01-05-2009 07:41 PM - edited 03-09-2019 09:56 PM
We have recently upgraded the firmware on our ASA 5510 to V7.2(1) and have had some issues with this Inspect ESMTP command.
Prior to the upgrade, it used to Terminate SMTP connections that it considered Malicious, which was fine as it appeared to be mostly SPAM anyways.
Now that it is upgraded, the Inspect ESMTP has now blocked some legitmate emails from being received AS WELL AS being sent. There have been a number of emails from our Clients that have supposedly been sent and we have no trace of them entering our network and some of our Users have sent emails to Clients that have bounced back with an NDR status of 4.4.7. Now while I assumed it was a problem with the Remote site's mail server... there were too many NDR's coming back from all different servers, and as soon as I turned off the Inspect ESMTP on the ASA everything has returned to normal.
My question is how can I log exactly what the inspect esmtp command is doing? And what are the filters it is using?
01-05-2009 10:02 PM
I suggest you instead run the later 7.2.4 code, as there are known esmtp issues on the code 7.2.1.
You can use the bug search tool to find some of them.
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
Regards,
01-06-2009 02:36 PM
I am aware of some bugs regarding the inspect esmtp, and had been given 7.2(1.17) from Cisco which resolved the issue of our ASA reloading automatically, but it has not resolved this issue.
I had considered running a later version of the ASA software, but reading the release notes there are potential VPN issues that I may face, and VPN stability is of a higher priority to us than this esmtp inspection. If there is anything else that can be suggested I would appreciate it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide