ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

TLS connections fail with "500 5.5.2 unrecognized command"


Article ID: 222652


Updated On:


Messaging Gateway


Messaging Gateway (SMG) has been configured to use TLS security when accepting mail from the internet but all attempts to deliver TLS secured email to SMG fail with a "500 5.5.2 unrecognized command".

A telnet test to the SMG scanner shows that the expected 250-STARTTLS in the EHLO response has been replaced with 250-XXXXXXXA:


A Cisco / PIX firewall is intercepting and modifying the SMTP session


Messaging Gateway


This issue is caused by an intermediate firewall, usually Cisco PIX, doing SMTP packet inspection and disallowing TLS sessions to the Messaging Gateway. SMTP packet inspection will need to be disabled or modified on the firewall.

Please see Why do you see XXXXXXXA after EHLO and "500 #5.5.1 command not recognized" after STARTTLS? for detail.