[isapros] Re: SMTP Filter

  • From: Jason Jones <Jason.Jones@xxxxxxxxxxxxxxxxx>
  • To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
  • Date: Tue, 26 Feb 2008 21:01:43 +0000

Guys,

Here's more background below. From what I can tell the only way to prevent this 
is to disable the SMTP filter for the publishing rule that provide access from 
the Unix mail relays to Exchange. I was hoping for something a little more 
granular but can't see how to do this in the GUI.

Cheers

JJ

-------
If Unix forwards a message to ISA / Exchange terminated with  "CR CR . CR CR"   
the ISA smtp filter drops the connection and returns a 421 5.5.2  error, 
(rather than dropping/rejecting the message) this causes the mail queues on the 
Unix servers to back-up.

Is it possible to change the status code ISA Returns to a more appropriate 
code, or otherwise ignore this check?

The email below explains in  a bit more detail.

Okay, so it's ISA not Exchange, but ...

We are getting messages stuck in our queues on their way into Exchange.  The 
ISA server replies with

421 5.5.2 Syntax error (invalid DATA termination)

and the messages are held with

xxx@xxxxxx Deferred: 421 5.5.2 Syntax error (invalid DATA termination)

This is a problem, since it is interpreted as a temporary server failure and a 
request to try again later, effectively blocking all further mail to that 
server on that queue run, and leaving a backlog of messages in the queue.

Now the Microsoft site says that means

"SMTP filter encountered an invalid DATA terminator Some character combinations 
in DATA may pose a security risk. The connection has been terminated.
SMTP filter event
Invalid DATA termination"

And it appears the cause is the occurrence of

CR CR . CR CR

in the message, accepted and passed on by our sendmail-based relays . It 
appears that ISA will not accept this, and returns a 421 response, meaning try 
again later.  This seems wrong, since it is not a temporary failure, and the 
message will never be delivered. Surely the correct thing to do is either 
accept the message, or reject it with a permanent failure so that the sender 
can be notified.

Is there any way to disable or modify this behaviour within ISA ?


-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: 26 February 2008 17:58
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: SMTP Filter

What - you want to add the \r\r.\r\r in the filter definitions?
Is this sequence sent with or without actual mail content?

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jason Jones
Sent: Tuesday, February 26, 2008 9:37 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] SMTP Filter

Hi,

Is there any way to modify the ISA SMTP filter behaviour outside of the GUI?

We have a customer who is getting a weird error from the SMTP filter when the 
*data* portion contains "CR CR . CR CR". The problem  is that instead of 
rejecting the connection, as I would have expected, the filter returns a 421 
error, which essentially means "syntax error (invalid data termination), try 
again later" causing a backlog on the upstream SMTP server.

I am guessing this is a log with PSS job to determine if the behaviour is a 
bug, or by design...just wondered in anyone had any similar experiences or 
thoughts?

Cheers

JJ



  ________________________________
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual to whom it is addressed. If you have 
received this email in error, or if you believe this email is unsolicited and 
wish to be removed from any future mailings, please contact our Support Desk 
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx

If this email contains a quotation then unless otherwise stated it is valid for 
7 days and offered subject to Silversands Professional Services Terms and 
Conditions, a copy of which is available on request. Any pricing information, 
design information or information concerning specific Silversands' staff 
contained in this email is considered confidential or of commercial interest 
and exempt from the Freedom of Information Act 2000.

Any view or opinions presented are solely those of the author and do not 
necessarily represent those of Silversands

Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.



This email and any files transmitted with it are confidential and intended 
solely for the use of the individual to whom it is addressed.  If you have 
received this email in error, or if you believe this email is unsolicited and 
wish to be removed from any future mailings, please contact our Support Desk 
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx

If this email contains a quotation then unless otherwise stated it is valid for 
7 days and offered subject to Silversands Professional Services Terms and 
Conditions, a copy of which is available on request. Any pricing information, 
design information or information concerning specific Silversands' staff 
contained in this email is considered confidential or of commercial interest 
and exempt from the Freedom of Information Act 2000.

Any view or opinions presented are solely those of the author and do not 
necessarily represent those of Silversands

Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.

Other related posts:

  1. Home
  2. isapros
  3. Archive
  4. 02-2008