Troubleshooting checks for Symantec Mail Security 4.x for SMTP

Article:TECH84352  |  Created: 2006-01-29  |  Updated: 2006-01-27  |  Article URL http://www.symantec.com/docs/TECH84352
Article Type
Technical Solution

Environment

Issue



You installed Symantec Mail Security 4.x for SMTP on a network computer. You need to troubleshoot a problem.


Solution



Use the following sections to help you identify the problem.

Hardware recommendations
  • The antivirus for the SMTP server needs adequate ram and hard disk space to process messages. In this case, more is definitely better.
    Inadequate ram can cause mail flow and other problems for Symantec Mail Security 4.1 for SMTP.
  • Use a local DNS server, rather than a DNS server outside of your local network.


Note: The number of messages a server can process in a given period varies. The variation is due to the variable size of individual messages. The number of processed messages is not an accurate measure of server load.


Operating system checks
Make sure Simple Mail Transport Protocol (SMTP) service is disabled.

Connection Limits
A functional limit exits for concurrent connections in the Symantec product. The limit is 100 for incoming connections and 100 for outgoing connections. This upper limit is not variable or alterable. The limit is generally sufficient for normal operation. The default settings at installation are 30 outgoing and 15 incoming.

Other connection limit conditions
  • The operating system queues all inbound connections over 100.
  • The Symantec Mail Security product queues all inbound connections over 100.
  • Inbound connections remain engaged until receipt of the entire incoming message, then the client disconnects.
  • The local settings for the operating system control when an idle connection terminates.
To check connection limits
  1. Open the Symantec Mail Security for SMTP administrative interface.
  2. In the left pane, click Configuration.
  3. In the right pane, click Setup tab.
  4. Under the SMTP section, check in the Maximum number of outgoing connections box.
    The number of simultaneous connections for outgoing email shows. The default is 30. If you increase the default number, this increase augments the required resources by the program and diminishes performance. Unless you have a compelling reason to do otherwise, accept the default.

    Additional connections are queued when the system processes the maximum number of connections that are allowed. Multiprocessor computers can effectively use more connections than single processors.
  5. Check the Maximum number of incoming connections box.
    The number of simultaneous connections for inbound email shows. The default is 15. Unless you have a compelling reason to do otherwise, accept the default. Setting the number of connections too high can slow processing. Additional connections are queued when the system processes the maximum number allowed.
  6. Click Save Changes.
Queue File Save and SMTP Conversation Logging
These two settings should be disabled. A severe impact to mail flow can result when these settings are not disabled. Symantec Technical Support may ask you to temporarily enable these settings for troubleshooting, otherwise they should remain disabled.

To check Queue File Save and SMTP Conversation Logging settings
  1. Open the Symantec Mail Security for SMTP administrative interface.
  2. In the left pane, click Configuration.
  3. In the right pane, click Diagnostics tab.
  4. Under Queue File Save, in the Queue File Save box, Disable should show.
    If Disable is not displayed, select Disable from the drop-down list.
  5. Under SMTP Conversation Logging, in the Inbound Logging and Outbound Logging boxes, Disable should show.
    If not, then select Disable from the drop-down list.
  6. Click Save Changes.

Quarantine settings
The quarantine setting is set to "Nothing" unless a central quarantine server is in use. If you use a central quarantine server, disable the server, temporarily for troubleshooting purposes.

To check Quarantine settings
  1. Open the Symantec Mail Security for SMTP administrative interface.
  2. In the left pane, click Antivirus Policy.
  3. In the right pane, under Quarantine, the box for "What to quarantine" should show Nothing.
    If Nothing does not show, select Nothing from the drop-down.

Custom Created Lists
Mail delivery can stop when a custom list exceeds the maximum limit or contains input errors.
  • Custom whitelist - 1000 entries
  • Custom Blacklist - 1000 entries
  • Spam Filtering Rules - 100 lines
  • Blocking by subject line - 1000 entries
  • Content Rules - 100 lines for each rule

External relay restrictions
External relay restrictions are located in the Filtering Policy window under Anti-Relay. The “Do not allow, except for listed hosts (one per line) option is the suggested setting. In the box for this setting, specify each entry as an IP address. The IP address reduces DNS dependency.

Symantec recommends you add the IP address of the internal email server(s). Make sure that each IP address that is added to the list has a valid reverse lookup in DNS.

To check external relay settings
  1. Open the Symantec Mail Security for SMTP administrative interface.
  2. In the left pane, click Filtering Policy > Anti-Relay.
  3. In the right pane, under Anti-Relay, make sure the settings are correct for your organization.
  4. Click Save Changes.

Check Exclusions.
Confirm the queues folder is excluded from scans. The default path for the queues folder is:
Symantec Mail Security 4.x for SMTP or later
c:\program files\symantec\smssmtp\local\queues

Symantec AntiVirus 3.x for SMTP or earlier
c:\program files\symantec\savsmtp\local\queues

Check the virus history for the installed antivirus program to see if anything has been quarantined from that directory recently.


Note: If the installed antivirus program is Symantec AntiVirus Corporate Edition 9.x or later client, make sure the email tools are uninstalled.


Check DNS-based Blackhole Lists (DNSBL)
To check DNSBL's, disable all blacklists. After you disable the blacklists check the mail flow. If mail flow resumed, then enable one blacklist at a time until you have identified the problem blacklist.

Blacklists can cause mail delivery issues when they are down or doing maintenance.

Checks for the Queues
You may need to perform maintenance on the queues folder to remove files or to clear.

To delete files in the Queues folder
  1. Open the administrative interface.
  2. In the left pane, click Configuration.
  3. In the right pane, click Setup.
  4. Under Delivery make a note of the number of days email delivery was attempted.
  5. Open Services under Administrative Tools.
  6. In the right pane, right-click the Symantec Mail Security service > Stop.
  7. Open Windows Explorer.
  8. Go to the Queues folder.
    The default location is:
    C:\Program Files\SMSSMTP\local\Queues
  9. Change to the detailed view and sort by date.
  10. Delete the following files when found.
    • Delete any files that are older than the amount of days from Step 4.
    • Delete all files with a zero-byte length.
    • Delete *.bad files.
    • Delete any single *.mes or *.env files. All remaining files should be in pairs by filename

To clear the queue
  1. Open Services under Administrative Tools.
  2. In the right pane, right-click Symantec Mail Security service > Stop.
  3. Go to the Queues folder.
    The default location is:
    C:\Program Files\SMSSMTP\local\Queues
  4. Right-click Queues > Rename.
  5. Change the name to OldQueues.
  6. Click local.
  7. Click File > New Folder.
  8. Type Queues.
    This creates a new Queues folder under local.
  9. Restart the Symantec Mail Security service.

If the new folder restores mail flow, you can presume you have a corrupted email or emails in the OldQueues folder.







Legacy ID



2006032914345554


Article URL http://www.symantec.com/docs/TECH84352


Terms of use for this information are found in Legal Notices