Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide
Troubleshoot Intermittent Issues and Aborted
Connections During Receipt and Delivery of Mail
Connections During Receipt and Delivery of Mail
Document ID: 117801
Contributed by Donald Glynn and Robert Sherwin, Cisco TAC
Engineers.
Jun 11, 2014
Engineers.
Jun 11, 2014
Contents
Introduction
Prerequisites
Background Information
Problem
Solution
Prerequisites
Background Information
Problem
Solution
Introduction
This document describes how to troubleshoot intermittent issues and aborted connections during receipt and
delivery of mail.
delivery of mail.
Prerequisites
Cisco recommends that you have knowledge of these topics:
Cisco Private Internet eXchange (PIX) or Adaptive Security Appliance (ASA) version 7.x and higher
•
Cisco Email Security Appliance (ESA)
•
Background Information
The Cisco ESA email gateways are inherently email firewalls. This negates the need for an upstream firewall,
such as a Cisco PIX or ASA, to inspect mail traffic to and from an ESA. It is suggested to disable the
Extended Simple Mail Transfer Protocol (ESMTP) Application Inspection features on the firewall for any
security appliance host addresses. By default, ESMTP protocol inspection is enabled for all connections that
pass through the Cisco firewalls. This means that all commands issued between mail gateways via TCP port
25, as well as individual message headers, are analyzed to adhere strictly to Request for Comments (RFC)
specifications that include RFC's 821, 1123, and 1870. There are defined default values for the maximum
number of recipients and message sizes that might cause issues with delivery to and from your ESA. These
specific configuration defaults are outlined here (taken from the Cisco Command Lookup Tool).
such as a Cisco PIX or ASA, to inspect mail traffic to and from an ESA. It is suggested to disable the
Extended Simple Mail Transfer Protocol (ESMTP) Application Inspection features on the firewall for any
security appliance host addresses. By default, ESMTP protocol inspection is enabled for all connections that
pass through the Cisco firewalls. This means that all commands issued between mail gateways via TCP port
25, as well as individual message headers, are analyzed to adhere strictly to Request for Comments (RFC)
specifications that include RFC's 821, 1123, and 1870. There are defined default values for the maximum
number of recipients and message sizes that might cause issues with delivery to and from your ESA. These
specific configuration defaults are outlined here (taken from the Cisco Command Lookup Tool).
The inspect esmtp command includes the functionality previously provided by the fixup smtp command, and
provides additional support for some ESMTP commands. ESMTP application inspection adds support for
eight ESMTP commands, including AUTH, EHLO, ETRN, HELP, SAML, SEND, SOML and VRFY. Along
with the support for seven RFC 821 commands (DATA, HELO, MAIL, NOOP, QUIT, RCPT, RSET), the
security appliance supports a total of 15 SMTP commands. Other ESMTP commands, such as ATRN,
STARTLS, ONEX, VERB, CHUNKING, and private extensions and are not supported. Unsupported
commands are translated into Xs, which are rejected by the internal server. This results in a message such as
500 Command unknown: XXX. Incomplete commands are discarded.
provides additional support for some ESMTP commands. ESMTP application inspection adds support for
eight ESMTP commands, including AUTH, EHLO, ETRN, HELP, SAML, SEND, SOML and VRFY. Along
with the support for seven RFC 821 commands (DATA, HELO, MAIL, NOOP, QUIT, RCPT, RSET), the
security appliance supports a total of 15 SMTP commands. Other ESMTP commands, such as ATRN,
STARTLS, ONEX, VERB, CHUNKING, and private extensions and are not supported. Unsupported
commands are translated into Xs, which are rejected by the internal server. This results in a message such as
500 Command unknown: XXX. Incomplete commands are discarded.