search cancel

Cisco Ironport MTA removing CR and LF Characters from Some Messages when TLS Encryption Enabled


Article ID: 161109


Updated On:


Data Loss Prevention Network Prevent for Email


Ironport's line marker CR/LF is necessary to delineate between the header and the body of an email message. Cisco Ironport's MTA cleans out bare CR characters. They are not checking for TLS fragmentation, so if there is a CR at the end of one packet and LF at the start of the next, Ironport will remove the CR. The header and the body will run together. When the email gets to its destination, parts of the header will display in the body of the email. Some email servers, such as Yahoo, will not even display the email to the end user.


There is a work around on the Ironport MTA server: 1. Hover mouse over Network 2. Select Listeners from the drop down menu. 3. Select VontuToIronport listener 4. Expand Advanced, by selecting it. 5. In the CR and LF handling section you need to select Allow messages with bare CR and LF characters. The default is Clean messages of bare CR and LF characters.

Applies To
This may occur with an Ironport MTA with TLS Encryption Enabled.