• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 848
  • Last Modified:

Maill Security 6.0 Premium Antispam is blocking valid emails to one particular user

Running a small network on Windows Server 2003 hosting email via Exchange 2003, and using Symantec Mail Security 6.0 with Premium Antispam and with all the latest updates.

No problems with email communications since this was set up in 2007.  But just since Monday one user is not receiving some specific external emails, and the people trying to email this person were getting bouncebacks with this data:
550 5.7.1 Requested action not taken: message refused
I have determined from the Mail Security Event Logs that at least some (hopefully all) affected emails are getting blocked by Maill Security's antispam filter.  But I can't figure out why that would be.  Some of the senders are people we've been in constant touch with for some time and some of their emails are going through to the affected user, and all emails seem to be going through to all other users.  There is nothing onerous in the blocked emails - no attachments, no suspect message titles or text.  A couple of the emails are from government domains.  Although it wouldn't even make sense I checked to make sure our domain is not blacklisted, and it is not.  Also, one of the emails was sent from a gmail account.  I have sent a multitude of test emails from another gmail account to see if I can replicate the issue without success.

Am looking for any help in further troubleshooting this issue.  Appreciate any and all input!
  • 5
1 Solution
Can you check the ptr records for your exchange server is configured properly on public DNS .
Please check in
http://www.mxtoolbox.com/>More>Reverse DNS lookup
tcbrdAuthor Commented:
Reverse DNS lookup on mail.mydomain.com successfully returned our external IP address.  I went through the other tests and they all checked out except for mx:mail.mydomain.com which returned 'no records found'  That doesn't seem right and I will doublecheck those records on the DNS server shortly.

If it does turn out that incorrect DNS settings are causing this issue - why would it result in event logs in Mail Security appearing to treat those incoming messages as spam?

tcbrdAuthor Commented:
Update - I used a different tool - http://www.iptools.com - and the mx records do show up there.  I found a somewhat old forum thread where it was noted that mxtoolbox doesn't always return the correct results for an mx lookup.  Anyways, I think that my DNS records do check out - unless there's something further I should be testing.

Would greatly appreciate any help in how to approach this further.  I would restate how odd it is to have only certain emails rejected and always when emailing the same user.
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

tcbrdAuthor Commented:
As an update, I have changed the settings on Mail Security so that instead of rejecting spam, it reroutes it to an AD mailbox set up for this purpose.  I then put a message forwarding rule for the affected user's account.  Now that user gets all of her email, of course she gets spam too.  Fortunately there's not too much of it and it's a temporary solution.  

Still lookingfor any ideas or an explanation on how vaild emails going to one particular user in a domain are intermittently getting tagged as spam with a rating of 90+ which Symantec claims is only mistaken 1 out of a million times.  Thanks for any help.  Also if I need to be wording this in any way that is more helpful I would be grateful for any direciont.
tcbrdAuthor Commented:
Even though I didn't get a response I did start a case with Symantec and got the issue resolved.  In interest of netiquette here's how it went: Initially we thought updating to 6.5 would solve the issue but it did not.  What did work was:

1. navigate to this folder path:   C:\Program Files\Symantec\SMSMSE\6.5\Server  
2. Delete all the subfolders whose names start with 'bm_ruleset'
3. Wait 5-10 minutes for the rules to update and you start to see those subfolders reappear.

Basically, the spam rules are updating all the time.  In my case one of the rules got 'stuck' and had to be manually cleared out.  Once that was done the issue disappeared.

Perhaps I will award my self points.
tcbrdAuthor Commented:
I'm accepting my own comment since nobody else provided a solution and I did fix the issue and logged the notes for future reference.

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now