Hi, Ralf,
On 12/8/11 9:53 AM, Ralf Hildebrandt wrote:
Over the last few days I discussed SMTP delivery problems with a czech
site which was using Postfix and a CISCO ASA with "smtp protocol
fixup" enabled.
I was able to work around the delivery problems by stripping the DKIM
headers on outgoing mails (as so often).
Do you mean a Cisco ASA/PIX firewall with 'smtp protocol fixup'
effectively blocks _any_ message carrying a DKIM-signature header?
Some interesting info got out:
I've also discussed these results with local Cisco support and they
confirmed it's a known bug (not published) with DKIM and smtp inspection
engine in latest IOS versions.
This should be fixed in some newer IOS version (8.4(10)) which is not
public yet (latest is 8.4(2)).
I've always wondered why they call it 'smtp protocol fixup', they'd
better call it 'smtp protocol breakdown'.
/rolf
