[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cisco PIX ORCPT scrambling..

> We are seeing this error again and again with each remote system having
> a CISCO PIX firewall. Does anyone know if this is an issue that has been
> raised with Cisco? Do they know about it? Do they have a bug id
> associated with this? Does anyone know the PIX commands to turn off the
> DSN from the EHLO capability reports until Cisco can fix this?

	I did raise some ruckus on IETF working group about this
	a month (or two) back.

	I have had words from multiple sources in cisco that it has
	been fixed.  I am yet to see.


	Perhaps it is the matter of slow deployment...
	Hmm.. Cisco pages do not (easily) yield out manuals,
	nor software release notes.

	The original design allowed only RFC-821 specified protocol.
	To my knowledge the PIX engineers made a mistake by just
	plainly listing "EHLO" as accepted alias to "HELO" (or something
	similar), and NOT filtering responses in the return path.

	The workaround (as I mention on that page) is to disable
	the MailGuard facility.   How you do it, I don't know.

	/Matti Aarnio <mea@nic.funet.fi>