Data Loss Prevention Prevent replies with quit command to the Edge server
Last Modified: 2023-04-13 19:50:52 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Data Loss Prevention Prevent replies with quit command to the Edge server
Technical Articles ID:
KB92135
Last Modified: 2023-04-13 19:50:52 Etc/GMT Environment
Data Loss Prevention (DLP) Prevent 11.x
Problem
Unable to send an email with many recipients when smart host is configured to reject many recipients.
CauseIf there is a maximum limit configured for the number of email recipients at the smart host, the DLP Prevent sends a 4xx error after the DATA part of email to the client edge server. The reason is because the DLP Prevent system tries the onward delivery ONLY after it receives all RCPTs from the client server. But, after the smart host reports 4xx for a particular RCPT TO, the DLP Prevent replies to the client with 4xx after the DATA part. Some clients like Edge server might not work with this sequence because they expect 4xx after the
Based on the protocol logging on the Edge server, the DLP server sends the 4xx and QUIT command to Edge after it receives the 452 4.5.3 Too many recipients error message from the smart host. The client might not expect this response. The response impacts all recipients in the session, that is, the recipients other than 500 also fail to receive the email. The internal hub transport server message tracking log confirmed that all users in that SMTP session failed to receive the email that was delivered to them. SolutionRemove the maximum recipient limit on the Edge server for the DLP Prevent system. It ensures that the emails are sent and received properly.
To change the recipient limit:
Affected ProductsLanguages:This article is available in the following languages: |
|