Email messages stop flowing through DLP Network Prevent for Email due to Cisco Firewall ESMTP Inspection

book

Article ID: 184549

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

Email messages stop flowing through Symantec Data Loss Prevention Network Prevent for Email detection servers for no apparent reason and begin to be rejected or queued up on the upstream MTA mail server.

You might see something similar to this in the Network Prevent for Email RequestProcessor logs on in a Packet Capture.

 

pr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPResponse parse
FINEST: Parsing response 220 *************************
 
Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPRequestProcessorThread establishPeers
FINEST: RPT(3c): Banner:: 
220 *************************
Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.tls.SecurityStateManager getEmailSecurityType
FINE: getEmailSecurityType NO_TLS

Cause

Cisco Firewall ESMTP packet inspection is altering the SMTP banner and replacing it with ************.

Environment

This could potentially happen in any DLP version or environment.

Resolution

Disable ESMTP inspection in the Cisco firewall.

Powered by Wolken Software