Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Log messages bounce, no BDAT support

SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭
in Email Security Appliances

When the firewall message log email flow is like this:

Gen 6 firewall appliance --> Microsoft 365 --> Email Security

I get a bounce message saying:

Your message contains invalid characters (bare line feed characters) which the email servers at [mydomain] don't support

Reported error: 550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message contains bare linefeeds, which cannot be sent via DATA and receiving system does not support BDAT

If I send directly to Email Security bypassing Microsoft 365 the messages come through without error. So sending messages via M365 somehow causes this error.

Anyone seen this? If the firewall would truly send messages with line feeds that ES doesn't support, then it should show up when sending directly to it as well. But it only shows up if the message comes through M365.

Category: Email Security Appliances
Reply

Answers

  • David WDavid W SonicWall Employee

    @SonicAdmin80 It sounds like what I found here.


    https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-550-5-6-11-in-exchange-online


    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    @David W Yes I read that too, but it doesn't really explain why it happens. Because according to Microsoft they're only delivering the messages as they are and the downstream SMTP server is to blame in not accepting the BDAT command, in this case Email Security.

    "Microsoft 365 and Office 365 used to remove bare line feeds from messages to enable delivery to older email servers that didn't support SMTP Chunking and the BDAT command. In an effort to better support security standards (for example, DomainKeys Identified Mail or DKIM), Office 365 no longer removes bare line feeds from messages."

    So does Email Security indeed support SMTP chunking and BDAT?

    If we believe Microsoft the problem is that they DON'T do anything to the message and just try to deliver it with the bare line feeds. But in this case it means that SonicWall firewall is sending messages with bare line feeds, which should give the same error when sending log messages directly from a firewall to Email Security. But for some reason the problem doesn't come up when sending directly.

  • David WDavid W SonicWall Employee

    @SonicAdmin80 Do you have one of the NDR's?

    You stated that if you send them direct to email security they come through but only when going to O365 first does this occur.

    That makes this sound like O365 is generating the NDR as an unsupported option on their end.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    @David W Yes, the text in the first post is copied directly from the NDR that O365 sends to the from address set in the firewall.

    Also from the NDR:

    How to Fix It

    It appears that your email program added invalid characters (bare line feed characters) into your message when you sent it. Try using a different email program to send your message. If the problem continues send this non-delivery report (NDR) message to your email admin for assistance.

    More Info for Email AdminsStatus code: 550 5.6.11 

    This error occurs when the email program or device used to create or send an email message adds bare line feed characters into the message. When bare line feed characters are included in a message, the SMTP protocol chunking feature is required to transmit the message between email servers. Chunking uses the SMTP protocol BDAT command, but the recipient's email server doesn't support the BDAT command.

    To fix the issue, the sender should send the message using an email program or device that doesn't add bare line feed characters to messages. Most modern email programs don't add bare line feed characters.

    If the sender is using a device like a fax machine, printer, or scanner, it's likely an older model that doesn't support the SMTP protocol BDAT command. To fix this error, you'll need to replace the device with a newer model that supports the BDAT command. The industry standard recommendation to support SMTP chunking was published in 1998 so most devices manufactured during the last decade support this feature.

    Another option is for the email admin at the recipient's domain to upgrade their email servers to servers that support the SMTP protocol BDAT command. Most modern email servers support BDAT; however, some free and older email servers don't support it.

  • David WDavid W SonicWall Employee

    @SonicAdmin80 CAn you message me and attach the original NDR intact with all the headers?

    There is information within it that will help identify the issue.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    @David W How do I send a direct message? Can't find the option anywhere.

  • David WDavid W SonicWall Employee

    @SonicAdmin80 Just go to you rmessages at the top right and start a message and type in my name.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    @David W For me there is no icon anywhere to create a new message, not in the messages window, not on your profile page either.

  • David WDavid W SonicWall Employee

    @SonicAdmin80 Then it may be easier to have you open a case and provide that data.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    @David W OK I'll do that then.

  • onax_pfonax_pf Newbie ✭

    Currently, we have same issue when someone tries to send an auto-generated message over M365 to our SonicWall email security.

    I checked the "BareLineFeedsAreIllegal" on the exchange servers but from my understanding, the mail gets rejected by email security

    @SonicAdmin80 Could you ever solve the problem?

    Thanks

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    @onax_pf My support case from a year ago was closed unresolved. I guess I got tired of trying to get support to investigate it as they just blamed Microsoft and weren't willing to actually do anything.

  • onax_pfonax_pf Newbie ✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/14525#Comment_14525

    I opened a case and this is the last response I got today:

    As I stated Email Security does not alter these types of messages. The NDR or reject is being sent from O365 not HES. The only way to resolve it is to make it so the Template Is not Using The Line Breaks in the middle of the message.

  • David WDavid W SonicWall Employee

    @onax_pf Your issue is not the same as the one this was reported against,

    However any time there are line breaks in a message the Mail server has the option to refuse it depending on it's settings.

    Email Security does not modify emails that have line Breaks,, this would alter the Body Hash and cause DKIM failures.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • onax_pfonax_pf Newbie ✭

    We were able to have a working solution where SonicWall support changed a setting in global settings:

    "I changed one item that should help here as Chunking is a requirement for BDAT which is what we are dealing with."

    Hopefully, the sender is updating their software soon

Sign In or Register to comment.