We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Barracuda Email Security Gateway

Why can't anyone send mail to my Barracuda Spam Firewall over TLS, even though I have it enabled?

  • Type: Knowledgebase
  • Date changed: 2 years ago

Solution #00003659

Scope:
All Barracuda Spam Firewalls in use with Cisco network hardware, all firmware versions.

Answer:
If enabled, the Barracuda Spam Firewall will advertise TLS (secure connection availability) for all incoming SMTP connections (for information on configuring this, see Solution #00000992). It's possible the sending mail servers aren't electing to send mail over TLS.


If it's been configured correctly and the sending servers are trying to send mail over TLS, the problem could be that a device between the sending servers and the Barracuda Spam Firewall is interfering. For instance, a Cisco PIX firewall with the "SMTP Fixup protocol" enabled will mask the 250-STARTTLS echo reply from the Barracuda Spam Firewall, preventing the sending mail server from realizing that sending mail using a secure connection is an option. The only solution in this case is to disable the "SMTP Fixup protocol" on the Cisco PIX firewall (for instructions on how to do this, click here).


Cisco ASA firewalls may also interfere with the 250-STARTTLS SMTP response, but they can be explicitly configured to support ESMTP over TLS. If you are using a Cisco ASA firewall, click here for instructions on how to enable this functionality.


Additional Notes:

The Cisco PIX "SMTP Fixup protocol" can cause other problems when used with the Barracuda Spam Firewall. For more information, see Solution #00001728.


Link to This Page:
https://campus.barracuda.com/solution/50160000000HQ7JAAW