Control of Outbound SMTP?
Hi,
Is it possible to control where users can send mail and direct them to specific relays? I only want a couple of people to be able to mail out to the internet and ideally they would also have attachment stripping etc. running and others should only be able to send to internal addresses e.g. [email protected] so it would bounce anything not for company.com? Also I'd like any mail for company.com to go to the internal only relays whilst anything else can go upstream to the ISP's relay.
For inbound I'm stopping users receiving mail by tagging anything with the company domain as -9 Spam score and anything else as +9 spam score and redirecting spam >5 to a 'quarantine' mailbox.
I'm basically trying to recreate the ability to restrict who users can send to in exchange.
Cheers,
F
P.S. Running Leopard Server 10.5.1
I see. What have tried so far? What worked, what didn't work? Can you give us an example of exactly what you're trying to do?
Similar Messages
-
Control Over Outbound Delivery/ System based release strategy for Outbound
Hi All,
I am working on one scenario to control the outbound delivery
AS IS : Sales Employee A accepted Order on 6th ,Decu201908 for customer B and order quantity 2 Product ABC to deliver on 15th u2019Decu201908 .
in between Sales Employee B accepted Order on 10th ,Decu201908 for customer C and order quantity 2 Product ABC to deliver on 12th u2019Decu201908.
In this circumstance the Sales Employee B delivering the products to Customer C on 12th u2019Decu201908 ,which the products kept for Customer B. and Sales employee A not able to deliver the goods to Customer B on promised date.
TO BE : How do I control the Sales Employee B should not pick the goods which are reserved by Employee A for customer B.
I would request you to give me the possibilities to control the OBD
Thanks in advance.
Regards,
Padma
Edited by: Padma Priya on Jan 6, 2009 7:50 AM
Edited by: Padma Priya on Jan 6, 2009 7:52 AMDear Padma
Go to material master and check what availability check you have maintained. Then go to OVZ9, select that availability check with the combination of "A" and execute. There tick the box Include sales reqmts so that stock will be reserved whoever creates the order first.
In your case, if Sales Employee A creates the sale order first and stock is available, then stock will be reserved for that order only and it cannot be diverted to subsequent orders, unless the first created sale order is deleted.
In this, there is also one constraint. Even if order is not confirmed by customer, some sales people will create a dummy sale order and reserve the stock for them. So in that way, some control should be there in such a way that orders can be created by any sales persons but the deletion option can be given to some higher officials. This basis can very well do.
thanks
G. Lakshmipathi -
Output control and outbound parameters
Can you please help me locate the output control and outbound parameters...
thank you in advance...Hi Pabito,
I am assuming that you need to send an outgoing EDI - Mail or fax to a specific partner. This process is possbile if you could set up the output control for sales documents.
spro->sales & distribution -> BF -> Output control-> output determination -> maintain output determination for sales documents -> Assign output types to partner function.
Make sure that an output determination procedure is assigned to the sales dco type.
Also Maintain condition records for the output type and the transmission medium(EDI) using the trx NACE.
I hope this is what you are looking for, i also have a faint notion that you might be lookin how to setup an edi connection with the partner.!!!
If my notion is right do ping back to know more abt that,If you find this piece of information do take some time to award points to mee
- Girish -
No outbound smtp traffic via CSC SSM.
Hallo
I have a Problem with my ASA CSC-SSM Module (Version 6.1).
The inspection of http and POP works fine, but i have a problem with the outbound smtp traffic.
If i direct the SMTP Traffic via an Service Policy to my CSC Module no Mail will be send outbound.
If i remove the ACE from my SP smtp works fine again.
The reason why i want to inspect my outbound mailtraffic is that i want to add a disclamer to my outgoing mails.
I read the Admin Guide but there is no example how to Configure outbound SMTP( only inbound SMTP).
Is there something that i have to do?
