Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2745
Views
0
Helpful
4
Replies

Fragmented emails are blocked

axiosystems
Level 1
Level 1

‎07-26-2010 03:04 AM

Hi all,

One of our servers is sending a dump of its configuration to our vendor. This mail is fragmented and is always dropped by our Ironport applicance.

The mail is always sent to the same e-mail address (support@vendor.com), so I created a new outgoing policy. This policy has support@vendor.com as destination and virus scanning is disabled. But the mails are still dropped:

(192.168.111.21: 554 5.7.1 Fragmented emails are blocked.)

Any workaround?

Thanks,

Wouter

Labels:
0 Helpful
4 Replies 4

Andreas Mueller
Level 4
Level 4

‎07-26-2010 07:07 AM

Hello Wouter,

where do you see that the message is getting droppend, i.e. is the appliance not accepting it, or do the logs show anything? Maybe a filter that is active in the policy?

Cheers,

Andreas

0 Helpful

axiosystems
Level 1
Level 1
In response to Andreas Mueller

‎07-26-2010 08:36 AM

This is the mail we got:

This is an informative message sent by kerio.axio.be.

The server was not able to deliver your email message

  Subject: 'Axio Systems NONE explorer.2411b787.zone09-2010.07.26.09.01' (2 of 2)
  Date: Mon, 26 Jul 2010 11:02:51 +0200 (MEST)

to the following addresses:

  <explorer-database-emea@sun.com> (192.168.111.21: 554 5.7.1 Fragmented emails are blocked.)

192.168.111.21 is the ip address of our ironport.

Wouter

0 Helpful

Andreas Mueller
Level 4
Level 4
In response to axiosystems

‎07-27-2010 02:32 AM

Hello Wouter

"Fragmented emails are blocked" is not an IronPort error message, this message is given by postfix when a "Content-type: message/partial"
mail arrives.I believe this is some kind of Outlook functionality that splits messages with larger attachments into multiple parts, to get it trough gateways that have a size limit smaller than the attachment to be send. Obviously some mailserver do not like that because these splitted attachments can not be scanned for viruses.

According to Google Groups, this is the way to disable that functionality in Outlook:

Tools -> Accounts -> Mail -> Properties -> Advance

Uncheck: "Break apart messages........".

Regards,

Andreas

0 Helpful

exMSW4319
Level 3
Level 3
In response to Andreas Mueller

‎07-27-2010 12:44 PM

We explicitly block message/partials, and have done for years for fear that it's theoretically possible to get a virus past a signature-based anti-virus check that way. Never had any complaints. Does anyone know if this is a groundless fear?

0 Helpful
Customers Also Viewed These Support Documents