We have recently upgraded the firmware on our ASA 5510 to V7.2(1) and have had some issues with this Inspect ESMTP command.
Prior to the upgrade, it used to Terminate SMTP connections that it considered Malicious, which was fine as it appeared to be mostly SPAM anyways.
Now that it is upgraded, the Inspect ESMTP has now blocked some legitmate emails from being received AS WELL AS being sent. There have been a number of emails from our Clients that have supposedly been sent and we have no trace of them entering our network and some of our Users have sent emails to Clients that have bounced back with an NDR status of 4.4.7. Now while I assumed it was a problem with the Remote site's mail server... there were too many NDR's coming back from all different servers, and as soon as I turned off the Inspect ESMTP on the ASA everything has returned to normal.
My question is how can I log exactly what the inspect esmtp command is doing? And what are the filters it is using?
I am aware of some bugs regarding the inspect esmtp, and had been given 7.2(1.17) from Cisco which resolved the issue of our ASA reloading automatically, but it has not resolved this issue.
I had considered running a later version of the ASA software, but reading the release notes there are potential VPN issues that I may face, and VPN stability is of a higher priority to us than this esmtp inspection. If there is anything else that can be suggested I would appreciate it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...