I hope someone can help me.Try this config:
access-list csc_out permit tcp host 192.168.200.xxx any eq smtp ---for smtp
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq 80
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq pop3
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq ftp
class-map csc_outbound_class
match access-list csc_out
policy-map csc_out_policy
class csc_outbound_class
csc fail-close
service-policy csc_out_policy interface inside -
STO Partner Copy Control to Outbound Delivery Document (NL)
Hi -
Partner Schema CR for 0003 UB Type has been maintained in configuration, which allows CR (Freight Forwarder) partner function to be manually added to UB Document Types (Partner Determination Process u2013 0003 Stock Transfr PurOrd).
However, even with this configuration the CR partner does not copy to the Outbound Delivery Document.
After some analysis, I found the following:
In program SAPLMEPO (MM06EF0P_PARTNERS) FORM PARTNERS in line 97 u201Ccheck EKKO-BSAKZ equal to spaceu201D; if purchase orders have EKKO-BSAKZ = 'T' then never determine partners. I have checked the EKKO table for field BSAKZ and all STOu2019s have a T in that field. If the code is looking for <blank> in order to apply the partner it looks like the program will not attempt to retrieve the Partner Functions with BSAKZ = T.
All other partners are getting copied to the outbound Delivery, such as PI (Invoicing Party), DP (Delivering Plant), SH (Ship-To)etc.
Is there a way to have Freight Forwarder partner copy control to Outbound Delivery document at time of Delivery create from either Vendor Master or Customer Master for STO (UB Purchase Order type) / Delivery type NL?
Thank you,
Karenremark: for me the check is in line 113 (SAPKH60407).
Please read OSS note 842829:
2. The system does not transfer the partner data from the STO to the replenishment delivery. This particularly applies to the forwarding agent. The replenishment delivery uses only the customer of the receiving plant (EKPO-WERKS) as a partner. In the replenishment delivery, this customer (EKPV-KUNNR) is the direct goods recipient. The customer is not the sold-to party or a general debtor, for whom the system would determine a (different) goods recipient using the customer master in the replenishment delivery. If the PO header contains a vendor, you can use a modification to transfer the vendor as a partner to the replenishment delivery, if required. However, this is not the standard system behavior. There is no known modification for transferring the forwarding agent. -
We have a pair of Exchange 2010 SP3 servers (A and B) with a few DAGs set up on them, plus a third hub transport & client access server (C) which routes in and outbound emails through a mail filtering service.
Normal emails sent from Outlook or OWA are being delivered in and out just fine, but any system generated replies such as OOF or automatic replies set on our Servicedesk mailbox are failing to arrive.
When I look at the queue viewer on A which is the normal active copy of the DAG I can see 100 or more emails sat in a queue called "Exchange2010 Outbound" which is our Send Connector - it's sent to route mail through two smart hosts owned by our
mail filtering provider. The last Error is showing as "451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange server authentication" Attempted failover to alternate host, but that did not succeed. Either there
are no alternate hosts or delivery failed to all alternate hosts"
The only references to that error I can find seem to involve a complete inability to send emails, and are caused by an unticked box on the receive connector for "exchange server authentication", but that *is* enabled on all of our receive connectors
and anyway this is concerned with emails leaving the organisation.
Any suggestions?Hi Vespa,
Agree with Andy. I would like to verify if you are sending outgoing messages through a SmartHost. Because many SMTP Gateways drops "Automatic Replies" by default since they have the Return-Path empty.
What's more, here is a similar thread for your reference.
Exchange 2010 External Out of Office messages not going External
http://social.technet.microsoft.com/Forums/exchange/en-US/87a815bb-c136-428c-8c69-dc3a69fdfd7f/exchange-2010-external-out-of-office-messages-not-going-external
Hope it helps.
If you need further assistance, please feel free to let me know.
Best regards,
Amy
Amy Wang
TechNet Community Support -
Messaging Server 7 - Disable outbound SMTP
Oracle Communications Messaging Server 7u4-27.01(7.0.4.27.0) 64bit (built Aug 30 2012)
libimta.so 7u4-27.01 64bit (built 08:47:11, Aug 30 2012)
Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
Recently moved mail to a hosted solution but have inbound mail coming through postini routed to both our hosted email system and into our Oracle Messaging Server for backup purposes. We'd like to keep the inbound messages coming into the Oracle Messaging Server but we'd like to disable the ability to send outbound from it. What is the easiest way to accomplish this?
