[isapros] Re: SMTP Filter
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Wed, 27 Feb 2008 21:48:19 -0800
Dontwerk in telnet.
It either sends <CRLF> or garbage.
Too tired to try anything else tonight...
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Wednesday, February 27, 2008 8:30 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: SMTP Filter
Alt+13 is a toolz??? ;)
t
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Wednesday, February 27, 2008 6:50 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SMTP Filter
>
> There's a problem with trying to simulate that; telnet sends <CRLF>
> when you hit <enter>.
> Most folks don't have the toolz you do <g>.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
> Sent: Wednesday, February 27, 2008 6:18 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SMTP Filter
>
> You've directly connected to the SMTP server via ISA and manually
> entered the character sequence to verify this? With the SMTP filter
> applied, I don't get this error. Further, like I said last time, you
> don't get SMTP error messages when the filter trigger terminates the
> connection - it just terminates.
>
> But I'm assuming you've disabled the SMTP filter and everything works?
>
> t
>
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > Sent: Wednesday, February 27, 2008 3:08 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: SMTP Filter
> >
> > Feedback:
> >
> > "Absolutely. And that's why "<CR>.<CR>" should just be passed
> straight
> > through like any other random sequence of characters, and not cause
> the
> > session to abort with a "Syntax error" ..."
> >
> > Let me know if this is pushing the boundaries of the mailing list
and
> I
> > will get them to log a PSS call. If not, keep posting!
> >
> > Jason Jones | Security | Silversands Limited | Desk: +44 (0)1202
> 360489
> > | Mobile: +44 (0)7971 500312 | Email/MSN:
> jason.jones@xxxxxxxxxxxxxxxxx
> >
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: 26 February 2008 22:55
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: SMTP Filter
> >
> > Tell them I said to read RFC 2821:
> > http://rfc.net/rfc2821.html#s4.1.1.4
> > <quote>
> > The mail data is terminated by a line containing only a period, that
> > is, the character sequence "<CRLF>.<CRLF>"
> > </quote>
> >
> > They didn't say "something almost, but not quite totally unlike
> > <CRLF>.<CRLF>".
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > Sent: Tuesday, February 26, 2008 1:02 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: SMTP Filter
> >
> > Guys,
> >
> > Here's more background below. From what I can tell the only way to
> > prevent this is to disable the SMTP filter for the publishing rule
> that
> > provide access from the Unix mail relays to Exchange. I was hoping
> for
> > something a little more granular but can't see how to do this in the
> > GUI.
> >
> > Cheers
> >
> > JJ
> >
> > -------
> > If Unix forwards a message to ISA / Exchange terminated with "CR CR
> .
> > CR CR" the ISA smtp filter drops the connection and returns a 421
> > 5.5.2 error, (rather than dropping/rejecting the message) this
> causes
> > the mail queues on the Unix servers to back-up.
> >
> > Is it possible to change the status code ISA Returns to a more
> > appropriate code, or otherwise ignore this check?
> >
> > The email below explains in a bit more detail.
> >
> > Okay, so it's ISA not Exchange, but ...
> >
> > We are getting messages stuck in our queues on their way into
> Exchange.
> > The ISA server replies with
> >
> > 421 5.5.2 Syntax error (invalid DATA termination)
> >
> > and the messages are held with
> >
> > xxx@xxxxxx Deferred: 421 5.5.2 Syntax error (invalid DATA
> termination)
> >
> > This is a problem, since it is interpreted as a temporary server
> > failure and a request to try again later, effectively blocking all
> > further mail to that server on that queue run, and leaving a backlog
> of
> > messages in the queue.
> >
> > Now the Microsoft site says that means
> >
> > "SMTP filter encountered an invalid DATA terminator Some character
> > combinations in DATA may pose a security risk. The connection has
> been
> > terminated.
> > SMTP filter event
> > Invalid DATA termination"
> >
> > And it appears the cause is the occurrence of
> >
> > CR CR . CR CR
> >
> > in the message, accepted and passed on by our sendmail-based relays
.
> > It appears that ISA will not accept this, and returns a 421
response,
> > meaning try again later. This seems wrong, since it is not a
> temporary
> > failure, and the message will never be delivered. Surely the correct
> > thing to do is either accept the message, or reject it with a
> permanent
> > failure so that the sender can be notified.
> >
> > Is there any way to disable or modify this behaviour within ISA ?
> >
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: 26 February 2008 17:58
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: SMTP Filter
> >
> > What - you want to add the \r\r.\r\r in the filter definitions?
> > Is this sequence sent with or without actual mail content?
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > Sent: Tuesday, February 26, 2008 9:37 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] SMTP Filter
> >
> > Hi,
> >
> > Is there any way to modify the ISA SMTP filter behaviour outside of
> the
> > GUI?
> >
> > We have a customer who is getting a weird error from the SMTP filter
> > when the *data* portion contains "CR CR . CR CR". The problem is
> that
> > instead of rejecting the connection, as I would have expected, the
> > filter returns a 421 error, which essentially means "syntax error
> > (invalid data termination), try again later" causing a backlog on
the
> > upstream SMTP server.
> >
> > I am guessing this is a log with PSS job to determine if the
> behaviour
> > is a bug, or by design...just wondered in anyone had any similar
> > experiences or thoughts?
> >
> > Cheers
> >
> > JJ
> >
> >
> >
> > ________________________________
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual to whom it is
> addressed.
> > If you have received this email in error, or if you believe this
> email
> > is unsolicited and wish to be removed from any future mailings,
> please
> > contact our Support Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> >
> > If this email contains a quotation then unless otherwise stated it
is
> > valid for 7 days and offered subject to Silversands Professional
> > Services Terms and Conditions, a copy of which is available on
> request.
> > Any pricing information, design information or information
concerning
> > specific Silversands' staff contained in this email is considered
> > confidential or of commercial interest and exempt from the Freedom
of
> > Information Act 2000.
> >
> > Any view or opinions presented are solely those of the author and do
> > not necessarily represent those of Silversands
> >
> > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > Company Registration Number : 2141393.
> >
> >
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual to whom it is
> addressed.
> > If you have received this email in error, or if you believe this
> email
> > is unsolicited and wish to be removed from any future mailings,
> please
> > contact our Support Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> >
> > If this email contains a quotation then unless otherwise stated it
is
> > valid for 7 days and offered subject to Silversands Professional
> > Services Terms and Conditions, a copy of which is available on
> request.
> > Any pricing information, design information or information
concerning
> > specific Silversands' staff contained in this email is considered
> > confidential or of commercial interest and exempt from the Freedom
of
> > Information Act 2000.
> >
> > Any view or opinions presented are solely those of the author and do
> > not necessarily represent those of Silversands
> >
> > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > Company Registration Number : 2141393.
> >
> >
> >
> >
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual to whom it is
> addressed.
> > If you have received this email in error, or if you believe this
> email
> > is unsolicited and wish to be removed from any future mailings,
> please
> > contact our Support Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> >
> > If this email contains a quotation then unless otherwise stated it
is
> > valid for 7 days and offered subject to Silversands Professional
> > Services Terms and Conditions, a copy of which is available on
> request.
> > Any pricing information, design information or information
concerning
> > specific Silversands' staff contained in this email is considered
> > confidential or of commercial interest and exempt from the Freedom
of
> > Information Act 2000.
> >
> > Any view or opinions presented are solely those of the author and do
> > not necessarily represent those of Silversands
> >
> > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > Company Registration Number : 2141393.
> >
>
>
>
Other related posts:
