Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

PRB: The MailMarshal product rejects SMTP email addresses that do not use angle brackets < >

Expand / Collapse


This article applies to:

  • Trustwave MailMarshal (SEG)

Symptoms:

  • The MailMarshal product rejects SMTP email addresses that do not use angle brackets < > .
  • SMTP email addresses (MAIL FROM: or RCPT TO:) that are not enclosed in angle brackets < > are rejected.

Causes:

The MailMarshal product adheres to normal SMTP standards, including RFC821 standards, by rejecting SMTP email addresses (MAIL FROM: or RCPT TO:) that are not enclosed in angle brackets.

IMPORTANT:  Please note that this article has nothing to do with the formatting of the addresses in the message header. This article relates only to the formatting of the SMTP commands issued by a mail server at the time it connects to the MailMarshal SMTP Receiver service. The Header From: and To: fields have no weight on message delivery and will not be discussed further here.

RFC821 requires the format of the MAIL FROM: and RCPT TO: commands to include the brackets.  The following syntax examples are taken from the RFC itself:

MAIL <SP> FROM:<reverse-path> <CRLF>

RCPT <SP> TO:<forward-path> <CRLF>

For more information on RFC821, see the following Web site:

http://www.faqs.org/rfcs/rfc821.html

 

Information:

Effectively all email servers adhere to the RFC821 standard. The only processes that seem to work outside this standard are scripted mailing processes and custom mail senders.

If you want to configure the MailMarshal product to accept the commands without the angle brackets, you can do so using Header Rewriting.

In short, you can make the MailMarshal product accept this type of command:

MAIL FROM:test@domain.com

where it currently requires the following:

MAIL FROM:<test@domain.com>

For the MailMarshal product to accept the commands, you need to use Header Rewrite to automatically add the angle brackets if they do not exist.

To use Header Rewrite:

  1. From the MailMarshal Configurator menu, select Tools > Server & Array Properties > Header Rewrite.
  2. Specify the following fields to match against options:  Envelope Recipient, Envelope Return Path
  3. Specify the following Field Parsing Method option: Entire line
  4. Specify the following Optional exclusion filter option: <(.+)@(.+)>
  5. Specify the following Field search expression option: (.+)@(.+)
  6. Specify the following Substitute into field using expression option: <$1@$2>

We recommend that you test the behavior of this new rule manually using Telnet to issue the MAIL FROM: and RCPT TO: commands. You should see the following results:

  • A MAIL FROM: without angle brackets is fixed.
    mail from:test@test.com
    250 sender ok <test@test.com>
  • A standard MAIL FROM: is unchanged.
    mail from:<test@test.com>
    250 sender ok <test@test.com
  • An ESMTP MAIL FROM: with a SIZE argument is unchanged. The MailMarshal Receiver logs show that the SIZE argument is passed correctly.
    mail from:<test@test.com> SIZE=3333
    250 sender ok test@test.com

Optional addition:

The above described rule will not fix an ESMTP MAIL FROM: without angle brackets and with a SIZE argument. Testing as above returns the following result:

mail from:test@test.com SIZE=2222
501 badly formatted MAIL FROM user - no ">"

To fix this additional case (if required), create another Header Rewrite rule as follows. This additional rule must be evaluated BEFORE the rule described above.

  1. Specify the following fields to match against options:  Envelope Recipient, Envelope Return Path
  2. Specify the following Field Parsing Method option: Entire line
  3. Specify the following Optional exclusion filter option: <(.+)@(.+)> SIZE
  4. Specify the following Field search expression option: (.+)@(.+) SIZE
  5. Specify the following Substitute into field using expression option: <$1@$2> SIZE 

This article was previously published as:
NETIQKB45715

 


To contact Trustwave about this article or to request support:


Rate this Article:
     
Tags:

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.