Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Connect - SMTP Banner showing only *******
  •  
TillmanZ

Messages: 7
Karma: 0
Send a private message to this user
Hi,

I have noticed that every connection to KCS from outside the server's lan is receiving
220 *****************************
instead of a proper SMTP banner.

How would I be able to re-configure the server to show a valid banner instead?

  •  
d.

Messages: 169
Karma: 0
Send a private message to this user
Hi there.

Can you post a sample (raw source) of a message (or log file) that is showing this problem?
(just delete-out / change any personal details in the message or log, so that it's generic).

It's a bit hard to imagine without seeing an example...

Cheers,
D.

[Updated on: Wed, 28 April 2010 06:12]


  •  
TillmanZ

Messages: 7
Karma: 0
Send a private message to this user
Sure, here we go:

telnet mail.xxx.com 25

220 ************************************************

That's odd, is it not? Smile

Just to be clear - those numerous asterisks are actually sent from the KCS to the client. This is not some strange way of me obfuscating the result!

[Updated on: Wed, 28 April 2010 06:05]

  •  
d.

Messages: 169
Karma: 0
Send a private message to this user
Hi there.

What comes up in the KCS logs?
(You may have to turn on some debug features in the logs, to show more details).

Also, do you have any security appliances, firewalls, transparent proxies, or anything else (hardware) that could be capturing / delaying / redirecting port 25?

What about software (software firewalls, packet tracers left running, anything like that)?

Cheers,
D.

  •  
d.

Messages: 169
Karma: 0
Send a private message to this user
Hi there. Forgot to ask... Have you changed any settings directly in the KCS config file? E.g. time-out settings, or anything else?

Cheers,
D.

  •  
TillmanZ

Messages: 7
Karma: 0
Send a private message to this user
WOW - I wouldn't have believed that without seeing it for myself but I just captured the TCP packets on the KC server's interface and I can see that it is sending out the proper banner.
So there is some device which is filtering the banner sitting between the server and my client.
I gotta take this to the hosting guys.

This is clearly NOT a Kerio issue.
Thanks for getting back to me so quickly about this!
  •  
d.

Messages: 169
Karma: 0
Send a private message to this user
Smile. No worries at all. Happy hunting with the hosting people. Razz

  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Some Cisco firewalls are known to replace the SMTP banner with a string of asterisks. Turn off the "mailguard" functionality in the Cisco (usually a PIX). By the way, your SMTP banner is valid the way it is now, but you'll never know if anyone's trying to parse it and decide if you're good/evil based on the result.
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
SMTP banners like
220 ************************************************
are always caused by some SMTP inspection in firewall like Cisco, Barracuda or Sonicwall.

Check your firewall, disable SMTP module/inspection and all should be fine.

Petr Dobry
Product Development Manager | Kerio
  •  
TillmanZ

Messages: 7
Karma: 0
Send a private message to this user
Thanks again for all your helpful replies!

Indeed there was a Cisco ASA configured to obfuscate the SMTP banner...
  •  
TillmanZ

Messages: 7
Karma: 0
Send a private message to this user
Just in case anyone is having the same issue.
If you are behind a PIX or ASA then you would enter: no fixup protocol smtp 25
in order to end the banner obfuscation
Previous Topic: Manually changing ACLs on resources
Next Topic: restore backup
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 17:11:45 CET 2017

Total time taken to generate the page: 0.00516 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.