After updating the Symantec Messaging Gateway (SMG) scanner version or restarting the MTA, the MTA begins deferring all connections. The Status->Hosts->Software and Services page shows both the MTA and Brightmail Engine processes running but checking the Brightmail Engine status from the command line shows that it is not listening to port 41000 and is using a large amount of cpu:
This issue may be the results of a failure to complete loading of the local reputation rules. In some cases, an incorrectly entered network block in the Reputation->Bad Senders->Local Bad Sender IP list can cause the Brightmail Engine to hang while attempting to process the list of network blocks. This is a normal operation for the Brightmail Engine and so it does not generate an error but with a large number of network blocks in the Local Bad Sender IP list and a significantly large network block entered in error, the process of building the internal list of blocked IPs and networks takes far longer than expected.
This has been fixed in SMG 10.5.2. Please update when able.
If immediate attention is needed or you are unable to update, the following can be done:
If one of the network blocks in the Local Bad Sender IP list has a netmask lower than 8 and overlaps other network blocks in the list the issue may be addressed by modifying the Local Bad Sender IP list as follows:
Remove the network block with the low network mask or remove the network blocks it overlaps from the list by selecting the network block to be removed, clicking Delete
Save the changes by clicking Save.
Go to the Administration->Hosts->hostname->Edit Host Configuration page
Select the Brightmail Engine service
Alternately, the Brightmail Engine process may be restarted from the Command Line Interface (CLI) by
Log into the CLI on the affected scanner as admin
service mta restart to reload the mta and brightmail engine process
You can confirm that this has addressed the issue by checking that the bmserver process has allocated port 41000