Environment

Netmail Secure 6.1+

Synopsis

In some cases, email may be returned to sender with the SMTP error "500 - line too long."  This means that the message had over 998 characters/symbols on a single line, without a line break.  As per the original IETF RFC:

"There are two limits that this standard places on the number of characters in a line. Each line of characters MUST be no more than 998 characters, and SHOULD be no more than 78 characters, excluding the CRLF.

The 998 character limit is due to limitations in many implementations which send, receive, or store Internet Message Format messages that simply cannot handle more than 998 characters on a line. Receiving implementations would do well to handle an arbitrarily large number of characters in a line for robustness sake. However, there are so many implementations which (in compliance with the transport requirements of [RFC2821]) do not accept messages containing more than 1000 character including the CR and LF per line, it is important for implementations not to create such messages."

Of course, since that RFC was written, technology has advanced significantly and email has grown much larger and more sophisticated.  The original restriction is becoming too limiting for many people, and thus Microsoft increased the maximum to 8000 characters as of Exchange 2007.  If you're encountering this situation in your mailflow, you can disable the length checking altogether with the steps below.

Solution

See an example of the error occurring in the STMP conversation below:

220 securemail.fake.com
EHLO test.test.com
250-securemail.fake.com Pleased to meet you
250-STARTTLS
250-HELP
250-PIPELINING
250-8BITMIME
250-DSN
250 SIZE 52428800
MAIL FROM:<test@test.com > SIZE=107936
250 Sender OK
RCPT TO:<test@fake.com>
250 Recipient OK
DATA
354 Send message, end with <CRLF>.<CRLF>
500 Line too long

From this log we can see that message is coming with a long row in the header (more than 998 symbols),

To set the system to allow messages with long body lines you need to add an attribute to the OpenLDAP in Secure. Using an LDAP browser that allows you to write to the directory, connect to with the following info:
    Base DN: o=netmail
    User DN: cn=netmail,cn=system,o=netmail
    Password: same as you use for the Netmail Secure admin UI
    Port: 389 (SSL=false) or 636 (SSL=true)

If you are blocked by the firewall on Secure, you can log into the machine and stop it using: systemctl stop firewalld
(Don't forget to 'start' it afterwards).

Using the LDAP browser navigate to Netmail > Security > Agents > SMTP, and add an attribute named 'MaConfiguration' with the value 'AllowLongBodyLines:1'

Once that's in place, you will need to restart the SMTP agent, on every Netmail Secure appliance, which you can do at a shell prompt with the following command: /opt/ma/netmail/sbin/launcher -e "restart smtpd"
Or you can restart all services with: systemctl restart netmail

 

To undo, change the attribute value to 'AllowLongBodyLines:0' and restart the agent/service again.

 

Sometimes it's not the sender that is the source of the long lines.  Netmail's own anti-virus / anti-spam engines can also pose a problem when they append their entries in the header.  If you want to maintain the 1000 character limit but the engines are interfering, we can disable header modifications by the anti-spam or the anti-virus engines:

Open the Netmail web console.
Navigate to Security -> Agents -> Antispam -> Advanced.
Uncheck "Diagnostics: Enable Reference ID" and "Diagnostics: Enable X-Tag"

You may do the same for the Anti-Virus

Navigate to Security -> Agents -> Anti-Virus > Advanced Settings -> "Diagnostics: Enable X-Tag"

 

NOTE: Be aware that disabling these will interfere with troubleshooting false positives in the future.

 

Notes