Missing digital signatures

[Jonathan Forbes]

We're experiencing an issue with digitally signed messages between dissimilar
domains.

When a sender from xxx.com sends a digitally signed message to a reciepient
at zzz.com; the message arrives as if it had never been signed... with no
flag, alert or fired event stating the message had at one time been signed.
To complicate the issue further, a different user at xxx.com could sign a
message and send it to the same user at zzz.com; and have that signed message
arrive intact, signature and all.

In the past year, in response to specific email threats, email clients and
servers at xxx.com were configured to strip emails back to the 'stone age'
(plain text, no HTML, rich text, embedded images, etc) My question(s)
therefore are as follows:

Am I correct in assuming that if a signed message with HTML formatting has
that formatting removed at the destination before reversing the hash
calculation; the hashes will not match?

Also, what is the default behavior for Outlook 2003 when recieiving a signed
message whose departure/arrival hashes do not match?

 

[Jonathan Forbes]

Ok, so further tests have displayed the proper behavior for evidence of man
in the middle tampering. Packet capture analysis also suggests that a
perimeter device is responsible for stripping signatures from inbound signed
email.

Has anyone had an experience like this; identifying what kind of perimeter
device/scanner is unkind to digital signatures?