The antispam engine does not detect spam when the sending server uses authenticated SMTP.
SMSMSE does not scan messages from authenticated SMTP servers.
Upgrade to SMSMSE 6.5.2 or higher.
There are two possible solutions, depending on how Exchange has been set up to bypass these SMTP sessions:
WARNING: It is highly recommend that you back up your system registry before making any changes. Incorrect changes to your registry could result in permanent data loss or corrupted files. Modify only the keys that are specified. See Backing up the Windows registry before proceeding.
1. Open regedit.
2. In the Registry Editor create the following DWORD key:
32 bit systems: HKEY_LOCAL_MACHINE\Software\Symantec\SMSMSE\<version>\Server\Components\SMTP\DoAntiSpamOnAuthSessionsBool
64 bit systems: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\<version>\Server\Components\SMTP\DoAntiSpamOnAuthSessionsBool
Where <version> is the version of SMSMSE installed. The following is an example of 6.5 installed on a 64-bit system:
3. In right pane right-click DoAntiSpamOnAuthSessionsBool and then click Modify.
4. In Value Data type 1.
5. Exit regedit.
6. Restart the Symantec Mail Security for Microsoft Exchange service.
1. Open the Exchange System Manager
2. Expand the following:
Organization Configuration > Hub Transport > Global Settings > Transport Settings(Properties) > Message Delivery
3. You will see listed one, or more IP addresses
The addresses listed are considered as “whitelisted” by Exchange and will need to be removed for Symantec Mail Security to scan the mail that is coming from them.