cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1860
Views
0
Helpful
1
Replies
Highlighted
Beginner

<<< No Message Collected >>> || esmtp inspection

I just wanted to let everyone know of a solution to an smtp routing issues I was having today....

With Cisco ASA and esmtp inspection enabled with an Exchange 2003 server behind the ASA, I was having problems sending & receiving emails.

I am running 8.3.2 on an ASA 5510, however this should apply to the 7.x ios and other ASA models as well. It should also apply to all versions of Microsoft Exchange, 2003, 2007 & 2010.

Incoming emails were either being delayed or not be received.

Outgoing emails were either being delayed or not being sent.

The Exchange SMTP logs were showing:

For Incoming emails:

dsn=4.0.0, stat=Deferred: 451 Timeout waiting for client input

For outgoing emails:

421+4.4.2+mtain-dl02.r1000. <domain name here> +Error:+timeout+exceeded

In addition, a number of incoming emails were being received with the body stripped out, and replaced simply with:

<<< No Message Collected >>>

Very troubling....

Solution:

Solution is to do a 'no inspect esmtp' on the global_policy_map.

The esmtp inspection is the replacement for the notorious fixup on PIX devices.

Hoping this helps someone else...

Here's the code:

CiscoASA(config)# policy-map global_policy
CiscoASA(config-pmap)# class inspection_default
CiscoASA(config-pmap-c)# no inspect esmtp
CiscoASA(config-pmap-c)# exit
CiscoASA(config-pmap)# exit

1 REPLY 1
Beginner

Re: <<< No Message Collected >>> || esmtp inspection

esmtp inspection protects against SMTP-based attacks by restricting the types of SMTP commands that can pass through the ASA. What you did, removes this functionality and lowers the security. When the inspection was enabled, did you look at the output of 'show service-policy' to see if there were any drops for esmtp inspection? If there were, you need to figure out what traffic is non compliant.

Admin,

Voipesec Network Solutions

http://www.voipesec.com