Solved

ASA esmtp inspection

Posted on 2013-10-23
9
544 Views
Last Modified: 2013-10-26
Hi

My mail server is behind a Cisco asa version 9.
I cannot send mail when esmtp inspection is enable on firewall using ports 465.
My question is how can I get e-mail working with esmtp inspection enabled as it now using having a firewall when security feature are disabled.
Please help someone
0
Comment
Question by:ciscosupp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596383
In ASDM you are able to create  custom ESMTP rule "map".

Please look at the picture I created for you.
asa-esmtp.png
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596427
My personal advice - disable emstp inspection
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596461
fgasimzade: I think the topic starter does know that disabling works but would like to use this security feature.

Disabling this feature is the "lazy" approach. When you want to enforce strict security ESMTP  inspection is a real good enforcement tool.

But with everything you enforce you will get extra support tickets when someone does not get through. That is why logging is very important!
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:ciscosupp
ID: 39596748
thanks fgasimzade

how can I do it via command line and what must I change
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596821
conf t
policy-map global_policy
 class inspection_default
no inspect esmtp
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39596832
0
 

Author Comment

by:ciscosupp
ID: 39596844
mean thanks  henkva

how can I create a custom ESMTP rule via command line
0
 

Author Comment

by:ciscosupp
ID: 39596847
ok thanks for link will check it out
0
 

Author Comment

by:ciscosupp
ID: 39603154
policy-map type inspect esmtp tls-esmtp
parameters
allow-tls
inspect esmtp tls-esmtp


works perfect
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month3 days, 13 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question