Message is Larger Than the Current System Limit

From the Help Desk file…

A client running SBS is having problems with large attachments bouncing.  They are using SMTP, not POP3:

  • Each month they get a a particular inbound email from an external sender w/ a sizeable attachment
  • Last month the attachment was 7,403 KB and it was delivered just fine
  • This month the attachment was 7,562 KB and it was rejected

Error Message:

“The following recipient(s) could not be reached: This message is larger than the current system limit or the recipient’s mailbox is full. Create a shorter message body or remove attachments and try sending it again.”

Gut Reaction:

The ultimate computer troubleshooting question – “What changed?” 

The attachment is bigger (but not much).  And it’s likely that the users mailbox has grown in the last month, right?  Well, not so fast.

Server Settings:

  • Mailbox Store Storage Limits:  Warn @ 175 MB / Prohibit @ 200 MB
  • Client mailbox size:  22 MB
  • Default SMTP Virtual Server Properties: Limit message to size (KB) is unchecked
  • Exchange Delivery Defaults:  10,240 KB send / 10,240 KB receive
  • User Delivery Defaults:  10,240 KB send / 10,240 KB receive

So the attachment is well below the 10 MB limit, and the user has plenty of storage space.  What gives?

The Smoking Gun:

I did some research and found the following KB Article:

“How to set size limits for messages in Exchange Server”

Note The size of SMTP messages that are sent between routing groups and to the Internet increase by about 30 percent if they contain binary attachments or other 8-bit data.”

Yeah – you read that right, 30% overhead for SMTP email attachments. 

Let’s do the math – a 7,562 KB attachment with a 30% increase (7,562 / 0.7) = 10,802 KB.  And that’s larger than 10,240 KB folks!  I talked to Vlad for validation, and after the obligatory mocking session, he confirmed that’s about right for the overhead.  He also said something about an 8-bit attachment going through a 7-bit system, but that’s over my head.


I bumped the limits up to 15,360 KB, so they should be able to receive a 10,752 KB attachment (a true 10 MB), sent another test email, and it worked!

So here’s a rough conversion chart of what your settings need to be to get ‘true’ attachment sizes through the server:

Physical Attachment / Actual Height Needed

  • 5 MB / 7,200 KB
  • 6 MB / 8,600 KB
  • 7 MB / 10,00 KB
  • 8 MB / 11,400 KB
  • 9 MB /12,900 KB
  • 10 MB /14,300 KB
  • 11 MB /15,700 KB
  • 12 MB /17,100 KB
  • 13 MB /18,600 KB
  • 14 MB /20,000 KB
  • 15 MB /21,400 KB

To plug in that setting, just navigate to:

Server Management / Advanced Management /  Exchange / Global Setting / Message Delivery / Properties / Defaults tab:

I hope that helps somebody.  And thanks Vlad, my favorite Exchange MVP 🙂

VN:F [1.9.20_1166]
Rating: 8.5/10 (2 votes cast)

Official Launch of

Today Susanne Dansey and Susan Bradley announced  my new pet project, affectionately known as

This is not another SBS podcast (as the name may imply).  Rather, it’s a central point to find all podcasts pertaining to SBS & the SMB space. 

Some of these podcasts are IT Pro focused, some are consumer-focused, others deal with business, the community, and geek humor.  But the underlying theme (as a whole) tends to be security, because honestly, it’s not easy staying sharp – especially when it comes to security.

Each podcast entry on the site includes:

  • Podcast name
  • Host or hosts
  • Description
  • Website URL
  • RSS Feed URL (if available)

The current list of SBS / SMB podcasts includes:

Visitors to the site are encouraged to submit future SBS podcasts to the list. 

For the sake of convenience, all podcasts with RSS feeds are rolled up into a single OPML feed (available at the top of the page on the site).

Hopefully this project will give folks a chance to learn about podcasts they’ve never heard of and lower the barrier & learning curve to getting started listening to podcasts.   

If you’ve got feedback regarding the site or the project, feel free to post coments on this blog entry.

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Robot Has Detected Abnormal Activity From Your IP Address

I’ve gotten numerous calls about this piece of spam today, so I thought I’d blog it:

From: Administrator <sender changes>
To: <client name>
Sent: Sun Jul 08 18:15:22 2007
Subject: Worm Alert!

Dear Customer,

Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment.

We recommend you to install this patch <url omitted> to remove worm files
and stop email sending, otherwise your account will be blocked.


According to PC Tools’ ThreatExpert service, the trojan copies itself to the Windows system folder as ‘windev-72b5-203e.sys’ (md5: 8e2410698872f116620cbd7846adfa34) and registers the file as a service in order to load when Windows is started.

Detection names among vendors vary greatly and include the following:

  • TR/Small.DBY.DB (AntiVir)
  • Win32:Tibs-BAC (Avast)
  • Downloader.Tibs.6.K (AVG)
  • Trojan.Peed.OQ (BitDefender)
  • W32/Tibs.MV@mm (Fortinet)
  • Packed.Win32.Tibs.ab (Ikarus, Kaspersky)
  • McAfee 5069 07.06.2007 W32/Nuwar@MM (McAfee)
  • Worm:Win32/Nuwar.JT (Microsoft)
  • Win32/Nuwar (Nod32)
  • Tibs.gen124 (Norman)
  • Mal/Dorf-A (Sophos)
  • Trojan.Packed.13 (Symantec)
  • Possible_Nucrp-3 (Trend)

Recommended Action:

Don’t download it – update your anti-virus signatures

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)