Shando1971
asked on
asa 5540 unable to send or receive emails
Asa 5540 version 7.0(7) in front of exchange 2003 enterprise with the latest service pack, and GFI antispam box, queue builds up almost on daily basis, and we have to reload the firewall in order the get the email flowing, it works for a day then it happens again.
no changes have happened since this started , we have relay taken care of already long time ago and we are good in that aspect. Also, smtp fixup is unchecked on the firewall.
I'm the only administrator in the company, I have not made any changes for the past 6 months not even patching the exchange server. and everything was working fine until 4-5 days ago.
no changes have happened since this started , we have relay taken care of already long time ago and we are good in that aspect. Also, smtp fixup is unchecked on the firewall.
I'm the only administrator in the company, I have not made any changes for the past 6 months not even patching the exchange server. and everything was working fine until 4-5 days ago.
ASKER
N toolbox says, smtp reverse banner ok.
What do you mean by fully disabled?
What do you mean by fully disabled?
If you telnet in to port 25 on the server from a host external to your network, then do an ehlo you should get back a banner, and not an error.
Furthermore the verbs that are listed should not have any XXX in them. If they do, then the feature is still enabled.
Simon.
Furthermore the verbs that are listed should not have any XXX in them. If they do, then the feature is still enabled.
Simon.
ASKER
Sorry, I couldn't reply back sooner, we had a death in the family.
when I try to connect to our mx records' ip address from outside, i got "Could not open connection to the host, on port 25", if I do smtp test on mxtoolbox i get "
Connecting to 173.161.x.y
220 server.companyname.com Microsoft ESMTP MAIL Service, Version: 7.5.7601.17514 ready at Sun, 23 Mar 2014 23:23:36 -0400 [617 ms]
EHLO MXTB-PWS3.mxtoolbox.com
250-server.companyname.com
when I try to connect to our mx records' ip address from outside, i got "Could not open connection to the host, on port 25", if I do smtp test on mxtoolbox i get "
Connecting to 173.161.x.y
220 server.companyname.com Microsoft ESMTP MAIL Service, Version: 7.5.7601.17514 ready at Sun, 23 Mar 2014 23:23:36 -0400 [617 ms]
EHLO MXTB-PWS3.mxtoolbox.com
250-server.companyname.com
The fact that you are getting errors would tend to suggest that all is not well with the configuration of SMTP.
You need to do a telnet test so that you can see the full list of verbs when you do an ehlo.
You should get something back like this:
220 host.example.com Microsoft ESMTP MAIL Service ready at Mon, 24 Mar 2014 11
:28:03 +0000
ehlo
250-desktop.example.com Hello [192.168.1.101]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW
Simon.
You need to do a telnet test so that you can see the full list of verbs when you do an ehlo.
You should get something back like this:
220 host.example.com Microsoft ESMTP MAIL Service ready at Mon, 24 Mar 2014 11
:28:03 +0000
ehlo
250-desktop.example.com Hello [192.168.1.101]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW
Simon.
ASKER
do it from a workstation on the network you mean?
ASKER
I got the following from inside the network;
250-server.mydomain.com Hello [192.168.6.x]
250-AUTH NTLM LOGIN
250-AUTH=LOGIN
250-TURN
250-SIZE 81920000
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK
250-server.mydomain.com Hello [192.168.6.x]
250-AUTH NTLM LOGIN
250-AUTH=LOGIN
250-TURN
250-SIZE 81920000
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK
Inside is no good, you need to test from an external host.
It should come back identical to what you have just posted.
Simon.
It should come back identical to what you have just posted.
Simon.
ASKER
when I try to connect to our mx records' ip address from outside, i got "Could not open connection to the host, on port 25", if I do smtp test on mxtoolbox i get "
Connecting to 173.161.x.y
Connecting to 173.161.x.y
That would tend to suggest that you have some kind of problem with the SMTP delivery - as it works internally that points the finger at the Cisco device.
Simon.
Simon.
ASKER
So, how can I fix the issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, thank you.
ASKER
Hi,
any Cisco firewall experts can take a look at this please?
any Cisco firewall experts can take a look at this please?
You will need to ask a new question in the Cisco zone, no one new will look at this question now - it doesn't work like a forum.
Simon.
Simon.
ASKER
ok, thank you.
Use one of the external services like mxtoolbox to confirm the SMTP banner. That will allow you to confirm if it is getting in the way or not.
Simon.