277202 - Mail forwarded as attachment blocked by Trend InterScan

Status: RESOLVED INVALID

(MailNews Core :: Networking: SMTP, defect)

Description

[James Paige]

Mozilla mail clients are unable to forward back mail to servers running Trend
InterScan Messaging Security Suite (I am uncertain of the precise version)

Steps to reproduce:

(1) From any e-mail client using a server running Trend Interscan, send a mail
to someone using Mozilla.

(2) When the Mozilla user receives the message, forward it back to the sender

(3) It will not arrive, and will not bounce. It just vanishes.

Other e-mail clients, Like Outlook do not exhibit this problem.

Apparently this is happening because unlike Outlook, when Mozilla forwards a
message as an attachment, it does not strip out the Received: headers.

Trend Interscan blocks messages that it perceives to be bouncing by checking for
it's own addresses in the incoming mail's Received: headers AND in the headers
of each MIME attachment (I think?)

I don't know enough about standards and accepted practice for
header-removal-when-forwarding to know if:
(A) Mozilla is screwing up by including unneccisary headers
(B) Trend Interscan is screwing up by scanning Received: headers in attachments
(C) Both of the above
(D) Neither, this is a collision between valid but incompatable behaviours

Reproducable in Mozilla 1.7.3, Thunderbird 1.0, on Windows, Linux, and Mac

I am in contact with a support representative of customer using Trend Interscan,
and I can run any tests with him that Mozilla hackers can suggest to me.

Comment 1

[James Paige]

old bug 143882 describes a slightly similar symptom, but the cause is apparently
different.

Comment 2

[Schelstraete Bart]

I'm also using Mozilla/Thunderbird with Interscan viruswalls, and I don't have
any problems.

Comment 3

[WADA:World Anti-bad-Duping Agency]

(In reply to comment #0)

> (3) It will not arrive, and will not bounce. It just vanishes.
Possibly Bug 189428.
> Bug 189428 : mailserver problem so smtp send fails BUT mozilla moves mail to
>              sent folder and doesn't report error

Get SMTP protocol log and see log.
If analysis by developer will be required, attach log file to this bug.
(don't paste long data).

See http://www.mozilla.org/quality/mailnews/mail-troubleshoot.html#smtp for
protocol log.
Do not forget to change "protocol:5" to "SMTP:5" when SMTP.
Please note that log file is overlayed on restart.

Comment 4

[James Paige]

no, this is not Bug 189428. Smtp send does not fail, it succeeds, but because of
the Received: headers, Trend Interscan assumes that the mail is viral or spam,
and does not deliver it. I can still do an SMTP log, if you think that will
help, but I have already verified with packet sniffing and telnetting that the
SMTP connection is not failing.

And Re: comment 2, It is possible that this is only triggered by a certain
configuration and/or version of Trend Interscan.

Comment 5

[James Paige]

I asked about which version if Interscan is affected. It is 5.5. Bart, what
version are you working with?

Jay Sommer <jsommer1@us.ibm.com> wrote:
> 
> We are using InterScan version 5.5.
> The filter your messages are hitting is defined in trends knowledge base as
> Solution ID: 22058
> It is a locally defined filter mandated by our network security group.  The
> IP addresses that are blocked are our 4 IMSS servers that accept messages
> from the Internet.
> 
> It would be OK to post my address if it will help resolve this issue.
> 
> Jay D Sommer
> 
> IBM Global Services
> Honeywell Exchange Groupware Support
> Internet:  jsommer1@us.ibm.com

Comment 6

[James Paige]

http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=22058

Comment 7

[Matthias Versen [:Matti]]

This is a bug in the "InterScan Messaging Security Suite" if it marks messages as spam We can't add workarounds for every Anti-Spam solution.