How to troubleshoot notification and release by mail problems with Mail Security for Microsoft Exchange

book

Article ID: 178145

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

Symantec Mail Security for Microsoft Exchange (SMSMSE) takes action against emails as configured, but the notification it is supposed to send never arrives.

When clicking "Release by Mail" in the Quarantine view, the item disapears from the view, but never arrives at the intended destination. If the Quarantine view is refreshed, the item is once again displayed.
 

Cause

There are several potential causes, depending upon the behavior:

  1. SMSMSE's notification settings are configured incorrectly.
  2. Exchange is not configured to allow anonymous senders.
  3. The policy that was triggered is not configured to send a notification.

Environment

  • Exchange 2007
  • Exchange 2010
  • Exchange 2013
  • Exchange 2016

Resolution

If no notifications are being received, complete the following steps:

If an upgrade was done see the following article: After upgrade email sent from Symantec Mail Security for Microsoft Exchange (SMSMSE) may not be received and quarantine threshold settings may have changed.

Insure the notification settings are correct:

  1. Open the console and navigate to Monitors -> Notification settings.
  2. Make sure the "SMTP server hostname or IP address for sending email notifications" is set to an IP/hostname that accepts traffic for Exchange on port 25 (SMTP).
  3. Make sure the "Address of sender to use in email notifications" is a correct, fully qualified email address (e.g. <name>@<domain>.com)
  4. Make sure the "Administrator or others to notify" is a correct, fully qualified email address.


If settings for notifications are correct, but notifications are still not received, verify Exchange is configured to allow anonymous senders:
 

  1. Open the Exchange management console on the server defined as "SMTP server hostname or IP address for sending email notifications"
  2. Expand Server Configuration -> Hub Transport.
  3. Right-click the receive connector in use for inbound email to this server (by default this will be called Default <hostname of server>) and select Properties
  4. Select the Permission Groups tab, and verify "Anonymous users" is checked, if not, check it and apply the change.


Test to make sure notifications are now functioning correctly by performing an action that should trigger a notification.

If no notification is received, complete the following steps to narrow down root cause: 

  1. Open a command prompt on the Exchange server sending the notification (Start -> Run, CMD, Ok).
  2. At the command prompt window type "telnet <hostname/ip defined in the notification settings>25"
  3. A banner similar to "220 <server hostname> Microsoft ESMTP MAIL Service Ready at <date/time>" should be displayed.
  4. Type helo <domain name defined as "Address of sender to use in email notifications"> (for example helo domain.com) and press Enter
  5. The response should be" 250 <server hostname> Hello [server IP address"], if it is not, investigate the actual return code, this is likely to be the cause of the notification problems.
  6. Type mail from: <"Address of sender to use in email notifications"> (for example mail from: [email protected]) and press Enter
  7. The response should be "250 2.1.0 Sender OK". If it is not, investigate the actual return code, this is likely to be the cause of the notification problems.
  8. Type rcpt to: <"Administrator or others to notify"> and press Enter
  9. The response should be "250 2.1.5 Recipient OK". If it is not, investigate the actual return code, this is likely to be the cause of the notification problems.
  10. Type Data and press enter
  11. The response should be "354 Start mail input; end with <CRLF>.<CRLF>"
  12. Type Subject: Testing and press enter
  13. Type Test and press enter.
  14. On a line by itself, enter a period <.> and press enter
  15. The response should be "250 2.6.0 <message [email protected]> Queued mail for delivery.

If the final response returns:  "451 4.7.0 Temporary server error. Please try again later. PRX2" check the DNS configuration assigned to the NIC.  This error can occur if one or more non-internal DNS servers are configured.

If these tests all work successfully, but notifications are still not received, please download the Mailtool.rar to collect a verbose output MailTool.rar
Instructions for use:

  1. Unpack the RAR file on the Exchange server you are testing
  2. Open the SMSMSE console, and navigate to Monitors -> Notification settings.
  3. Note the “Address of sender to use in email notifications” (referred to from this point on as “sender”).
  4. Note the “Administrator or others to notify” (referred to from this point on as “recipient”)
  5. Note the “SMTP server hostname or IP address for sending email notifications” (referred to from this point on as “server”)
  6. Run SendMail.exe
  7. When prompted “Enter message TO:” type the recipient from step 4 and press enter
  8. When prompted “Enter message FROM:” type the sender from step 3, and press enter
  9. When prompted “Enter message SERVER:” type the server from step 5, and press enter
  10. After the script completes, locate the “SendMailLog.txt” and submit a copy for analysis



If some notifications are received but not all, the problem is likely that the policy that was expected to send a notification is not configured to send notifications. Verify the notification settings for the policies in one of the following ways:

For content filtering rules:

  1. Open the console, go to Policies -> Content Filtering Rules.
  2. Locate the rule in question, right click, and select Edit Rule...
  3. Click the Notifications Tab, and verify that the appropriate boxes are checked.
  4. If notify administrator is the desired action, and it is checked, verify the email address of the administrator is defined correctly under Monitors -> Notification settings. Use a fully qualified address (e.g. <name>@<domain>.com).


For virus rules:

  1. Open the console, go to Policies -> Antivirus Settings
  2. Select the virus rule you expected to send a notification (either Basic Virus rule, Unrepairable virus rule, or Security Risk rule)
  3. Make sure Notify Administrators (or the desired notification) is checked.
  4. If notify administrator is the desired action, and it is checked, verify the email address of the administrator is defined correctly under Monitors -> Notification settings. Use a fully qualified address (e.g. <name>@<domain>.com).







 

 

 

 

Attachments

MailTool.rar get_app