Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
2
Replies

More SMTP errors after installing new ASA

rstevek
Level 1
Level 1

‎02-05-2008 08:28 AM - edited ‎03-11-2019 04:59 AM

Hello,

I installed a new ASA5510 in place of our old PIX515E last Thursday night. Since then, our GroupWise server has been showing a significantly higher level of deferred email. The logs are full of messages similar to the excepts I've pasted below.

We are at a loss and trying to track down the problem. Do you have any thoughts on what might be happening?

Thanks,

- Steve Kadish

02-04-08 21:24:04 0 MSG 32517 Analyzing result file: VCCNW2/GRPWISE:\VCNY_DO\WPGATE\GWIA\result\r7a729cc.049

02-04-08 21:24:04 0 MSG 32517 Detected error on SMTP command

02-04-08 21:24:04 0 MSG 32517 Command: aol.com

02-04-08 21:24:04 0 MSG 32517 Response: 450 Host down (aol.com)

02-04-08 21:24:04 0 MSG 32518 Analyzing result file: VCCNW2/GRPWISE:\VCNY_DO\WPGATE\GWIA\result\r7a734a1.018

02-04-08 21:24:04 0 MSG 32518 Detected error on SMTP command

02-04-08 21:24:04 0 MSG 32518 Command: millerscott.com

02-04-08 21:24:04 0 MSG 32518 Response: 421 secure00.secure-transact.net: SMTP command timeout - closing connection

02-04-08 21:42:42 6 DMN: MSG 32591 Send Failure: 421 calmail.berkeley.edu: SMTP command timeout - closing connection

02-04-08 21:56:22 7 DMN: MSG 32624 Send Failure: 450 Host down (hvc.rr.com)

02-04-08 21:57:11 33 DMN: MSG 32707 Send Failure: 421 Exceeded allowable connection time, disconnecting.

Labels:
0 Helpful
2 Replies 2

rstevek
Level 1
Level 1

‎02-05-2008 09:31 AM

Hi all,

I found the information below in a Cisco.com knowledgebase article. Turning off inspect for ESMTP solved our problem; as soon as it was off, our mail server started sending and receiving the deferred mail. However, I'm not sure what the consequences of turning off the inspection are; could this introduce some other problems or security holes?

Thanks,

- Steve

SMTP TLS Configuration

Note: If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

pix(config)#policy-map global_policy

pix(config-pmap)#class inspection_default

pix(config-pmap-c)#no inspect esmtp

pix(config-pmap-c)#exit

pix(config-pmap)#exit

0 Helpful

markisaac
Level 1
Level 1
In response to rstevek

‎07-01-2008 12:47 PM

Steve,

Thank you for posting this. This resolved my issue with TLS.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card