Daily Archives: December 8, 2011

You are browsing the site archives by date.

Exchange Transport Rule Corrupting Mail

A really interesting thing was happening to some of our clients e-mails which we eventually discovered was relating to Exchange Transport Rules.

Here is the mail flow through our setup.


Internet

\/

Sophos ES1100

\/

Exchange 2010

\/

Exchange 2007

\/

Client


The reason for both Exchange servers is that we are currently in the process of migrating from Exchange 2007 to Exchange 2010.

In particular circumstances email was coming through containing what can only be described as “oriental” characters, see below…..

tml> 格ead> 猼tyle㰾!– .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 10pt; font-family:Tahoma } –>⼼style> ⼼head> 㰊body class=’hmmessage’㰾div dir=’ltr’> 昼ont face=”Tahoma” size=”2″>,⼼font㰾div style=”font-family: Tahoma; font-size: 10pt; “㰾br㰾/div㰾div style=”font-family: Tahoma; font-size: 10pt; “>

Upon further investigation and an attempt to replicate the issue it was found to occur through some e-mail clients when sent from mobile devices.

Our first instinct was to investigate any possible problems with the Sophos Email Appliance.

However upon doing further searches on the internet there was a suggestion that certain Exchange Transport Rules could be the cause of this issue.

As we were in the process of migrating from Exchange 2007 to Exchange 2010 the existing Transport rule from our 2007 Hub Transport server had  copied over to the 2010 Hub Transport server.

The transport rule in question simply applied an HTML disclaimer to all e-mail both internal and external.

We disabled this rule and the problem disappeared (at least we were unable to replicate it).

Upon further research we found that we could enable the Transport rule to add a disclaimer to mail going external only.

It would appear that the process of Exchange Transport Rules re-writing certain HTML type e-mails  would cause the corruption of e-mail as illustrated above.