Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1935
Views
0
Helpful
2
Replies

Asa5505 still obfuscating mail banner with no inspect esmtp

beowulfs
Level 1
Level 1

‎12-05-2009 11:13 PM - edited ‎03-11-2019 09:45 AM

I've tried it all.  no inspect esmtp.  no policy map.  inspect esmtp tls with banner obfuscate off. i'm out of ideas.  i always get 220 ******** when telnetting to mail server from outside.  tried 8.2.1.11 and 8.0.5.  any ideas?

exchange 2010

cable modem -> asa5505 -> sa540 (router mode) -> mail server via static map policy for port 25 on asa5505

internal same subnet and different subnets works fine.  works fine across site to site vpn.  just get stupid banner when i access from outside.

policy map nat ip address is different than outside interface address.  have other policy nats using 443 an 80 and they work fine.

help.  thanks.

Labels:
0 Helpful
2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

‎12-11-2009 09:23 AM

Without ESMTP inspection the ASA should not proxy for SMTP.

Can you do a packet capture in and out https://supportforums.cisco.com/docs/DOC-1222 and see if indeed the ASA proxies and changes these smtp packets?

PK

0 Helpful

beowulfs
Level 1
Level 1

‎12-11-2009 11:59 AM

It turns out the servers / pc's was testing from were behind asa's with inspect esmtp turned on. there was nothing wrong with my asa's, for future reference.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card