03-21-2007 03:06 PM - edited 03-11-2019 02:50 AM
After installing a new ASA, upgrading to 722, inbound SMTP seemed to be ok. Went on holiday for 2 weeks, when I get back I am told that we have not received emails from Cisco, Microsoft, IBM and other large companies. I blames everyone but the ASA, because emails were coming in, it was not till I did a full debug with /25 filter that I realised the ASA was stopping SMTP from these companies. I ended up with a access-list permitting "ip any any", it made no difference.
I downgraded to 7.06, and bingo, it all works.
Either I did something wrong, I don't think so as no config changes were made after the download, email just started to come in.
Anyone experienced this?
I think it is a bug, the trouble is, all looks ok, till someone tells you they did not receive an expected mail.
Solved! Go to Solution.
03-21-2007 03:12 PM
try this
policy-map global_policy
class inspection_default
no inspect esmtp
03-21-2007 03:12 PM
try this
policy-map global_policy
class inspection_default
no inspect esmtp
03-21-2007 03:48 PM
Hi
Tried that, did not work.
I had the config stripped down to bare minimum.
It works fine on 7.06, I am going to upgrade to 7.21 and see what happens.
03-21-2007 03:57 PM
There were few bugs in 7.2 code regarding mails getting dropped/denied:
CSCsh35715, CSCsh33982
However, disabling esmtp inspection should have helped.
Regards,
Vibhor.
03-22-2007 01:42 AM
Disabling ESMTP inspection did not do anything.
I have now upgraded to 7.21, the problem is back.
Here is a log message:-
6 Mar 22 2007 08:36:13 106015 144.254.224.140 62.49.103.146 Deny TCP (no connection) from 144.254.224.140/16133 to 62.49.103.146/25 flags ACK on interface outside
The annoying this is I have not changed the configuration.
Note, the IP address is Cisco. It is also bloccking email from our ISP and Microsoft again.
I have disable ESMTP inspection, clear xlate, no change.
03-22-2007 02:04 AM
I have disabled ESMTP inspection, it appears to be working.
Next step is to upgrade to 7.22 and try again.
As I said before, on 7.06 with inspection, it works, 7.21 it doesn't.
Will keep you udated.
03-22-2007 01:07 PM
If things are working with inspection disabled, then probably you are running into one of the bugs I mentioned earlier. Currently safe bet would be to have inspection disabled, till we have the release fixing the issue.
Regards,
Vibhor.
03-23-2007 02:36 AM
Many thanks Vibhor.
You were spot on.
I take it that I am safe to move up to V7.22?
Kind regards
Ash.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: