Cisco CBAC, ESMTP

Discussion in 'Cisco' started by Ben, May 11, 2004.

  1. Ben

    Ben Guest

    Hello -

    I am having a problem with an Exchange 2003 server sending e-mails
    with attachments residing behind a Cisco Router with CBAC firewall
    software configured on it. Normal e-mails flow through just fine and
    even e-mails with small attachments will go through (967 bytes) but
    anything larger it will not go through. The messages just sit in the
    queue. I know CBAC does not support inspecting ESMTP, only SMTP, but
    will it allow the ESMTP traffic to pass through it? Is there any
    special configuration to get this working? Thanks for your help in
    advance.

    Ben
     
    Ben, May 11, 2004
    #1
    1. Advertising

  2. In article <>,
    Ben <> wrote:
    :I am having a problem with an Exchange 2003 server sending e-mails
    :with attachments residing behind a Cisco Router with CBAC firewall
    :software configured on it. Normal e-mails flow through just fine and
    :even e-mails with small attachments will go through (967 bytes) but
    :anything larger it will not go through. The messages just sit in the
    :queue. I know CBAC does not support inspecting ESMTP, only SMTP, but
    :will it allow the ESMTP traffic to pass through it? Is there any
    :special configuration to get this working?

    The wording in the manual is that using the smtp inspect with ESMTP
    may cause problems.

    I have not used the CBAC smtp inspect, but I imagine it to be similar
    to the PIX smtp fixup. The PIX smtp fixup simply does not allow ESTMP,
    including not allowing the EHLO command that the remote end would need
    in order to establish an ESMTP session.

    It shouldn't keep attachments from working, though.

    --
    Usenet is one of those "Good News/Bad News" comedy routines.
     
    Walter Roberson, May 11, 2004
    #2
    1. Advertising

  3. Ben

    Rik Bain Guest

    On Mon, 10 May 2004 18:35:27 -0500, Ben wrote:

    > Hello -
    >
    > I am having a problem with an Exchange 2003 server sending e-mails with
    > attachments residing behind a Cisco Router with CBAC firewall software
    > configured on it. Normal e-mails flow through just fine and even
    > e-mails with small attachments will go through (967 bytes) but anything
    > larger it will not go through. The messages just sit in the queue. I
    > know CBAC does not support inspecting ESMTP, only SMTP, but will it
    > allow the ESMTP traffic to pass through it? Is there any special
    > configuration to get this working? Thanks for your help in advance.
    >
    > Ben


    Sounds like an MTU issue. ESMTP/SMTP is negotiated. The protocol is
    decided before data transmission.

    But to be sure, disable inspection of SMTP.

    I have always been a fan of only inspecting tcp/udp, only adding upper
    layers when needed.

    Rik Bain
     
    Rik Bain, May 11, 2004
    #3
  4. Ben

    Ben Guest

    Rik Bain <> wrote in message news:<40a039f1$0$4844$>...
    > On Mon, 10 May 2004 18:35:27 -0500, Ben wrote:
    >
    > > Hello -
    > >
    > > I am having a problem with an Exchange 2003 server sending e-mails with
    > > attachments residing behind a Cisco Router with CBAC firewall software
    > > configured on it. Normal e-mails flow through just fine and even
    > > e-mails with small attachments will go through (967 bytes) but anything
    > > larger it will not go through. The messages just sit in the queue. I
    > > know CBAC does not support inspecting ESMTP, only SMTP, but will it
    > > allow the ESMTP traffic to pass through it? Is there any special
    > > configuration to get this working? Thanks for your help in advance.
    > >
    > > Ben

    >
    > Sounds like an MTU issue. ESMTP/SMTP is negotiated. The protocol is
    > decided before data transmission.
    >
    > But to be sure, disable inspection of SMTP.
    >
    > I have always been a fan of only inspecting tcp/udp, only adding upper
    > layers when needed.
    >
    > Rik Bain


    Thanks for your responses. I was thinking it was an MTU issue as well
    but the company who manages the router and firewall refuse to believe
    it to be that. I also forgot to metion that the problems with the
    attachments only started happening after CBAC was installed and
    configured. I also tried to get a router config out of them but they
    refused to give me that as well. The person did say that they
    disabled inspection for SMTP, but it truly sounds like it isnt.
    Thanks again, I'll post back with a resolution when I get one..

    Ben
     
    Ben, May 11, 2004
    #4
  5. Ben

    mh Guest

  6. Ben

    Ben Guest

    (mh) wrote in message news:<>...
    > see Cisco document
    >
    > http://cco.cisco.com/en/US/customer...7/products_feature_guide09186a00801ed6ee.html



    Thanks, but I dont have a CCO login. The problem is resolved however.
    It turns out that SMTP inspection was disabled but not "fully"
    disabled. Not quite sure what he meant by that. The person said they
    removed it from the config and then e-mail attachments started working
    as they should. Thanks for your help.

    Ben
     
    Ben, May 11, 2004
    #6
  7. In article <>,
    Ben <> wrote:
    : (mh) wrote in message news:<>...
    :> see Cisco document

    :> http://cco.cisco.com/en/US/customer...7/products_feature_guide09186a00801ed6ee.html


    :Thanks, but I dont have a CCO login.

    Remove /customer from the string to get the public version.

    To summarize: 12.3T now supports ESMTP inspection.
    --
    Live it up, rip it up, why so lazy?
    Give it out, dish it out, let's go crazy, yeah!
    -- Supertramp (The USENET Song)
     
    Walter Roberson, May 11, 2004
    #7
  8. Ben

    Ben Guest

    Ben, May 12, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian
    Replies:
    4
    Views:
    10,009
    Brian
    Dec 30, 2003
  2. Brian

    ESMTP Problems Revisited

    Brian, Jan 5, 2004, in forum: Cisco
    Replies:
    9
    Views:
    3,025
    Brian
    Jan 6, 2004
  3. Andrew Hodgson

    Pix 7.1 - ESMTP inspection

    Andrew Hodgson, Mar 28, 2007, in forum: Cisco
    Replies:
    1
    Views:
    1,619
    Pseto
    Apr 3, 2007
  4. Pseto
    Replies:
    0
    Views:
    2,838
    Pseto
    Apr 3, 2007
  5. pfisterfarm
    Replies:
    0
    Views:
    468
    pfisterfarm
    Feb 27, 2009
Loading...

Share This Page