Cisco ASA firewall Mailguard feature and Exchange Server

By | June 14, 2011

Cisco Mailguard feature is to sanitizes SMTP traffic. This features is turned on by default, and can cause some SMTP traffic to be dropped for security reason.


  • You cannot receive Internet-based e-mail messages.
  • You cannot send e-mail messages with attachments.
  • You cannot establish a telnet session with the Microsoft Exchange server on port 25.
  • When you send an EHLO command to the Exchange server, you receive a “Command unrecognized” or an “OK” response.
  • You cannot send or receive mail on specific domains.
  • Problems with Post Office Protocol version 3 (POP3) authentication – 550 5.7.1 relaying denied from local server.
  • Problems with duplicate e-mail messages being sent (sometimes five to six times).
  • You receive duplicate incoming Simple Mail Transfer Protocol (SMTP) messages.
  • Microsoft Outlook clients or Microsoft Outlook Express clients report an 0x800CCC79 error when trying to send e-mail.
  • There are problems with binary mime (8bitmime). You receive the following text in a non-delivery report (NDR):
    554 5.6.1 Body type not supported by Remote Host.
  • There are problems with missing or garbled attachments.
  • There are problems with the link state routing between routing groups when a Cisco PIX or Cisco ASA firewall device is between the routing groups.
  • The X-LINK2STATE verb is not passed.
  • There are authentication problems between servers over a routing group connector.

To determine whether Mailguard is running on your Cisco PIX or Cisco ASA firewall, Telnet to the IP address of the MX record, and then verify whether the response looks similar to the following:

220*******************************************************0*2******0*********************** 2002*******2***0*00


ASA-FW(config)# no fixup protocol smtp 25 Verification: Telnet to SMTP on port 25, you should getting below response 220


Incoming search terms:

  • asa mail
  • asa mailguard
  • cisco mailguard
  • cisco smtp mailguard
  • how to check to see if mailguard is ative on a asa
  • mailguard asa
  • SMTP Mailguard