Solved

ASA esmtp inspection

Posted on 2013-10-23
9
532 Views
Last Modified: 2013-10-26
Hi

My mail server is behind a Cisco asa version 9.
I cannot send mail when esmtp inspection is enable on firewall using ports 465.
My question is how can I get e-mail working with esmtp inspection enabled as it now using having a firewall when security feature are disabled.
Please help someone
0
Comment
Question by:ciscosupp
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596383
In ASDM you are able to create  custom ESMTP rule "map".

Please look at the picture I created for you.
asa-esmtp.png
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596427
My personal advice - disable emstp inspection
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596461
fgasimzade: I think the topic starter does know that disabling works but would like to use this security feature.

Disabling this feature is the "lazy" approach. When you want to enforce strict security ESMTP  inspection is a real good enforcement tool.

But with everything you enforce you will get extra support tickets when someone does not get through. That is why logging is very important!
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:ciscosupp
ID: 39596748
thanks fgasimzade

how can I do it via command line and what must I change
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596821
conf t
policy-map global_policy
 class inspection_default
no inspect esmtp
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39596832
0
 

Author Comment

by:ciscosupp
ID: 39596844
mean thanks  henkva

how can I create a custom ESMTP rule via command line
0
 

Author Comment

by:ciscosupp
ID: 39596847
ok thanks for link will check it out
0
 

Author Comment

by:ciscosupp
ID: 39603154
policy-map type inspect esmtp tls-esmtp
parameters
allow-tls
inspect esmtp tls-esmtp


works perfect
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question