Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
(command+line+too+long)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
(command+line+too+long) - 19.Jul.2005 8:47:00 AM
|
|
|
driver28
Posts: 8
Joined: 25.Feb.2005
From: Sweden
Status: offline
|
Hi!
a partner hotsing a website tries to send mail to a support mailbox in our organisation. They use an IIS SMTP server to send mail to our Exchange 2003 box published behind an ISA 2004. when sending mail to us they get the following error:
421+5.5.2+Syntax+error+(command+line+too+long) 0 0 46 0 31 SMTP - - - -
3 rows of traffic is logged in ISA Server:
SMTP Server Initiated connection
SMTP Server Closed COnnection
SMTP Denied Connection.
Whenever any other mail is recieved there are only the first 2 log entries and everything is fine. I have looked at the SMTP filter in ISA and increased the number of chars allowed in the EHLO command where communication seems to fail according to their logfiles...
Any idTas?
|
|
|
|
|
RE: (command+line+too+long) - 19.Jul.2005 9:00:00 AM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Hasse,
You can also turn on the SMTP filter log file to see if that's the issue.
HTH,
Tom
|
|
|
|
|
RE: (command+line+too+long) - 19.Jul.2005 9:52:00 AM
|
|
|
driver28
Posts: 8
Joined: 25.Feb.2005
From: Sweden
Status: offline
|
I enabled the SMTP filter alert and did a test but it doesn't seem to be the problem...I might add that the 2 first ligged lines are inbound SMTP server for IP_OF _INTERNAL_MAILSERVER
and the 3rd line is SMTP for ISA_EXTERNAL_ADDRESS.
Does that ring a bell?
|
|
|
|
|
RE: (command+line+too+long) - 24.Jul.2005 6:11:00 AM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Hasse,
The SMTP filter log should show what it detected as a problem, if the SMTP filter did block the connection.
HTH,
Tom
|
|
|
|
|
RE: (command+line+too+long) - 25.Jul.2005 3:22:00 PM
|
|
|
frond
Posts: 8
Joined: 29.Jul.2004
Status: offline
|
We're having exactly the same problem. All inbound mail is working perfectly fine except for one particular remote company. If they telnet to us on port 25 and send EHLO company.com, they get:
421 5.5.2 Syntax error (command line too long)
If they do just an EHLO with no domain name, then it works.
The strange thing is that if I repeat the same test from any other external site, I have no problem. It's only an issue with this one remote company and I have no idea why ISA has decided to pick on just them.
I saw another post on this forum indicating that some servers pad the NOOP command to make it bigger than the RFC defined 6 bytes, but that doesn't seem to be the case here because they don't get that far. They just telnet, type the EHLO domain.com command, and it fails.
|
|
|
|
|
RE: (command+line+too+long) - 25.Jul.2005 3:46:00 PM
|
|
|
frond
Posts: 8
Joined: 29.Jul.2004
Status: offline
|
I spoke too soon. It turned out that it was the NOOP problem. Even though the test they were doing was just a telnet to port 25, they were using some brain dead application layer firewall that added a NOOP command padded with a number of spaces before the CR LF. The extra spaces made the line longer than the maximum length of 6 bytes (NOOP followed by CR LF), so ISA blocked it.
I changed the maximum length of the NOOP command from 6 bytes to 38 as recommended here:
http://online.securityfocus.com/infocus/1654
After making that change, it worked fine.
[ July 26, 2005, 08:24 AM: Message edited by: frond ]
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
