• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1912
  • Last Modified:

the message has been set as bad mail on the SMTP server

I am having problems with a client's Exchange server.  Symantec Mail Security for Exchange (SMSE) appears to be unable to scan messages periodically.  When it happens it starts around 3:30 or 3:45 AM and you can see in the event log this error for every message:

Source: SMSE
Category: Unscannable
Event ID: 348
Description:
SMTP scanning failed on the message with subject: <Subject>.  This message has been set as bad mail on the SMTP server.

Live Update for SMSE seems to be running around the same time (3:15 AM) and applying an update, but it doesn't happen after every update so I'm not sure if that is the problem.  

The only way I have found to fix the problem is to completely reboot the server.  The e-mail that was delivered at that time is lost though and I haven't found a way to retrieve it.
0
bdhtechnology
Asked:
bdhtechnology
  • 4
  • 2
1 Solution
 
nsx106052Commented:
I would try changing the time for updates and also check your filtering policies one of them may be incorrect.  If you have symantec doing a full scan you probably want to change the time to.  

I would also look to see if there is one particular email causing this problem.  Although I think it is filtering setup incorrectly.
0
 
bdhtechnologyAuthor Commented:
It was set to run every 4 hours so I changed it to run at 6:01 AM.

There aren't really any filters set up.  The ones that are setup and enabled are set to log only.  

There doesn't appear to be one particular e-mail causing the problem.  It seems to happen with lots of different ones.
0
 
nsx106052Commented:
Try changing the live update time.  If you restart just the service does this fix the problem or do you have to restart?

The emails that are being sent do they have a subject and it there an attachment that symantec can't scan?

If you haven't you might want to configure the server to send alerts when there are problems so you can investigate them immediately.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bdhtechnologyAuthor Commented:
I did change the Live Update time to 6:01 am so I'll see if that makes any difference.

The e-mails do have a subject but I am unsure if there is an attachment.  All the logs say are something like "SMTP scanning failed on the message with subject: **SPAM** Get the Advantage of a Visa with an All Access Prepaid Card.  This message has been set as bad mail on the SMTP server."
0
 
bdhtechnologyAuthor Commented:
So it just happened again, after a Live Update.  Here is what is in the application event log:

Time: 10:37:19 AM
Source: SMSE
Category: LiveUpdate/Rapid Release
Event ID: 25
Description:
Updated virus definitions.

Followed by this message three times:
Time: 10:43:11 AM
Source: SMSE
Category: Service
Event ID: 327
Description:
The process SAVFMSESp.exe was forcibly terminated. Reason: SAVFMSECtrl process failed to communicate with SAVFMSESp process.

Followed by 4 MSExchangeSA/MSExchangeIS messages at 10:50:11 AM.  (I can post them if they are important).

Then the errors start:
Time: 10:59:54 AM
Source: SMSE
Category: Unscannable
Event ID: 348
Description:
SMTP scanning failed on the message with subject: Information about your order #66752223.  This message has been set as bad mail on the SMTP server.

I set Live Update to only run at 6:01 AM in the Symantec Information Foundation Mail Security for Microsoft Exchange under Admin->LiveUpdate/Rapid Release Schedule, but that didn't seem to have any effect on when it runs.  Is there somewhere else that it needs to be set at?

To fix it this time I tried to restart the SMSE service but it failed to stop so I had to kill all 9 SAVFMSESp.exe processes as well as SAVFMSESrv.exe, SAVFMSECTRL.exe, SAVFMSELog.exe and SAVFMSESJM.exe.  Then I was able to restart the service and fix the problem.  

How can I configure the server to send an alert when there is a problem like this?

 
0
 
bdhtechnologyAuthor Commented:
Well the problem seemed to me that there weren't enough resources available on the server.  There was only 1 GB of RAM and 9 scanning threads & 9 processes.  I upgraded the memory to 4 GB and reduced the number of scanning processes and threads and it hasn't happened since.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now