Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

f secure Email message is found suspicious. "Too long header field"

Hello everybody,

 

Some mails are dropped because the header field is too long. Could you tell me what mean "the header field" and why this is blocked ?

 

Thanks in advance,

 

GV

 

 

Best Answer

  • MikaKMikaK Posts: 22 F-Secure Product Expert
    Accepted Answer

    Hello,

     

    In most cases this has been happened because FSAV4MSE have been found that an email message violates RFC standard. By default the product Drop the whole message (Web Console > Transport Protection > Inbound Mail > Other) as an action on malformed mails and quarantine it as well.

     

    However, you can prevent to Drop the whole message to change the setting to Pass Through.

     

    Thanks,

    Mika

Comments

  • DmitriyDmitriy Posts: 212

    If you can find the blocked email message in the quarantine, open the raw message and check which header and how long it is. If you see a header that exeeds 1024 characters, then it is too long according to RFC. Note that too long header field may indicate that the message is sent a badly designed software (like spammers use) or malicious.

  • gvaccarellogvaccarello Posts: 21

    thank you for your helpful replies

  • MikaKMikaK Posts: 22 F-Secure Product Expert

    Hello,

     

    We have to have a sample of the email to make further investigation with the issue. Go to FSAV4MSE quarantine and download the email (= header field is too long) as an *.eml format and then send it to our support as a support request.

     

    Thank you in advance,

    Mika

  • mahazmahaz Posts: 12

    I guess header field length can be changed in config file. I remember there must be a code like this:
    $MAX_HEADER_LINE_LENGTH = 128;
    and
    $MAX_TOTAL_HEADER_LENGTH = 1024;

     

    so changing these limits would impact the header 

This discussion has been closed.