Problem solve Get help with specific problems with your technologies, process and projects.

Cisco PIX firewall causing Exchange connectivity problems

Cisco PIX firewalls are known to cause Exchange Server connectivity problems. SearchExchange.com expert David Sengupta explains how to troubleshoot the issue.

I'm running Exchange 5.5, and a certain host (EXTRANET2) needs to send mail out via SMTP. My IMC/SMTP servers are HOCON01 and ZABRYH02. Both are configured to allow SMTP connections from EXTRANET2.

When testing for connectivity, I start a telnet session from EXTRANET2 to HOCON01 on port 25, and instead of receiving the usual greeting as expected:

220 zabryh02.medscheme.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2657.72)

I get an apparently malformed greeting message:

220 *****0**********************************************************************

It seems like the connection is made, since it was not rejected, but no SMTP functionality is available. It does the same thing whether I'm connecting to HOCON01 or ZABRYH01. Other hosts can connect to HOCON01 and ZABRYH02 successfully.

EXTRANET2 is running Windows 2003 Enterprise Edition SP1 and HOCON01 and ZABRYH02 Windows 2000 Standard Edition SP4.

Do you have any ideas?

Yes, I have seen this many times over the years. This looks to me to be a classic Cisco PIX firewall SMTP banner, because the Mailguard feature is enabled on the firewall.

Have a look at Microsoft Knowledge Base article 320027, Cannot send or receive e-mail messages behind a Cisco PIX firewall, which describes the behavior you're seeing. Follow the instructions to turn off Mailguard and your problem will go away.

Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:

  • Expert Advice: Error: 'You do not have permission to send to this recipient'
  • Tip: Firewall policies and SMTP line lengths
  • Resource Center: Firewall tips and resources

  • Dig Deeper on Legacy Exchange Server versions

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.