telnet to mail server from outside does not get 220, telnet from inside works

Dunc dunc at lemonia.org
Mon May 12 17:19:19 UTC 2008


Vince Hoffman wrote:
> brad davison wrote:
>   
>>     
>>> Date: Mon, 12 May 2008 17:49:07 +0200
>>> From: wojtek at wojtek.tensor.gdynia.pl
>>> To: demonichandextensions at hotmail.com
>>> CC: freebsd-questions at freebsd.org
>>> Subject: Re: telnet to mail server from outside does not get 220, telnet from inside works
>>>
>>>       
>>>> Trying ::1...
>>>> Connected to localhost.xxxxxxxxx.com.
>>>> Escape character is '^]'.
>>>> 220 email.xxxxxxxxx.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 12 May 2008 10:01:39 -0400 (EDT)
>>>>
>>>>
>>>>
>>>> But if I try the same thing from 'outside' the firewall I get:
>>>>
>>>> %telnet email.xxxxxxxxxxxx.com 25
>>>> Trying 67.x.x.x...
>>>> Connected to email.xxxxxxxxxxx.com.
>>>> Escape character is '^]'.
>>>> Connection closed by foreign host.
>>>>
>>>>
>>>>         
>>> sendmail try to connect to port auth of remote machine. your firewall 
>>> probably blocks it just by dropping packets, so it tries until timeout
>>>
>>> telnet from outside, wait few minutes and you will get a prompt.
>>>
>>> change your firewall rules to fix it
>>> _______________________________________________
>>>       
>> You get the prize.  
>>
>> We have a Cisco ASA, and everything works on port 587, but port 25 has cisco's 'Application Inspection' or something that I need to figure out how to turn off.
>>
>>     
> assuming its the same as for a pix (been a while since I used a cisco
> firewall ;) then it should be
> no fixup smtp
> (its one of the first things I used to turn off ;)
> vince
>   

it's  

no inspect esmtp


nowadays

Dunc



More information about the freebsd-questions mailing list