https://community.cisco.com/t5/network-security/more-smtp-errors-after-installing-new-asa/m-p/888827#M955519 <HTML><HEAD></HEAD><BODY><P>Steve,</P><P></P><P>Thank you for posting this. This resolved my issue with TLS.</P></BODY></HTML> Tue, 01 Jul 2008 19:47:31 GMT markisaac 2008-07-01T19:47:31Z https://community.cisco.com/t5/network-security/more-smtp-errors-after-installing-new-asa/m-p/888825#M955512 <P>Hello,</P><P></P><P>I installed a new ASA5510 in place of our old PIX515E last Thursday night. Since then, our GroupWise server has been showing a significantly higher level of deferred email. The logs are full of messages similar to the excepts I've pasted below. </P><P></P><P>We are at a loss and trying to track down the problem. Do you have any thoughts on what might be happening?</P><P></P><P>Thanks,</P><P>- Steve Kadish</P><P></P><P>02-04-08 21:24:04 0 MSG 32517 Analyzing result file: VCCNW2/GRPWISE:\VCNY_DO\WPGATE\GWIA\result\r7a729cc.049</P><P>02-04-08 21:24:04 0 MSG 32517 Detected error on SMTP command</P><P>02-04-08 21:24:04 0 MSG 32517 Command: aol.com</P><P>02-04-08 21:24:04 0 MSG 32517 Response: 450 Host down (aol.com)</P><P>02-04-08 21:24:04 0 MSG 32518 Analyzing result file: VCCNW2/GRPWISE:\VCNY_DO\WPGATE\GWIA\result\r7a734a1.018</P><P>02-04-08 21:24:04 0 MSG 32518 Detected error on SMTP command</P><P>02-04-08 21:24:04 0 MSG 32518 Command: millerscott.com</P><P>02-04-08 21:24:04 0 MSG 32518 Response: 421 secure00.secure-transact.net: SMTP command timeout - closing connection</P><P></P><P>02-04-08 21:42:42 6 DMN: MSG 32591 Send Failure: 421 calmail.berkeley.edu: SMTP command timeout - closing connection</P><P></P><P>02-04-08 21:56:22 7 DMN: MSG 32624 Send Failure: 450 Host down (hvc.rr.com)</P><P>02-04-08 21:57:11 33 DMN: MSG 32707 Send Failure: 421 Exceeded allowable connection time, disconnecting.</P><P></P> Mon, 11 Mar 2019 11:59:23 GMT https://community.cisco.com/t5/network-security/more-smtp-errors-after-installing-new-asa/m-p/888825#M955512 rstevek 2019-03-11T11:59:23Z https://community.cisco.com/t5/network-security/more-smtp-errors-after-installing-new-asa/m-p/888826#M955516 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>I found the information below in a Cisco.com knowledgebase article. Turning off inspect for ESMTP solved our problem; as soon as it was off, our mail server started sending and receiving the deferred mail. However, I'm not sure what the consequences of turning off the inspection are; could this introduce some other problems or security holes?</P><P></P><P>Thanks,</P><P>- Steve</P><P></P><P>SMTP TLS Configuration </P><P>Note: If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.</P><P></P><P>pix(config)#policy-map global_policy</P><P>pix(config-pmap)#class inspection_default</P><P>pix(config-pmap-c)#no inspect esmtp</P><P>pix(config-pmap-c)#exit</P><P>pix(config-pmap)#exit</P><P></P></BODY></HTML> Tue, 05 Feb 2008 17:31:34 GMT https://community.cisco.com/t5/network-security/more-smtp-errors-after-installing-new-asa/m-p/888826#M955516 rstevek 2008-02-05T17:31:34Z https://community.cisco.com/t5/network-security/more-smtp-errors-after-installing-new-asa/m-p/888827#M955519 <HTML><HEAD></HEAD><BODY><P>Steve,</P><P></P><P>Thank you for posting this. This resolved my issue with TLS.</P></BODY></HTML> Tue, 01 Jul 2008 19:47:31 GMT https://community.cisco.com/t5/network-security/more-smtp-errors-after-installing-new-asa/m-p/888827#M955519 markisaac 2008-07-01T19:47:31Z