安全 : Cisco IronPort Email 安全设备

与"552 #5.3.4信息标题大小的信号反跳信息超过限制”

2016 年 10 月 24 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈

简介

本文描述拒绝的消息并且重新启动由于在思科电子邮件安全工具(ESA)的大报头。

贡献用卡尔年轻人和罗伯特Sherwin, Cisco TAC工程师。

与"552 #5.3.4信息标题大小的信号反跳信息超过限制”

当主机设法发送与一个大报头时的邮件, ESA可能拒绝它。最终用户可能发现以下错误消息之一:

"552 #5.3.4 message header size exceeds limit"
"500 #5.5.1 command not recognized"
"421 Exceeded bad SMTP command limit"

在某些情况下,主机可能继续再试同一个消息。

有信息标题的一1000线路限制。当报头长度超出1000条线路时, ESA发送消息"552 #5.3.4信息标题大小超过限制”对发送的主机。  

一些主机可能忽略此消息和继续发送数据。ESA解释此数据,当SMTP发出命令和回归, “500个#5.5.1为每条线路没认可的命令

在超过4坏SMTP命令限制以后, ESA然后返回消息, “421超过了坏SMTP命令限制”,并且切连接。

此设置在CLI可以只更改:

myesa.local> listenerconfig


Currently configured listeners:
1. listener_myesa.local (on Management, 192.168.0.199) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> setup

Enter the global limit for concurrent connections to be allowed across
all listeners.
[50]>

Listener istener_myesa.local Policy $TRUSTED max concurrency value of 300
will be limited to 50 by this concurrency setting.
Enter the global limit for concurrent TLS connections to be allowed across
all listeners.
[100]>

Concurrent TLS connections value of 100 will be limited to 50 by the global
limit for concurrent connections.

Enter the maximum number of message header lines. 0 indicates no limit.
[1000]>

Enter the rate at which injection control counters are reset.
[1h]>

Enter the timeout for unsuccessful inbound connections.
[5m]>

Enter the maximum connection time for inbound connections.
[15m]>

What hostname should Received: headers be stamped with?
1. The hostname of the Virtual Gateway(tm) used for delivering the message
2. The hostname of the interface the message is received on
[2]>

The system will always add a Message-ID header to outgoing messages that don't
already have one. Would you like to do the same for incoming messages? (Not
recommended.) [N]>

By default connections with a HAT REJECT policy will be closed with a banner
message at the start of the SMTP conversation. Would you like to do the rejection
at the message recipient level instead for more
detailed logging of rejected mail? [N]>

如果其中任一更改或更新被做,请回到主CLI提示符并且运行进行保存和实现更改。

相关信息



Document ID: 118495