small logo

melfneerg.com

 - 'cos life is like that


[Blog]  [Pictures]  [Links]  [About
About the Author
Tudor Davies

author Tudor is a techie turned manager who fights like mad to keep his tech skills honed and relevant. Everything from web hosting, networking, *nix and the like. Constantly developing and co-ordinating with others to make the web a better (and easier to use) place.

Cisco ASA vs SMTP

Wednesday, 16th Apr 2014  Posted @ 08:39

Had a weird problem at work over the past couple of days.

We currently run a tiered mail cleaning system for some of our customers and we are in the process of retiring one of the tiers as we have improved the efficiency and resilience of the front end.

This meant that instead of mail being sent from the front end to the back end and then to the customer mail server, it goes to the customer mail server directly from the front end. We did the switch over and saw traffic flowly quite nicely.

And then the outgoing queue started growing. Gradually. And only with large emails (.5Mb+). So we reversed the change and started investigating.

Some crafty google searching led to this page. So I jumped on the customers managed ASA and checked the inspection profiles. ESMTP was enabled. Once change request later, it is disabled, the front end server is pointed to the customers mail server again and all email (regardless of size) now gets delivered.

Under ASDM, it can be disabled by Configuration -> Firewall -> Service Policy Rules -> inspection_default -> Rule Actions - uncheck ESMTP -> Apply

[ 1 comments : Add | Read ]

Tweet




layout and initial css based on the Qtractor page