It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How do I fix multiple Mail Protocol Violations seen in the Message Log of the Email Security Gateway?

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00001846

Applies to all Email Security Gateways, all firmware versions.

You should look into the following, although some of this is specifically related to certain makes of firewall:
  1. Check whether your firewalls have an SMTP size limitation, as this can cause the firewall to reject emails and generate errors on the Barracuda.
  2. If you feel that this may be PIX related, you might need to issue a ?clear xlate? command on the PIX itself. Here is an excerpt straight from Cisco's documentation regarding the issue:

    "The clear xlate command clears the contents of the translation slots. ("xlate" means translation slot.) The show xlate command displays the contents of only the translation slots.

    Translation slots can persist after key changes have been made. Always use the clear xlate command after adding, changing, or removing the aaa-server, access-list, alias, conduit, global, nat, route, or static commands in your configuration."

    A link to the full 6.3 command set for the PIX is here:

    Click here (redirects to the Cisco Web site)

    If this still doesn't work you may need to reboot the PIX.
  3. An error may also be caused by the Cisco PIX "fixup protocol smtp" bug. From Cisco:

    The Cisco PIX firewall has a bug when running software older than version 5.2(4) or 6.0(1).

    The Cisco bug ID for this is CSCds90792: The "fixup protocol smtp" feature does not correctly handle SMTP transactions where the "." and the "CRLF" at the end of a mail are sent in separate packets.
  4. You should turn off all SMTP processing on your external firewall, especially virus scanning. The Barracuda should (preferably) receive a ?pure and unadulterated? SMTP stream directly from the Internet, if at all possible. 
  5. Lastly; if it?s in any way possible, please route the port 25 traffic directly from the Internet to the Barracuda as this should show whether it is truly an external firewall issue. If the mail protocol violations stop at this point, you'll know the problem is with your firewall.
Additional Notes:
After you've tried everything above, if the problem persists, you may want to check the RBLs configured on the Block/Accept > IP Reputation page. If one or more of them is taking a long time to respond (more than 10 seconds could be enough), that could explain the mail protocol violations you are seeing. An easy way to test whether this is the problem is to temporarily remove the custom RBLs you have entered and see whether the mail protocol violation errors cease. If they do, one or more of the configured RBLs may be slowing the response speed of the Email Security Gateway to the point where the SMTP communication between the Email Security Gateway and the sending mail server is disrupted. This could be caused by the slow response time of the remote RBL servers, or the slow response time of the Email Security Gateway's configured DNS servers.

Link to This Page: