cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6314
Views
0
Helpful
7
Replies

ASA 5505 SMTP problem

Richard.Green
Level 1
Level 1

Hi, I have recently purchased an ASA 5505 v7.2(2), and have been unable to send SMTP through it. The effect of the problem seems similar to other postings I've read, where disabling fixup/inspect esmtp resolves the problem. I've done this, but to no avail. When sending mail (using NAT) the ASA appears to hijack the session, and firstly block the SMTP banner, before issuing 'quit'

e.g.

Fri 2007-07-27 10:44:24: Waiting for protocol to start...

Fri 2007-07-27 10:44:24: <-- 220-*********************************************************************

Fri 2007-07-27 10:44:24: <-- *****************************************************************

Fri 2007-07-27 10:44:24: --> QUIT

If I telnet to port 25 through the ASA and issue the SMTP commands myself, it seems to work fine even though the banner is blanked out by stars (so I'm not sure if this points to the problem being something else) however I do occasionally get 'I don't understand that?' answers from our SMTP server, when I know I've issued the correct command.

I have raised this with the re-seller, however they have advised that it is a hardware problem, and that we should replace the ASA. I don't believe that this is the case, has anybody experianced similar problems, or is able to offer any advice?

Many thanks.

Richard

7 Replies 7

anandramapathy
Level 3
Level 3

We have the same version running but do not have any issues.

Does your PAT server IP have a reverse Lookup DNS Record ?

Hi, Thanks for the reply.

Yes, I'm PAT'ing

Outside/25 (194.221.215.98) -- 172.20.254.1/25

I'm using addresses within virtualsupplychain.com. There is a reverse pointer on 194.221.21.98 pointing to this domain.

info
Level 1
Level 1

Hi Richard,

You can use the following command:

no fixup protocol smtp 25

If this does not work you can try it with de ASDM -> Configuration -> Security policy -> Security policy rule -> edit the Global, Policy. Rule actions -> clear ESMTP.

That should do it.

Hi,

I've used :

no fixup protocol smtp 25

and

no inspect protocol smtp 25

but this doesn't seem to have affected the problem. I'm going to post a show config in this thread, which might be of interest.

Thanks for your help

Richard

bob.bartlett
Level 1
Level 1

1. Can you post your configuration of the ASA on here?

2. Can you try to telnet to your Mail server from the outside and post your responses?

Make sure you protect your passwords and other critical information.

Hi Bob,

Thanks for the reply. I've attached a show config as well as a test smtp session. These sometimes wrok fine, and sometimes connectivity sppears to be lost as in the case attached.

The last response logged on the mail server was 'sender ok'. the mail server appears to have not received the rest of the session data.

Thanks,

Richard

Is the problem affecting both inbound and outbound traffic?

To mee it looks like some kind of hardware problem. You can check the logfile on the ASA and interface error counters for clues. Verify host and ASA switchport configurations and statistics.

Review Cisco Networking for a $25 gift card