Email messages stop flowing through DLP Network Prevent for Email due to Cisco Firewall ESMTP Inspection

search cancel

Email messages stop flowing through DLP Network Prevent for Email due to Cisco Firewall ESMTP Inspection

book

Article ID: 184549

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email Data Loss Prevention

Issue/Introduction

Email messages stop flowing through Symantec Data Loss Prevention Network Prevent for Email detection servers for no apparent reason and begin to be rejected or queued up on the upstream MTA mail server.

The following, or something similar may be seen in the Network Prevent for Email RequestProcessor logs on a Packet Capture.

pr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPResponse parse

FINEST: Parsing response 220 *************************

Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.ESMTPRequestProcessorThread establishPeers

FINEST: RPT(3c): Banner::

220 *************************

Apr 13, 2019 9:42:01 PM com.vontu.mta.rp.tls.SecurityStateManager getEmailSecurityType

FINE: getEmailSecurityType NO_TLS

Environment

This could potentially happen in any DLP version or environment.

Cause

Cisco Firewall ESMTP packet inspection is altering the SMTP banner and replacing it with ************.

Resolution

Disable ESMTP inspection in the Cisco firewall.

Feedback

thumb_up Yes

thumb_down No