Messages not Scanned for Spam When Marked by Microsoft Exchange with an AntiSpam X-Header. Transport Agent Debug Log Shows Message: "Whitelisted by other, bypass SPA"
| Article:TECH123699 | | | Created: 2010-01-05 | | | Updated: 2011-10-27 | | | Article URL http://www.symantec.com/docs/TECH123699 |
Problem
Premium AntiSpam isn't working as well as it should. Some messages are not being blocked by Mail Security for Microsoft Exchange (SMSMSE).
Conditions
- Symantec spam tracker (X-Brightmail-Tracker) is not present on message after it has been delivered.
- Microsoft Exchange version 2007 and higher.
- On Exchange 2007 and higher Transport agent debug log shows the following message when a message is received that should be marked as SPAM:
- Whitelisted by other, bypass SPA
- See the following KB article on how to collect the transport agent debug log: How to obtain a DebugView log file from Symantec Mail Security for Microsoft Exchange 6.x for Microsoft Exchange 2007 or 2010 transport agents
- Microsoft Exchange is assigning an SCL value of -1:
- The message headers passed to SMSMSE contain the following header:
X-MS-Exchange-Organization-SCL: -1
Cause
Premium Antispam does not perform SPAM processing on messages marked by Microsoft Exchange as "not spam".
Solution
Upgrade to SMSMSE version 6.5.2 and higher. These versions ignore Exchange whitelisting and always scan email for SPAM.
Workarounds
- If you feel the messages should not be marked by Microsoft Exchange as "not spam" then configure Microsoft Exchange to not assign an SCL value of minus one.
- Configure SMSMSE to always scan email for SPAM
This Symantec KB article contains some common ways that Microsoft Exchange can be configured to assign an SCL value of minus one: Spam is not detected when Symantec Information Foundation™ Mail Security for Microsoft® Exchange is installed on an Microsoft® Exchange 2007 Edge or Hub server (in a multiple Exchange Server or Clustered environment.)
However this article does not detail every way in which Microsoft Exchange can assign an SCL value of minus one. Please work with Microsoft if this document does not solve the problem.
Perform the following steps on the each computer running SMSMSE:
1. Open regedit.
2. In the Registry Editor create the following DWORD key:
32 bit systems: HKEY_LOCAL_MACHINE\Software\Symantec\SMSMSE\<version>\Server\Components\SMTP\ByPassExchSpamWhitelist
64 bit systems: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\<version>\Server\Components\SMTP\ByPassExchSpamWhitelist
Where <version> is the version of SMSMSE installed. The following is an example of 6.5 installed on a 64-bit system:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\6.5\Server\Components\SMTP\ByPassExchSpamWhitelist
3. In right pane right-click ByPassExchSpamWhitelist and then click Modify.
4. In Value Data type 1.
5. Exit regedit.
6. Restart the following Windows services:
Symantec Mail Security for Microsoft Exchange
Symantec Mail Security Utility Service
Microsoft Exchange Transport service
Technical Information
If you wish to configure SMSMSE 6.5.2 and higher to honor the Exchange whitelisting perform the following steps:
1. Open regedit. 32 bit systems: HKEY_LOCAL_MACHINE\Software\Symantec\SMSMSE\<version>\Server\Components\SMTP\ByPassExchSpamWhitelist HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\6.5\Server\Components\SMTP\ByPassExchSpamWhitelist 3. In right pane right-click ByPassExchSpamWhitelist and then click Modify. Symantec Mail Security for Microsoft Exchange
2. In the Registry Editor create the following DWORD key:
64 bit systems: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\<version>\Server\Components\SMTP\ByPassExchSpamWhitelist
Where <version> is the version of SMSMSE installed. The following is an example of 6.5 installed on a 64-bit system:
4. In Value Data type 0.
5. Exit regedit.
6. Restart the following Windows services:
Symantec Mail Security Utility Service
Microsoft Exchange Transport service
|
|
| Source | ETrack |
| Value | 1679374, 2075093 |
Related Articles
Legacy ID
2010030508083554
Article URL http://www.symantec.com/docs/TECH123699
Terms of use for this information are found in Legal Notices
Thank you.