Video Screencast Help

Too much spam with Mail Security for Exchange

Created: 25 Jun 2013 | 5 comments

Exchange Server 2010

Symantec Mail Security For Exchange 6.5.6.268

Premium antispam enabled and configured.

A lot of users are complaining about excessive spam.   I'm looking at one user's mailbox and they have 20 spam messages in 1 hour this morning.    This user complains about an average of over 100 per day that they just delete.

In the Premium AntiSpam Actions I have if message is spam, reject.   If SCL > 5 then add to subject line suspected spam.    There is no "Suspected Spam" emails.

I verified that the license is still current and I am using Rapid Release schedule with today's definitions.

What else can I do?

Should I enable to disable exchange's built in spam filters?

Operating Systems:

Comments 5 CommentsJump to latest comment

megamanVI's picture

That seems odd. Maybe there is some configuration setting that is off somewhere else in the application. Also have you checked if your mail server is an open or closed relay?

MonicaDM's picture

Greetings Performance Consulting,

This happens at times when the bm_rulesets start to accumulate. The bm_rulesets are the rules that SMSMSE compares messages to determine if they are spam or not. The rulesets should update every 1 to 3 minutes, however, there are instances when one or more of the rulesets get stuck and the spam effectiveness drops considerably.

There is an easy solution to this. I am posting the step by step instructions in the following link. It is a simple as stopping the services, deleting the existing rulesets and starting the services.

www.symantec.com/docs/TECH84147

If this does not resolve the issue, you may consider creating a technical support case. At that point, a technician will be able to assist with why the messages are not being detected.

Please post back if there are any other questions.

Have a great day!

Monica

Performance Consulting's picture

The issue was that the exchange 2010 spam filters were running.    I would think the installer would address it but it does not.    Exchange was marking the messages as good and thus bypassing symantec.

I will look at that doc

One issue that I do not understand is that I constantly get spam from these 3 addresses on 3 seperate clients.

jConnect <message@inbound.j2.com>

Xerox WorkCentre <Xerox.Device4@mydomainname.com>

HP Digital Device <HP.Digital2@mydomainname.com>

They typically have zip files with exe inside but mail security does not catch them.   Nor can I figure out how to just block the names they are coming from.

MonicaDM's picture

Mail Security for Exchange does not actually address the spam filters that are running in Exchange because a lot of companies use both as an extra layer of protection. To get around that specific issue in SMSMSE, you can disable Fast Pass in the Premium Antispam settings. Fast Pass looks at a message to see if it has been scanned or accepted previously and if it has, it is not scanned again.

Regarding the emails you are receiving with the zip files, you can create a rule to filter these by domain name or by subject line or keyword in the subject line. You can find step by step information on creating these rules on Page 117 in the Implementation Guide located at http://www.symantec.com/business/support/index?pag....

Monica

Skipton's picture

When Mail Security installs, it adds its transport agents to the end of the list. If you already have Exchange's Spam filters on, this can cause our transport agents to be as low as 10 & 11. This means that when Spam comes to the server it is delivered before Mail Security even sees it. 

In the Exchange Management Shell, performe the command Get-TransportAgent to find out whether or not the SMSMSE agents are at 4 & 5. This document will provide you with the commands to put our transport agents in the proper place: http://www.symantec.com/docs/TECH95584