SMTP Blocked outbound ESMTP/TLS fix ASA/PIX

Hello,

glad you are here. I first discovered this when I checked my Windows Exchange SMTP logs and had seen errors in the SMTP log like this:

Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-03-20 05:57:35
#Fields: time c-ip cs-method cs-uri-stem sc-status
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 EHLO – 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 STARTTLS – 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 EHLO – 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 AUTH – 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 MAIL – 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 RCPT – 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 DATA – 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 – - 0
05:57:35 63.208.196.178 QUIT – 0
05:57:35 63.208.196.178 – - 0
05:58:04 63.208.196.178 – - 0
05:58:04 63.208.196.178 EHLO – 0
05:58:04 63.208.196.178 – - 0
05:58:04 63.208.196.178 STARTTLS – 0
05:58:04 63.208.196.178 – - 0

=========================

so what I did was this in CONFIG T mode I typed:

Cisco Firewall disabling TLS initiation by default

I have found my Cisco ASA 5510 is masking out STARTTLS initiation because of the SMTP packet inspection. This is enabled by default.

How to enable the firewall to start TLS on ESMTP sessions;

Option one;

policy-map type inspect esmtp esmtp_map
parameters
allow-tls [action log]

Option two;

no fixup protocol smtp 25

yeah!!!!!!!!!!!!!!!!!! mail is leaving outbound now!!!!!!!!!

This entry was posted on March 20, 2009 at 12:04 am and is filed under ESMTP over TLS email blocking issue fix . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

IT Daddy Blog for CCNP