There Is a Problem with Inspecting Single Channel Protocol
For single channel protocols such as HTTP or SMTP, generic inspection (inspecting TCP) is sufficient. However, to achieve additional security against protocol violation, you have the option of inspecting with SMTP or HTTP. The big confusion comes when inspecting with HTTP. With HTTP inspection (if Java-list is not configured), by default Java filtering is turned on. So, connection requests for all the websites serving Java applets are denied by the CBAC. Hence, if you run into a problem with browsing certain sites, either remove inspection for HTTP or configure Java-list in conjunction with ACL to allow the trusted sites for Java applets.
Before 12.3(7) T, CBAC didn't have any option for inspecting ESMTP traffic. So, if you inspect SMTP, and your mail server runs ESMTP (for example, Microsoft Exchange Server), you will have problems getting e-mail. As work-arounds, either turn off SMTP inspection on the router or turn off ESMTP in the mail server as shown in the following link:
If you are running IOS version 12.3(7)T or above, and want to inspect ESMTP, refer to the following link for more details:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801ed6ee