Enabling firewall on 806 kills outbound email

[paleogryph]

I use my Cisco 806 router as a gateway via cable modem. I have enabled the firewall on my Cisco 806 router using the "Cisco Router Web Setup". After doing so, I can no longer send email out using either Outlook or Pocomail. At first I thought it was just a problem with Pocomail, then I tried Outlook and got similar results. I can get my mail (POP3) but SMTP is nogo. The Cisco 806 firewall is blocking outgoing mail. As soon as I turn off the firewall on the router I can then send mail out no problem. For now I have done that and am using Zonealarm as a firewall.

Do I have to enable a SMTP server access through the firewall for this to work? I can't imagine why because I'm simply trying to send mail via SMTP.

Any ideas will be greatly appreciated.

 

[CiscoGod]

The problem is that Cisco's CBAC firewall does not support ESMTP and it tagging the sessions as bad smtp commands. CBAC only supports SMTP and it's valid 7 commands. Just take out the SMTP in your "My Firewall" CBAC config and you should be able to get out okay with no problem. Cisco plans on supporting the ESMTP on later revisions just not anytime soon.

Check out the article:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_qanda_item09186a008009464d.shtml

Cisco_King

 

[paleogryph]

Thanks for the link.
Your advice was correct.
I never knew there was an ESMTP...

Also saw the the article about the flaw with the "ip inspect" command. See:

http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml

I am now able to send mail out. I corrected the firewall settings by removing the ip inspect for smtp as follows:

"no ip inspect name myfw smtp"