Solved

ASA esmtp inspection

Posted on 2013-10-23
9
527 Views
Last Modified: 2013-10-26
Hi

My mail server is behind a Cisco asa version 9.
I cannot send mail when esmtp inspection is enable on firewall using ports 465.
My question is how can I get e-mail working with esmtp inspection enabled as it now using having a firewall when security feature are disabled.
Please help someone
0
Comment
Question by:ciscosupp
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596383
In ASDM you are able to create  custom ESMTP rule "map".

Please look at the picture I created for you.
asa-esmtp.png
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596427
My personal advice - disable emstp inspection
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596461
fgasimzade: I think the topic starter does know that disabling works but would like to use this security feature.

Disabling this feature is the "lazy" approach. When you want to enforce strict security ESMTP  inspection is a real good enforcement tool.

But with everything you enforce you will get extra support tickets when someone does not get through. That is why logging is very important!
0
 

Author Comment

by:ciscosupp
ID: 39596748
thanks fgasimzade

how can I do it via command line and what must I change
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596821
conf t
policy-map global_policy
 class inspection_default
no inspect esmtp
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39596832
0
 

Author Comment

by:ciscosupp
ID: 39596844
mean thanks  henkva

how can I create a custom ESMTP rule via command line
0
 

Author Comment

by:ciscosupp
ID: 39596847
ok thanks for link will check it out
0
 

Author Comment

by:ciscosupp
ID: 39603154
policy-map type inspect esmtp tls-esmtp
parameters
allow-tls
inspect esmtp tls-esmtp


works perfect
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
A short film showing how OnPage and Connectwise integration works.
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now