Preview Tool

Cisco Bug: CSCuo00844 - TLS verification breaks when A record for PTR IP doesn't exist

Last Modified

Mar 07, 2018

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases


Description (partial)

When using the 'tlsverify' command, or sending email to a domain that has a destination control set to use TLS verify, one of the following application faults may be encountered:

When using the 'tlsverify' command:

('egg/ ip_lookup_iter|663', "<type 'exceptions.UnboundLocalError'>", "local variable 'rev_ips' referenced before
assignment", '[egg/ remote_cmd_tls_verify|9218] [egg/ try_connect_verify|9030] [egg/ connect_verify|98] [egg/
authenticate_peer|186] [egg/ ip_lookup_iter|663]')

When delivery an email using TLS verify:

('egg/ ip_lookup_iter|663', "<type 'exceptions.UnboundLocalError'>", "local variable 'rev_ips' referenced before assignment", '[egg/ _connect_to_ip|1106] [egg/ send_starttls|1811] [egg/ connect_verify|98] [egg/ authenticate_peer|186] [egg/ ip_lookup_iter|663]')

When using the 'tlsverify' command, this application fault will prevent successful TLS verification of the destination.

When encountered during email deliver, the application fault will prevent deliver to the destination domain.

These application faults will only occur when the destination IP that we are attempting to connect to meets the following criteria:

1) The IP address has a resolvable PTR record
2) The hostname from that PTR record is not resolvable (e.g. NXDOMAIN, ServFail, etc.)
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.