Skip to main content

Error "<#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP#" when you send attachment in your mail

Some users were receiving error <#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP# when they sent message with attachment.

The problem is when attached document name is longer than 50 characters. Some Firewalls have header size restriction and that limit blocks this messages to be sent.

To correct this, change header limit on affected Firewall or shorten the name of the document you are sending (which is probably not good permanent solution).

Update #1: Default header size limit in Exchange 2007 is 64K.

Update #2: It might be the SMTP version problem. Mail is rejected with CONTENT-DISPOSITION error (overly long message header field for CONTENT-DISPOSITION) but not for all SMTP servers (same mail sent through different SMTP servers). If you send mail with attachment that has name longer than 50 characters from Exchange 2007 directly through DNS you may encounter this error, but if you send same mail from Exchange 2007 through smart host (other than Exchange) mail is delivered with no errors (possible workaround).

Update #3: There is a good article on Symantec's web site about parameters in file. Check SMTP block/unblock possibilities.

Update #4: Anonymous (*send me your name*) left a comment below regarding reasons for this error message:
"We found this was simply a matter that the message was created in Outlook "rich text" format (which embeds attachments into the message body) instead of plain text or HTML which creates attachments normally"


  1. Thanks a lot! We were having this problem for some time and finally here's the answer.

  2. Thanks! Solved it for me too :o)

  3. It will solve the problem for us if we can know how to change the header limit in Symantec Gateway Firewall 5620.

    Any Help?

  4. Hi & thanx a lot. We are experiencing the same problem with a Symantec 1620 Gateway Security appliance. By any chance is there any update info available on this topic? Or any other workaround? Problem is, that since a few days even some inbound mail is dropped and it looks like exactly the same error.


  5. Hi guys,
    There is a good article on Symantec's web site about parameters in file. Check SMTP block/unblock possibilities. :)


  6. We found this was simply a matter that the message was created in Outlook "rich text" format (which embeds attachments into the message body) instead of plain text or HTML which creates attachments normally.

  7. Here is the solution for SGS 5620 und SGS 1620.

    In the sgs console at "Administration" Advanced Options set this entries.

    smtpd.max_body_line_length (value: 2048)
    smtpd.scan_message_body (value:False)

    save Configuration and activate it, for me it works :-)


  8. Thanks Markus for taking time to write this!

  9. Thanks Markus, for me it works too !!


  10. Thank you Markus! Worked great!

  11. Markus,

    Thanks so much! I followed what you said and worked great! were getting the emails now.


  12. This just recently started happening to my 2003 Exchange server and seems a bit inconsistent. On just about any email sent from phones connected via activesync that contains images it will bounce them. Attach a PDF and your ok. Where can we set the header limit in Exchange 2003 since my Firewall has not changed and could care less on anything outbound anyway?


Post a Comment

Popular posts from this blog

Netscaler vs Exchange 2019 "time out during ssl handshake stage

If you are using Citrix Netscaler as load balancer in front of Exchange 2019 server you must know this: Microsoft Exchange 2019 is secured by default and allows only TLS 1.2. Therefore default schannel settings are as follows (using IISCrypto tool from Nartac Software): While Citrix Netscaler offers following Cipher Suites: TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA Now, you will fi

Exchange Admin Center language

Depending on your computer language settings, Exchange Admin Center can take those and open in a language you actually don't want to use. You'll Google that this can be changed if administrator/ admin user has mailbox by openening OWA settings and changing Regional parameters. But usually Admin user does not have mailbox or you don't want her/him to have it. You will search again and find that you can add mkt=en-US (as an example) to the URL of the Exchange Admin Center (https://yourexchangehostname/ecp?ExchClientVer=15&mkt=en-US) Third option you have is opening Internet Explorer settings (I am using Windows 2016) Click languages Click Set Language Preferences Add language you want to use by clicking Add language Use Move up or Move Down options to put desired language on top Close Internet Explorer Open it again and login again to Exchange Admin Center

Free/Busy missing - Cloud to On-Premises

We had a problem where M365 users could not retreive Free/Busy information from on-premise Exchange server. Hybrid setup was run and everything was working fine except this. After research I found out that TargetSharingEpr is the way to look at. There are many sites out there that are pointing to the same setting but only Set-OrganizationRelationship is used to change the value. The problem is, this value is available for two commands: Set-IntraOrganizationConnector Set-OrganizationRelationship While we changed the value in  Set-OrganizationRelationship it didn't work until we changed the value in  Set-IntraOrganizationConnector too. By default it should work with just  TargetAutodiscoverEpr but for us it didn't. Finally we ran this command on Intra Organization Connector which is used from Cloud to On-prem:  Set-IntraOrganizationConnector -TargetSharingEpr And it worked.