>Every once in a while we run into a user who claims we're mailbombing >them, and invariably it's a Cisco PIX firewall, as outlined in the >support FAQ. (Specifically http://www.lsoft.com/manuals/lsv-faq.stm#5.6a for those who don't know what we're talking about.) >Unfortunately, the onus generally rests on us, as to why are we are >"letting" our listserv & lsmtp servers do this. >Is there *anything* we can do on our end to proactively prevent this >situation from occurring? I'd love to hear that there was a patch for >LSMTP or LISTSERV that will allow the servers to work around the problem >when many asterisks are recognized in the SMTP banner. > >All I can do on my end is disable any further mail to that domain until >the admin gets their stuff together. Which is rare, and I'm not in a >position to push them around. > >Any info would be appreciated. > >Thanks, >Al Iverson If I recall correctly the SMTP proxy that is built into PIX firewalls mishandles ESMTP transactions and it is that which is causing the problem. If this is the case disabling ESMTP for the domain in question should stop the problem from happening. Here's how you'd do it. 1) From the LSMTP Control program, click on Configure. 2) Click on SMTP Destinations tab. Usually the site in question will not be listed, so click on ADD. Enter the Domain name of the site (e.g. example.com). There are several lines below this with various parameters filled in. The very bottom line however ('Mailer entry name...') will be blank. Enter the domain name here again (e.g. example.com) and click OK. 3) Click the Mailers tab. There are 2 windows. In the upper window, click on ADD. For 'Mailer name' enter the same domain name as you put in the bottom line in the previous (SMTP Destinations) box. (e.g. example.com). Now there are several sub-tabs. The one you want is the "Protocal" tab. Uncheck the "Use the EHLO command..." box. Then click OK and OK again. LSMTP will reload the configuration automatically so it should not be necessary to do any stopping and restarting. (I'm not sure this will affect entries currently in the queue, however, so you may have to manually remove existing queue entries for the affected site.) I generally wouldn't recommend disabling ESMTP for all servers, since that will reduce performance. (LSMTP uses standard ESMTP features like pipelining to speed up mail transactions.) You should still notify the subscriber of what is causing the problem, as the problem is with the noncompliance of their mail proxy and they are likely to experience the same kind of problems with other sites if they do not fix it. It's interesting to go to Cisco's web site to see how the Mailguard feature of PIX firewalls works. Thanks, -- Jacob Haller, Technical Support L-Soft international, Inc http://www.lsoft.com/