This article applies to:
- Trustwave MailMarshal (SEG)
Symptoms:
- Exchange or Domino server becomes unresponsive when receiving email from MailMarshal
Causes:
One issue that has historically caused issues on Exchange or Domino servers, whereby their SMTP services become unresponsive, is email traffic containing Bare Line Feeds.
A Bare Line Feed is a linefeed without a preceding carriage return. For more information view the following Web page:
http://cr.yp.to/docs/smtplf.html
Typically Bare Line Feeds are frequently found in Spam messages, and are rarely found in legitimate messages.
This is not a new issue with Exchange or Domino. Given the nature of the problem, it appears at first glance to be caused by MailMarshal. Here is how MailMarshal appears guilty: you don't notice the problem until you put a mail relay (MailMarshal) in front of your existing mail server. Bare Line Feeds cause the threads being used between MailMarshal and your mail server to temporarily hang, and eventually time out. Without a mail relay you would only intermittently see the single thread fail between your mail server and the remote Spam source - thus you might never notice the problem. However, if MailMarshal passes a large volume of Bare Line Feed messages through to your server simultaneously, it can effectively cause all threads on your mail server to temporarily hang.
Information:
By default MailMarshal accepts and ignores Bare Line Feeds. It is a good idea to either reject or fix bare line feeds at the MailMarshal Receiver. You should consider rejecting such messages outright given that they are in breach of RFC standards, and that they are typically associated with Spam messages.
MailMarshal allows you to Block, Fix or Ignore bare line feeds (see Array Properties | Receiver | Advanced)
See the following Trustwave Knowledgebase article for more information on configuring MailMarshal to handle Bare Line Feeds.
- Q10016 : "Bare carriage returns and bare linefeeds are technically not allowed in e-mail messages."
- This article was previously published as:
- NETIQKB45726