Messages not Scanned for Spam When Marked by Microsoft Exchange with an AntiSpam X-Header. Transport Agent Debug Log Shows Message: "Whitelisted by other, bypass SPA"

Article:TECH123699  |  Created: 2010-01-05  |  Updated: 2014-05-06  |  Article URL http://www.symantec.com/docs/TECH123699
Article Type
Technical Solution


Issue



Premium AntiSpam isn't working as well as it should. Some messages are not being blocked by Mail Security for Microsoft Exchange (SMSMSE).

Conditions 

  • Symantec spam tracker (X-Brightmail-Tracker) is not present on message after it has been delivered.
  • Microsoft Exchange version 2007 and higher.
  • On Exchange 2007 and higher Transport agent debug log shows the following message when a message is received that should be marked as SPAM:
      Whitelisted by other, bypass SPA
  • Microsoft Exchange is assigning an SCL value of -1:
    The message headers passed to SMSMSE contain the following header:

      X-MS-Exchange-Organization-SCL: -1
       

       

    NOTE: This is only one of the whitelist headers that Exchange is capable of assigning, for a complete list, see Anti-Spam Stamps.



 


Cause



Premium Antispam does not perform SPAM processing on messages marked by Microsoft Exchange as "not spam".


Solution



Upgrade to SMSMSE version 6.5.2 and higher. These versions ignore Exchange whitelisting and always scan email for SPAM.

Workarounds

  • If you feel the messages should not be marked by Microsoft Exchange as "not spam" then configure Microsoft Exchange to not assign an SCL value of minus one.

Perform the following steps on the each computer running SMSMSE:

     

 

1. Open regedit.
2.  In the Registry Editor create the following DWORD key:

 

32 bit systems: HKEY_LOCAL_MACHINE\Software\Symantec\SMSMSE\<version>\Server\Components\SMTP\ByPassExchSpamWhitelist
64 bit systems: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\<version>\Server\Components\SMTP\ByPassExchSpamWhitelist

Where <version> is the version of SMSMSE installed.  The following is an example of 6.5 installed on a 64-bit system:

 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\6.5\Server\Components\SMTP\ByPassExchSpamWhitelist

 

3. In right pane right-click ByPassExchSpamWhitelist and then click Modify.
4. In Value Data type 1.
5. Exit regedit.
6. Restart the following Windows services:

 

Symantec Mail Security for Microsoft Exchange
Symantec Mail Security Utility Service
Microsoft Exchange Transport service

 

Technical Information

If you wish to configure SMSMSE 6.5.2 and higher to honor the Exchange whitelisting perform the following steps:

 

1. Open regedit.
2.  In the Registry Editor create the following DWORD key:

 

32 bit systems: HKEY_LOCAL_MACHINE\Software\Symantec\SMSMSE\<version>\Server\Components\SMTP\ByPassExchSpamWhitelist
64 bit systems: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\<version>\Server\Components\SMTP\ByPassExchSpamWhitelist

Where <version> is the version of SMSMSE installed.  The following is an example of 6.5 installed on a 64-bit system:

 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\6.5\Server\Components\SMTP\ByPassExchSpamWhitelist

 

3. In right pane right-click ByPassExchSpamWhitelist and then click Modify.
4. In Value Data type 0.
5. Exit regedit.
6. Restart the following Windows services:

 

Symantec Mail Security for Microsoft Exchange
Symantec Mail Security Utility Service
Microsoft Exchange Transport service

 


Supplemental Materials

SourceETrack
Value1679374, 2075093


Legacy ID



2010030508083554


Article URL http://www.symantec.com/docs/TECH123699


Terms of use for this information are found in Legal Notices