> Can someone share a good reference that says that smtp-protocol-fixup > can be safely disabled without compromising the security. > > Apparently the Cisco guys themselves dont own up to their bug and they > say disabling anything is at "ones own risk". > > That is enough to get the boot from the (so called! ) security team.
Well, I think this smtp fixup designed to protect poor smtp servers like microsoft exchange? or poorly configured smtp servers.. Anyway, looks like cisco smtp fixup contains lot of bugs like: http://www.arschkrebs.de/postfix/postfix_cisco_pix_bugs.shtml http://blogs.oucs.ox.ac.uk/networks/2009/11/26/cisco-firewall-smtp-fixup-considered-harmful/ -- Eero
