To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

f secure Email message is found suspicious. "Too long header field"

gvaccarello
gvaccarello Posts: 21 Security Scout

Hello everybody,

 

Some mails are dropped because the header field is too long. Could you tell me what mean "the header field" and why this is blocked ?

 

Thanks in advance,

 

GV

 

 

Comments

  • Dmitriy
    Dmitriy Posts: 179 Threat Terminator

    If you can find the blocked email message in the quarantine, open the raw message and check which header and how long it is. If you see a header that exeeds 1024 characters, then it is too long according to RFC. Note that too long header field may indicate that the message is sent a badly designed software (like spammers use) or malicious.

  • gvaccarello
    gvaccarello Posts: 21 Security Scout

    thank you for your helpful replies

  • MikaK
    MikaK Posts: 22 Digital Defender

    Hello,

     

    We have to have a sample of the email to make further investigation with the issue. Go to FSAV4MSE quarantine and download the email (= header field is too long) as an *.eml format and then send it to our support as a support request.

     

    Thank you in advance,

    Mika

  • mahaz
    mahaz MyAccount Posts: 2 Security Scout

    I guess header field length can be changed in config file. I remember there must be a code like this:
    $MAX_HEADER_LINE_LENGTH = 128;
    and
    $MAX_TOTAL_HEADER_LENGTH = 1024;

     

    so changing these limits would impact the header 

This discussion has been closed.

Categories