M1XEP - Email failing after upgrade to 1.2.2


Hey folks,

I'm hoping some can shed some light on this. I recently upgraded the firmware on the elk and all components (a bad move in hindsight). A few things are not working and one of them is the ability to properly send emails via the ethernet expander.

I did some sniffer traces and grabbed logs from the server perspective and the problem is that the M1XEP's initial response to the server's helo is to respond with XXXX instead of a valid command. I've tried both with and without authentication and both have the same issue.

Any ideas? Here's the output from the logs, some info masked:

2006-10-01 20:26:32 <public ip of M1XEP> - SMTPSVC1 ANM04 0 xxxx - +<domain>.com 500 0 32 17 0 SMTP - - - -

2006-10-01 20:26:32 <public ip of M1XEP> - SMTPSVC1 ANM04 0 QUIT - - 240 234 32 17 125 SMTP - - - -

The sniffer trace backs up the fact that the M1XEP is actually sending "XXXX domain.com" as the response to the mail server. It should be sending HELO domain.com.


Call ELK technical Monday. There has been alot of enhancements recently to the email software.
Spanky, since vancek is running the current version, can we take this to mean a new version is near release?
Hi Spanky,

By "alot of enhancements ", did you mean bugs? :D Just kidding.

I contacted support on Monday. I spoke with a couple people and got a call back from Amy. She sent me the 1.2.3 beta code, but that didn't fix it. I haven't received any additional suggestions.

Any other ideas? I'm happy to help troubleshoot this if there's anything I can help with.

Hello Spanky and all,

Thanks to assistance from Elk Support, this problem was not an Elk issue at all, it was a firewall issue on my end. Essentially, the change was that the M1XEP now attempts to use the EHLO verbs instead of leading with the HELO sequence.

I did some more digging and realized the firewall on my home network still had the SMTP fixup enabled. What this does is only allows the valid SMTP commands based on the original RFC. This is to prevent unknown vulnerabilities and buffer overflows in that stack. Anyway, I had it disabled on my office firewall, but not on my home firewall, so the EHLO command, which wasn't part of the original RFC, was getting stripped and the session torn down.

I disabled the fixup on my home firewall and everything is working perfectly. It was not an Elk issue at all, as you probably suspected. ;-)

I do have one more slight issue that might be related to the M1XEP. I've been using the web interface to arm and disarm to trigger the emails while testing. Twice now, the web interface will not be in sync with the keypads. What I mean is, the web interface showed that the system was armed, but the keypads showed it as disarmed. I even closed and reopened all browser windows, same thing. I entered my code and the web interface showed disarmed and the keypads showed disarmed as well. Pretty strange. Its not a huge deal and I'm not sure if this is a change with the upgrade or not, since I didn't use the web interface very much before. Just curious.

Thanks again to Elk for their excellent support and helping to get me out of my own way!

yes, i'd greatly appreciate details on this. I still haven't gotten my emails working. I've done the basic stuff that everyone's been saying, but I've had some other, more urgent stuff come up that's prevented me from contacting Elk Tech support during the day to get more guidance.
I work with Vance and he either has a PIX or a low end Cisco router with the firewall feature set. Can't remember which, but both have the SMTP fixups that cause this type of issue.
Hey Guys,

Sorry for the slow response. I have a Cisco PIX (version 6.x) at the office and a Cisco 1800 series router running the IOS firewall feature set at home.

The command in question on the PIX is:

fixup protocol smtp 25

on the router it is:

ip inspect name FW smtp timeout 3600

In the newer versions of code, they've added additional commands to handle the fixups on the ESMTP protocol. This has the advantage of properly handling those connections while still providing the advanced security that the fixups are intended to provide.

Hope this helps.