Legitimate messages are flagged as "Spam" by Symantec Mail Security for Microsoft Exchange (SMSMSE) when the header length exceeds 32kb. This typically occurs when a message is routed through multiple servers that tag X-Headers to the headers of the message prior to being processed by SMSMSE.
The Premium AntiSpam engine has a configured limit to prevent denial of service attacks using extremely large message headers. Originally this limit was configured to 32kb to match the maximum header size for the most common Message Transfer Agents used at the time the default size was configured for this limit.
Modify the maximum header size SMSMSE will scan for spam.
To modify this value:
By default, this string will read: <maxTotalHeadersLength>32768</maxTotalHeadersLength>
Warning: Setting this value to too great a number can result in mail flow delays if multiple messages with extremely large headers arrive simultaneously, increase this value with caution.
Default maximum header sizes in Exchange: