Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1308
Views
0
Helpful
0
Comments

SMTP server not accepting the incorrect hostname in the header caused by the ESMTP inspect feature

TCC_2
Level 10
Level 10

‎06-17-2009 10:16 PM - edited ‎03-08-2019 06:02 PM

Core issue

This issue is due to Cisco bug ID CSCsb67119 in the Adaptive Security Appliance (ASA) version 7.1

The Extended Simple Mail Transport Protocol (ESMTP) inspect feature masks the hostname and causes an error when a mailserver is configured to ensure the HELO reply is a valid hostname.

ESMTP fixup has a feature that removes some header information that is not required by the RFCs from the responses. Sometimes this un-required data is used by mail servers to try and limit spam.

For example, mail fails when a user enters the helo command instead of the HELO command. 

The HELO command must be used as stated by the RFC 821 specifications when inspect esmtp is enabled.

For more details, refer to the Managing SMTP and Extended SMTP Inspection section of Applying Application Layer Protocol Inspection.

Resolution

Temporary Workaround

Apply these commands in the ASA configuration in order to disable the hostname fixup.

hostname (config)#policy-map type inspect esmtp testesmtpmap

hostname (config-pmap)#parameters
hostname(config-pmap-p)#no mask-banner

hostname(config)#policy-map global_policy
hostname(config-pmap)#class inspection_default
hostname(config-pmap-c)#no inspect esmtp
hostname(config-pmap-c)#inspect esmtp testesmtpmap

hostname(config)#service-policy global_policy global

Permanent Workaround

This problem has been fixed in ASA version 7.2. Upgrade to ASA version 7.2 in order to solve this issue.

Inorder to download the latest version of ASA software , refer to ASA Software Download .

ASA Software Version

7.2

7.1

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents