Mail Guard

Unanswered Question
Sep 29th, 2008
User Badges:

We had power maintenance last weekend and had to shutdown our 6513 switch. When we powered up, we discovered we could no longer send and receive emails to external users. Microsoft came in to say we had a problem with the mailguard on our firewall module. How do I deal with that? Cisco documentations say we should disable mailguard. If right, how do I do this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
marcaccini Thu, 06/17/2010 - 06:12
User Badges:

is it possible to keep the mailguard smtp inspection enabled but to bypass for specific hosts?

David White Thu, 06/17/2010 - 07:30
User Badges:
  • Cisco Employee,

Hi Matt,


Yes, you can apply any inspection to match any traffic defined in an ACL.  However, I would disagree in the previous poster that disabling mail inspection is the correct course of action.


If you want to inspect email traffic just to a mail server at 10.1.1.1, the configuration you would use is below:



access-list email extended permit tcp any host 10.1.1.1 eq smtp
!
class-map email-class
match access-list email
!
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect h323 h225 omar
  inspect h323 ras
class email-class
  inspect esmtp
!
service-policy global_policy global


Sincerely,


David.

Actions

This Discussion