03-21-2007 03:06 PM - edited 03-11-2019 02:50 AM
After installing a new ASA, upgrading to 722, inbound SMTP seemed to be ok. Went on holiday for 2 weeks, when I get back I am told that we have not received emails from Cisco, Microsoft, IBM and other large companies. I blames everyone but the ASA, because emails were coming in, it was not till I did a full debug with /25 filter that I realised the ASA was stopping SMTP from these companies. I ended up with a access-list permitting "ip any any", it made no difference.
I downgraded to 7.06, and bingo, it all works.
Either I did something wrong, I don't think so as no config changes were made after the download, email just started to come in.
Anyone experienced this?
I think it is a bug, the trouble is, all looks ok, till someone tells you they did not receive an expected mail.
Solved! Go to Solution.
03-21-2007 03:12 PM
try this
policy-map global_policy
class inspection_default
no inspect esmtp
03-21-2007 03:12 PM
try this
policy-map global_policy
class inspection_default
no inspect esmtp
03-21-2007 03:48 PM
Hi
Tried that, did not work.
I had the config stripped down to bare minimum.
It works fine on 7.06, I am going to upgrade to 7.21 and see what happens.
03-21-2007 03:57 PM
There were few bugs in 7.2 code regarding mails getting dropped/denied:
CSCsh35715, CSCsh33982
However, disabling esmtp inspection should have helped.
Regards,
Vibhor.
03-22-2007 01:42 AM
Disabling ESMTP inspection did not do anything.
I have now upgraded to 7.21, the problem is back.
Here is a log message:-
6 Mar 22 2007 08:36:13 106015 144.254.224.140 62.49.103.146 Deny TCP (no connection) from 144.254.224.140/16133 to 62.49.103.146/25 flags ACK on interface outside
The annoying this is I have not changed the configuration.
Note, the IP address is Cisco. It is also bloccking email from our ISP and Microsoft again.
I have disable ESMTP inspection, clear xlate, no change.
03-22-2007 02:04 AM
I have disabled ESMTP inspection, it appears to be working.
Next step is to upgrade to 7.22 and try again.
As I said before, on 7.06 with inspection, it works, 7.21 it doesn't.
Will keep you udated.
03-22-2007 01:07 PM
If things are working with inspection disabled, then probably you are running into one of the bugs I mentioned earlier. Currently safe bet would be to have inspection disabled, till we have the release fixing the issue.
Regards,
Vibhor.
03-23-2007 02:36 AM
Many thanks Vibhor.
You were spot on.
I take it that I am safe to move up to V7.22?
Kind regards
Ash.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide