Cisco ASA firewall Mailguard feature and Exchange Server

Cisco Mailguard feature is to sanitizes SMTP traffic. This features is turned on by default, and can cause some SMTP traffic to be dropped for security reason.

Symptoms:

You cannot receive Internet-based e-mail messages.
You cannot send e-mail messages with attachments.
You cannot establish a telnet session with the Microsoft Exchange server on port 25.
When you send an EHLO command to the Exchange server, you receive a “Command unrecognized” or an “OK” response.
You cannot send or receive mail on specific domains.
Problems with Post Office Protocol version 3 (POP3) authentication – 550 5.7.1 relaying denied from local server.
Problems with duplicate e-mail messages being sent (sometimes five to six times).
You receive duplicate incoming Simple Mail Transfer Protocol (SMTP) messages.
Microsoft Outlook clients or Microsoft Outlook Express clients report an 0x800CCC79 error when trying to send e-mail.
There are problems with binary mime (8bitmime). You receive the following text in a non-delivery report (NDR):
554 5.6.1 Body type not supported by Remote Host.
There are problems with missing or garbled attachments.
There are problems with the link state routing between routing groups when a Cisco PIX or Cisco ASA firewall device is between the routing groups.
The X-LINK2STATE verb is not passed.
There are authentication problems between servers over a routing group connector.

To determine whether Mailguard is running on your Cisco PIX or Cisco ASA firewall, Telnet to the IP address of the MX record, and then verify whether the response looks similar to the following:

220*******************************************************0*2******0*********************** 2002*******2***0*00

Solution:

ASA-FW(config)# no fixup protocol smtp 25 Verification: Telnet to SMTP on port 25, you should getting below response 220 mail.domain.com.ESMTP

References: http://support.microsoft.com/kb/320027 http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b2ecb.shtml http://www.cisco.com/warp/public/707/cisco-sa-20000927-pix-firewall-smtp-filter.shtml

Incoming search terms:

asa mail

[…] https://advanxer.com/2019/12/pfsense-enabling-administration-via-the-wan-interface/ […]

[…] https://advanxer.com/2012/06/installing-iperf-on-ubuntu/ […]

[…] connections, and you have to access the PFSense router via the LAN interface.You can follow this to disable the…

[…] Step 1 The first step is to gain ssh root access to this Linkstation. Refer here. […]

[…] and the Cisco preparatory protocol PAGP are used to aggregate multiple physical links into a logical […]