Posts: 8
Joined: 25.Feb.2005
From: Sweden
Status: offline
Hi!
a partner hotsing a website tries to send mail to a support mailbox in our organisation. They use an IIS SMTP server to send mail to our Exchange 2003 box published behind an ISA 2004. when sending mail to us they get the following error: 421+5.5.2+Syntax+error+(command+line+too+long) 0 0 46 0 31 SMTP - - - -
3 rows of traffic is logged in ISA Server: SMTP Server Initiated connection SMTP Server Closed COnnection SMTP Denied Connection.
Whenever any other mail is recieved there are only the first 2 log entries and everything is fine. I have looked at the SMTP filter in ISA and increased the number of chars allowed in the EHLO command where communication seems to fail according to their logfiles...
Posts: 8
Joined: 25.Feb.2005
From: Sweden
Status: offline
I enabled the SMTP filter alert and did a test but it doesn't seem to be the problem...I might add that the 2 first ligged lines are inbound SMTP server for IP_OF _INTERNAL_MAILSERVER and the 3rd line is SMTP for ISA_EXTERNAL_ADDRESS.
We're having exactly the same problem. All inbound mail is working perfectly fine except for one particular remote company. If they telnet to us on port 25 and send EHLO company.com, they get: 421 5.5.2 Syntax error (command line too long)
If they do just an EHLO with no domain name, then it works.
The strange thing is that if I repeat the same test from any other external site, I have no problem. It's only an issue with this one remote company and I have no idea why ISA has decided to pick on just them.
I saw another post on this forum indicating that some servers pad the NOOP command to make it bigger than the RFC defined 6 bytes, but that doesn't seem to be the case here because they don't get that far. They just telnet, type the EHLO domain.com command, and it fails.
I spoke too soon. It turned out that it was the NOOP problem. Even though the test they were doing was just a telnet to port 25, they were using some brain dead application layer firewall that added a NOOP command padded with a number of spaces before the CR LF. The extra spaces made the line longer than the maximum length of 6 bytes (NOOP followed by CR LF), so ISA blocked it.
I changed the maximum length of the NOOP command from 6 bytes to 38 as recommended here: