Issue with ESMTP Inspect on ASA and Sophos appliance

Unanswered Question
Jul 8th, 2009

Anyone ever experienced an issue where your Sophos appliance that sits behind the ASA firewall cannot make a TLS connection outbound due to the ESMTP inspect option?

I don't want to disable it entirely. Is there a way to create a policy map to disable ESMTP inspection for just the Sophos appliances?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
drolemc Wed, 07/15/2009 - 05:32

If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

pix(config)#policy-map global_policy

pix(config-pmap)#class inspection_default

pix(config-pmap-c)#no inspect esmtp

pix(config-pmap-c)#exit

pix(config-pmap)#exit

Actions

This Discussion