Cisco ASA, Exchange, MessageLabs and Inspect ESTMP don’t play nicely

Our Exchange Guru, Ben, was responding to a call about missing emails.  After a bit of searching through logs he noticed consistant time out errors on the mail relay from MessageLabs. The MessageLabs logs were also showing constant retries to the mail relay.

Time to blame the Firewall ….

Now, I knew that Cisco PIX  ‘fixup protocol smtp’ caused Exchange to suffer horribly until it was disabled, but couldn’t find any offical word on the ASA 8.21 doing the same.

We still had the ESMTP filter in place, as part of Cisco’s Modular Policy Framework . I removed the “inspect esmtp” statement from our global_policy map and instantly the problems disappeared.

CiscoAsa(config)#class inspection_default

CiscoAsa(config-pmap-c)# no inspect ESMTP

Hum Ho.

Reply now | Feed

1 Comment

  1. #144
    Adam :

    Dec 3, 2009 1:42 pm |

    Interesting stuff, sounds very similar to a problem I am having. Will check the firewall and see if it’s doing that.

Leave a Reply


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Wp Logo Theme: Guangzhou
Home