f secure Email message is found suspicious. "Too long header field"

gvaccarello

Hello everybody,

 

Some mails are dropped because the header field is too long. Could you tell me what mean "the header field" and why this is blocked ?

 

Thanks in advance,

 

GV

 

 

MikaK

Hello,

 

In most cases this has been happened because FSAV4MSE have been found that an email message violates RFC standard. By default the product Drop the whole message (Web Console > Transport Protection > Inbound Mail > Other) as an action on malformed mails and quarantine it as well.

 

However, you can prevent to Drop the whole message to change the setting to Pass Through.

 

Thanks,

Mika

Dmitriy

If you can find the blocked email message in the quarantine, open the raw message and check which header and how long it is. If you see a header that exeeds 1024 characters, then it is too long according to RFC. Note that too long header field may indicate that the message is sent a badly designed software (like spammers use) or malicious.

gvaccarello

thank you for your helpful replies

MikaK

Hello,

 

We have to have a sample of the email to make further investigation with the issue. Go to FSAV4MSE quarantine and download the email (= header field is too long) as an *.eml format and then send it to our support as a support request.

 

Thank you in advance,

Mika

mahaz

I guess header field length can be changed in config file. I remember there must be a code like this:
$MAX_HEADER_LINE_LENGTH = 128;
and
$MAX_TOTAL_HEADER_LENGTH = 1024;

 

so changing these limits would impact the header