SMTP Greeting

[floyd]

When I telnet to my mail server on port 587 inside or outside my network I get:

220 super2.newwebsite.com ESMTP Exim 4.67 Tue, 25 May 2010 08:27:15 -0400

When I telnet to my mail server on port 25 inside my network I get:

220 super2.newwebsite.com ESMTP Exim 4.67 Tue, 25 May 2010 08:27:15 -0400

When I telnet to my mail server on port 25 from outseide my network I get:

220 ******************************

Why do I get all stars when outside the network?



.

 

[ranz]

I haven't seen this before - but it could be related to how your smtp_active_hostname is bound. Perhaps your hostname is bound to your internal network in your exim config?

Check out $smtp_active_hostname and your smtp_banner strings in your config file.

 

[floyd]

The internal network is still a public ip. I am not running any private networks.

# Specify your host's canonical name here. This should normally be the
# fully qualified "official" name of your host. If this option is not 
# set, the uname() function is called to obtain the name. In many cases
# this does the right thing and you need not set anything explicitly. 

# primary_hostname =
smtp_banner = super2.newwebsite.com

Inside the data center the greeting works properly. From outside the data center I get the stars. So I thinking there is a router or something that is screwing with this. But I have never encountered it before and I cannot seem to find much on google.

I do not know if it is normal or if it interferes with email delivery. I have a problem with email delivery on a cpanel server on my network but none of the directadmin servers seem to have a problem. So I am inclined to believe it is a cpanel server problem. But still the 220 ***** greeting is a little disturbing. I get it on directadmin servers too. The example I posted is a directadmin server.

Here is another example from a linux machine here at home:

[root@localhost ~]# telnet 74.117.232.11 25
Trying 74.117.232.11...
Connected to super2.newwebsite.com (74.117.232.11).
Escape character is '^]'.
220 *********************

Then another machine on the same network:

[root@server ~]# telnet 74.117.232.11 25
Trying 74.117.232.11...
Connected to super2.newwebsite.com (74.117.232.11).
Escape character is '^]'.
220 super2.newwebsite.com

 

[ranz]

it is puzzling, I'm wondering if it maybe something to do with resolving the hostname? I would have thought exim just prints the string value - but perhaps it tries to resolve it. sometimes resolving from internal vs external IPs - like you said could be a route issue.

Try all the route commands to check all your route permissions, dns settings etc, even try nmap -r.

I have read somewhere in exim that a lot of asterisks means that it's an exim way of panic. Not sure what that actually really means, and can't seem to find the link off-hand.

 

[nobaloney]

@Floyd:

Your two code blocks are the same; was that a typo.

Have you tried copying an exim binary from a good machine to a bad one?

Just to see?

Jeff

 

[nobaloney]

Forget my previous post; that's what happens when you take someone else's word that google can't find it. Disable the smtp protocol fixup feature in your Cisco PIX firewall (old.nabble.com).

Typed smtp greeting all asterisks into google, and clicked on I'm Feeling Lucky.



Jeff

 

[floyd]

It can happen on ASA routers as well. http://community.spiceworks.com/topic/32099

 

[floyd]

http://www.exim.org/exim-html-4.40/doc/html/FAQ_0.html#TOC78

 

[ranz]

well we were on the money with our perception it was something to do with routes.

 

[nobaloney]

Yes, and here's the relative Q&A from the faq that Floyd posted:

Q0053: Exim on my host responds to a connection with 220 *****... and won't understand EHLO commands.

A0053: This is the sign of a Cisco Pix “Mailguard” sitting in front of your MTA. Pix breaks ESMTP and only does SMTP. It is a nuisance when you have a secure MTA running on your box. Something like ``no fixup protocol smtp 25'' in the Pix configuration is needed. It may be possible to do this by logging into the Pix (using telnet or ssh) and typing no fixup smtp to its console. (You may need to use other commands before or after to set up configuration mode and to activate a changed configuration. Consult your Pix documentation or expert.) See also Q0078.

and

Q0078: Exim is logging the unknown SMTP command XXXX from my client hosts, and they are unable to authenticate.

A0078: This is a sign of a Cisco PIX firewall getting in the way. It does not support ESMTP, and turns EHLO commands into XXXX. You should configure the Pix to leave SMTP alone; see Q0053 for how to do this.