You've directly connected to the SMTP server via ISA and manually entered the character sequence to verify this? With the SMTP filter applied, I don't get this error. Further, like I said last time, you don't get SMTP error messages when the filter trigger terminates the connection - it just terminates. But I'm assuming you've disabled the SMTP filter and everything works? t > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones > Sent: Wednesday, February 27, 2008 3:08 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: SMTP Filter > > Feedback: > > "Absolutely. And that's why "<CR>.<CR>" should just be passed straight > through like any other random sequence of characters, and not cause the > session to abort with a "Syntax error" ..." > > Let me know if this is pushing the boundaries of the mailing list and I > will get them to log a PSS call. If not, keep posting! > > Jason Jones | Security | Silversands Limited | Desk: +44 (0)1202 360489 > | Mobile: +44 (0)7971 500312 | Email/MSN: jason.jones@xxxxxxxxxxxxxxxxx > > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: 26 February 2008 22:55 > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: SMTP Filter > > Tell them I said to read RFC 2821: > http://rfc.net/rfc2821.html#s4.1.1.4 > <quote> > The mail data is terminated by a line containing only a period, that > is, the character sequence "<CRLF>.<CRLF>" > </quote> > > They didn't say "something almost, but not quite totally unlike > <CRLF>.<CRLF>". > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones > Sent: Tuesday, February 26, 2008 1:02 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: SMTP Filter > > Guys, > > Here's more background below. From what I can tell the only way to > prevent this is to disable the SMTP filter for the publishing rule that > provide access from the Unix mail relays to Exchange. I was hoping for > something a little more granular but can't see how to do this in the > GUI. > > Cheers > > JJ > > ------- > If Unix forwards a message to ISA / Exchange terminated with "CR CR . > CR CR" the ISA smtp filter drops the connection and returns a 421 > 5.5.2 error, (rather than dropping/rejecting the message) this causes > the mail queues on the Unix servers to back-up. > > Is it possible to change the status code ISA Returns to a more > appropriate code, or otherwise ignore this check? > > The email below explains in a bit more detail. > > Okay, so it's ISA not Exchange, but ... > > We are getting messages stuck in our queues on their way into Exchange. > The ISA server replies with > > 421 5.5.2 Syntax error (invalid DATA termination) > > and the messages are held with > > xxx@xxxxxx Deferred: 421 5.5.2 Syntax error (invalid DATA termination) > > This is a problem, since it is interpreted as a temporary server > failure and a request to try again later, effectively blocking all > further mail to that server on that queue run, and leaving a backlog of > messages in the queue. > > Now the Microsoft site says that means > > "SMTP filter encountered an invalid DATA terminator Some character > combinations in DATA may pose a security risk. The connection has been > terminated. > SMTP filter event > Invalid DATA termination" > > And it appears the cause is the occurrence of > > CR CR . CR CR > > in the message, accepted and passed on by our sendmail-based relays . > It appears that ISA will not accept this, and returns a 421 response, > meaning try again later. This seems wrong, since it is not a temporary > failure, and the message will never be delivered. Surely the correct > thing to do is either accept the message, or reject it with a permanent > failure so that the sender can be notified. > > Is there any way to disable or modify this behaviour within ISA ? > > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: 26 February 2008 17:58 > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: SMTP Filter > > What - you want to add the \r\r.\r\r in the filter definitions? > Is this sequence sent with or without actual mail content? > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones > Sent: Tuesday, February 26, 2008 9:37 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] SMTP Filter > > Hi, > > Is there any way to modify the ISA SMTP filter behaviour outside of the > GUI? > > We have a customer who is getting a weird error from the SMTP filter > when the *data* portion contains "CR CR . CR CR". The problem is that > instead of rejecting the connection, as I would have expected, the > filter returns a 421 error, which essentially means "syntax error > (invalid data termination), try again later" causing a backlog on the > upstream SMTP server. > > I am guessing this is a log with PSS job to determine if the behaviour > is a bug, or by design...just wondered in anyone had any similar > experiences or thoughts? > > Cheers > > JJ > > > > ________________________________ > This email and any files transmitted with it are confidential and > intended solely for the use of the individual to whom it is addressed. > If you have received this email in error, or if you believe this email > is unsolicited and wish to be removed from any future mailings, please > contact our Support Desk immediately on 01202 360360 or email > helpdesk@xxxxxxxxxxxxxxxxx > > If this email contains a quotation then unless otherwise stated it is > valid for 7 days and offered subject to Silversands Professional > Services Terms and Conditions, a copy of which is available on request. > Any pricing information, design information or information concerning > specific Silversands' staff contained in this email is considered > confidential or of commercial interest and exempt from the Freedom of > Information Act 2000. > > Any view or opinions presented are solely those of the author and do > not necessarily represent those of Silversands > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. > Company Registration Number : 2141393. > > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual to whom it is addressed. > If you have received this email in error, or if you believe this email > is unsolicited and wish to be removed from any future mailings, please > contact our Support Desk immediately on 01202 360360 or email > helpdesk@xxxxxxxxxxxxxxxxx > > If this email contains a quotation then unless otherwise stated it is > valid for 7 days and offered subject to Silversands Professional > Services Terms and Conditions, a copy of which is available on request. > Any pricing information, design information or information concerning > specific Silversands' staff contained in this email is considered > confidential or of commercial interest and exempt from the Freedom of > Information Act 2000. > > Any view or opinions presented are solely those of the author and do > not necessarily represent those of Silversands > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. > Company Registration Number : 2141393. > > > > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual to whom it is addressed. > If you have received this email in error, or if you believe this email > is unsolicited and wish to be removed from any future mailings, please > contact our Support Desk immediately on 01202 360360 or email > helpdesk@xxxxxxxxxxxxxxxxx > > If this email contains a quotation then unless otherwise stated it is > valid for 7 days and offered subject to Silversands Professional > Services Terms and Conditions, a copy of which is available on request. > Any pricing information, design information or information concerning > specific Silversands' staff contained in this email is considered > confidential or of commercial interest and exempt from the Freedom of > Information Act 2000. > > Any view or opinions presented are solely those of the author and do > not necessarily represent those of Silversands > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. > Company Registration Number : 2141393. >