Cisco Fixup Protocol

Updated 6 months ago by admin

SMTP inspection engine (also known as a "fixup" in the Cisco docs) is fairly notorious for interfering with email transfer and preventing successful delivery. You may even experience mysteriously missing attachments or worse, the remote server simply sees a TCP connection reset and is given no reason why delivery has failed.

To determine if your Cisco firewall is interfering with your mail server’s operation, use the telnet tool to connect to the mail server (we assume the firewall sits in front of it) on the standard port of 25, and look at the “banner” response.

example:

telnet your.mailserver.com 25

On an affected mail server the banner displayed in the console will look something like this:

220 *****************************************************************************

In the dashboard, opening Message Details and then inspecting the Server Log in the dashboard also shows something like:

In this case, we recommend disabling SMTP Fixup on your Cisco PIX/ASA firewall.

Fixup seems to interfere with email going through the firewall in both directions and problems occur regardless of the mail server software being used in the communication.


How did we do?