When configured, Cisco's PIX Mailguard (SMTP fixup) allows only the seven SMTP minimum-required commands as described in Section 4.5.1 of RFC 821. These seven minimum-required commands are: HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. Other commands, such as STARTTLS, KILL, WIZ, and so forth, are intercepted by the PIX and they are never sent to the mail server on the inside of your network. The PIX responds with an OK even to denied commands to prevent senders of disallowed commands from determining if the commands succeeded.
Original Purpose of MailguardSendmail versions of the late 1980's had remote vulnerabilities related to seldom-used commands, such as the WIZ command. The infamous 1988 Morris Worm used the WIZ command to gain access to vulnerable servers, spreading rapidly throughout the nascent Internet. Cisco's Mailguard attempts to protect against attacks using obscure SMTP commands by limiting the SMTP commands passed through the firewall to the absolute minimum set required to send email in the early-mid 1990's. Today, the obscure commands used to break into systems in the late 1980's, and which Mailguard was designed to filter, are no longer supported in popular emails servers.
Mailguard in Today's Email InfrastructureIn the years that passed since, the SMTP standard has changed significantly from the days when the minimum set of commands permitted by Mailguard was considered state-of-the-art. Activating Mailguard would prevent the use of all modern features of SMTP, leading to interoperability problems, performance degradation, and significantly reduced security.
Incompatible with Modern Email Servers (MTAs)Mailguard has been found to be incompatible with the default configurations of Microsoft Exchange, Lotus Domino/Notes, and postfix, which together make up the overwhelming majority of the email server market. While in some cases modifications can be made to reduce the command set used by the modern email servers to the commands supported by Mailguard, doing so comes at a price, including reduced security.
Disables SMTP Security ProtocolRather than increasing email security, Mailguard actually decreases email security by preventing the use of the common STARTTLS command. This command tells an email server to use SSL/TLS encryption to secure the communications between the servers, thus securing the communications between the mail servers from at least passive eavesdroppers. The use of STARTTLS is equivalent to https URLs in web browsers used to secure http traffic between customers and their banks. Just as it would undermine web security if a firewall were to only permit communications using http, but not https, Mailguard's blocking of STARTTLS prevents the most significant security enhancement to the SMTP protocol since SMTP's inception from being used. PGP Universal uses STARTTLS to secure SMTP connections and the passwords sent over SMTP.
Interoperability with postfixPGP Universal uses the standard postfix mail sever. Since Mailguard corrupts messages between the postfix mail server and other mail servers with which PGP Universal's mail server communicates, the email flow is impacted.
|Note: PGP Corporation recommends that Mailguard (SMTP fixup) be disabled.|