ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Cisco Ironport MTA removing CR and LF Characters from Some Messages when TLS Encryption Enabled
Article ID: 161109
Data Loss Prevention Network Prevent for Email
Ironport's line marker CR/LF is necessary to delineate between the header and the body of an email message. Cisco Ironport's MTA cleans out bare CR characters. They are not checking for TLS fragmentation, so if there is a CR at the end of one packet and LF at the start of the next, Ironport will remove the CR.
The header and the body will run together. When the email gets to its destination, parts of the header will display in the body of the email. Some email servers, such as Yahoo, will not even display the email to the end user.
There is a work around on the Ironport MTA server:
1. Hover mouse over Network
2. Select Listeners from the drop down menu.
3. Select VontuToIronport listener
4. Expand Advanced, by selecting it.
5. In the CR and LF handling section you need to select Allow messages with bare CR and LF characters. The default is Clean messages of bare CR and LF characters.
Applies To This may occur with an Ironport MTA with TLS Encryption Enabled.