ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Email messages stop flowing through DLP Network Prevent for Email due to Cisco Firewall ESMTP Inspection

book

Article ID: 184549

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email Data Loss Prevention

Issue/Introduction

Email messages stop flowing through Symantec Data Loss Prevention Network Prevent for Email detection servers for no apparent reason and begin to be rejected or queued up on the upstream MTA mail server.

The following, or something similar may be seen in the Network Prevent for Email RequestProcessor logs on a Packet Capture.

 

pr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPResponse parse
FINEST: Parsing response 220 *************************
 
Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPRequestProcessorThread establishPeers
FINEST: RPT(3c): Banner:: 
220 *************************
Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.tls.SecurityStateManager getEmailSecurityType
FINE: getEmailSecurityType NO_TLS

Cause

Cisco Firewall ESMTP packet inspection is altering the SMTP banner and replacing it with ************.

Environment

This could potentially happen in any DLP version or environment.

Resolution

Disable ESMTP inspection in the Cisco firewall.