Customers with SonicWall Firewalls have been experiencing slow mail delivery times. One cause for this has been narrowed down to a new service available on the SonicWall OS. Mail flow from our routing servers are disrupted every 60 minutes due to a "From Content Overflow" check by the SonicWall IPS service (Intrusion Prevention Service). SonicWall IPS users might find an entry in their log similar to: “IPS Detection Alert: From Content Overflow Attempt, SID: 742, Priority: Medium” from one of AppRiver’s mail servers or SID 3232 - this error relates to vCalendar MIME-Type which was being prevented. -  It is recommended (in order to receive mail in a timely fashion) that the check for the “From Content Overflow attempt” policy be modified so that it is not prevented by the SonicWall IPS. Please note that if you are using Sendmail 5.79 to 8.12.7, you will be disabling a policy that might need to be enforced to prevent attacks to your mail server (see http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=742).

To modify this policy so that attacks are logged but not prevented, follow these steps:

1. Login to your SonicWall
2. Click Security Services
3. Click Intrusion Prevention
4. Under the IPS Policies section, type in 742 in the “Lookup ID” box and click on the configure button beside that box
5. Change Prevention to “Disable” and Detection to “Enable”
6. Click OK

Update:

It has been reported by Sonic Wall users that, if you disable the IPS intrusion protection rule for 3232 ( a SMTP calendar exploit ) this problem goes away.