alleycatcomp
MIS
I just wanted to let everyone know of a solution to an smtp routing issues I was having today....
With Cisco ASA and esmtp inspection enabled with an Exchange 2003 server behind the ASA, I was having problems sending & receiving emails.
I am running 8.3.2 on an ASA 5510, however this should apply to the 7.x ios and other ASA models as well. It should also apply to all versions of Microsoft Exchange, 2003, 2007 & 2010.
Incoming emails were either being delayed or not be received.
Outgoing emails were either being delayed or not being sent.
The Exchange SMTP logs were showing:
For Incoming emails:
dsn=4.0.0, stat=Deferred: 451 Timeout waiting for client input
For outgoing emails:
421+4.4.2+mtain-dl02.r1000. <domain name here> +Error:+timeout+exceeded
In addition, a number of incoming emails were being received with the body stripped out, and replaced simply with:
<<< No Message Collected >>>
Very troubling....
Solution:
Solution is to do a 'no inspect esmtp' on the global_policy_map.
The esmtp inspection is the replacement for the notorious fixup on PIX devices.
Hoping this helps someone else...
Here's the code:
CiscoASA(config)# policy-map global_policy
CiscoASA(config-pmap)# class inspection_default
CiscoASA(config-pmap-c)# no inspect esmtp
CiscoASA(config-pmap-c)# exit
CiscoASA(config-pmap)# exit
With Cisco ASA and esmtp inspection enabled with an Exchange 2003 server behind the ASA, I was having problems sending & receiving emails.
I am running 8.3.2 on an ASA 5510, however this should apply to the 7.x ios and other ASA models as well. It should also apply to all versions of Microsoft Exchange, 2003, 2007 & 2010.
Incoming emails were either being delayed or not be received.
Outgoing emails were either being delayed or not being sent.
The Exchange SMTP logs were showing:
For Incoming emails:
dsn=4.0.0, stat=Deferred: 451 Timeout waiting for client input
For outgoing emails:
421+4.4.2+mtain-dl02.r1000. <domain name here> +Error:+timeout+exceeded
In addition, a number of incoming emails were being received with the body stripped out, and replaced simply with:
<<< No Message Collected >>>
Very troubling....
Solution:
Solution is to do a 'no inspect esmtp' on the global_policy_map.
The esmtp inspection is the replacement for the notorious fixup on PIX devices.
Hoping this helps someone else...
Here's the code:
CiscoASA(config)# policy-map global_policy
CiscoASA(config-pmap)# class inspection_default
CiscoASA(config-pmap-c)# no inspect esmtp
CiscoASA(config-pmap-c)# exit
CiscoASA(config-pmap)# exit