TLS connections fail with "500 5.5.2 unrecognized command"

book

Article ID: 222652

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Messaging Gateway (SMG) has been configured to use TLS security when accepting mail from the internet but all attempts to deliver TLS secured email to SMG fail with a "500 5.5.2 unrecognized command".

A telnet test to the SMG scanner shows that the expected 250-STARTTLS in the EHLO response has been replaced with 250-XXXXXXXA:

Cause

A Cisco / PIX firewall is intercepting and modifying the SMTP session

Environment

Messaging Gateway

Resolution

This issue is caused by an intermediate firewall, usually Cisco PIX, doing SMTP packet inspection and disallowing TLS sessions to the Messaging Gateway. SMTP packet inspection will need to be disabled or modified on the firewall.

Please see Why do you see XXXXXXXA after EHLO and "500 #5.5.1 command not recognized" after STARTTLS? for detail.

Attachments