If this appears at the end of the email data without benefit of the "real" <CRLF>.<CRLF>, then it's incorrect. Got craptures? -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Wednesday, February 27, 2008 3:08 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: SMTP Filter Feedback: "Absolutely. And that's why "<CR>.<CR>" should just be passed straight through like any other random sequence of characters, and not cause the session to abort with a "Syntax error" ..." Let me know if this is pushing the boundaries of the mailing list and I will get them to log a PSS call. If not, keep posting! Jason Jones | Security | Silversands Limited | Desk: +44 (0)1202 360489 | Mobile: +44 (0)7971 500312 | Email/MSN: jason.jones@xxxxxxxxxxxxxxxxx -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: 26 February 2008 22:55 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: SMTP Filter Tell them I said to read RFC 2821: http://rfc.net/rfc2821.html#s4.1.1.4 <quote> The mail data is terminated by a line containing only a period, that is, the character sequence "<CRLF>.<CRLF>" </quote> They didn't say "something almost, but not quite totally unlike <CRLF>.<CRLF>". -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Tuesday, February 26, 2008 1:02 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: SMTP Filter Guys, Here's more background below. From what I can tell the only way to prevent this is to disable the SMTP filter for the publishing rule that provide access from the Unix mail relays to Exchange. I was hoping for something a little more granular but can't see how to do this in the GUI. Cheers JJ ------- If Unix forwards a message to ISA / Exchange terminated with "CR CR . CR CR" the ISA smtp filter drops the connection and returns a 421 5.5.2 error, (rather than dropping/rejecting the message) this causes the mail queues on the Unix servers to back-up. Is it possible to change the status code ISA Returns to a more appropriate code, or otherwise ignore this check? The email below explains in a bit more detail. Okay, so it's ISA not Exchange, but ... We are getting messages stuck in our queues on their way into Exchange. The ISA server replies with 421 5.5.2 Syntax error (invalid DATA termination) and the messages are held with xxx@xxxxxx Deferred: 421 5.5.2 Syntax error (invalid DATA termination) This is a problem, since it is interpreted as a temporary server failure and a request to try again later, effectively blocking all further mail to that server on that queue run, and leaving a backlog of messages in the queue. Now the Microsoft site says that means "SMTP filter encountered an invalid DATA terminator Some character combinations in DATA may pose a security risk. The connection has been terminated. SMTP filter event Invalid DATA termination" And it appears the cause is the occurrence of CR CR . CR CR in the message, accepted and passed on by our sendmail-based relays . It appears that ISA will not accept this, and returns a 421 response, meaning try again later. This seems wrong, since it is not a temporary failure, and the message will never be delivered. Surely the correct thing to do is either accept the message, or reject it with a permanent failure so that the sender can be notified. Is there any way to disable or modify this behaviour within ISA ? -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: 26 February 2008 17:58 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: SMTP Filter What - you want to add the \r\r.\r\r in the filter definitions? Is this sequence sent with or without actual mail content? -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Tuesday, February 26, 2008 9:37 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] SMTP Filter Hi, Is there any way to modify the ISA SMTP filter behaviour outside of the GUI? We have a customer who is getting a weird error from the SMTP filter when the *data* portion contains "CR CR . CR CR". The problem is that instead of rejecting the connection, as I would have expected, the filter returns a 421 error, which essentially means "syntax error (invalid data termination), try again later" causing a backlog on the upstream SMTP server. I am guessing this is a log with PSS job to determine if the behaviour is a bug, or by design...just wondered in anyone had any similar experiences or thoughts? Cheers JJ ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. If you have received this email in error, or if you believe this email is unsolicited and wish to be removed from any future mailings, please contact our Support Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx If this email contains a quotation then unless otherwise stated it is valid for 7 days and offered subject to Silversands Professional Services Terms and Conditions, a copy of which is available on request. Any pricing information, design information or information concerning specific Silversands' staff contained in this email is considered confidential or of commercial interest and exempt from the Freedom of Information Act 2000. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. Company Registration Number : 2141393. This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. If you have received this email in error, or if you believe this email is unsolicited and wish to be removed from any future mailings, please contact our Support Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx If this email contains a quotation then unless otherwise stated it is valid for 7 days and offered subject to Silversands Professional Services Terms and Conditions, a copy of which is available on request. Any pricing information, design information or information concerning specific Silversands' staff contained in this email is considered confidential or of commercial interest and exempt from the Freedom of Information Act 2000. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. Company Registration Number : 2141393. This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. If you have received this email in error, or if you believe this email is unsolicited and wish to be removed from any future mailings, please contact our Support Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx If this email contains a quotation then unless otherwise stated it is valid for 7 days and offered subject to Silversands Professional Services Terms and Conditions, a copy of which is available on request. Any pricing information, design information or information concerning specific Silversands' staff contained in this email is considered confidential or of commercial interest and exempt from the Freedom of Information Act 2000. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. Company Registration Number : 2141393.