Solved

ASA esmtp inspection

Posted on 2013-10-23
9
539 Views
Last Modified: 2013-10-26
Hi

My mail server is behind a Cisco asa version 9.
I cannot send mail when esmtp inspection is enable on firewall using ports 465.
My question is how can I get e-mail working with esmtp inspection enabled as it now using having a firewall when security feature are disabled.
Please help someone
0
Comment
Question by:ciscosupp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596383
In ASDM you are able to create  custom ESMTP rule "map".

Please look at the picture I created for you.
asa-esmtp.png
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596427
My personal advice - disable emstp inspection
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596461
fgasimzade: I think the topic starter does know that disabling works but would like to use this security feature.

Disabling this feature is the "lazy" approach. When you want to enforce strict security ESMTP  inspection is a real good enforcement tool.

But with everything you enforce you will get extra support tickets when someone does not get through. That is why logging is very important!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ciscosupp
ID: 39596748
thanks fgasimzade

how can I do it via command line and what must I change
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39596821
conf t
policy-map global_policy
 class inspection_default
no inspect esmtp
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39596832
0
 

Author Comment

by:ciscosupp
ID: 39596844
mean thanks  henkva

how can I create a custom ESMTP rule via command line
0
 

Author Comment

by:ciscosupp
ID: 39596847
ok thanks for link will check it out
0
 

Author Comment

by:ciscosupp
ID: 39603154
policy-map type inspect esmtp tls-esmtp
parameters
allow-tls
inspect esmtp tls-esmtp


works perfect
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question