You "have" or "have not" tested it "manually or personally"? The "or" in there makes me think you dropped out a "not" - just making sure. I've tested this and can't re-create the issue -- the 421 error must be coming from Exchange - ISAs SMTP filter doesn't "inject" error messages. I don't see how a CR CR . CR CR in the message body would do anything anyway... You could disable the rule for just a moment to test, or of course, just set up another pub rule on a different IP going to the same Exchange server and test away ;) t > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones > Sent: Wednesday, February 27, 2008 6:45 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: SMTP Filter > > They won't allow me to disable the SMTP filter at this time as they are > not sure if the Unix servers can provide the same level of application- > level protection, how ironic :) > > I get alerts in the monitoring section of the ISA console when it > happens - from what I understand the CR CR . CR CR is contained within > the message body of rogue (spam) messages. > > If ISA doesn't respond with the SMTP error code, I guess this must be > Exchange - but surely ISA had prevented this connection??? > > I have tested it manually or personally...if you want more details the > guy has posted on some sendmail forums here: > http://www.webservertalk.com/message2285500.html > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) > Sent: 27 February 2008 14:18 > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: SMTP Filter > > You've directly connected to the SMTP server via ISA and manually > entered the character sequence to verify this? With the SMTP filter > applied, I don't get this error. Further, like I said last time, you > don't get SMTP error messages when the filter trigger terminates the > connection - it just terminates. > > But I'm assuming you've disabled the SMTP filter and everything works? > > t > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones > > Sent: Wednesday, February 27, 2008 3:08 AM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: SMTP Filter > > > > Feedback: > > > > "Absolutely. And that's why "<CR>.<CR>" should just be passed > straight > > through like any other random sequence of characters, and not cause > the > > session to abort with a "Syntax error" ..." > > > > Let me know if this is pushing the boundaries of the mailing list and > I > > will get them to log a PSS call. If not, keep posting! > > > > Jason Jones | Security | Silversands Limited | Desk: +44 (0)1202 > 360489 > > | Mobile: +44 (0)7971 500312 | Email/MSN: > jason.jones@xxxxxxxxxxxxxxxxx > > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: 26 February 2008 22:55 > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: SMTP Filter > > > > Tell them I said to read RFC 2821: > > http://rfc.net/rfc2821.html#s4.1.1.4 > > <quote> > > The mail data is terminated by a line containing only a period, that > > is, the character sequence "<CRLF>.<CRLF>" > > </quote> > > > > They didn't say "something almost, but not quite totally unlike > > <CRLF>.<CRLF>". > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones > > Sent: Tuesday, February 26, 2008 1:02 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: SMTP Filter > > > > Guys, > > > > Here's more background below. From what I can tell the only way to > > prevent this is to disable the SMTP filter for the publishing rule > that > > provide access from the Unix mail relays to Exchange. I was hoping > for > > something a little more granular but can't see how to do this in the > > GUI. > > > > Cheers > > > > JJ > > > > ------- > > If Unix forwards a message to ISA / Exchange terminated with "CR CR > . > > CR CR" the ISA smtp filter drops the connection and returns a 421 > > 5.5.2 error, (rather than dropping/rejecting the message) this > causes > > the mail queues on the Unix servers to back-up. > > > > Is it possible to change the status code ISA Returns to a more > > appropriate code, or otherwise ignore this check? > > > > The email below explains in a bit more detail. > > > > Okay, so it's ISA not Exchange, but ... > > > > We are getting messages stuck in our queues on their way into > Exchange. > > The ISA server replies with > > > > 421 5.5.2 Syntax error (invalid DATA termination) > > > > and the messages are held with > > > > xxx@xxxxxx Deferred: 421 5.5.2 Syntax error (invalid DATA > termination) > > > > This is a problem, since it is interpreted as a temporary server > > failure and a request to try again later, effectively blocking all > > further mail to that server on that queue run, and leaving a backlog > of > > messages in the queue. > > > > Now the Microsoft site says that means > > > > "SMTP filter encountered an invalid DATA terminator Some character > > combinations in DATA may pose a security risk. The connection has > been > > terminated. > > SMTP filter event > > Invalid DATA termination" > > > > And it appears the cause is the occurrence of > > > > CR CR . CR CR > > > > in the message, accepted and passed on by our sendmail-based relays . > > It appears that ISA will not accept this, and returns a 421 response, > > meaning try again later. This seems wrong, since it is not a > temporary > > failure, and the message will never be delivered. Surely the correct > > thing to do is either accept the message, or reject it with a > permanent > > failure so that the sender can be notified. > > > > Is there any way to disable or modify this behaviour within ISA ? > > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: 26 February 2008 17:58 > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: SMTP Filter > > > > What - you want to add the \r\r.