Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SMTP filter woes--reference guide???
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SMTP filter woes--reference guide??? - 11.Jan.2005 7:47:00 AM
|
|
|
bluvg
Posts: 9
Joined: 6.Oct.2003
Status: offline
|
We're running ISA 2004 with the SMTP filter turned on (Message Screener not installed). We're having some problems with email from a certain client, and it appears to be blocked by the SMTP filter. Specifically, it seems to be blocked by the EHLO max length of 71 (default).
Unfortunately, the log doesn't capture the SMTP filter information, for whatever reason. You have to set up an administrative alert, but these give very little detail. It lists an XEXCH50 xxxx error message, where "xxxx" appears to be an error ID. But where is the reference for the error IDs? I've had no luck finding this information so far.
Can anyone point me to a reference for these error IDs? Or, perhaps better yet, can someone point me to a reference for what are reasonable values for the various SMTP filter settings? I could increase the values arbitrarily, but I would like to have some reasoning behind the amount increase. I have no idea at what point these values become overly long and pose a threat to an SMTP server.
Thanks in advance!
Ryan
|
|
|
|
|
RE: SMTP filter woes--reference guide??? - 12.Jan.2005 3:04:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Ryan,
My understanding is that these Exchange server messages are not requried for SMTP server communications. Have you found that to be untrue?
Thanks!
Tom
|
|
|
|
|
RE: SMTP filter woes--reference guide??? - 12.Jan.2005 5:39:00 PM
|
|
|
bluvg
Posts: 9
Joined: 6.Oct.2003
Status: offline
|
Thank you for your always-quick response, Tom!
Those error messages I had originally posted came from ISA, not Exchange. They are the "description" field entries that are associated with the SMTP filter alerts.
The particular situation we're seeing is that when the client's SMTP server attempts to send a message, it sends an EHLO command. It receives a response back from ISA "421 5.5.2 Syntax error (command line too long)". The client's SMTP server interprets this to mean that our SMTP server does not support EHLO. But apparently, the client's SMTP server connection times-out before it can send a HELO command. If they switch their SMTP settings so that EHLO is not used, the messages go through just fine.
My contact on the client side said that they have had similar problems with other recipients who were using Watchguard firewalls with SMTP filtering enabled, but he had not made the connection to a failed EHLO command before he encountered it with us. It appears to be a certain combination of whatever SMTP server they are using along with the ISA SMTP filter setting for EHLO max command length.
I was thinking I should just increase the EHLO setting, but I have no idea what constitutes a safe value. Any suggestions?
Thank you!
Ryan
|
|
|
|
|
RE: SMTP filter woes--reference guide??? - 13.Jan.2005 12:52:00 AM
|
|
|
bluvg
Posts: 9
Joined: 6.Oct.2003
Status: offline
|
It would appear that the EHLO filter isn't the problem, because I tried increasing it to both 142 and later 1024, and neither allowed the mail through from our client's SMTP server. I'm totally baffled; the "command line too long" error seems to point squarely at the SMTP filter, but which value? I thought perhaps NOOP as well, but my contact with the client said that, as far as he can tell from their logs, their SMTP server does not send NOOP commands. Other than that, all I know is that if they switch their server to use HELO, the email goes through without an issue. Any thoughts?
Thanks!
Ryan
|
|
|
|
|
RE: SMTP filter woes--reference guide??? - 30.Jan.2005 6:40:00 PM
|
|
|
twscottIII
Posts: 28
Joined: 6.Apr.2004
From: Birmingham, AL
Status: offline
|
bluvg,
I am having the same problem with email coming from one particular domain. Their email admin says that they only receive this error, "Delivery status : Failed. Did not receive the expected protocol response. (xxx.com)", when dealing with domains using ISA firewalls with the SMTP filter turned on. According to them, "The only solution we have found is to disable the SMTP filtering for the EHLO command in your ISA server."
In all of my reading I have found that I can only remove that command from the list which intern prevents the command from being used at all. I can't figure out how to prevent the filter from looking at this one command?
Hope this helps!
Thanks,
Tom
|
|
|
|
|
RE: SMTP filter woes--reference guide??? - 31.Jan.2005 4:04:00 PM
|
|
|
twscottIII
Posts: 28
Joined: 6.Apr.2004
From: Birmingham, AL
Status: offline
|
Guys,
Just wanted to let you know that I found a fix for this problem. The command causeing the problem is not the ehlo command. Instead it is the NOOP command. While the RFC specifies that this command be 6 bytes apparently some mail servers pad the command to 20 bytes. Once I made this change in the smtp filter for the noop command the email from the problematic domain was allowed through no problem.
Hope this helps.
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
