I am trying to understand why my ASA appears to be dropping packets with the following message
%ASA-4-108004: ESMTP Classification: Dropped connection for ESMTP Request from inside:220.127.116.11/1292 to DMZ:18.104.22.168/25; matched Class 31: cmd RCPT count gt 100
My understanding is that the "RCPT count gt 100" drops connections if the number of recipients is gt 100. I have a wireshark trace of this transaction and there is only 1 recipient on this email.
This makes no sense to me. Why else would I be seeing this message if the number of RCPT To addresses is 1? Does this have anything to do with the number of length of the RCPT TO email address?
policy-map type inspect esmtp esmtp_map
match cmd line length gt 512
match cmd RCPT count gt 100
match body line length gt 998
match header line length gt 998
match sender-address length gt 320
match MIME filename length gt 255
match ehlo-reply-parameter others
The output I see is in the original message (so I don't have to go retrieve it again ). The map is the same as the default ESMTP inspection map except I removed "drop-connection" from the "match header line length gt 998" while we do some testing.