Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

More SMTP errors after installing new ASA

Hello,

I installed a new ASA5510 in place of our old PIX515E last Thursday night. Since then, our GroupWise server has been showing a significantly higher level of deferred email. The logs are full of messages similar to the excepts I've pasted below.

We are at a loss and trying to track down the problem. Do you have any thoughts on what might be happening?

Thanks,

- Steve Kadish

02-04-08 21:24:04 0 MSG 32517 Analyzing result file: VCCNW2/GRPWISE:\VCNY_DO\WPGATE\GWIA\result\r7a729cc.049

02-04-08 21:24:04 0 MSG 32517 Detected error on SMTP command

02-04-08 21:24:04 0 MSG 32517 Command: aol.com

02-04-08 21:24:04 0 MSG 32517 Response: 450 Host down (aol.com)

02-04-08 21:24:04 0 MSG 32518 Analyzing result file: VCCNW2/GRPWISE:\VCNY_DO\WPGATE\GWIA\result\r7a734a1.018

02-04-08 21:24:04 0 MSG 32518 Detected error on SMTP command

02-04-08 21:24:04 0 MSG 32518 Command: millerscott.com

02-04-08 21:24:04 0 MSG 32518 Response: 421 secure00.secure-transact.net: SMTP command timeout - closing connection

02-04-08 21:42:42 6 DMN: MSG 32591 Send Failure: 421 calmail.berkeley.edu: SMTP command timeout - closing connection

02-04-08 21:56:22 7 DMN: MSG 32624 Send Failure: 450 Host down (hvc.rr.com)

02-04-08 21:57:11 33 DMN: MSG 32707 Send Failure: 421 Exceeded allowable connection time, disconnecting.

2 REPLIES
New Member

Re: More SMTP errors after installing new ASA

Hi all,

I found the information below in a Cisco.com knowledgebase article. Turning off inspect for ESMTP solved our problem; as soon as it was off, our mail server started sending and receiving the deferred mail. However, I'm not sure what the consequences of turning off the inspection are; could this introduce some other problems or security holes?

Thanks,

- Steve

SMTP TLS Configuration

Note: If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

pix(config)#policy-map global_policy

pix(config-pmap)#class inspection_default

pix(config-pmap-c)#no inspect esmtp

pix(config-pmap-c)#exit

pix(config-pmap)#exit

New Member

Re: More SMTP errors after installing new ASA

Steve,

Thank you for posting this. This resolved my issue with TLS.

393
Views
0
Helpful
2
Replies