Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide

Contributed by Cisco TAC Engineers.

Oct 13, 2014

Why do I see sender aborts when going through a Cisco PIX firewall?

A sending SMTP server may see asterisks (*'s) in the 220 banner when connecting to an Email Security
Appliance (ESA) and going through a Cisco PIX firewall. This will translate over into the mail logs as "sender
aborted". Review of a manual SMTP connection will show the initial communication, and the inability to
complete successfully.

Below is an example of what it may look like:

telnet 10.111.248.111 25

Trying 10.111.248.111...

Connected to 10.111.248.111.

Escape character is '^]'.

220 ************************************0****************2*****20****

helo me

250 ironport−in.example.com

This indicates that the "fixup protocol smtp" is enabled on the Cisco PIX/ASA firewall, sometimes called
"MailGuard", "SMTP fixup", or "ESMTP inspect". Having this enabled can cause sender aborts with some
sending mailservers.

This is caused by a Cisco bug ID CSCsi01498 on the PIX/ASA Platform. The addition and use of the
"Content−Type'" header is well within the SMTP standard.

The conclusion is that we can do very little to resolve this beyond turning DKIM (DK) off, disabling the
"fixup" feature on the PIX/ASA, or upgrading to a Cisco PIX/ASA version that resolves the defect, >7.2(3).

For more details about fixup command, please refer to this Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/fixup.htm#wp1103488

Updated: Oct 13, 2014

Document ID: 118455