Email messages stop flowing through DLP Network Prevent for Email due to Cisco Firewall ESMTP Inspection
Article ID: 184549
Updated On:
Products
Data Loss Prevention Network Prevent for Email
Data Loss Prevention
Issue/Introduction
Email messages stop flowing through Symantec Data Loss Prevention Network Prevent for Email detection servers for no apparent reason and begin to be rejected or queued up on the upstream MTA mail server.
The following, or something similar may be seen in the Network Prevent for Email RequestProcessor logs on a Packet Capture.
pr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPResponse parse
FINEST: Parsing response 220 *************************
Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPRequestProcessorThread establishPeers
FINEST: RPT(3c): Banner::
220 *************************
Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.tls.SecurityStateManager getEmailSecurityType
FINE: getEmailSecurityType NO_TLS
Cause
Cisco Firewall ESMTP packet inspection is altering the SMTP banner and replacing it with ************.
Environment
This could potentially happen in any DLP version or environment.
Resolution
Disable ESMTP inspection in the Cisco firewall.
Feedback
Yes
No
Powered by
