Topic Last Modified: 2007-01-30
The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine if the default MIME header limits in Exchange have been changed:
If the Exchange Server Analyzer finds that any value for LimitEmbeddingDepth has been set, a non-default configuration message is displayed.
Exchange 2000 Server Service Pack 3, Exchange Server 2003 and Exchange Server 2007 include updated functionality in the information store process (store.exe) that defines how large or irregularly formed MIME is handled. This functionality was added to further secure Exchange Server against denial of service attacks by both malicious and unintentionally large and complex MIME messages. Some examples of the limits imposed on MIME messages submitted to the store include limiting the number of recipients, limiting the number of embedded messages, and limiting the size of the individual MIME headers.
The default values for these various MIME header limits are set within the store process. However, if a registry key has been set to define any one of these limits, the registry key will override the default store.exe value. When any one of the various limits is exceeded in a MIME message, a non-delivery report (NDR) is sent to the sender.
Limiting the embedding depth of MIME refers to the number of MIME messages that can be embedded into each other. For example, assume that you receive a message (m1) with an attached message (m2). When you open the attached message (m2), you find that there is a message (m3) attached to that message (m2) as well. Thus, the original message (m1) has messages embedded to a depth of 3 levels. By default, Exchange will allow messages with an embedded depth level of 100. Messages with embedded messages exceeding 100 levels of depth may consume all memory on an Exchange server for the time it takes the server to "un-wrap" the message, parse it, and convert it to MAPI. It is highly unlikely that any e-mail client or server will generate a message with such depth of embedded messages. Rather, such a message is more likely the result of malicious users attempting a denial of service attack on your messaging system.
To revert to the default configuration
There is no action that needs to be taken. This registry entry will be present only when the hotfix from the Microsoft Knowledge Base article 833607, "The Microsoft Exchange Information Store service uses 100 percent of the CPU resources on an Exchange 2000 Server or an Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=833607), has been installed. This hotfix creates the LimitEmbeddingDepth registry entry and sets it to a value of 10.
For more information about Exchange Server service packs and hotfixes, see the Knowledge Base article 328839, "How to apply Exchange service packs and hotfixes" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=328839).