CS MAILsweeper for SMTP 4.3 Service Pack 2
(CS MAILsweeper for SMTP 4.3.12 including Technology Update Version 1.4.10)
This document describes the Advanced Configuration options for this release of CS MAILsweeper for SMTP. It covers configuration options that are not available in the CS MAILsweeper for SMTP Console but which advanced users can set using parameters in MAILsweeper configuration files or entries in the Windows Registry.
This document is current at the time of publication; subsequent updates will be available on our website, http://www.mimesweeper.com/.
This document contains the following topics:
Details of other aspects of this release of CS MAILsweeper for SMTP are provided in the following release documents:
Each release document is linked, so you can access any of the documents from the one you are currently using.
| Contact Information | We are constantly reviewing our products. You can obtain product service packs, information about our other products, and details for contacting us on our website, http://www.mimesweeper.com/. |
You can add text to the default message that CS MAILsweeper for SMTP 4.3 sends to blocked mail hosts. The default message is shown below:
550 This system is configured to reject mail from <host name>
To specify the text to be added to the default message, you edit the mailswp.cfg configuration file. By default, this file is under C:\Program Files\MAILsweeper for SMTP\Config\. Before editing this configuration file, you are recommended to make a backup copy.
To add text to blocked mail host response messages:
mailswp.cfg configuration file.[Policy]section of the configuration file. v:RblResponse=$S<message_text>
You can use this feature to identify unsolicited mail. You configure the Look up SMTP hosts in unsolicited mail database in the Security tab on Policy Properties under the Policies folder in the MAILsweeper for SMTP folder.
The default wait timeout value for service operations in the CS MAILsweeper for SMTP Manager is 30 seconds. When the wait timeout value is exceeded, the Manager notifies the user that the service request has failed. If CS MAILsweeper for SMTP is managing large configuration files or building large LDAP Address Lists, slow Security Service start-up may cause a false failure report.
To avoid this, you can increase the wait timeout value by increasing the Security Service wait timeout value in the Windows system registry.
To increase the wait timeout value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPSS.MaxServiceStateWait.You can configure how strictly MAILsweeper adheres to SMTP standards defined in RFC documents regarding rules on the expected formatting of MIME messages.
Customer feedback on CS MAILsweeper for SMTP 4.3 expressed a general concern on the increase of the number of messages being placed into the Undetermined Messages quarantine area. This increase can be partially attributed to changes introduced in MAILsweeper 4.3_1 to provide a more strict adherence to RFC rules. These changes were part of a general tightening of security in Version 4.3. Security changes were made to address threats constituted by several malicious examples of methods to obscure content within messages.
A side effect of these security changes is that some messages generated by certain email clients are blocked. These messages are not RFC compliant, that is, they are not correctly formatted to accepted industry standards. The RFCs relating to boundary markers in MIME-format messages are very clear in respect to their construction.
At Service Pack 1 (SP1), a lower security level was configured by default in MAILsweeper 4.3 so that the adherence to RFC rules for mail messages is less strict.
| Caution: | Leaving this default security level increases the risk that the potential threat caused by the misuse of a MIME boundary may not be detected. Customers who deem this type of potential misuse to be of minimum risk may choose to leave this default setting. However, you are recommended to raise the level of security employed in order to avoid the potential of such security threats occurring. |
You can raise the level of security employed in CS MAILsweeper for SMTP. To configure the security level, you edit the MAILsweeper format.cfg configuration file. By default, this file is under C:\Program Files\MAILsweeper for SMTP\Config\Shared. Before editing this configuration file, you are recommended to make a backup copy.
To apply a higher level of security:
format.cfg configuration file in a text editor, such as Windows Notepad.[Format\SMTP Messages] section of the configuration file.v:AllowTrailingData=$B<true|false> |
Specifies whether or not CS MAILsweeper for SMTP issues a bad data response if data appears after a terminating boundary at the end of a message. The RFC standards state that any data after a terminating boundary at the end of a message should be ignored. However, just using a text editor to examine the messages data enables a user to access any data posted after this point in the message. MAILsweeper considers more than 10 characters or 4 non-blank lines after a terminating boundary to be trailing data. | |||
true |
If you set the parameter to this value, MAILsweeper will not issue a bad data response. Note that if no value is set for this parameter, this is the default behavior. | |||
false |
If you set the parameter to this value, MAILsweeper will issue a bad data response. | |||
For example:v:AllowTrailingData=$Bfalse |
||||
v:IgnoreMissingBoundaryTerminator=$B<true|false> |
Specifies whether or not CS MAILsweeper for SMTP issues a bad data response if a message does not contain valid boundary terminators. Multipart MIME message have boundaries for their component parts. Separators between message parts are identified by lines that begin with "--" and the relevant boundary value. | |||
true |
If you set the parameter to this value, MAILsweeper will not issue a bad data response. | |||
false |
If you set the parameter to this value, MAILsweeper will issue a bad data response. Note that if no value is set for this parameter, this is the default behavior. | |||
For example:v:IgnoreMissingBoundaryTerminator=$Bfalse |
||||
By default, the MAILsweeper Delivery service transmits in BDAT mode if the other SMTP mail host displays CHUNKING support in response to MAILsweeper's EHLO greeting. If the host does not actually support BDAT mode, you can configure the Delivery service to disable all BDAT transmissions. To configure this option, you edit the MAILsweeper mailswp.cfg configuration file.
By default, this file is under C:\Program Files\MAILsweeper for SMTP\Config\. Before editing this configuration file, you are recommended to make a backup copy.
To disable (or re-enable) BDAT transmissions:
mailswp.cfg.[SMTP Delivery] section of the configuration file.v:DisableBDAT=$I<value>
| 0 | To turn the option off (enable BDAT transmission).
For example, |
| 1 | To turn the option on (disable BDAT transmission).
For example, |
Revision 1.2
Published by Clearswift Ltd. November 2003
© 2003 Clearswift Ltd
All rights reserved
The materials contained herein are the sole property of Clearswift Ltd. No part of this publication may be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever without the express permission of Clearswift Ltd.
Information in this document contains references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events is coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarity.
The Clearswift Logo and Clearswift product names including ESTM, ENTERPRISEsuiteTM, ES ClearPointTM, ES ClearSecureTM, ES ClearEdgeTM, ES ClearBaseTM, ES ClearSurfTM, CS DeepSecureTM, CS Bastion IITM, CS X.400 FilterTM, CS FlashPointTM, CS ClearDetectTM, CS ClearSupportTM, CS ClearLearningTM, CS MIMEsweeperTM, CS REMOTEmanagerTM, CS MAILsweeperTM, CS MIMEsweeper for WebTM, CS e-SweeperTM, CS IMAGEmanagerTM, CS SECRETsweeperTM are trademarks of Clearswift Ltd.
All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography.