Overview
The Email Exploit Engine unlike other content filters does not provide an exception list or option to whitelist. Emails are flagged depending on the nature and structure of their content regardless of the sender or recipient.
This article provides information regarding the subject length limit in the Long Subject exploit of the Email Exploit Engine.
Information
The Email Exploit Engine can be enabled to guard against a wide array of known Email exploits on both inbound as well as outbound emails. One of the available exploits is the Long Subject (Suspicious) exploit that is designed to work as follows:
- If the subject contains more than 253 characters, the email is blocked with the following reason logged on the Dashboard logs: Long Subject (Suspicious).
- The maximum number of allowed characters in the subject line is 253.
- This value is hard-coded and cannot be changed.
In some environments, this might cause false positives, e.g. some network monitoring applications are known to send email notifications with subject lines exceeding the above character limit. In this scenario, the proposed solution would be to disable the individual exploit check from the MailEssentials Configuration by navigating to GFI MailEssentials > EmailSecurity > Email Exploit Engine > Exploit List then using the Disable Selected button as shown below:
This change should not pose any increased vulnerability to the environment, provided the other Content Filtering and Email Security engines are enabled.