We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway

How do I fix multiple Mail Protocol Violations seen in the Message Log of the Barracuda Spam Firewall?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00001846

Scope:
Applies to all Barracuda Spam Firewalls, all firmware versions.

Answer:
You should look into the following, although some of this is specifically related to certain makes of firewall:
  1. Check whether your firewalls have an SMTP size limitation, as this can cause the firewall to reject emails and generate errors on the Barracuda.
  2. If you feel that this may be PIX related, you might need to issue a ‘clear xlate’ command on the PIX itself. Here is an excerpt straight from Cisco's documentation regarding the issue:

    "The clear xlate command clears the contents of the translation slots. ("xlate" means translation slot.) The show xlate command displays the contents of only the translation slots.

    Translation slots can persist after key changes have been made. Always use the clear xlate command after adding, changing, or removing the aaa-server, access-list, alias, conduit, global, nat, route, or static commands in your configuration."

    A link to the full 6.3 command set for the PIX is here:

    Click here (redirects to the Cisco Web site)

    If this still doesn't work you may need to reboot the PIX.
  3. An error may also be caused by the Cisco PIX "fixup protocol smtp" bug. From Cisco:

    The Cisco PIX firewall has a bug when running software older than version 5.2(4) or 6.0(1).

    The Cisco bug ID for this is CSCds90792: The "fixup protocol smtp" feature does not correctly handle SMTP transactions where the "." and the "CRLF" at the end of a mail are sent in separate packets.
  4. You should turn off all SMTP processing on your external firewall, especially virus scanning. The Barracuda should (preferably) receive a “pure and unadulterated” SMTP stream directly from the Internet, if at all possible. 
  5. Lastly; if it’s in any way possible, please route the port 25 traffic directly from the Internet to the Barracuda as this should show whether it is truly an external firewall issue. If the mail protocol violations stop at this point, you'll know the problem is with your firewall.
Additional Notes:
After you've tried everything above, if the problem persists, you may want to check the RBLs configured on the Block/Accept > IP Reputation page. If one or more of them is taking a long time to respond (more than 10 seconds could be enough), that could explain the mail protocol violations you are seeing. An easy way to test whether this is the problem is to temporarily remove the custom RBLs you have entered and see whether the mail protocol violation errors cease. If they do, one or more of the configured RBLs may be slowing the response speed of the Barracuda Spam Firewall to the point where the SMTP communication between the Barracuda Spam Firewall and the sending mail server is disrupted. This could be caused by the slow response time of the remote RBL servers, or the slow response time of the Barracuda Spam Firewall's configured DNS servers.

Link to This Page:
https://campus.barracuda.com/solution/50160000000GVpdAAG