Summary:
Why am I getting a Command Unrecognized: "XXXXXXXX" error?

Most likely a Cisco ASA is performing "inspect esmtp" or "inspect smtp" on incoming e-mail traffic. If the Cisco ASA finds an objectionable incoming SMTP command, it will re-write the command replacing it with 'XXXXXXXX', before sending to your server. 'XXXXXXXX' is NOT a valid SMTP command, causing the receiving mail server to issue a '500 Unrecognized Command' response.

The immediate fix for this issue is to disable "inspect ESMTP" and "inspect SMTP" on the Cisco ASA causing problems.

To verify this is the problem, you will need to capture the network traffic before and after the Cisco ASA to determine what SMTP command is triggering this issue. Then a bug report can be filed with Cisco, if it hasn't been fixed already in their recent ASA software.

With SMTP inspection, Cisco monitors SMTP commands and the firewall esmtp state machine keeps track of the SMTP state, generating errors if the following rules are not observed:

• SMTP commands must be at least four characters in length;
• must be terminated with carriage return and line feed;
• must be one of the following: AUTH, DATA, EHLO, ETRN, HELO, HELP, MAIL, NOOP, QUIT, RCPT, RSET, SAML, SEND, SOML, VRFY; and
• must wait for a response before issuing the next reply.