https://live.paloaltonetworks.com/t5/general-topics/ssl-inbound-decryption-and-smtp/m-p/219102#M63284 <P>PA does not support sending SMTP response code "541" while SSL Inbound decryption is enabled. It s normal behaviour that the PA just drop the session. You have to configure SSL Forward Proxy instead.</P> Mon, 25 Jun 2018 08:49:56 GMT iweltag 2018-06-25T08:49:56Z https://live.paloaltonetworks.com/t5/general-topics/ssl-inbound-decryption-and-smtp/m-p/213153#M62044 <P>Hi,</P><P>&nbsp;</P><P>does anybody have issues with ssl inbound decryption and setting the smtp decoder in AV Profile to reset-both (antivirus + wildfire)? When the firewall receives an email (with ssl/tls enc enabled) and successfully decrypt the message and found a virus the firewall is not sending a SMTP response code 541. The firewall just block/reset the session. so the sender will never be notified. Without ssl/tls enabled (ssl/tls disabled between spam/av &lt;--&gt; reveiving mailserver) the firewall send a SMTP response code 541.</P><P>&nbsp;</P><P>Example:</P><P>&nbsp;</P><P>Mail server (sending) ---SSL/TLS---&gt; Spam/Antivirus Scan (Cloud-based Internet Security Services) ---SSL/TLS---&gt; PA - Firewall ---&gt; Mail server (receiving)</P><P>&nbsp;</P><P>just wondering - i have also opened a case with pa support. we are running on panos 8.0.8.</P><P>&nbsp;</P><P>thx</P><P>bastian</P> Mon, 07 May 2018 14:21:15 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-inbound-decryption-and-smtp/m-p/213153#M62044 iweltag 2018-05-07T14:21:15Z https://live.paloaltonetworks.com/t5/general-topics/ssl-inbound-decryption-and-smtp/m-p/219102#M63284 <P>PA does not support sending SMTP response code "541" while SSL Inbound decryption is enabled. It s normal behaviour that the PA just drop the session. You have to configure SSL Forward Proxy instead.</P> Mon, 25 Jun 2018 08:49:56 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-inbound-decryption-and-smtp/m-p/219102#M63284 iweltag 2018-06-25T08:49:56Z