This document describes a problem that is encountered on the Cisco Email Security Appliance (ESA) after a migration from the Microsoft Exchange Server Version 2003 to the Microsoft Exchange Server Version 2010 (SP3) where the Simple Mail Transfer Protocol (SMTP) authentication from AsyncOS Version 7.5.1-102 towards the Exchange Server fails.
If a remote user connects to the ESA and uses SMTP Authentication, the ESA uses the credentials and forwards them to the internal SMTP server. In this case, the SMTP server does not accept the SMTP authentication credentials and SMTP Authentication errors occur in the mail log file:
Mon Feb 24 12:42:10 2014 Info: New SMTP ICID 20207685 interface Data 1A
(172.17.1.56) address 22.214.171.124 reverse dns host unknown verified no
Mon Feb 24 12:42:10 2014 Info: ICID 20207685 ACCEPT SG AUTHENTICATED match
10.98.0.0/16 SBRS 5.1
Mon Feb 24 12:42:10 2014 Info: SMTP Auth: (ICID 20207685) could not reach
forwarding server 172.17.1.248
Mon Feb 24 12:42:10 2014 Warning: SMTP Auth: could not reach forwarding server
172.17.1.248 with reason: No ESMTP AUTH keyword was presented.
Mon Feb 24 12:42:10 2014 Info: ICID 20207685 lost
Mon Feb 24 12:42:10 2014 Info: ICID 20207685 close
This problem is caused by the receive connector configurations on the Exchange Server. In order to solve this problem, ensure that the authentication and the receive connectors on the Exchange Server are configured as anonymous.