Disabling ESMTP - Firepower

fuy5 · ‎05-03-2021

I'm trying to setup email encryption and we use Barracuda Email Security Gateway. It appears outbound encrypted emails are not going through because of ESMTP on Firepower. Is there a workaround instead of disabling it completely?

fuy5 · ‎06-02-2021

Just wanted to throw this back to the top. If there's no workaround, can someone please explain to me the consequences from disabling ESMTP? Is it worth disabling ESMTP for email encryption?

Marvin Rhoads · ‎06-07-2021

Are you sure it's the esmtp ALG that's giving you problems? I recently had a customer with Barracuda and Firepower who was having problems. It turned out their on-premise server wasn't setup to use TLS 1.2 and Barracuda discontinued support of TLS 1.0 several months back. Changing the TLS settings on the server side fixed their issue.

fuy5 · ‎06-07-2021

Yes. Barracuda support was contacted and one of their engineers stated that it's the esmtp that's preventing their email encryption plugin from working. They verified TLS 1.2 is setup and working as it should.

Chakshu Piplani · ‎06-07-2021

By default on my device I didn't see esmtp being enabled.

You can check on yours by running command by doing SSH to FTD

> show running-config policy-map

You can disable/enable esmtp using the following command:

> configure inspection esmtp disable 
Building configuration...
Cryptochecksum: b5e5234b 216d8639 a2eee0be ee671d42 

5745 bytes copied in 0.90 secs
[OK]
>

you can read more about it here as the concept remains same in both ASA and FTD.

Regards,

Chakshu

Do rate helpful posts.

fuy5 · ‎06-07-2021

Yes we checked ours when this was a known issue and ours is enabled.