|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bill Cole (postfixlists-070913
billmail.scconsult.com)
Date: Thu Mar 06 2008 - 09:45:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 9:14 AM -0500 3/6/08, Jordan wrote:
>On 3/5/08, Patrick Ben Koetter <pstate-of-mind.de> wrote:
>> * Jordan <jordan.chadwickgmail.com>:
>> > Hello,
>> > I have a strange problem using Postfix. I am using it as the email
>> > program for Request Tracker. My company has several different email
>> > domains, and because another company hosts all of our email, I have a
>> > relayhost setup for new outgoing email. This email hosting company
>> > has our email domains split across two different servers due to a
>> > merger with another company.
>> >
>> > Basically, I can send email to one domain company1.com without a
>> > problem, because that domain does not require stmp authentication
>> > since it is hosted on the same server. If I try to send email to the
>> > other domain, it is rejected with a 553 error message that states:
>> > "553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> > (in reply to RCPT TO command)", which I am pulling from
>> > /var/log/mail.info.
>> >
>> > What is happening is that Postfix is sending HELO instead of EHLO, so
>> > it is not even attempting to use authentication. I confirmed this
>> > with tcpdump.
>>
>> How does the remote server introduce itself? Does it promote ESMTP
>>in the SMTP
>> banner?
>>
>> prick
>>
>Here is some output from a smtp session with them:
That appears not to be a true statement, but I'll try to guess what
you've adulterated by hand...
>telnet smtp.company1.com 25
>Trying 2.3.1.5...
>Connected to mymail.emailhost.com.
>Escape character is '^]'.
>220 *********************************
>helo it-apache
>250 mymail.emailhost.com
>quit
>221 mymail.emailhost.com
>Connection closed by foreign host.
It looks like they have their mail server behind a misconfigured
Cisco PIX or ASA firewall. They need to fix that. Cisco has a
delusion that they know how to make SMTP less dangerous and can do it
by forcing an application layer proxy in front of the victim mail
servers that hides critical information from clients and refuses to
pass certain commands to the server. The fingerprint of that
delusional misfeature is the banner full of asterisks.
--
Bill Cole
billscconsult.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]