Outbound messages may be identified as SPAM by Symantec Mail Security for Microsoft Exchange

book

Article ID: 156524

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

Outbound messages are identified as SPAM by Symantec Mail Security for Microsoft Exchange. Only inbound messages should be scanned for SPAM.

Cause

Symantec Mail Security relies on a Microsoft value to determine the direction of a message for Anti-Spam and Whitelisting. This value is

EndOfDataEventArgs.SmtpSession.IsExternalConnection 

If this value is True the message will be considered inbound and will be passed to the Symantec Premium Anti-Spam engine for scanning.

The value is determined exclusively by the InternalSMTPServers value on the Exchange Hub / Edge Server. If the connecting IP address is from a machine that is not listed on the InternalSMTPServer list the message will be flagged as inbound.

Resolution

If messages originating in your environment are being identified as SPAM you must determine whether the message is being correctly identified as arriving from an Internal SMTP Server.

To check what SMTP servers are considered internal on the Exchange server run the command.

Get-TransportConfig 

Review the values for InternalSMTPServers. If internal servers that connect to this Hub / Edge server are not present they can be added by using the following command

Set-TransportConfig -InternalSMTPServers

Followed by the IP addresses of the servers you wish to add seperated by comma's.

For an explanation of how to use this command from Microsoft please visit the Microsoft Knowledge base

technet.microsoft.com/en-us/library/bb201691.aspx.

This command will not run on a Microsoft Edge server, in order to set the InternalSMTPServers on an Edge server the command must be ran on the Hub server that the Edge server synchronises with and then run EdgeSync using the following command

Start-EdgeSynchronization -Server <hub server>

Where <hub server> is the server from which you wish to initialise the Edge synchronisation. For further details on this command please refer to the Microsoft Knowledge Base

http://technet.microsoft.com/en-us/library/aa996383.aspx

Please be advised Symantec are unable to accept any responsibility for changes made to your Exchange Environment as a result of the information provided here. You are advised to test any modifications prior to introducing them in your production environment and are strongly advised to ensure that any changes can be backed out. 

For any further information on these changes please refer to Microsoft.

 

 

 


Applies To

Windows 2008

Exchange 2007 / 2010

Symantec Mail Security for Microsoft Exchange.