• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1920
  • Last Modified:

%FW-5-POP3_INVALID_COMMAND: Invalid POP3 command from initiator

Hi,

I am getting this log frequently on my router and I don't know what is the cause.
%FW-5-POP3_INVALID_COMMAND: Invalid POP3 command from initiator (192.168.10.174:59556): Invalid verb

the IP is the IP range of internal clients and I have this message from many different clients. I was wondering if the thunderbird is the cause but it is not.

anybody knows what is the cause of this request and log.
0
kermanian
Asked:
kermanian
1 Solution
 
MysidiaCommented:
The POP3 client is sending a command that the firewall does not know about.
And the firewall is deciding the command is invalid and blocking the client.

One way to make it stop would be to disable the POP3 protocol inspection,
e.g.   no ip inspect name firewall pop3


The other possibility would be to upgrade the software on your router.

Get wireshark or another packet sniffer running on the mail server, and check the raw POP3 traffic for invalid commands.

If none are found, contact Cisco TAC  for assistance.
There's no way as end user to teach the router about new POP3 commands,
or to eliminate the false positives.

Your other options would be to   tolerate the condition,  punch a hole in inspection, or turn off protocol inspection entirely.
0
 
eeRootCommented:
Is your email server internal or external?  if multiple internal clients are trying to send traffic out through your firewall, they may be mis-configured.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now