Symantec Mail security for Microsoft Exchamge causing emails to go missing.

Posted on 2009-04-16
Last Modified: 2012-05-06
Hi Experts,

I have a real mystery on my hands when it comes to email mixed with SMSMSE 5.0 and Exchange 6.5 on a Windows 2003 R2 SP2 Server.

It seems that when emails are coming in from the outside world (ie gmail, hotmail, yahoo, other company addresses) some of the emails are making it through with no issues. They are scanned by SMSMSE and sent to the intended recipient, however other are not making it to the recipient.

To me it looks like the mails are making it the mail store on exchange but not the inboxes, of the recipient.

Here's an example:

I sent a test email to myself from my gmail account to my company accounts and only received the mail on one of the two address we use ( 1 - exchange, 1 - POP3) the only account to receive the email was my exchange account, after checking the spam filter and finding nothing had gotten caught I checked the event viewer ont he server and got this error:

The message "test1 - apr16" located in message with subject "test1 - apr16", located in SMTP has violated the following policy settings:
      Scan: Auto-Protect
      Rule: Allow Word Documents
The following actions were taken on it:
      The message "test1 - apr16" was Logged Only for the following reason(s):
            A Filtering Rule was violated.

after seeing this message in the event viewer my next step was to use message tracking with exchange to see where it had ended up and this is what I got.

see figure 1
the blackout addresses is my exchange account.

To me it looks as though one email canceled out the other, which it shouldn't be doing. I should have received two emails, one from exchange and one from POP3.

However if I send two separate test emails to myself, one directly to exchange and one directly to POP3 I receive them both one for each account. I still receive the soft event viewer error message but the email  makes it to the inboxes.

This behavior is not limited to myself there are others who have noticed this taking place, anyone have a suggestion on where to begin to find the problem?



Question by:chris_irvine
    LVL 35

    Accepted Solution


    1. SMSME EOL is on Sep 23, 2009 so it is time to upgrade if you have a chance.
    2. if you still have support, contact symantec technical support for help.. they are quite helpful.

    this will be also a length post as there are sooo many places that can go wrong when your SMSMSE keep your email.

    the easiest way to test whether is SMSME fault is go to policies.
    under Content enforcement, there is content filtering rules.

    there is rules down there that you enforce.
    either uncheck "enable content filtering" or disabled all your rules.

    then do your testing again see whether you can replicate the problem.

    If it is working, try to turn on 1 by 1.

    Also goto exceptions make sure your disposition for all rules is not set to delete entire message

    keep me update so i can know think about others if it bring up any in the next few message :)


    Author Comment

    I have tested all our current rules (individually) and found that the Sample Executable File rule was blocking incoming messages from our POP3 accounts.

    I modified the rule for Sample Executable File (more specifically the File Attachment Name under the Rule Content section) from wild card strings to literal strings and emails from our POP3 began to come in with no problems.

    It does still look as though some emails are being held up in the mail store, after passing through SMSMSE. I'm going to start looking at posts on EE to see why there seems to be a delay in delivery from exchange in the meantime.

    LVL 35

    Expert Comment

    by:Jian An Lim
    all the best with that.

    If you think i have answered your question, please kindly close the question :) or else please fire any question regarding this SMSMSE issue.

    but i still strongly recommend you to upgrade to the latest version if you could :)

    Author Comment

    The problem seems to have cleared itself up for some reason, going to have to investigate.

    How can I tell if we are do for an upgrade? Would i have to call Symantec to find out?
    LVL 35

    Expert Comment

    by:Jian An Lim
    if you have a maintenance agreement with symantec, you are entitled to an upgrade for free.

    this website tells you when the version is EOL

    Author Closing Comment

    If I had known before hand how deep  SMSMSE went I probably wouldn't have asked this question. On the hand I didn't know, hence furthering my education of software we're using.


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
    In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now