<<< No Message Collected >>> || esmtp inspection

[alleycatcomp]

I just wanted to let everyone know of a solution to an smtp routing issues I was having today....


With Cisco ASA and esmtp inspection enabled with an Exchange 2003 server behind the ASA, I was having problems sending & receiving emails.

I am running 8.3.2 on an ASA 5510, however this should apply to the 7.x ios and other ASA models as well. It should also apply to all versions of Microsoft Exchange, 2003, 2007 & 2010.


Incoming emails were either being delayed or not be received.

Outgoing emails were either being delayed or not being sent.


The Exchange SMTP logs were showing:


For Incoming emails:

dsn=4.0.0, stat=Deferred: 451 Timeout waiting for client input

For outgoing emails:

421+4.4.2+mtain-dl02.r1000. <domain name here> +Error:+timeout+exceeded


In addition, a number of incoming emails were being received with the body stripped out, and replaced simply with:

<<< No Message Collected >>>


Very troubling....


Solution:

Solution is to do a 'no inspect esmtp' on the global_policy_map.

The esmtp inspection is the replacement for the notorious fixup on PIX devices.

Hoping this helps someone else...


Here's the code:

CiscoASA(config)# policy-map global_policy
CiscoASA(config-pmap)# class inspection_default
CiscoASA(config-pmap-c)# no inspect esmtp
CiscoASA(config-pmap-c)# exit
CiscoASA(config-pmap)# exit

 

[58sniper]

Yep - that's a known issue. Always recommend disabling any SMTP inspection at the firewall, and allowing the server to handle it. Glad you got it resolved.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/