Solved: never include orig. message into bounce message/DSN

christoph.boesch · ‎08-31-2011

Hi all

How can i configure IronPort to never include the original message body into bounce messages or DSNs?

I would like to always include header information (sender, receipient, subject) of the original mail, but never body information or even attachments?

I already tried cli-command bounceconfig, an set max_bounce_copy=1, but then the header is also not included...?

Any ideas?

Thanks

Chris

mychrislo · ‎09-06-2011

Any chance the "custom bounce notification" under the "text resources" can be made use of?

View solution in original post

mychrislo · ‎09-06-2011

What about the variable

$Allheaders

?

View solution in original post

Christopher Smith · ‎09-05-2011

Hi Chris,

This one is a bit tricky. The RFC does not state that one "MUST" include a copy of the original message however we do as in general its good practice and it is seen as a courtesy to the recipient.

That being said you may be able to eliminate most of the original message. You were on the right track with that option but I think you were looking for size not number of copies.

You will need to make this modification via the CLI using the command bounceconfig. Depending on the number of bounce profiles you have you may need to edit each to achive the desired results. By default there is only 1 profile listed as default.

The value you want ot chage is the following;

Please enter the maximum size of the original message (in bytes) to include in the bounced notification message.

[10240]>

You may have to make changes and test to get the exact results your looking for.

murf.run> bounceconfig

Current bounce profiles:

1. Default

Choose the operation you want to perform:

- NEW - Create a new profile.

- EDIT - Modify a profile.

[]> edit

Please enter the number of the profile to edit:

[]> 1

Please enter the maximum number of retries.

[100]>

Please enter the maximum number of seconds a message may stay in the queue before being hard bounced.

[259200]>

Please enter the initial number of seconds to wait before retrying a message.

[60]>

Please enter the maximum number of seconds to wait before retrying a message.

[3600]>

Do you want a message sent for each hard bounce? [Y]>

Do you want bounce messages to use the DSN message format? [Y]>

Enter the subject to use:

[Delivery Status Notification (Failure)]>

Do you want to parse the DSN "Status" field received from bounce responses to include in the DSN generated by the appliance? [N]>

If a message is undeliverable after some interval, do you want to send a delay warning message? [N]>

Do you want hard bounce messages sent to an alternate address, instead of the sender? [N]>

Do you want bounce messages to be signed (Yes/No)? [N]>

Please enter the initial number of seconds to wait before retrying a host that is unreachable.

[60]>

Please enter the maximum number of seconds to wait before retrying a host that is unreachable.

[3600]>

Please enter the maximum size of the original message (in bytes) to include in the bounced notification message.

[10240]> 10

Current bounce profiles:

1. Default

Choose the operation you want to perform:

- NEW - Create a new profile.

- EDIT - Modify a profile.

[]>

smurf.run> commit

Christopher C Smith

CSE

Cisco IronPort Customer Support

christoph.boesch · ‎09-05-2011

Hi Christopher

This is exactly what I've tried, and it's also documented in the Advanced Config Guide:

By default, the delivery status notification includes an explanation of the delivery status and the original message if the message size is less than 10k. If the message size is greater than 10k, the delivery status notification includes the message headers only. If the message headers exceed 10k, the delivery status notification truncates the headers. If you want include messages (or message headers) that are greater than 10k in the DSN, you can use the max_bounce_copy parameter in the bounceconfig command (this parameter is only available from the CLI).

But the thing is, i would like to have always the message headers included, but never the body. (Background is, that we have an E-Mail-encryption gateway, and DSNs must not contain any encrypted content since they are sent in plaintext...) Any chance to realise that?

Regards

Chris

Martin Eppler · ‎09-05-2011

Hello Chris,

As we cannot detect or guess the exact message header size of the original message, I think there's no workaround available that would reflect your requirement.

Thanks and regards,

Martin

---

Sent while being on the road. Please excuse any typos and short answers.

Von: christoph.boesch

Gesendet: Tuesday, September 06, 2011 08:50 AM

An: Martin Eppler (meppler)

Betreff: - Re: never include orig. message into bounce message/DSN

Cisco Support Community <>

Re: never include orig. message into bounce message/DSN

created by christoph.boesch <> in Email Security - View the full discussion <>

mychrislo · ‎09-06-2011

Any chance the "custom bounce notification" under the "text resources" can be made use of?

christoph.boesch · ‎09-06-2011

As we cannot detect [...] the exact message header size of the original message [...]

Why that?

Any chance the "custom bounce notification" under the "text resources" can be made use of?

Yes, I tried that. But there I can only include a few header-variables like subject or date, but not the complete header.

mychrislo · ‎09-06-2011

What about the variable

$Allheaders

?

christoph.boesch · ‎09-06-2011

What about the variable

$Allheaders

Great, that's exactly what I need :-)

I haven't found that variable because it's not listed under the "insert variables" dialog when creating a bounce notification text ressource...

Thank you very much!