Thanks as always!If you do "imsimta qm" to get into the qm subcommand and the do "stop <channel>" for each channel, that will prevent job_controller running any jobs to process mail in the channel queues. Mail will come in, but nothing will be processed.
If you want mail to be delivered to local users, but nothing allowed to send output via SMTP, then only stop the tcp_* channels.
If no one is using the system, then there should be relatively little mail building up in the tcp_* channels, so this should not be a big concern, but just in case...
If the number of messages in all the channel queues builds up to 100,000 (by default) you may have trouble it not processing other incoming mail. For more info about that, see the MAX_CACHE_MESSAGES option which can be added to the job_controller.cnf file. For more info about that, see:
https://wikis.oracle.com/display/CommSuite/Job+Controller+Configuration+File
and the following MOS knowledge article:
Mass Mailing Clogging Queues, Preventing Other Mail Delivery (Doc ID 1410844.1)
https://mosemp.us.oracle.com/epmos/faces/DocContentDisplay?id=1410844.1 -
Controlling ASA outbound (inside to outside) traffic
Hello There,
I have been in trouble while controlling every traffic passing from inside to outside. We already have websnese integtared with ASA 5520. Please help me in providing the details on this
1. Traditional method by putting ACL on inside port (what things need to be blocked)
2. Any special/standard configuration of inside ACL
3. What other ways or methods are implemented.
Please help somebody..... :-)What's is exactly what you want to do on the firewall with those Access-lists?
Here's a link that explains how to use Access-lists on an ASA.
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/traffic.html -
Determination Idoc Control data - Outbound
Hi Guru's
I would like to know how to get the idoc control data, like receiver port and receiver partner. For example:
I have an ABAP program which collects the IDOC data at the end I want to send out the IDOC, but what is the best way to determine the receiver information? Or how does it work in relation with partner profiles?
Best regards,
Guido KoopmannYou don't need to specify all of the information - your distribution model will take care of it. Do something like this snippet of code for the control record for output-based processing:
* Populate the control record
gs_ctrlout = gs_ctrlin.
CALL FUNCTION 'OWN_LOGICAL_SYSTEM_GET'
IMPORTING
own_logical_system = lv_logsys
EXCEPTIONS
own_logical_system_not_defined = 1
OTHERS = 2.
IF sy-subrc EQ 0.
gs_ctrlout-sndprt = 'LS'.
gs_ctrlout-sndprn = lv_logsys.
ELSE.
ENDIF.
gs_ctrlout-serial(8) = sy-datum.
gs_ctrlout-serial+8(6) = sy-uzeit.
If you have a standalone program, before calling MASTER_IDOC_DISTRIBUTE, you just need to fill the message type and IDOC type in the control record. -
Hello , i want to know if it's possible to limit the rate of sending outbound mail.
One of my client doesn't support the flood of mail i send to him ( legitime bulk mail )
I can't help him with his server but my server is the one who crash his server , how can i throttle outbound mail ?
Sun Java(tm) System Messaging Server 6.3-6.02 (built Feb 1 2008; 32bit)
libimta.so 6.3-6.02 (built 18:16:07, Feb 1 2008; 32bit)
Linux titan 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST 2004 i686 i686 i386 GNU/LinuxRabbit_fr wrote:
One of my client doesn't support the flood of mail i send to him ( legitime bulk mail )
I can't help him with his server but my server is the one who crash his server , how can i throttle outbound mail ?You can reduce the concurrency that messaging server sends email (number of simultaneous connections) by creating a new channel/rewrite rule for this clients email domain and then setting "maxjobs 1" on the new channel definition.
Regards,
Shane. -
I have a new ACE 4710. I am unable to get the mail server to send mail through the ACE. I have even set the ACL to any any both inside and outside. The mail server worked fine when it was behind the ALTEON load balancer.
Don't know what I am missing any ideas would be greatly appreciated.It shouldn't be any problem.SMTP is nothing but a LAyer4 traffic on port 25.
Are you simply routing the SMTP traffic through the ACE or Loadbalancing the SMTP traffic?
