f secure Email message is found suspicious. "Too long header field"

Regular Member

f secure Email message is found suspicious. "Too long header field"

Hello everybody,

 

Some mails are dropped because the header field is too long. Could you tell me what mean "the header field" and why this is blocked ?

 

Thanks in advance,

 

GV

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
F-Secure Product Expert

Re: f secure Email message is found suspicious. "Too long header field"

Hello,

 

In most cases this has been happened because FSAV4MSE have been found that an email message violates RFC standard. By default the product Drop the whole message (Web Console > Transport Protection > Inbound Mail > Other) as an action on malformed mails and quarantine it as well.

 

However, you can prevent to Drop the whole message to change the setting to Pass Through.

 

Thanks,

Mika

View solution in original post

5 REPLIES 5
Highlighted
F-Secure Product Expert

Re: f secure Email message is found suspicious. "Too long header field"

Hello,

 

In most cases this has been happened because FSAV4MSE have been found that an email message violates RFC standard. By default the product Drop the whole message (Web Console > Transport Protection > Inbound Mail > Other) as an action on malformed mails and quarantine it as well.

 

However, you can prevent to Drop the whole message to change the setting to Pass Through.

 

Thanks,

Mika

View solution in original post

F-Secure

Re: f secure Email message is found suspicious. "Too long header field"

If you can find the blocked email message in the quarantine, open the raw message and check which header and how long it is. If you see a header that exeeds 1024 characters, then it is too long according to RFC. Note that too long header field may indicate that the message is sent a badly designed software (like spammers use) or malicious.

Regular Member

Re: f secure Email message is found suspicious. "Too long header field"

thank you for your helpful replies

F-Secure Product Expert

Re: f secure Email message is found suspicious. "Too long header field"

Hello,

 

We have to have a sample of the email to make further investigation with the issue. Go to FSAV4MSE quarantine and download the email (= header field is too long) as an *.eml format and then send it to our support as a support request.

 

Thank you in advance,

Mika

Scholar

Re: f secure Email message is found suspicious. "Too long header field"

I guess header field length can be changed in config file. I remember there must be a code like this:
$MAX_HEADER_LINE_LENGTH = 128;
and
$MAX_TOTAL_HEADER_LENGTH = 1024;

 

so changing these limits would impact the header