search cancel

Premium AntiSpam detects legitimate messages as Spam when the message header length exceeds 32kb

book

Article ID: 162955

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

Legitimate messages are flagged as "Spam" by Symantec Mail Security for Microsoft Exchange (SMSMSE) when the header length exceeds 32kb. This typically occurs when a message is routed through multiple servers that tag X-Headers to the headers of the message prior to being processed by SMSMSE.

Cause

The Premium AntiSpam engine has a configured limit to prevent denial of service attacks using extremely large message headers. Originally this limit was configured to 32kb to match the maximum header size for the most common Message Transfer Agents used at the time the default size was configured for this limit.

Resolution

Modify the maximum header size SMSMSE will scan for spam.

To modify this value:

  1. On the Exchange server in question, open Windows Explorer and navigate to <drive>\Program Files(x86)\Symantec\SMSMSE\<version>\Server\SpamPrevention.
  2. Right click the file bmiconfig.xml and choose Edit.
  3. Locate the string <maxTotalHeadersLength>. Select the value within the brackets, and modify the value to match the desired maximum header sizes, in bytes.

By default, this string will read: <maxTotalHeadersLength>32768</maxTotalHeadersLength>
Warning: Setting this value to too great a number can result in mail flow delays if multiple messages with extremely large headers arrive simultaneously, increase this value with caution.

 

Default maximum header sizes in Exchange:

  • Exchange 2010: 64 KB (65,536 bytes)
  • Exchange 2013: 128 KB (131,072 bytes)
  • Exchange 2016: 256 KB (262,144 bytes)