3CX DLL-Sideloading attack: What you need to know
My client has been using the email gateway for some years now.
About 6 months ago my client reported that emails would not send, they received a message saying Cannot send this item.After investigating I found it related to long URL's, once an email chain gets so long the links block the reply emails being sentWe use TOC via the email gateway, this is the cause of the issue as it rewrites the URL every time an email is sent even though it rewrote them previously.MS released a fix for this in April:https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-cannot-send-this-item-email-bug/This didn't resolve the issue my client is having, the fix may have been for 365 TOC.I have logged cases with support but not got anywhere, has anyone else seen this problem?
Hello there,
Thank you for contacting the Sophos Community.
May know the Case ID(s) you have logged, to see what has been done.
Regards,
Hi Emmanuel, Nothing has been done that I know of, I didn't get the impression that the issue was understood.
Anyone?
I tried searching for your Case ID, but I couldn't find it under the email you used to register to the community.
I did found 3 cases related to this, however, they were about users having a mail signature, that was causing the re-written, it was suggested to add this signature to the Central Email > Settings > URL allow list.
I am not sure if this would be also your case.
Thanks for this, I have added them, hopefully, that will resolve the issue! I will mark it so if it does.
Same issue here, Sophos ToC creates URLs that are more than 2000 characters long, causing Outlook to show the "Cannot send this item" error instead of sending the email. I've contacted Support about the issue.
The above suggestion worked the URL safe list.
I don't understand. This is happening on external customer signatures. Are you suggesting we add all customer domains to the URL safe list going forward?
Hello! We're having the same issue. This does not have to do with signatures but more so URL's in the email. For example, our client gets invoices from ebay. Their invoice email has several URL's. The TOC rewrites everything with extremely long links which causes this problem even when forwarding internally. I am seeing this more and more, it's way to much work and frankly dangerous to be whitelisting every URL. Our case number with Sophos is 04810668. It seems the URL's continue to be rewritten when replying, an easy fix would be to disable the rewrite when replying.
Seeing this come up more and more with end users as well.
I have added the URLs found in our companies signatures, hopefully that will help minimize this issue.