Guest

Preview Tool

Cisco Bug: CSCvv45646 - DHAP handling on SBOs in 13.5 incorrectly matches SBOs instead of IDs

Last Modified

Oct 10, 2020

Products (1)

  • Cisco IronPort Email Security Appliance Software

Known Affected Releases

13.5.1-277

Description (partial)

Symptom:
After upgrading to a 13.5.x build a customer may find that their pre-existing mail load is now generating DHAP failures, and that emails they want are now being rejected.

Conditions:
This defect applies to any customer configured with DHAP enabled.  In the past, we had associated IPs with the submasks used by the site owning those.  Now we are using the Sender Base Organization ID associated with that IP.  The problem is that nowdays there are plenty of hosted sites in the world.  So if a customer's email is hosted by Amazon or Amazon owns the IPs fronting their servers (AWS), they will all get counted as one sum against the DHAP limit.  And Amazon hosts 46 million IPs, 458 thousand of those IPs send out emails.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.