Cisco Cisco Email Security Appliance X1050 Guía De Información

turning it off. If you have the opportunity to make a recommendation, a firewall upgrade should solve this
issue.

Some, not all, of the issues are due to the inclusion of message headers within other headers, notably the
signature headers for Domain Keys and Domain Keys Identified Mail. While there are still other
circumstances under which PIX incorrectly terminates an SMTP session and causes delivery failures, DK and
DKIM signing is one known cause. Temporarily disabling DK or DKIM might solve this issue for the time
being, but the best solution is for all PIX users to upgrade or disable these security features.

Cisco recommends that all customers continue to sign messages with DKIM and to consider using this feature
if not already doing so.

For SMTP and ESMTP Inspection (PIX/ASA 7.x and above) please see:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml

ESMTP TLS Configuration:

pix(config)#policy−map global_policy

pix(config−pmap)#class inspection_default

pix(config−pmap−c)#no inspect esmtp

pix(config−pmap−c)#exit

pix(config−pmap)#exit

For SMTP Fixup Protocol please see:

http://www.cisco.com/en/US/docs/security/pix/pix62/configuration/guide/fixup.html

You can view the explicit (configurable) fixup protocol settings with the show fixup command. The default
settings for configurable protocols are as follows:

show fixup

 fixup protocol ftp 21

 fixup protocol http 80

 fixup protocol h323 1720

 fixup protocol rsh 514

 fixup protocol smtp 25

 fixup protocol sqlnet 1521

 fixup protocol sip 5060

• 

• 

• 

Updated: Oct 10, 2014

Document ID: 118550