Certain malformed MIME messages created with the Thunderbird mail client are treated differently when Symantec Mail Security for Microsoft Exchange (SMSMSE) 6.0 is running on an Exchange 2007 server.

When SMSMSE is not in place email messages with Malformed MIME cause Microsoft Exchange to send an NDR (e.g. "Diagnostic information for administrators.... #554 5.6.0 STOREDRV.Deliver; Corrupt message content ##"). When SMSMSE is installed no NDR is generated. The message is dropped.

Symptoms
The following events appear in the Windows Application Event log for each malformed message:

Type: Error
Date:
Time:
Event: 9201
Source: MSExchangeTransport
Category: Categorizer
User: N/A
Computer: SERVERNAME
Description:
Transport agent () running on the OnSubmittedMessage event did not handle a catchable exception: (Microsoft.Exchange.Data.Mime.MimeException: Internal Mime error: Agent 'SMSMSERoutingAgent' encountered an unexpected error while handling event 'OnSubmittedMessage'. ---> Microsoft.Exchange.Data.Mime.MimeException: Internal Mime error: Error in MacBin header data. ---> Microsoft.Exchange.Data.Mime.Encoders.ByteEncoderException: Invalid Mac binary header data.
at Microsoft.Exchange.Data.Mime.Encoders.MacBinaryHeader..ctor(Byte[] bytes)
....

------------------------------------------

Type: Warning
Date:
Time:
Event: 1051
Source: MSExchange Extensibility
Category: MExRuntime
User: N/A
Computer: SERVERNAME
Description:
Agent 'SMSMSERoutingAgent' caused an unhandled exception 'MimeException: Internal Mime error: Error in MacBin header data.' while handling event 'OnSubmittedMessage'

-------------------------------------------------

Type: Error
Date:
Time:
Event: 9201
Source: MSExchangeTransport
Category: Categorizer
User: N/A
Computer: SERVERNAME
Description:
Transport agent () running on the OnSubmittedMessage event did not handle a catchable exception: (Microsoft.Exchange.Data.Mime.Encoders.ByteEncoderException: Agent 'SMSMSERoutingAgent' encountered an unexpected error while handling event 'OnSubmittedMessage'. ---> Microsoft.Exchange.Data.Mime.Encoders.ByteEncoderException: Invalid data supplied to UU decoder: line integrity check failed. at Microsoft.Exchange.Data.Mime.Encoders.UUDecoder.Convert(Byte[] input, Int32 inputIndex, Int32 inputSize, Byte[] output, Int32 outputIndex, Int32 outputSize, Boolean flush, Int32& inputUsed, Int32& outputUsed, Boolean& completed) at Microsoft.Exchange.Data.Mime.Encoders.EncoderStream.Read(Byte[] array, Int32 offset, Int32 count) at Microsoft.Exchange.Data.Mime.Encoders.EncoderStream.get_Length() at a.a(Attachment A_0) at a.a(EmailMessage A_0) at Symantec.MailSecurity.Server.TransportAgent.SMSMSERoutingAgent.OnSubmittedMessageHandler(SubmittedMessageEventSource source, QueuedMessageEventArgs args) at Microsoft.Exchange.Data.Transport.Routing.RoutingAgent.Invoke(String eventTopic, Object source, Object e) at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.Dispatcher.Invoke(MExSession session) at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExSession.AsyncInvoke(Object state) --- End of inner exception stack trace --- at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExAsyncResult.WrapAndRethrowException(Exception e, LocalizedString message) at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExAsyncResult.EndInvoke() at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExSession.EndInvoke(IAsyncResult asyncResult) at Microsoft.Exchange.Transport.Categorizer.MExEvents.EndEvent(MExSession mexSession, IAsyncResult ar)) None
....

Conditions
 

• Version of Microsoft Exchange is 2007.
• Version of SMSMSE is 6.0.
• The same message delivered to Microsoft Exchange 2003 is successfully delivered.

Malformed MIME encoding. This particular cause of malformed MIME encoding appears to be related to Mozilla Thunderbird and encoding of .doc and .pdf files, among others. Thunderbird misrepresents the format of the files as a macintosh file, and as a result our scanning engine crashes when attempting to scan according to the supplied format. The problem is that attachment files can be assigned the wrong MIME type by the Thunderbird mail client. Messages with the incorrect MIME type of "application/applefile" will be undelivreable by Exchange 2007. When a malformed message is received, the transport agent crashes, and an application event log entry is written. No message is received by the original recipient, and no NDR is sent to the original sender.

Upgrade to SMSMSE 6.5.



Technical Information
For customers who cannot upgrade to SMSMSE 6.5 at this time: the original source of the error is messages are being sent in a malformed condition by the Thunderbired email client. Customers are recommended to not use the Thunderbird mail client for sending outgoing messages if SMSMSE 6.0 is installed on the Exchange 2007 server.