> From: Steve Atkins > > Yes they can, but I've seen PIXes inexplicably get into a state where they > reject everything. >
Just to pile on with all the other email experts, smtp_f*ckup is the worst "feature" ever implemented on a "security" device. Not only does it kill your ability to do TLS, but since the system is trying to packet inspect everything it is really easy to overload the firewall, which will cause it to start randomly dropping packets. Once this starts happening the connections go into tcp retry, which increases network load significantly, which causes more lost packets, which causes more retries, etc. Delivering a piece of mail with a 200k attachment on a moderately busy day is probably a coin-flip as to whether it gets through. If you have a firewall with that setting on the network, then 95% of all email delivery issues are due to it. It is not even worth investigating anything else while it is there, killing your network and forcing your mail to plaintext transfer. It would be like freaking out over a stubbed toe while bleeding out from a gunshot wound. --adam _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop