Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
5
Helpful
7
Replies

Config ASA for outgoing emails from exchange server inside

Go to solution
Eddie3
Level 1
Level 1

‎01-26-2023 02:29 PM

Hi,

We have an ASA configured as shown in the attached PDF w/topology included. We are using an Exchange email server. We can receive emails, however, outgoing emails seem to just go nowhere. All other traffic seems to pass without issue. What am I missing from our config.

Thanks,

Eddie

Preview file
107 KB
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to Eddie3

‎01-27-2023 10:03 AM 

policy-map type inspect esmtp _default_esmtp_map
 description Default ESMTP policy-map
 parameters
  mask-banner
  no mail-relay
  no special-character
  allow-tls
 match cmd line length gt 512
  drop-connection log
 match cmd RCPT count gt 100
  drop-connection log
 match body line length gt 998
  log
 match header line length gt 998
  drop-connection log
 match sender-address length gt 320
  drop-connection log
 match MIME filename length gt 255
  drop-connection log
 match ehlo-reply-parameter others
  mask

I find this policy for SMTP or ESMTP inspection, 
try this config.  

View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2023 02:36 PM

try Disable ESMTP  and test

https://www.petenetlive.com/KB/Article/0000536

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Eddie3
Level 1
Level 1
In response to balaji.bandi

‎01-26-2023 03:01 PM

Hi BB,

That ESMTP issue has already been fixed in the ASA version I am running. See it in the config i included as:

policy-map type inspect esmtp tls-esmtp
parameters
allow-tls

Thanks for trying though.

Ed

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Eddie3

‎01-26-2023 03:10 PM

I am sure your provider not blocking anything.

ok how about capturing debug and seeing what is the capture shows? and also try packet-tracer.

due to large ACL - I will review and let you now any of my findings.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Eddie3

‎01-27-2023 10:03 AM 

policy-map type inspect esmtp _default_esmtp_map
 description Default ESMTP policy-map
 parameters
  mask-banner
  no mail-relay
  no special-character
  allow-tls
 match cmd line length gt 512
  drop-connection log
 match cmd RCPT count gt 100
  drop-connection log
 match body line length gt 998
  log
 match header line length gt 998
  drop-connection log
 match sender-address length gt 320
  drop-connection log
 match MIME filename length gt 255
  drop-connection log
 match ehlo-reply-parameter others
  mask

I find this policy for SMTP or ESMTP inspection, 
try this config.  

0 Helpful

Go to solution
Eddie3
Level 1
Level 1
In response to MHM Cisco World

‎01-28-2023 03:48 PM

I have temporarily removed the esmtp inspection to eliminate it as a possible issue. Still cannot send any emails out. Hope that helps narrow it a bit, so we can concentrate on it being some other issue that has been missed.

Thanks,

Ed

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Eddie3

‎01-28-2023 03:52 PM

have you enabled debug and capture what is wrong?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Eddie3

‎01-29-2023 01:52 AM

if you run ESTMP with TLS then I think disable the inspection will not work, 
try my suggestion above and check again 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card