disable smtp in ASA Firewall

hi
could anyone tell us ,disable something called SMTP inspections in the ASA firewall. How could we do that
mishalkAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chosmerCommented:
Here ya go...(version 7)

pix(config)#policy-map global_policy
pix(config-pmap)#class inspection_default
pix(config-pmap-c)#no inspect esmtp
pix(config-pmap-c)#exit
pix(config-pmap)#exit
piwowarcCommented:
I assume your_policy_name and your_inspection are the names of your policy and  is your class.

CiscoASA(config)#policy-map your_policy_name
CiscoASA(config-pmap)#class your_inspection
CiscoASA(config-pmap-c)#no inspect esmtp

Could you say something more about your problem? Why are you trying to switch it off? Do you have problems with TLS, common to some people using ASAs?

Cheers
piwowarcCommented:
I didn't see your reply before chosmer, sorry
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

mishalkAuthor Commented:
we are having a problem when users send emails from gmail. they are getting a warning message. So from blogs i came to know that you need to disable this option
send Message ( Connection TIme out) error is showing on the non delivery messages
piwowarcCommented:
It's for almost certain fault of ASA fixup esmtp. Googling shown that it's a common problem with gmail. I assume that your mail client configuration is proper.

I would suggest though to block (if you can, and haven't already) TCP 25 (SMTP) for outgoing connections. It won't affect gmail (it uses TCP 587) and will prevent those nasty spamming bots that may install themselves somewhere in the background. ISP use this method to fight with global spam problem so can you.

Cheers
mishalkAuthor Commented:
that is a cool idea..i will look into it and come back

regards
mishalkAuthor Commented:
hope you understand the issue

when a user from outside our network send a mail using gamil . the mails doesnt recived by our company staff. And the send will get a warning message which i said earlier. You suggest all outgoing message to transfer to another port instead of port 25. But the issue is not sending out from our network to external . The issue is from external user (outside our network) send to our domain name using gmail account
piwowarcCommented:
That makes your problem a bit more clear. I need some more details.

Someone sends an email using gmail to one of people at your company at person@yourdomain.com This person does not receive the email and sender gets an error message on his gmail. Right?

Do you have a local mail sever which hosts  person@yourdomain.com or is it localed outside your company Lan?
mishalkAuthor Commented:
the first question, yes you are right
and the second second question, yes we have a local mail server which host our mails(it is in company lan),
mishalkAuthor Commented:
the sender receive a warning message as follows

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

    username@domain.com

Message will be retried for 2 more day(s)

Technical details of temporary failure:
Unspecified Error (SENT_MESSAGE): Connection timed out
piwowarcCommented:
Does your server receive any mail at all? Does yous ASA have ACL to forward incoming traffic to mail server? I know it's a lot of questions, but more we know, the better we may help

Cheers
mishalkAuthor Commented:
we are getting mails without any issues, but some mails from gmail.com is not receiving and sender get the above warning message , not all the times...
mishalkAuthor Commented:
the mail delivery is as follows

external - asa firewall- firewall 2-antispam device-mail server
piwowarcCommented:
It's not happening all the time.  That's bad, it's more difficult to diagnose that way.

Try switching off esmtp fixup and we'll see if the problem goes away.

I assume your_policy_name and your_inspection are the names of your policy and  is your class.

CiscoASA(config)#policy-map your_policy_name
CiscoASA(config-pmap)#class your_inspection
CiscoASA(config-pmap-c)#no inspect esmtp

And discard my idea about blocking TCP 25. Your mail server uses it to talk with other mail servers.

Blocking TCP 25 is common in ISPs, Universities and companies which has hosted email (not in company LAN).

Cheers

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mishalkAuthor Commented:
hi
i followed your comment and did the changes in the firewall. We will have to monitor ,is the same problem is going to happen again
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.