>> As far as I know, there is NEVER any reason to have this >>>>> enabled on an internet facing box that receives mail from >>>>> 'wherever'... >>>> >>>> "fixup protocol smtp" on a Cisco PIX firewall does several >>>> things: >>>> >>>> 1. it inspects every single SMTP packet it sees How is this inspection a good thing? >>>> 2. it disallows all but the SMTP commands explicitly stated >>>> in RFC [8|28|53]21 This is NOT a good thing. It breaks the features of ESMTP. >>>> and >>>> 3. it replaces the SMTP greeting banner with a generic one >>>> >>>> It is obviously the latter you have an issue with :) >>>> >>>> While I agree that it should never be enabled *by default*, it's >>>> hardly stupid, predating modern anti-spam measures such as >>>> policydaemons and DNSBLs by at least 10 years. I'll admit that most/all of what I know about it is from reading here and other forums, but I don't see any value in Cisco's SMTP "fixup". >>> Thank you for your responses. >>> Is there anything I can do on my end? As far as the SMTP >>> greeting banner? >> >> Have you already established that this is, in fact, the issue ? >> > No, I am basing this assumption on your comment, "It is obviously > the latter you have an issue with :)" I think you missed a bit of sarcasm. No, the banner is not causing problems, it merely pointed out to us one of the potential problems you're facing. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
From: Jeroen Geilman on 3 Jul 2010 17:42 On 07/03/2010 11:38 PM, /dev/rob0 wrote: > On Sat, Jul 03, 2010 at 02:24:20PM -0700, Asai wrote: > >> Jeroen Geilman wrote: >> >>> On 07/03/2010 11:20 PM, Asai wrote: >>> >>>> Jeroen Geilman wrote: >>>> >>>>> On 07/03/2010 09:14 PM, Charles Marcus wrote: >>>>> >>>>>> On 2010-07-02 7:20 PM, Asai wrote: >>>>>> >>>>>>> OK. Has anyone successfully been able to work around this >>>>>>> issue? >>>>>>> > What issue? It seems that the original issue was misunderstood, > and/or misdiagnosed. You (Asai) have yet to post anything here with > which we can assist you. > > http://www.postfix.org/DEBUG_README.html#mail > > >>>>>> The only way is to have the admin for the CISCO PIX disable >>>>>> the stupid smtp fixup garbage on the CISCO box. >>>>>> >>>>>> As far as I know, there is NEVER any reason to have this >>>>>> enabled on an internet facing box that receives mail from >>>>>> 'wherever'... >>>>>> >>>>> "fixup protocol smtp" on a Cisco PIX firewall does several >>>>> things: >>>>> >>>>> 1. it inspects every single SMTP packet it sees >>>>> > How is this inspection a good thing? > > >>>>> 2. it disallows all but the SMTP commands explicitly stated >>>>> in RFC [8|28|53]21 >>>>> > This is NOT a good thing. It breaks the features of ESMTP. > I'm not claiming it is a good thing. > >>>>> and >>>>> 3. it replaces the SMTP greeting banner with a generic one >>>>> >>>>> It is obviously the latter you have an issue with :) >>>>> >>>>> While I agree that it should never be enabled *by default*, it's >>>>> hardly stupid, predating modern anti-spam measures such as >>>>> policydaemons and DNSBLs by at least 10 years. >>>>> > I'll admit that most/all of what I know about it is from reading here > and other forums, but I don't see any value in Cisco's SMTP "fixup". > The value was that $bigco could invest in Cisco firewalls and protect their mail servers from some abuse, assuming their mail admins were stupid. You should know that the latter happens more often than we'd like :) > >>>> Thank you for your responses. >>>> Is there anything I can do on my end? As far as the SMTP >>>> greeting banner? >>>> >>> Have you already established that this is, in fact, the issue ? >>> >>> >> No, I am basing this assumption on your comment, "It is obviously >> the latter you have an issue with :)" >> > I think you missed a bit of sarcasm. No, the banner is not causing > problems, it merely pointed out to us one of the potential problems > you're facing. > I think you also missed the fact that I wasn't responding to the OP, robb0 :) J.
From: Jim Wright on 3 Jul 2010 22:03 On Jul 3, 2010, at 4:20 PM, Asai wrote: > Thank you for your responses. Is there anything I can do on my end? To put it simply, you're going to need to find a way to contact them postmaster on the other end and let them know that legitimate mail is being blocked. You will first need to find a way to send email to that domain in order to actually reach the postmaster. You can email postmaster@ (whatever the domain is), but often these addresses are not monitored. You could do a DNS lookup and find the technical contact for that domain, and write to that person about the issue. You could also contact any legitimate users and ask if they can forward a message to the IT or technical support contact for their mail server. If the domain is for a company, check their web page to see if any support contact may be listed, and try that. This won't be a simple process, and once you actually reach someone, and convincing them they they have an issue can sometimes be an uphill battle. But the issue doesn't seem to be on your end, it's on theirs. Good luck.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: postfix architectural diagram Next: Postfix.org SPF |