This article applies to:

• Trustwave MailMarshal (SEG)

Symptoms:

• Multipart message with boundary defined in header, not used correctly in the message body

Information:

In current MailMarshal versions, if a message is malformed as described in the symptoms section, MailMarshal treats the affected content as text. This content is scanned in the same way as any other text content unpacked from the message. In very rare cases, an email client could interpret the affected content as an attachment.

Available setting to deadletter affected messages

You can choose to deadletter messages with "unmatched header boundary" by setting a value in the Registry. Be aware that this setting might cause legitimate messages to be deadlettered.

Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Trustwave cannot guarantee that problems resulting from the incorrect use of Registry Editor can be resolved. Make sure that you back up your Registry prior to making any changes.

• In MailMarshal 10.0 and above, open the Management Console and navigate to Advanced Settings. Add a new value:
  • Name: Engine.IgnoreUnmatchedHeaderBoundary
  • Type: Boolean
  • Value: False (NOT selected)
• In MailMarshal 8.X and below, open the Registry Editor on the Array Manager. Within the base registry key, navigate to \Default\Engine
  • In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Engine
  • For information about the registry location for each version, see article Q10832.
  • Enter the value as a new DWORD value named IgnoreUnmatchedHeaderBoundary with value 0 (interpreted as false).
• Save your registry settings or configuration settings.
• Commit the configuration changes and restart the MailMarshal Engine service on each node.