From: Murray S. K. <ms...@se...> - 2007-08-03 19:19:40
|
Some people have reported difficulty sending DKIM-signed mail through to sites that use Cisco PIX firewalls with the "mail fixup" feature turned on. I'm told by a senior engineer at Cisco that this is a Cisco PIX problem for which a patch is already available. The issue is that the feature observes "Content-Type" twice in the message header (once for Content-Type: itself and once in the h= tag of the DKIM signature), assumes it's malformed (possibly an attack) and disallows the message. If you're having this problem and the destination site hasn't updated to the newest version of PIX, you can simply use the "-o" or "OmitHeaders" feature to skip signing of Content-Type: headers and avoid the problem. -MSK |