Solved

the message has been set as bad mail on the SMTP server

Posted on 2008-06-17
6
1,904 Views
Last Modified: 2013-12-09
I am having problems with a client's Exchange server.  Symantec Mail Security for Exchange (SMSE) appears to be unable to scan messages periodically.  When it happens it starts around 3:30 or 3:45 AM and you can see in the event log this error for every message:

Source: SMSE
Category: Unscannable
Event ID: 348
Description:
SMTP scanning failed on the message with subject: <Subject>.  This message has been set as bad mail on the SMTP server.

Live Update for SMSE seems to be running around the same time (3:15 AM) and applying an update, but it doesn't happen after every update so I'm not sure if that is the problem.  

The only way I have found to fix the problem is to completely reboot the server.  The e-mail that was delivered at that time is lost though and I haven't found a way to retrieve it.
0
Comment
Question by:bdhtechnology
  • 4
  • 2
6 Comments
 
LVL 12

Expert Comment

by:nsx106052
Comment Utility
I would try changing the time for updates and also check your filtering policies one of them may be incorrect.  If you have symantec doing a full scan you probably want to change the time to.  

I would also look to see if there is one particular email causing this problem.  Although I think it is filtering setup incorrectly.
0
 
LVL 1

Author Comment

by:bdhtechnology
Comment Utility
It was set to run every 4 hours so I changed it to run at 6:01 AM.

There aren't really any filters set up.  The ones that are setup and enabled are set to log only.  

There doesn't appear to be one particular e-mail causing the problem.  It seems to happen with lots of different ones.
0
 
LVL 12

Expert Comment

by:nsx106052
Comment Utility
Try changing the live update time.  If you restart just the service does this fix the problem or do you have to restart?

The emails that are being sent do they have a subject and it there an attachment that symantec can't scan?

If you haven't you might want to configure the server to send alerts when there are problems so you can investigate them immediately.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Author Comment

by:bdhtechnology
Comment Utility
I did change the Live Update time to 6:01 am so I'll see if that makes any difference.

The e-mails do have a subject but I am unsure if there is an attachment.  All the logs say are something like "SMTP scanning failed on the message with subject: **SPAM** Get the Advantage of a Visa with an All Access Prepaid Card.  This message has been set as bad mail on the SMTP server."
0
 
LVL 1

Author Comment

by:bdhtechnology
Comment Utility
So it just happened again, after a Live Update.  Here is what is in the application event log:

Time: 10:37:19 AM
Source: SMSE
Category: LiveUpdate/Rapid Release
Event ID: 25
Description:
Updated virus definitions.

Followed by this message three times:
Time: 10:43:11 AM
Source: SMSE
Category: Service
Event ID: 327
Description:
The process SAVFMSESp.exe was forcibly terminated. Reason: SAVFMSECtrl process failed to communicate with SAVFMSESp process.

Followed by 4 MSExchangeSA/MSExchangeIS messages at 10:50:11 AM.  (I can post them if they are important).

Then the errors start:
Time: 10:59:54 AM
Source: SMSE
Category: Unscannable
Event ID: 348
Description:
SMTP scanning failed on the message with subject: Information about your order #66752223.  This message has been set as bad mail on the SMTP server.

I set Live Update to only run at 6:01 AM in the Symantec Information Foundation Mail Security for Microsoft Exchange under Admin->LiveUpdate/Rapid Release Schedule, but that didn't seem to have any effect on when it runs.  Is there somewhere else that it needs to be set at?

To fix it this time I tried to restart the SMSE service but it failed to stop so I had to kill all 9 SAVFMSESp.exe processes as well as SAVFMSESrv.exe, SAVFMSECTRL.exe, SAVFMSELog.exe and SAVFMSESJM.exe.  Then I was able to restart the service and fix the problem.  

How can I configure the server to send an alert when there is a problem like this?

 
0
 
LVL 1

Accepted Solution

by:
bdhtechnology earned 0 total points
Comment Utility
Well the problem seemed to me that there weren't enough resources available on the server.  There was only 1 GB of RAM and 9 scanning threads & 9 processes.  I upgraded the memory to 4 GB and reduced the number of scanning processes and threads and it hasn't happened since.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now