Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASA esmtp inspection

Posted on 2013-10-23
9
Medium Priority
?
552 Views
Last Modified: 2013-10-26
Hi

My mail server is behind a Cisco asa version 9.
I cannot send mail when esmtp inspection is enable on firewall using ports 465.
My question is how can I get e-mail working with esmtp inspection enabled as it now using having a firewall when security feature are disabled.
Please help someone
0
Comment
Question by:ciscosupp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596383
In ASDM you are able to create  custom ESMTP rule "map".

Please look at the picture I created for you.
asa-esmtp.png
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596427
My personal advice - disable emstp inspection
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596461
fgasimzade: I think the topic starter does know that disabling works but would like to use this security feature.

Disabling this feature is the "lazy" approach. When you want to enforce strict security ESMTP  inspection is a real good enforcement tool.

But with everything you enforce you will get extra support tickets when someone does not get through. That is why logging is very important!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ciscosupp
ID: 39596748
thanks fgasimzade

how can I do it via command line and what must I change
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596821
conf t
policy-map global_policy
 class inspection_default
no inspect esmtp
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 2000 total points
ID: 39596832
0
 

Author Comment

by:ciscosupp
ID: 39596844
mean thanks  henkva

how can I create a custom ESMTP rule via command line
0
 

Author Comment

by:ciscosupp
ID: 39596847
ok thanks for link will check it out
0
 

Author Comment

by:ciscosupp
ID: 39603154
policy-map type inspect esmtp tls-esmtp
parameters
allow-tls
inspect esmtp tls-esmtp


works perfect
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question