Bug ID 585412: SMTPS virtual server with activation-mode allow will RST non-TLS connections with Email bodies with very long lines

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 12.1.2, 11.6.1 HF1, 11.5.4 HF2

Opened: Apr 05, 2016
Severity: 3-Major
Related AskF5 Article:
K20583094

Symptoms

Connections to a virtual server that uses an SMTPS profile may be reset with a reset cause of 'Out of memory.'

Impact

The TCP connection is reset with a reset-cause of Out of memory' and the email will not be delivered.

Conditions

This might occur under the following conditions: -- A virtual server that uses an SMTPS profile with activation-mode set to allow. -- A client connection which does not use TLS that sends a DATA section with a text line that is longer than approximately 8192 characters. 8192 characters is an approximation for the maximum line length. The actual problem length can be affected by the MSS value and the particular way that the TCP traffic is segmented.

Workaround

None.

Fix Information

A virtual server that uses an SMTPS profile with activation-mode set to allow no longer resets connections when the client does not use STARTTLS and the email body contains very long lines.

Behavior Change