Cisco Cisco ASA 5540 Adaptive Security Appliance 문제 해결 가이드
ESMTP and SMTP inspection enforce a policy that allows only certain commands through the ASA. If a mail
command is sent that is not allowed, it is replaced by Xs, which makes the command invalid to the client and
the server.
command is sent that is not allowed, it is replaced by Xs, which makes the command invalid to the client and
the server.
Commands that are normally allowed are listed in the inspect esmtp section of the Cisco ASA Series
Command Reference. HELO and EHLO are normally allowed; however, whether the command is recognized
depends on the method by which you test.
Command Reference. HELO and EHLO are normally allowed; however, whether the command is recognized
depends on the method by which you test.
For example, Telnet sends each character individually in a different packet on the wire, but actual email
clients and servers send the entire command in one packet. If you use Telnet and you type H, the Telnet client
sends an H to the email server. Since ESMTP and SMTP inspection do not recognize H as a valid command,
the ASA replaces the H with an X and passes it along. If you proceed to type ELO, each character is sent
individually, and the ASA turns each character into an X. The server receives the final command as XXXX
and errors out as expected.
clients and servers send the entire command in one packet. If you use Telnet and you type H, the Telnet client
sends an H to the email server. Since ESMTP and SMTP inspection do not recognize H as a valid command,
the ASA replaces the H with an X and passes it along. If you proceed to type ELO, each character is sent
individually, and the ASA turns each character into an X. The server receives the final command as XXXX
and errors out as expected.
If you use Telnet to test connectivity, you must configure the application to send the entire command in one
packet. (The Microsoft Windows Telnet program can send a line at a time instead of character by character.)
Press CTRL+] to exit the Telnet session, and type send HELO. This action sends the entire command instead
of individual characters.
packet. (The Microsoft Windows Telnet program can send a line at a time instead of character by character.)
Press CTRL+] to exit the Telnet session, and type send HELO. This action sends the entire command instead
of individual characters.
As an alternative, you can use another program, such as Netcat. Netcat sends commands line by line and is a
very power tool for testing network sockets and data transfers. However, the best solution is to test the
connectivity with an actual email program and capture the traffic on the ASA for further testing.
very power tool for testing network sockets and data transfers. However, the best solution is to test the
connectivity with an actual email program and capture the traffic on the ASA for further testing.
Related Information
Technical Support & Documentation − Cisco Systems
•
Contacts & Feedback | Help | Site Map
© 2014 − 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of
Cisco Systems, Inc.
© 2014 − 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of
Cisco Systems, Inc.
Updated: Sep 16, 2013
Document ID: 113423