Date: Mon, 12 May 2008 17:34:41 +0100 From: Dunc <dunc@lemonia.org> To: Vince Hoffman <jhary@unsane.co.uk> Cc: brad davison <demonichandextensions@hotmail.com>, freebsd-questions@freebsd.org Subject: Re: telnet to mail server from outside does not get 220, telnet from inside works Message-ID: <482871A1.6000404@lemonia.org> In-Reply-To: <48287054.8000408@unsane.co.uk> References: <BLU116-W309DE8D93C9B937FFF824AA1CC0@phx.gbl> <20080512174741.U82158@wojtek.tensor.gdynia.pl> <BLU116-W147BBFFAD4D53AFA72553FA1CC0@phx.gbl> <48287054.8000408@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Vince Hoffman wrote: > brad davison wrote: > >> >>> Date: Mon, 12 May 2008 17:49:07 +0200 >>> From: wojtek@wojtek.tensor.gdynia.pl >>> To: demonichandextensions@hotmail.com >>> CC: freebsd-questions@freebsd.org >>> Subject: Re: telnet to mail server from outside does not get 220, telnet from inside works >>> >>> >>>> Trying ::1... >>>> Connected to localhost.xxxxxxxxx.com. >>>> Escape character is '^]'. >>>> 220 email.xxxxxxxxx.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 12 May 2008 10:01:39 -0400 (EDT) >>>> >>>> >>>> >>>> But if I try the same thing from 'outside' the firewall I get: >>>> >>>> %telnet email.xxxxxxxxxxxx.com 25 >>>> Trying 67.x.x.x... >>>> Connected to email.xxxxxxxxxxx.com. >>>> Escape character is '^]'. >>>> Connection closed by foreign host. >>>> >>>> >>>> >>> sendmail try to connect to port auth of remote machine. your firewall >>> probably blocks it just by dropping packets, so it tries until timeout >>> >>> telnet from outside, wait few minutes and you will get a prompt. >>> >>> change your firewall rules to fix it >>> _______________________________________________ >>> >> You get the prize. >> >> We have a Cisco ASA, and everything works on port 587, but port 25 has cisco's 'Application Inspection' or something that I need to figure out how to turn off. >> >> > assuming its the same as for a pix (been a while since I used a cisco > firewall ;) then it should be > no fixup smtp > (its one of the first things I used to turn off ;) > vince > it's no inspect esmtp nowadays Dunc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?482871A1.6000404>