Re: Mail Guard

austin0824 · ‎09-29-2008

We had power maintenance last weekend and had to shutdown our 6513 switch. When we powered up, we discovered we could no longer send and receive emails to external users. Microsoft came in to say we had a problem with the mailguard on our firewall module. How do I deal with that? Cisco documentations say we should disable mailguard. If right, how do I do this?

abinjola · ‎09-29-2008

no fixup protocol smtp

marcaccini · ‎06-17-2010

is it possible to keep the mailguard smtp inspection enabled but to bypass for specific hosts?

David White · ‎06-17-2010

Hi Matt,

Yes, you can apply any inspection to match any traffic defined in an ACL. However, I would disagree in the previous poster that disabling mail inspection is the correct course of action.

If you want to inspect email traffic just to a mail server at 10.1.1.1, the configuration you would use is below:

access-list email extended permit tcp any host 10.1.1.1 eq smtp
!
class-map email-class
match access-list email
!
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect h323 h225 omar
inspect h323 ras
class email-class
inspect esmtp
!
service-policy global_policy global

Sincerely,

David.