Spam effectiveness is lower than expected.  Messages that appear to be spam are not being blocked by Symantec Mail Security for Microsoft Exchange (SMSMSE). 

The following conditions are true:

• Messages from an external source (such as missed spam) contain the message header:  X-Brightmail-Tracker
• All bm_ruleset.* folders  at <SMSMSE Install Path>\Server\ have a date modified value older than one day.
• Conduit.log located located at <SMSMSE Install Path>\Server\logs\ displays error messages similar to the following: 

2018-09-13T00:00:56+02:00 (ERROR:9772.8464): [12034] Network error occurred, SSL certificate problem: unable to get local issuer certificate (60), check your network connection settings, check your proxy settings (if applicable), and check to ensure that port 443 (HTTPS) is open through any relevant firewalls.

SMSMSE requires an open outbound connection over port 443 to aztec.brightmail.com in order to download the latest antispam rulesets.

Open the network connection to allow the SMSMSE server to connect to aztec.brightmail.com over port 443.  Commonly, a proxy or firewall is the device preventing the connection from successfully being established.

Additional notes:

For SPAM filtering effectiveness; please ensure there are no restrictions at any given time on the connection between SMSMSE and Symantec brightmail hosts.  Optimal effectiveness requires ruleset downloads to occur as timely as possible.

The SPAM rulesets updates are typically no more than 5 to 10 minutes with the exception of some specific rulesets.

The following are the hostnames and ports required for registration of Premium Antispam and ruleset downloads:

Note:   Selecting each of the links above should return an OK response.   If it doesn't, you may have a firewall or proxy issue.