[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: [Sidewinder] SMTP proxy, AUTH, BDAT, RSET?
From: Sidewinder moderated discussion list <sidewinder () adeptech ! com>
Date: 2009-01-19 11:05:11
Message-ID: 20090119110510.GA73851 () hugo10 ! ka ! punkt ! de
[Download RAW message or body]
Hello,
I'm trying to identify a problem experienced by one
of our customers. We use a Secure Firewall version 7
to protect our hosted mail services. Currently we
set up the SMTP proxy without NAT in a semi-routed
environment, i.e. to the outside world our firewall
looks like a router with official address space on
all burbs.
The mail server behind the firewall uses SMTP AUTH
to authenticate the customers.
Now, when that particular sending system tries to
send more than one mail in a single session, the following
sequence of events can be seen on the mail server:
EHLO
AUTH
MAIL FROM
RCPT TO
BDAT
...
RSET
MAIL FROM
RCPT TO
*** at this point our mail server logs an error because of a
dropped TCP connection.
The firewall audit only shows regular traffic and a regular connection
close.
So: does anyone know if the Secure Firewall supports a
scenario like this correctly? Authenticating only once and
sending another mail after RSET seems to be in perfect
compliance with RFCs 2554 and 2821. 2554 explicitly states
that there cannot be more than one authentication per session.
And 2821 states that RSET does terminate any transaction,
but not the session, which is only terminated by QUIT and
closing the TCP connection.
I'd like to know if I can rule out the firewall as the culprit,
before I fire up tcpdump on the internal and external burb and
dig through all that traffic. Possibly it's the customer's
oubound firewall, but from our logfiles I cannot tell.
Thanks,
Patrick M. Hausen
--
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info@punkt.de http://www.punkt.de
Gf: Jürgen Egeling AG Mannheim 108285
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic