Inbound emails being denied

jerry.orlando · ‎05-20-2009

Inbound emails are down. Outbound works.

the ASA 5510 shows this in the log.

Deny tcp src outside:209.252.33.110/38723 dst inside:63.243.80.11/25 by access-group "inside_access_out" [0x0, 0x0]

One minute everything was ok then it stopped working.

In the inside interface(incoming rules), i have a rule that states (source) email server name (destination) any (service) smtp (action) permit.

In the outside interface(incoming rule), i have a rule that states.. (source) any (destination) public ip of email server (service) smtp (action) permit.

Any ideas?

thanks

darkbeatzz · ‎05-20-2009

From the mail server/appliance can you telnet to a destination server on port 25? Is DNS working ok on the server

darkbeatzz · ‎05-20-2009

From the mail server/appliance can you telnet to a destination server on port 25? Is DNS working ok on the server/mail appliance

jerry.orlando · ‎05-20-2009

Here's an update. On the outside interface incoming rules...i changed the service from SMTP to ANY and emails started flowing in.

But it has always worked the the way. Why would it stop working now?

handsy · ‎05-20-2009

There is nearly always a cause for these problems.

Have you checked around the time this issue occurred for anything strange in the ASA syslog events?

Was the IOS upgraded?

Did someone add/remove a command?

Did you check 'show service-policy' and see if 'inspect esmtp' drops was incrementing?