Email messages stop flowing through DLP Network Prevent for Email due to Cisco Firewall ESMTP Inspection


Article ID: 184549


Updated On:


Data Loss Prevention Network Prevent for Email Data Loss Prevention


Email messages stop flowing through Symantec Data Loss Prevention Network Prevent for Email detection servers for no apparent reason and begin to be rejected or queued up on the upstream MTA mail server.

The following, or something similar may be seen in the Network Prevent for Email RequestProcessor logs on a Packet Capture.


pr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPResponse parse
FINEST: Parsing response 220 *************************
Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPRequestProcessorThread establishPeers
FINEST: RPT(3c): Banner:: 
220 *************************
Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.tls.SecurityStateManager getEmailSecurityType
FINE: getEmailSecurityType NO_TLS


Cisco Firewall ESMTP packet inspection is altering the SMTP banner and replacing it with ************.


This could potentially happen in any DLP version or environment.


Disable ESMTP inspection in the Cisco firewall.