\r\r in the filter definitions? > > Is this sequence sent with or without actual mail content? > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones > > Sent: Tuesday, February 26, 2008 9:37 AM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] SMTP Filter > > > > Hi, > > > > Is there any way to modify the ISA SMTP filter behaviour outside of > the > > GUI? > > > > We have a customer who is getting a weird error from the SMTP filter > > when the *data* portion contains "CR CR . CR CR". The problem is > that > > instead of rejecting the connection, as I would have expected, the > > filter returns a 421 error, which essentially means "syntax error > > (invalid data termination), try again later" causing a backlog on the > > upstream SMTP server. > > > > I am guessing this is a log with PSS job to determine if the > behaviour > > is a bug, or by design...just wondered in anyone had any similar > > experiences or thoughts? > > > > Cheers > > > > JJ > > > > > > > > ________________________________ > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual to whom it is > addressed. > > If you have received this email in error, or if you believe this > email > > is unsolicited and wish to be removed from any future mailings, > please > > contact our Support Desk immediately on 01202 360360 or email > > helpdesk@xxxxxxxxxxxxxxxxx > > > > If this email contains a quotation then unless otherwise stated it is > > valid for 7 days and offered subject to Silversands Professional > > Services Terms and Conditions, a copy of which is available on > request. > > Any pricing information, design information or information concerning > > specific Silversands' staff contained in this email is considered > > confidential or of commercial interest and exempt from the Freedom of > > Information Act 2000. > > > > Any view or opinions presented are solely those of the author and do > > not necessarily represent those of Silversands > > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. > > Company Registration Number : 2141393. > > > > > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual to whom it is > addressed. > > If you have received this email in error, or if you believe this > email > > is unsolicited and wish to be removed from any future mailings, > please > > contact our Support Desk immediately on 01202 360360 or email > > helpdesk@xxxxxxxxxxxxxxxxx > > > > If this email contains a quotation then unless otherwise stated it is > > valid for 7 days and offered subject to Silversands Professional > > Services Terms and Conditions, a copy of which is available on > request. > > Any pricing information, design information or information concerning > > specific Silversands' staff contained in this email is considered > > confidential or of commercial interest and exempt from the Freedom of > > Information Act 2000. > > > > Any view or opinions presented are solely those of the author and do > > not necessarily represent those of Silversands > > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. > > Company Registration Number : 2141393. > > > > > > > > > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual to whom it is > addressed. > > If you have received this email in error, or if you believe this > email > > is unsolicited and wish to be removed from any future mailings, > please > > contact our Support Desk immediately on 01202 360360 or email > > helpdesk@xxxxxxxxxxxxxxxxx > > > > If this email contains a quotation then unless otherwise stated it is > > valid for 7 days and offered subject to Silversands Professional > > Services Terms and Conditions, a copy of which is available on > request. > > Any pricing information, design information or information concerning > > specific Silversands' staff contained in this email is considered > > confidential or of commercial interest and exempt from the Freedom of > > Information Act 2000. > > > > Any view or opinions presented are solely those of the author and do > > not necessarily represent those of Silversands > > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. > > Company Registration Number : 2141393. > > > > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual to whom it is addressed. > If you have received this email in error, or if you believe this email > is unsolicited and wish to be removed from any future mailings, please > contact our Support Desk immediately on 01202 360360 or email > helpdesk@xxxxxxxxxxxxxxxxx > > If this email contains a quotation then unless otherwise stated it is > valid for 7 days and offered subject to Silversands Professional > Services Terms and Conditions, a copy of which is available on request. > Any pricing information, design information or information concerning > specific Silversands' staff contained in this email is considered > confidential or of commercial interest and exempt from the Freedom of > Information Act 2000. > > Any view or opinions presented are solely those of the author and do > not necessarily represent those of Silversands > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. > Company Registration Number : 2141393. >