This article applies to:
- Trustwave MailMarshal (SEG)
- Trustwave ECM/MailMarshal Exchange
Question:
- What causes some multi-part messages to be 'dead-lettered?'
- What causes the error "Too many Lines (11) before boundary?"
- Can MailMarshal unpack messages that lack boundaries?
Symptoms:
- Error: "Too many Lines (11) before boundary."
- Errors appear in the deadletters.
Note: This error is not generated in MailMarshal SEG 7.X or above.
Updated behavior in MailMarshal SEG 7.X and above
In MailMarshal 7.X and above, "Too many lines before boundary" issues are handled as follows:
- If data is found between the declaration and boundary (or after all boundaries), MailMarshal captures this data into files.
- If the data is evaluated as text, it is submitted for content scanning.
The registry key described below is irrelevant to these newer versions. If this key exists, it is removed during the upgrade to 7.X.
Behavior in Earlier Versions:
The "Too many Lines (11) before boundary" error occurs when a multi-part message includes a declared boundary, but the boundary is not used to define the body part of the message. This type of message is not a breach of MailMarshal rules, but it is non-standard behavior typically associated with spam or messages generated by custom scripts.
MailMarshal cannot correctly unpack the part of the message that has no boundaries. MailMarshal is first and foremost a security product. By default, it does not allow unexamined content to pass through to recipients. Because MailMarshal cannot unpack and examine messages with boundary issues, it does not forward such messages to recipients and generates an error. MailMarshal expects to see the first boundary used at the start of the first component following the header. By default, it allows a maximum of ten lines before the first boundary, and generates an error on the eleventh line.
Information:
Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Trustwave cannot guarantee that problems resulting from the incorrect use of Registry Editor can be resolved. Make sure that you back up your Registry prior to making any changes.
If necessary, you can modify the 10-line default value to reduce the frequency of getting this kind of dead letter error. For example, if you increase this value to 500, then MailMarshal allows a multi-part message to include a maximum of 500 lines before a boundary is required.
There is a slight risk associated with this change. Because MailMarshal is now allowing 500 lines of data through, MailMarshal cannot correctly unpack the message. This message text is still subject to normal checking by TextCensor or SpamCensor.
To change the default value through the registry, follow these steps:
- On the MailMarshal Array Manager or standalone server, edit the Registry.
- Locate the MailMarshal Engine registry entry. For MailMarshal SMTP 6.8 on 32 bit systems:
HKEY_LOCAL_MACHINE\SOFTWARE\Marshal\MailMarshal\Default\Engine
- For details of the Registry locations for each MailMarshal version, see the following Trustwave Knowledgebase articles:
- Add the following registry DWORD value:
MaxPreBoundaryLines
- Set the maximum value of lines before boundary to 500, a DWORD of 500 decimal (the default is 10).
- Commit configuration changes.
- Restart the MailMarshal Engine service on each email processing server.
Notes:
- For more information about deadletters, see Knowledge Base article Q10868.
- In version 5.X the Registry entry must be completed on each server.
- This article was previously published as:
- NETIQKB34537
