Wednesday, July 11, 2012, 17:29
Solution ID: 00000154
Why is Google/GMail/Postini giving a 500 500 5.5.1 Command Unrecognized: "XXXXXXXX" error?
Google/GMail/Postini returns a "Delivery Status Notification (Failure)" message with the following text:
Delivery to the following recipient failed permanently:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 500 500 5.5.1 Command unrecognized: "XXXXXXXX" (state 8).
This may also appear with (state 9); or appear for mail servers other than Google/GMail/Postini.
Most likely a Cisco ASA is performing "inspect esmtp" or "inspect smtp" on incoming e-mail traffic. If the Cisco ASA finds an objectionable incoming SMTP command, it will re-write the command replacing it with 'XXXXXXXX', before sending to your server. 'XXXXXXXX' is NOT a valid SMTP command, causing the receiving mail server to issue a '500 Unrecognized Command' response.
The immediate fix for this issue is to disable "inspect ESMTP" and "inspect SMTP" on the Cisco ASA causing problems.
To verify this is the problem, you will need to capture the network traffic before and after the Cisco ASA to determine what SMTP command is triggering this issue. Then a bug report can be filed with Cisco, if it hasn't been fixed already in their recent ASA software.
With SMTP inspection, Cisco monitors SMTP commands and the firewall esmtp state machine keeps track of the SMTP state, generating errors if the following rules are not observed:
Tags: command unrecognized error, cisco asa, google, gmail, postini, 500 500, state 8, state 9
Link to this article: kb/command_unrecognized_error
Updated: Wednesday, July 11, 2012, 17:29
-- David Rutherford