Is the ACE in routed/bridged mode ?
what is the default gateway on SMTP server?
Syed -
IMS 5.2: iMS outbound SMTP connections
Hi,
I would like to know how does iMS determine when to open an SMTP connection to a remote SMTP server.
- Does it try to deliver a message as soon as it receives it (from a client)?
- Does it do that at a certain configurable time interval?
- Where is this information stored and how can it be changed? Config file? LDAP?
- Does iMS Patch 1 or Patch 2 make any changes to this?
- Does switching from dirsync to Direct LDAP have any impact on this?
Thanks.Hi,
I would like to know how does iMS determine when to
open an SMTP connection to a remote SMTP server.
- Does it try to deliver a message as soon as it
receives it (from a client)?iMS receives a message. The order of processing is:
1. Message file is written to disk. Ack is given to sending server.
2. Message is entered into the job_controller's queue.
3. Job_controller schedules delivery based on:
A. settings for number of threads, and "threaddepth" setting. by default, "threaddepth" is 128.
B number of messages addressed to each domain addressed in the queue.
If there are threads available to send a message, it's sent immediately. If there are more than the threaddepth messages queued for a domain, then another thread is started, up to the maximum number configured.
- Does it do that at a certain configurable time
interval?Retries are done, based on the "backoff" settings in each channel. Original sending is not configurable, as it's immediate.
- Where is this information stored and how can it be
changed? Config file? LDAP?imta.cnf, job_controller.cnf.
- Does iMS Patch 1 or Patch 2 make any changes to
this?Yes, the patches fix some job_contoller issues where messages were not picked up immediately. Strongly suggest p2.
- Does switching from dirsync to Direct LDAP have any
impact on this?No, but all users should set up direct ldap. Strongly recommended. dirsync has bugs that will never be addressed, and can cause incoming mail to hang.
>
Thanks. -
Routing outbound SMTP email for a domain to a GWIA
Hi,
I need to forward email as the original sender to an ISP for certain of our users to pickup with their BlackBerry's.
I had originally configured our production GWIA's with: /flatwd and /realmailfrom which achieved the forwarding of email messages.
Though it seems to have broken the 'Forward as Attachment' feature from the GW client.
I looked at TID 7002601 which looks like exactly what I need.
I configured a secondary domain with a GWIA and did the necessary configs in C1/GWIA.CFG.
Problem is that even though I specify the forward address as ROUTEDOM.ISPGWIA:[email protected] (ROUTEDOM.ISPGWIA being the object name of my secondary GWIA) - messages are still continuing to route via the original path and not through the additional GWIA.
Any pointers would be much appreciated!nireshenb,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
PO outbound message control - Condition record
I have created a message control for outbound PO to be sent to one unique customer(actually a plant set up as customer).This works fine.
Right now, I have condition record table set up by just document type this and I have specified this customer number (partner number) there. Now, my requirements have changed and I need to send POs to variable customers(partners), depending on the plant on the PO. So i created another conditional table '925' with Doc type & Plant as key. This does not seem to be queried upon and I am unable to determine the output and create IDOCs. Since plant is at item level, will i be able to use this field in the condition table at all ? Please advice.I found a OSS note -Note 457497 (Q&A # 34), which talks about the same . This was my assumption too. I was just confused because I saw plant(WERKS) in the field catalag of the access sequence.
I don't know what header field I can use to map the plant (I agree its a good idea to do this). But I have decided to do it another way. I will change the receiving partner on the control record depending on the plant in an user exit
- EXIT_SAPLEINM_001.
