Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
10
Helpful
7
Replies

7.22 and SMTP

Go to solution
ashleyw
Level 1
Level 1

‎03-21-2007 03:06 PM - edited ‎03-11-2019 02:50 AM

After installing a new ASA, upgrading to 722, inbound SMTP seemed to be ok. Went on holiday for 2 weeks, when I get back I am told that we have not received emails from Cisco, Microsoft, IBM and other large companies. I blames everyone but the ASA, because emails were coming in, it was not till I did a full debug with /25 filter that I realised the ASA was stopping SMTP from these companies. I ended up with a access-list permitting "ip any any", it made no difference.

I downgraded to 7.06, and bingo, it all works.

Either I did something wrong, I don't think so as no config changes were made after the download, email just started to come in.

Anyone experienced this?

I think it is a bug, the trouble is, all looks ok, till someone tells you they did not receive an expected mail.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acomiskey
Level 10
Level 10

‎03-21-2007 03:12 PM

try this

policy-map global_policy

class inspection_default

no inspect esmtp

View solution in original post

0 Helpful
7 Replies 7

Go to solution
acomiskey
Level 10
Level 10

‎03-21-2007 03:12 PM

try this

policy-map global_policy

class inspection_default

no inspect esmtp

0 Helpful

Go to solution
ashleyw
Level 1
Level 1
In response to acomiskey

‎03-21-2007 03:48 PM

Hi

Tried that, did not work.

I had the config stripped down to bare minimum.

It works fine on 7.06, I am going to upgrade to 7.21 and see what happens.

0 Helpful

Go to solution
vitripat
Level 7
Level 7
In response to ashleyw

‎03-21-2007 03:57 PM

There were few bugs in 7.2 code regarding mails getting dropped/denied:

CSCsh35715, CSCsh33982

However, disabling esmtp inspection should have helped.

Regards,

Vibhor.

Go to solution
ashleyw
Level 1
Level 1
In response to vitripat

‎03-22-2007 01:42 AM

Disabling ESMTP inspection did not do anything.

I have now upgraded to 7.21, the problem is back.

Here is a log message:-

6 Mar 22 2007 08:36:13 106015 144.254.224.140 62.49.103.146 Deny TCP (no connection) from 144.254.224.140/16133 to 62.49.103.146/25 flags ACK on interface outside

The annoying this is I have not changed the configuration.

Note, the IP address is Cisco. It is also bloccking email from our ISP and Microsoft again.

I have disable ESMTP inspection, clear xlate, no change.

0 Helpful

Go to solution
ashleyw
Level 1
Level 1
In response to ashleyw

‎03-22-2007 02:04 AM

I have disabled ESMTP inspection, it appears to be working.

Next step is to upgrade to 7.22 and try again.

As I said before, on 7.06 with inspection, it works, 7.21 it doesn't.

Will keep you udated.

0 Helpful

Go to solution
vitripat
Level 7
Level 7
In response to ashleyw

‎03-22-2007 01:07 PM

If things are working with inspection disabled, then probably you are running into one of the bugs I mentioned earlier. Currently safe bet would be to have inspection disabled, till we have the release fixing the issue.

Regards,

Vibhor.

0 Helpful

Go to solution
ashleyw
Level 1
Level 1
In response to vitripat

‎03-23-2007 02:36 AM

Many thanks Vibhor.

You were spot on.

I take it that I am safe to move up to V7.22?

Kind regards

Ash.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card