Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
3
Replies

SMTP Failing with V8.03

vanagon2tdi
Level 1
Level 1

‎12-10-2007 08:33 AM - edited ‎03-11-2019 04:41 AM

I have two PIX 515's running in failover mode that were just upgraded to ver 8.03 from v 7.11.

Ever since the upgrade on Friday the PIX will work fine for about 10-15 hours. Then all of a sudden no one on my network can send mail? I have confirmed that when this happens my mail server (sitting on the outside of my network - so mail passes outbound on the PIX before getting to the mail server) does not see the attempt to send the email as it is not getting past the PIX.

The only thing that seems to get it going is a reset of the FW's.

Any ideas would be great.

Dave

Labels:
0 Helpful
3 Replies 3

vanagon2tdi
Level 1
Level 1

‎12-10-2007 03:40 PM

So if I take out the command:

inspect esmtp

Then email starts to work??

http://www.ciscotaccc.com/security/showcase?case=K68595168

So now I am wondering how important is the ESMTP inspect, and should I be worried that I am not using it now?

Dave

0 Helpful

timkaye
Level 1
Level 1
In response to vanagon2tdi

‎12-10-2007 04:44 PM

MY understanding of this is. If your mail servers are running esmtp, the the inspect can be considered important by removing the ability for some of the extra command to be blocked by the firewall.

You could actually leave the inspection on but apply this via a policy map and not inspect esmtp for mail servers known to have problems sending to you.

You indicated your mail server is on the outside network, so if it recieves mail from the internet and then delivers it to an inside mail host you could disable inspection. If you have mail coming from the internet inside (not stricly via that server) then look to apply a policy map inspecting traffic according to the addresses you wish to inspect.

HTH

Tim

0 Helpful

vanagon2tdi
Level 1
Level 1
In response to timkaye

‎12-10-2007 05:41 PM

My mail server is on the outside but it is also used only for sending mail. That is also the only issue that I have, sending mail. Receiving is fine. Then I take the inspect esmtp off and it all works.

The strange thing is, if the inspect ESMTP is on , everything works fine for 10 hours or so, then clients call in complaining sending mail stopped working????

Dave

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card