Thanks for your answer , Mahesh. -
ASA: SMTP Outbound Blocked
Hello everyone,
i am having trouble with my outbound SMTP traffic. i have 5510 ASA with IPS module. i also have three interfaces configured the inside, DMZ, and outside. my incoming email pass with no problemes but my outgoing onse do not they get stuck in my DMZ with the follwing message No route to host . from my email relay i can ping even telnet any other port of any server on the internet but when it comes to SNMP it gives me this error. also the same thing happens with the inside. the configuration hasen't changed i also did a packet trace witch gave the result allowed across the board. now i am really stuck and can't figure out what is going on here is my asa config:
ASA Version 8.2(1)
hostname dspasa2
names
interface Ethernet0/0
nameif outside
security-level 0
ip address X.X.X.165 255.255.255.248
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.0.3 255.255.255.0
interface Ethernet0/2
nameif dmz
security-level 50
ip address 10.0.0.101 255.255.255.240
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list inside_access_in extended permit tcp host 192.168.0.1 any log disable inactive
access-list inside_access_in extended permit udp host 192.168.0.1 any log disable inactive
access-list inside_access_in extended permit ip host 192.168.0.4 any log disable
access-list inside_access_in extended permit tcp host 192.168.0.5 any log disable
access-list inside_access_in extended permit udp host 192.168.0.5 any log disable
access-list inside_access_in extended permit tcp 192.168.0.0 255.255.255.0 any eq ftp-data log disable
access-list inside_access_in extended permit tcp 192.168.0.0 255.255.255.0 any eq ftp log disable
access-list inside_access_in extended permit icmp 192.168.0.0 255.255.255.0 any log disable
access-list inside_access_in extended permit tcp 192.168.0.0 255.255.255.0 host 10.0.0.100 eq 8445
access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 192.168.64.0 255.255.192.0
access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 192.168.128.0 255.255.192.0
access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 172.18.1.0 255.255.255.0
access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 172.18.2.0 255.255.255.192
access-list inside_access_in extended permit object-group TCPUDP host 192.168.0.201 host 81.80.56.164 log disable
access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 192.168.198.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.128.0 255.255.192.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 172.18.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.64.0 255.255.192.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 172.18.2.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.198.0 255.255.255.0
access-list outside_access_in extended permit icmp any any log disable
access-list outside_access_in extended permit esp any any log disable
access-list outside_access_in extended permit ah any any log disable
access-list outside_access_in extended permit udp any any eq isakmp
access-list outside_access_in extended permit tcp any host X.X.X.161 eq smtp
access-list outside_access_in extended permit tcp any host X.X.X.161 eq 8445
access-list outside_access_in extended permit tcp any host X.X.X.161 eq https
access-list outside_access_in extended permit object-group TCPUDP any host X.X.X.164
access-list dspgroup_splitTunnelAcl standard permit any
access-list dspgroup_splitTunnelAcl_1 standard permit any
access-list dspgroup_splitTunnelAcl_2 standard permit any
access-list snimndb extended permit ip 192.168.0.0 255.255.255.0 192.168.128.0 255.255.192.0
access-list snimndb extended permit ip 192.168.0.0 255.255.255.0 172.18.1.0 255.255.255.0
access-list snimndb extended permit ip 192.168.0.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list snimndb extended permit ip 192.168.0.0 255.255.255.0 192.168.64.0 255.255.192.0
access-list snimndb extended permit ip 192.168.0.0 255.255.255.0 172.18.2.0 255.255.255.192
access-list snimndb extended permit ip 192.168.0.0 255.255.255.0 192.168.198.0 255.255.255.0
access-list SPIL standard permit 192.168.0.0 255.255.255.0
access-list QOS extended permit ip 192.168.0.0 255.255.255.0 192.168.64.0 255.255.192.0
access-list dmz-in extended permit icmp any any
access-list dmz-in extended permit tcp host 10.0.0.100 any eq https
access-list dmz-in extended permit tcp host 10.0.0.100 any eq www
access-list dmz-in extended permit udp host 10.0.0.100 any eq domain
access-list dmz-in extended permit tcp host 10.0.0.100 any eq smtp
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip local pool VPNPOOL 10.10.10.1-10.10.10.20 mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.0.0 255.255.255.0
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
static (dmz,outside) X.X.X.161 10.0.0.100 netmask 255.255.255.255
static (outside,inside) 192.168.0.201 X.X.X.164 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group dmz-in in interface dmz
