%FW-5-POP3_INVALID_COMMAND: Invalid POP3 command from initiator


I am getting this log frequently on my router and I don't know what is the cause.
%FW-5-POP3_INVALID_COMMAND: Invalid POP3 command from initiator ( Invalid verb

the IP is the IP range of internal clients and I have this message from many different clients. I was wondering if the thunderbird is the cause but it is not.

anybody knows what is the cause of this request and log.
Who is Participating?
MysidiaConnect With a Mentor Commented:
The POP3 client is sending a command that the firewall does not know about.
And the firewall is deciding the command is invalid and blocking the client.

One way to make it stop would be to disable the POP3 protocol inspection,
e.g.   no ip inspect name firewall pop3

The other possibility would be to upgrade the software on your router.

Get wireshark or another packet sniffer running on the mail server, and check the raw POP3 traffic for invalid commands.

If none are found, contact Cisco TAC  for assistance.
There's no way as end user to teach the router about new POP3 commands,
or to eliminate the false positives.

Your other options would be to   tolerate the condition,  punch a hole in inspection, or turn off protocol inspection entirely.
Is your email server internal or external?  if multiple internal clients are trying to send traffic out through your firewall, they may be mis-configured.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.