Tip

Firewall policies and SMTP line lengths

VIEW MEMBER FEEDACK TO THIS TIP

Illegal line lengths in incoming e-mail are one of those subtle problems that aren't often noticed and can be difficult to diagnose.

The RFC for the SMTP

    Requires Free Membership to View

standard expressly forbids having an e-mail line length (i.e., a string of characters terminated by a carriage return/line-feed pair) of more than 1,000 bytes. (This sort of formatting is often the hallmark of a buffer-overrun attack, which is why it's generally a good idea to block such messages.)

Spammers often disregard the 1,000-byte line-length limit. But, unfortunately, some perfectly legitimate (albeit misconfigured) e-mail handlers also sometimes disregard this limit. Conventional e-mail typically wraps at 72 lines, but this a holdover from the days of fixed-width 80-column displays and isn't being treated as an ironclad rule anymore.

E-mail that is badly-formatted in this fashion can lead to a peculiar situation where one group replies to e-mail from another group, only to have the reply rejected. Replies from all other organizations come through fine, but that particular group's replies get bounced.

As an administrator, you might blame Exchange for this problem (either on the sending or receiving end), but the real culprit may lie between the two servers: the SMTP proxy or firewall.

Many firewalls and proxies, including Microsoft's own ISA Server, monitor SMTP traffic, and will terminate an SMTP session if someone attempts to send a message with an unterminated line longer than 1,000 characters.

One way to get around this is to make the firewall's SMTP monitoring rules less restrictive (for instance, to terminate sessions at 2,000 lines) -- but the party sending the malformed e-mails needs to be the one to fix the problem. (You can find instructions on how to configure the maximum line length in ISA Server here.

Another way to work around this problem as a sender is to force all outgoing e-mail to be 8-bit MIME-encoded. This removes the line-length problem, since MIME encoding uses a standard line length in its data that is universally respected. However, older versions of Exchange (4.0 through 5.5) cannot handle 8-bit MIME, so this should only be used if you are confident that the majority of the e-mail you send will be readable.

About the author: Serdar Yegulalp is the editor of the Windows Power Users Newsletter and a regular contributor to SearchExchange.com.


MEMBER FEEDBACK TO THIS TIP

It was nice to find an article on this issue that I can point offending senders to when their email is rejected.

I think this line: "One way to get around this is to make the firewall's SMTP monitoring rules less restrictive (for instance, to terminate sessions at 2,000 lines)" …should read something like: "One way to get around this is to make the firewall's SMTP monitoring rules less restrictive (for instance, to terminate sessions at 2,000 characters/octets)."
—Dana D.


Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

  • Column: Should you use ISA Server as your Exchange firewall?
  • Topics Library: SMTP tips and expert advice
  • Topics Library: Firewalls

    Please let others know how useful this tip is via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.

    This was first published in May 2005

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.