cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4573
Views
5
Helpful
3
Replies

Disabling ESMTP inspection in Firepower

Sam Pragash
Level 1
Level 1

Hi,

 

I am getting the below log in my mail server while sending mails.

 

Jun 25 15:52:39 xxxxxxx postfix/smtpd[12595]: disconnect from localhost[127.0.0.1]
Jun 25 15:52:39 xxxxxxx postfix/qmgr[12566]: 32204DF9FE: from=<root@-----.org>, size=602, nrcpt=1 (queue active)
Jun 25 15:52:39 xxxxxxx postfix/smtp[12599]: 32204DF9FE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for xxx.xxx.xxx.xxx[]:25
Jun 25 15:52:40 xxxxxxx postfix/smtp[12599]: 32204DF9FE: to=<jexxx@----.co.-->, relay=xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]:25, delay=1, delays=0.05/0/0.59/0.4, dsn=5.7.1, status=bounced (host xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] said: 554 5.7.1 <jexxx@----.co.-->: Relay access denied (in reply to RCPT TO command))

 

Any help on how to disable ESMTP in FirePOWER?

3 Replies 3

Rahul Govindan
VIP Alumni
VIP Alumni

IF you are using ASA with Firepower services, this would be disabled on the ASA (LINA) CLI using the following commands:

 

policy-map global_policy
class inspection_default
no inspect esmtp

 

If using Firepower threat Defense (FTD), then you would have to make use of Flexcofnfig to push this change to the LINA side.

 

1) Edit the Flex config text object "disableInspectProtocolList" with esmtp

flex-text.PNG

2) Create a new Flex Config Policy and append the "Default_Inspection_Protocol_Disable" Flexconfig object to it. 

flex-object.PNG

3) Deploy to device. 

 

Note: Esmtp inspection was already disabled on my FTD device. 

 

Nikolaj Pabst
Level 5
Level 5

Hi Sam,

An easy way would be to just use the following:

>configure inspection esmtp disable

If you are running pure FTD.

/Nikolaj

gogi99
Level 1
Level 1

 how i configure no esmtp inspect with the FDM on my firepower 1120

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: