>I'm using Postfix (I'm not sure which patchlevel, but
>it was installed from the latest source about 3 months
>ago) on a Sun box running Solaris 8. We had the
>problem of mail messages being sent from that server
>to an internal NT mailserver multiple times, roughly
>every 15 minutes. The problem seemed to be related to
>the postfix syslog message 'timed out while sending
>end of data'.
>
>The problem disappeared at the same time that we
>turned Mailguard off on our PIX firewall, but I'm not
>completely sure that the firewall config change
>actually fixed it.

Here's the body of the message I posted on the subject:

   AH! Yes - it's a Cisco PIX, configured to do "fixup protocol smtp".
   From cisco's web site:

       As of version 5.1 and later, the fixup protocol smtp command changes
       the characters in the SMTP banner to asterisks except for the "2", "0",
       "0 " characters. Carriage return (CR) and linefeed (LF) characters are
       ignored.

   These boxes have a bug when running code less than 5.2(4) or 6.0(1):

       Bug Id : CSCds90792

       Headline: fixup smtp blocks emails when . and are not in the same packet

       When the "." and "CRLF", to specify EOF of an email, are crossing the
       PIX from the outside to inside, in seperated packets, the PIX drops
       the whole email and does not let it in. As a workaround, fixup
       protocol smtp can be disabled. The PIX now handle the case when
       "." termination sequence is split across multiple TCP frames.

So I guess you need newer code on the PIX.

 ---
Andrew McNamara (System Architect)

connect.com.au Pty Ltd
Lvl 3, 213 Miller St, North Sydney, NSW 2060, Australia
Phone: +61 2 9409 2117, Fax: +61 2 9409 2111

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]