SMTP Failing with V8.03

Unanswered Question
Dec 10th, 2007

I have two PIX 515's running in failover mode that were just upgraded to ver 8.03 from v 7.11.

Ever since the upgrade on Friday the PIX will work fine for about 10-15 hours. Then all of a sudden no one on my network can send mail? I have confirmed that when this happens my mail server (sitting on the outside of my network - so mail passes outbound on the PIX before getting to the mail server) does not see the attempt to send the email as it is not getting past the PIX.

The only thing that seems to get it going is a reset of the FW's.

Any ideas would be great.

Dave

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

MY understanding of this is. If your mail servers are running esmtp, the the inspect can be considered important by removing the ability for some of the extra command to be blocked by the firewall.

You could actually leave the inspection on but apply this via a policy map and not inspect esmtp for mail servers known to have problems sending to you.

You indicated your mail server is on the outside network, so if it recieves mail from the internet and then delivers it to an inside mail host you could disable inspection. If you have mail coming from the internet inside (not stricly via that server) then look to apply a policy map inspecting traffic according to the addresses you wish to inspect.

HTH

Tim

davecisco Mon, 12/10/2007 - 17:41

My mail server is on the outside but it is also used only for sending mail. That is also the only issue that I have, sending mail. Receiving is fine. Then I take the inspect esmtp off and it all works.

The strange thing is, if the inspect ESMTP is on , everything works fine for 10 hours or so, then clients call in complaining sending mail stopped working????

Dave

Actions

This Discussion