ASA 5510 + CSC smtp relay denied

Unanswered Question


We have an ASA 5510 in a working setup with an inside, outside an dmz. Lately we installed a CSC module and we redirect the smtp traffic through the module to do spam and virus filtering. Whenever we try to send mail we get a relay access denied from the ASA to the local exchange server. The exchange server is supposed to deliver the mail through the ASA to a second mailserver in another subnet (I.E. from inside to dmz). When I remove the csc-class from the global policy the mail is accepted fine. I even disabeled all the SMTP scanning options through the management interface, but it keeps saying "relay access denied" and no entries appear in the CSC log.

Any ideas?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
GRAEME DANIELSON Sun, 02/10/2008 - 10:24

I've always had the CSC do inspection on the outside. You specify your email domain so it knows which email addresses are local and gives it a concept of incoming vs. outgoing email. If you then have it inspecting traffic between two servers inside that domain (you say between inside and dmz?) then maybe it's getting confused?

I would try doing the csc inspect on the outside interface.


This Discussion