How to solve SMTP-AUTH errors on Postfix (or any other mailserver) behind a Cisco PIX firewall

You have configured authentication on outgoing mail (SMTP-AUTH) on your mailserver (postfix, in this case) and it works great. But when you put it on production, the users complain because they can’t send emails.

What do you do? You try to follow the communication step by step. That is, you telnet to port 25 and follow step by step the authentication. The conversation goes like this (the lines beginning with “->” are written by me, without the “->” part):

[email protected]:~$ telnet smtp.example.com 25
Trying 1.2.3.4...
Connected to smtp.example.com.
Escape character is '^]'.
220 smtp.example.com ESMTP server ready
-> EHLO example.com
250-smtp.example.com
250 AUTH CRAM-MD5 DIGEST-MD5
-> AUTH FOOBAR
504 Unrecognized authentication type.
-> AUTH CRAM-MD5
334 PENCeUxFREJoU0NnbmhNWitOMjNGNndAZWx3b29kLmlubm9zb2Z0LmNvbT4=
-> ZnJlZCA5ZTk1YWVlMDljNDBhZjJiODRhMGMyYjNiYmFlNzg2ZQ==
235 Authentication successful.


Everything is fine… Then you tell the customer to do the same, but he says he can’t see the line “220 smtp.example.com ESMTP server ready”, and he only sees a bunch of asterisks. You try it yourself, and it’s true… Plus, it doesn’t recognise the AUTH command!!


[email protected]:~$ telnet smtp.example.com 25
Trying 1.2.3.4...
Connected to smtp.example.com.
Escape character is '^]'.
220*******************************************************0*2******0***********************
2002*******2***0*00
-> EHLO example.com
250-smtp.example.com
250 AUTH CRAM-MD5 DIGEST-MD5
-> AUTH FOOBAR
500 5.5.2 Error: bad syntax
-> AUTH CRAM-MD5
500 5.5.2 Error: bad syntax

What’s going on? Why this difference? It seems the answer is pretty simple…

Cisco Systems puts on every PIX router a protocol to avoid attacks and increase security. These protocols intercept every command sent to the server ant translate them, as a proxy. This protocol is called MailGuard, and only accept basic SMTP command, not the extended ESMTP ones, making it incompatible with SMTP-AUTH. So the only way to make SMTP-AUTH work is to disable it.

That’s an easy thing to do, because the command is pretty simple, connected to the PIX telnet port:

no fixup protocol smtp 25
write mem

The difficult part is to realise someone is messing around communications… But once you’ve discovered it, problem solved!

Using Kubuntu 9.10, or any linux distribution, from a USB device

A year ago we explained how to use Kubuntu 8.10 from a USB device. Now, a year later, I was in the same situation, but with Kubuntu 9.10 instead. And since then we’ve made some steps.

Ubuntu itself brings an application to make a USB device boots Ubuntu. In the panel there is the application “K-> Applications -> System -> USB Startup Disk Creator” (o also with /usr/bin/usb-creator-kde command), which is very simple

We choose the ISO file, we choose the USB drive, and we click “Make a boot disk”. We wait a while and then we can boot from this pendrive.

But this only works for Ubuntu… What about the other distros? Well, there is the application unetbootin, which does the same with all linux distributions (wel, at least with a bunch of them).

Here we choose distribution, the ISO file, drive to write, and it handles everything.

Obviously, this ony works from linux. If you want to do the same from windows, you should ask for advise to our friends at pendrivelinux

Fighting SPAM in blog comments: Mollom

Sometimes, the amount of work you have pending doesn’t allow you to update your blog. You won’t event visit it. Then, a rabid spammers horde comes, with an unhealthy lust for flooding your blog selling Viagra, Cialis and this kind of shit. This has been exactly the case of this blog. Result? Above 350.000 commercial comments, a full database, nobody could add comments since months ago… a mess.

I’ve deleted the comments to start over. But five minutes later there were 20 new SPAM comments! Obviously, I should do something to prevent this from happening…

So I’ve added Mollom to the blog. Apart from being “capicua” (they call it a palindrome) it is powerful: it analyzes the text, and if any SPAM suspicion is raised, then it asks for a CAPTCHA. Since then, there are no SPAM comments on this blog.

Installation has been very easy. First you should register into the website mollom.com, and add a new site (Site manager -> Add new site). We choose “Mollom free” and then we answer the four questions asked. The next step, we’ll be given two keys to put in our blog after.

Once this is done, it comes the part of our site. We download the module from the mollom project at drupal.org,, we uncompress it into the Drupal modules folder, and we activate it at “Administer -> Site building -> Modules”. Once activated, we go to the configuration part (Administer -> Site configuration -> Mollom) and there we put the keys we’ve been given before, and we configure when we want to activate the antispam filter.

Et voilà! It’s running! We killed SPAM in 5 minutes.