route outside 0.0.0.0 0.0.0.0 X.X.X..166 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.0.0 255.255.0.0 management
http 192.168.0.0 255.255.0.0 inside
snmp-server location DSP
no snmp-server contact
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set myset esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 1 match address snimndb
crypto map outside_map 1 set peer X.X.X.X
crypto map outside_map 1 set transform-set myset
crypto map outside_map 1 set security-association lifetime seconds 1800
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 1800
crypto isakmp ipsec-over-tcp port 10000
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 inside
ssh 192.168.64.0 255.255.255.0 inside
ssh 192.168.0.0 255.255.0.0 management
ssh timeout 60
console timeout 0
management-access inside
priority-queue outside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 192.168.0.4 source management
webvpn
group-policy dspgroup internal
group-policy dspgroup attributes
dns-server value 192.168.0.4 192.168.64.47
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPIL
default-domain value dsp.snim.com
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 10 retry 2
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X ipsec-attributes
pre-shared-key *
tunnel-group RAPARIS type remote-access
tunnel-group RAPARIS general-attributes
address-pool VPNPOOL
default-group-policy dspgroup
tunnel-group RAPARIS ipsec-attributes
pre-shared-key *
class-map voix
match dscp ef
class-map IPS
match any
class-map QOS
match access-list QOS
class-map inspection_default
match default-inspection-traffic
class-map inspection_defautl
policy-map type inspect dns preset_dns_map
parameters
policy-map voix
class voix
priority
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
class IPS
ips promiscuous fail-open
service-policy global_policy global
service-policy voix interface outside
prompt hostname context
Cryptochecksum:bb43480221ed20aafc3e397fd7432bc3
: end
Here is an ouput of the Packet Tracer
dspasa2# packet-tracer input dmz tcp 10.0.0.100 234 173.194.79.26 25
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group dmz-in in interface dmz
access-list dmz-in extended permit tcp host 10.0.0.100 any eq smtp
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: IDS
Subtype:
Result: ALLOW
Config:
class-map IPS
match any
policy-map global_policy
class IPS
ips promiscuous fail-open
service-policy global_policy global
Additional Information:
Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
static (dmz,outside) X.X.X.161 10.0.0.100 netmask 255.255.255.255
match ip dmz host 10.0.0.100 outside any
static translation to X.X.X.161
translate_hits = 3540, untranslate_hits = 920
Additional Information:
Static translate 10.0.0.100/0 to 81.80.56.161/0 using netmask 255.255.255.255
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (dmz,outside) X.X.X.161 10.0.0.100 netmask 255.255.255.255
match ip dmz host 10.0.0.100 outside any
static translation to X.X.X.161
translate_hits = 3540, untranslate_hits = 920
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 8470, packet dispatched to next module
Result:
input-interface: dmz
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
please helpHi,
I bealeve that you must to edit your policy map and add to your default inspection the smtp traffic.
policy-map global_policy
class inspection_default
inspect smtp
Because your dmz is more trustable than the outside interface, I think you must include this type of traffic to the global inspection.
Take care man.
Maybe you are looking for
-
Using itunes library on 2 computers.
I have about 15Gb of music in itunes and I put it on an external hard drive I will use the external hard drive with my desk top pc, I want to load playlists from the hard drive to itunes on my laptop pc so I don't have to lug the hard drive around wi
-
As a Windows 7 Admin user I can print to the HP OfficeJet Pro 8500a Plus but other users cannot. Their prints go into the 'Print Queue' and neither Resume or Restart will work. Resume merely deletes it from the queue and Restart does nothing. Print a
-
How to read metadata from a pdf file
hello i have got xmp sdk for windows. i want to read the metadata from a pdf file but i cannot find a way to do so. i cannot understand that which method to use to open the file whose metadata i want to read. if someone can tell me by an little code
-
At some stage today I did an update which has killed Mac Mail. I have read the forums, performed a combo update 10.6.8 with no result, I still get the error You have Mail version 4.5(1084/1085). It can't be used on OS X Version 10.6.8 ( Build 10K5489
-
Using JSP to connect to an Access Database
I need help on using JSP to connect to an Access database. This is the code I currently have connecting to a mySQL DB. I need to change it to connect to an Access DB. The reason I am switching DB's is because mySQL is no longer going to be carried by