We use a watchguard firewall which, by
default, removes all unkown SMTP headers and ESMTP
keywords. The following is a list of 41 headers and
keywords that have been rejected by our firewall during the past
week. I am considering adding some of these to the firewall's list of
known headers/keywords. I'm especially
interested in the security ramifications of adding these (we use Exchange
2000). Does anyone know of a specific reason To/Not To add
these?
| Status | Keyword/Header | Number of Times Rejected |
|---|---|---|
| removing unknown or denied header | List-Unsubscribe | 481 |
| removing unknown or denied header | Received | 164 |
| removing unknown or denied header | content-class | 139 |
| removing unknown or denied header | Thread-Index | 138 |
| removing unknown or denied header | Thread-Topic | 135 |
| removing unknown or denied header | X-MS-TNEF-Correlator | 63 |
| removing unknown or denied header | X-MS-Has-Attach | 63 |
| removing unknown or denied header | X-MimeOLE | 63 |
| removing unknown or denied header | Reporting-MTA | 57 |
| removing unknown or denied header | Arrival-Date | 57 |
| removing unknown or denied header | Received-From-MTA | 57 |
| removing unknown or denied header | X-DSNContext | 56 |
| removing unknown or denied header | X-OriginalArrivalTime | 56 |
| removing unknown or denied header | Return-Path | 56 |
| removing unknown or denied header | X-Mailer | 54 |
| removing ESMTP keyword | PIPELINING | 53 |
| removing ESMTP keyword | OK | 53 |
| removing ESMTP keyword | TURN | 53 |
| removing ESMTP keyword | VRFY | 53 |
| removing ESMTP keyword | XEXCH50 | 53 |
| removing ESMTP keyword | X-EXPS | 53 |
| removing ESMTP keyword | X-EXPS=LOGIN | 53 |
| removing ESMTP keyword | X-LINK2STATE | 53 |
| removing ESMTP keyword | ENHANCEDSTATUSCODES | 53 |
| removing ESMTP keyword | ATRN | 53 |
| removing ESMTP keyword | DSN | 53 |
| removing ESMTP keyword | ETRN | 53 |
| removing ESMTP keyword | CHUNKING | 53 |
| removing ESMTP keyword | BINARYMIME | 53 |
| removing ESMTP keyword | AUTH=LOGIN | 53 |
| removing ESMTP keyword | AUTH | 53 |
| removing unknown or denied header | Importance | 50 |
| removing unknown or denied header | Disposition-Notification-To | 10 |
| removing unknown or denied header | Organization | 8 |
| removing unknown or denied header | Content-Location | 3 |
| removing unknown or denied header | BANNED | 2 |
| removing unknown or denied header | Errors-to | 2 |
| removing unknown or denied header | ERROR | 2 |
| removing unknown or denied header | Receipt-Requested-To | 1 |
| removing unknown or denied header | Return-Receipt-To | 1 |
| removing unknown or denied header | User-Agent | 1 |
