SMTP Blocked outbound ESMTP/TLS fix ASA/PIX

Hello,

glad you are here. I first discovered this when I checked my Windows Exchange SMTP logs and had seen errors in the SMTP log like this:

Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-03-20 05:57:35
#Fields: time c-ip cs-method cs-uri-stem sc-status
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 EHLO – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 STARTTLS – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 EHLO – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 AUTH – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 MAIL – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 RCPT – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 DATA – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 – – 0
05:57:35 63.208.196.178 QUIT – 0
05:57:35 63.208.196.178 – – 0
05:58:04 63.208.196.178 – – 0
05:58:04 63.208.196.178 EHLO – 0
05:58:04 63.208.196.178 – – 0
05:58:04 63.208.196.178 STARTTLS – 0
05:58:04 63.208.196.178 – – 0

=========================

so what I did was this in CONFIG T mode I typed:

Cisco Firewall disabling TLS initiation by default

I have found my Cisco ASA 5510 is masking out STARTTLS initiation because of the SMTP packet inspection. This is enabled by default.

How to enable the firewall to start TLS on ESMTP sessions;

Option one;

policy-map type inspect esmtp esmtp_map
parameters
allow-tls [action log]

Option two;

no fixup protocol smtp 25

yeah!!!!!!!!!!!!!!!!!! mail is leaving outbound now!!!!!!!!!

Advertisements

3 Responses to “SMTP Blocked outbound ESMTP/TLS fix ASA/PIX”

  1. Just wanted to say thanks…. Just switched out my old PIX 515e with a ASA 5505 and I use all TLS encrypted email. I was so frustrated… then came along this post.

    WORKS!!!!

  2. Thanks for the post. Had this issue, your post led me to the answer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: