11 Replies Latest reply on Jan 21, 2005 6:58 PM by 807574

    Aliasdetourhost & mailMsgQuota

    807574
      Messaging 5.2 patch2 hotfix 2.03 on Windows 2000.
      I need to do an Antivirus scan on all the mail traffic , and i'm trying to use the new keyword "aliadetourhost ".
      The mails accepted by the Messaging , are sent to the AV defining a channel tcp_scanin, are re-accepted by the Messaging on the channel tcp_scanout and sent to the final recipient.
      Normally the mails flows correctly and are scanned by the AV system.

      I have a problem with the mailMsgQuota, that in my envirenments limits the mail size to 2 MB:
      when I send a mail more than 2 MB, it passes through " Messaging > tcp_scanin > AV > tcp_scanout " and only at this level is verified and then refused with an SMTP error 552 : exceeded storage allocation.
      At this point the AV is not more able to return the mail with the error to the sender, bacause also the return mail is larger than the mailMsgQuota.
      How can I workaround thei problem ?
      Many thanks!
        • 1. Re: Aliasdetourhost & mailMsgQuota
          807574
          I think perhaps you're a little confused abot quota and largest message accepted.

          Also, 2 megs is a very small message size.

          However, what you really want to do is to strip the DSN of the message, and you can do this.

          Please look at this documentation:

          http://docs.sun.com/source/816-6020-10/mta_conf.htm#997084

          specifically,

          CONTENT_RETURN_BLOCK_LIMIT

          This setting goes in your option.dat file, and can limit the size of your DSN
          • 2. Re: Aliasdetourhost & mailMsgQuota
            807574
            I'm not speaking about the mailbox quota, but the maximum message size, that is configured in the Directory with the attributes mailDomainMsgMaxBlocks and mailMsgMaxBlocks.

            I just know the setting in oprion.dat and I have just configured CONTENT_RETURN_BLOCK_LIMIT=1.

            This doesn't solve the problem because the error appears during the SMTP connection : Messaging doesn't enqueue the message, it stops before the data exchange between the client (in this case AV) and the server (the channle tcp_scanout).

            In a usual Messaging configuration - WITHOUT Antivirus and aliasdetourhost - when I send a mail that exceed the message size , from a client to the Messaging Server , during the Send/Receive phase I obtain the error :
            "The message could not be sent because its size exceeded the server's limit. ................. Protocol: SMTP, Server Response: '552 5.3.4 Error writing message - a message size of 2002 kilobytes exceeds the size limit of 2000 kilobytes computed for this transaction', Port: 25, Secure(SSL): No, Server Error: 552, Error Number: 0x800CCC6D

            This is the same response that - in the aliasdetourhost configuration - Messaging return to the AV .
            It would better that Messaging take in charge the mail , analyze it and then return a little NDR that follow the rule of CONTENT_RETURN_BLOCK_LIMIT !!
            • 3. Re: Aliasdetourhost & mailMsgQuota
              807574
              YOu should be looking at the channel that originally accepts the message, and putting the limit there, not on the channel that the AV sends back to Messaging.
              • 4. Re: Aliasdetourhost & mailMsgQuota
                807574
                I have configured the limit in the otion.dat, and therefore I think that is applied to all channels.

                If I doesn't use aliasdetourhost, the message size is verified and if it exceeds the limit, the client obtain the error in the phase send/receice. The user know that the mail is not sent and why.

                When I configure aliasdetourhost in tcp_intranet , the message size is not verified, the mail is sent to the Antivirus and wher it retourn back to the Messaging is refused. At this point AV is unable to advises the user that the mail isn't delivered.
                • 5. Re: Aliasdetourhost & mailMsgQuota
                  807574
                  try setting it up in a tcp_local_option.dat file instead. Many option.dat settings can work on a per-channel basis.
                  • 6. Re: Aliasdetourhost & mailMsgQuota
                    807574
                    I have tried your solution, but doesn't work.

                    I think that I should force FIRST the MTA to accept all the messages coming back from AV on tcp_scanout, and THEN to control the message size. In such way "the messages would encounter the destination user size limits until the messages are on the MTA, hence the MTA's size-aware-notification-generation code could come into play, forcing no-return-of-content when that would be helpful".

                    I think that using aliasdetourhost I only move the problem : the MTA input channel (for example tcp_intranet) doesn't verify certain LDAP attributes, like mailMsgMaxBlocks, but when the mail return again to the MTA - and such type of controls are made - it is refused.
                    But in this phase the client thet receive the error is not the Outlook Express (that with a pop up windows advise the user that the Mail is not sent). The 'Client' is the AV system that can 'speak' only to tcp_scanout !
                    • 7. Re: Aliasdetourhost & mailMsgQuota
                      807574
                      I note you've been asking this same question through tech support, and have gotten an extremely concise answer from our best engineers.

                      Basically, the answer is that you should not allow your server to emit, through any connection, a message it cannot accept back.

                      The kicker, here, is that some external devices such as scanners can make a message grow, up to 4x original size. Not sure how to fix that, honest.y.
                      • 8. Re: Aliasdetourhost & mailMsgQuota
                        807574
                        I try to explain better my problem.

                        WITHOUT ANTIVIRUS
                        I have configured a mailMsgMaxBlocks , setted to 2 MB, that blocks incoming mail greater than this size. A mail greater than 2 MB is not take in charge by the Messaging. During the Smtp connection , while is accepting the data from the client, interrupts the connection with an error "552 5.3.4 Error writing message - a message size of 2002 kilobytes exceeds the size limit of 2000 kilobytes ".
                        The users sees this error in the Outlook Express pop-up, and therefore is informed that its mail is non sent.
                        So all works fine.

                        WITH ANTIVIRUS, using aliasdetourhost
                        When I use aliasdetourhost, Messaging accept messages of ANY size , does not verifiy the size value setted in the Directory , and forward all messages to the Antivirus scanner.
                        Antivirus only makes a scan and send back the mail to the Messaging, with the SAME SIZE.
                        ONLY at this point the Messaging make a check on the size, and refuse the mail.

                        My scanner does not introduce a message grow.
                        I'm in accord with you about the fact that the server should not emit a message that cannot accept back, but the problem is that using 'aliasdetourhost' this check is not made anymore , in input !!

                        I'm just only a poor system engineer, working as system integrator for a customer, that try to integrate Messaging with an Antivirus ....

                        I'm trying to search a solution on various fronts ...

                        Many thanks for your answer.
                        Bye
                        • 9. Re: Aliasdetourhost & mailMsgQuota
                          807574
                          Do you have a tech support case open? I do remember seeing a question that looks very like yours in the last couple days.. .
                          • 10. Re: Aliasdetourhost & mailMsgQuota
                            807574
                            Yes, i have also a case open.

                            At the moment the way suggested is to accept all mail returrning from the AV scanner, and then use a reprocess channel to verify the mail size.
                            Now I'm asking how to implement this solution , because I made some test but I was no able to do such type of 'routing' and disable the size check on tcp_scanout.

                            Another possible solution is to use RET=HDRS NOTARY, that I don't find on Messaging 5.2. I think that is a proposed option that will be implemented as solution to RFE # 6218545.
                            • 11. Re: Aliasdetourhost & mailMsgQuota
                              807574
                              Well, let's let the tech support engineer that's getting paid to help you complete this one. . .