Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
2
Replies

Inspect ESMTP

pjscott13
Level 1
Level 1

‎01-05-2009 07:41 PM - edited ‎03-09-2019 09:56 PM

We have recently upgraded the firmware on our ASA 5510 to V7.2(1) and have had some issues with this Inspect ESMTP command.

Prior to the upgrade, it used to Terminate SMTP connections that it considered Malicious, which was fine as it appeared to be mostly SPAM anyways.

Now that it is upgraded, the Inspect ESMTP has now blocked some legitmate emails from being received AS WELL AS being sent. There have been a number of emails from our Clients that have supposedly been sent and we have no trace of them entering our network and some of our Users have sent emails to Clients that have bounced back with an NDR status of 4.4.7. Now while I assumed it was a problem with the Remote site's mail server... there were too many NDR's coming back from all different servers, and as soon as I turned off the Inspect ESMTP on the ASA everything has returned to normal.

My question is how can I log exactly what the inspect esmtp command is doing? And what are the filters it is using?

Labels:
0 Helpful
2 Replies 2

edadios
Cisco Employee
Cisco Employee

‎01-05-2009 10:02 PM

I suggest you instead run the later 7.2.4 code, as there are known esmtp issues on the code 7.2.1.

You can use the bug search tool to find some of them.

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

Regards,

0 Helpful

pjscott13
Level 1
Level 1
In response to edadios

‎01-06-2009 02:36 PM

I am aware of some bugs regarding the inspect esmtp, and had been given 7.2(1.17) from Cisco which resolved the issue of our ASA reloading automatically, but it has not resolved this issue.

I had considered running a later version of the ASA software, but reading the release notes there are potential VPN issues that I may face, and VPN stability is of a higher priority to us than this esmtp inspection. If there is anything else that can be suggested I would appreciate it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents