Issue with ESMTP Inspect on ASA and Sophos appliance

Unanswered Question
Jul 8th, 2009
User Badges:

Anyone ever experienced an issue where your Sophos appliance that sits behind the ASA firewall cannot make a TLS connection outbound due to the ESMTP inspect option?

I don't want to disable it entirely. Is there a way to create a policy map to disable ESMTP inspection for just the Sophos appliances?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
drolemc Wed, 07/15/2009 - 05:32
User Badges:
  • Silver, 250 points or more

If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

pix(config)#policy-map global_policy

pix(config-pmap)#class inspection_default

pix(config-pmap-c)#no inspect esmtp




This Discussion