To Inspect ESMTP on ASA or not? On an ASA I administer there is a policy-map in place which implements "inspect ESMTP". I've reviewed what this does, and in my (rather uninformed) opinion at first blush it looks to be a good thing to implement. It is however impacting the ability to send mass emails from lists with over 50 recipients according to our domain admins. They want to remove this inspection to alleviate the problem. Is ESMTP inspection a solid control to leave and place, or is removal safe? If I don't want to remove it, is there a way to see what in the control is preventing mail from being sent and possibly alter that one element of it rather than removing it altogether?

It only _looks_ harmless. :-) In reality, Cisco has a long history of botching the STMP and ESMTP inspection. And honestly, it won't provide any protection from current evolving threats; it doesn't use a dynamic set of rules that can be updated regularly. Email filtering and inspection is best done by a dedicated appliance that's up-to-date.

To my knowledge, there are no knobs on `inspect esmtp`. And **this** is enough of a reason to never turn it on:

> For example, Telnet sends each character individually in a different packet on the wire, but actual email clients and servers send the entire command in one packet. If you use Telnet and you type **H** , the Telnet client sends an **H** to the email server. Since ESMTP and SMTP inspection do not recognize **H** as a valid command, the ASA replaces the **H** with an **X** and passes it along.