02-05-2008 08:28 AM - edited 03-11-2019 04:59 AM
Hello,
I installed a new ASA5510 in place of our old PIX515E last Thursday night. Since then, our GroupWise server has been showing a significantly higher level of deferred email. The logs are full of messages similar to the excepts I've pasted below.
We are at a loss and trying to track down the problem. Do you have any thoughts on what might be happening?
Thanks,
- Steve Kadish
02-04-08 21:24:04 0 MSG 32517 Analyzing result file: VCCNW2/GRPWISE:\VCNY_DO\WPGATE\GWIA\result\r7a729cc.049
02-04-08 21:24:04 0 MSG 32517 Detected error on SMTP command
02-04-08 21:24:04 0 MSG 32517 Command: aol.com
02-04-08 21:24:04 0 MSG 32517 Response: 450 Host down (aol.com)
02-04-08 21:24:04 0 MSG 32518 Analyzing result file: VCCNW2/GRPWISE:\VCNY_DO\WPGATE\GWIA\result\r7a734a1.018
02-04-08 21:24:04 0 MSG 32518 Detected error on SMTP command
02-04-08 21:24:04 0 MSG 32518 Command: millerscott.com
02-04-08 21:24:04 0 MSG 32518 Response: 421 secure00.secure-transact.net: SMTP command timeout - closing connection
02-04-08 21:42:42 6 DMN: MSG 32591 Send Failure: 421 calmail.berkeley.edu: SMTP command timeout - closing connection
02-04-08 21:56:22 7 DMN: MSG 32624 Send Failure: 450 Host down (hvc.rr.com)
02-04-08 21:57:11 33 DMN: MSG 32707 Send Failure: 421 Exceeded allowable connection time, disconnecting.
02-05-2008 09:31 AM
Hi all,
I found the information below in a Cisco.com knowledgebase article. Turning off inspect for ESMTP solved our problem; as soon as it was off, our mail server started sending and receiving the deferred mail. However, I'm not sure what the consequences of turning off the inspection are; could this introduce some other problems or security holes?
Thanks,
- Steve
SMTP TLS Configuration
Note: If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.
pix(config)#policy-map global_policy
pix(config-pmap)#class inspection_default
pix(config-pmap-c)#no inspect esmtp
pix(config-pmap-c)#exit
pix(config-pmap)#exit
07-01-2008 12:47 PM
Steve,
Thank you for posting this. This resolved my issue with TLS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: