Email messages have been Quarantined by Symantec Mail Security for Microsoft Exchange (SMSMSE) due to a violation with an action specified to Quarantine.  When attempting to "Release by mail..." an Email message from Quarantine to a recipient the command completes successfully and the Email is no longer listed in the Quarantine console.  However, the desired recipient never receives the message.

After attempting to release a message from Quarantine to a specific recipient run the following command inside the Exchange Management Shell to determine the failure.

(Note: "Start" is a date/time just prior to the release attempt.)

Get-MessageTrackingLog -EventID Fail -Recipients "[email protected]" -Start "MM/DD/YYYY hh:mm:ss"

Example:  Get-MessageTrackingLog -EventID Fail -Recipients [email protected] -Start "1/24/2017 12:30:00"

Expected result:

EventID           Source       Sender                                   Recipients                           MessageSubject
-------                  ------             ------                                     ----------                                   --------------
Fail                SMTP            [email protected]   [email protected]    This item has been released from quarantine...

To determine if the conditions for this article are met please perform the following steps.

1. Open Exchange Management Shell as Administrator.
2. Run the command:  Get-TransportAgent

If the following Exchange Antispam Agents are listed then the conditions are met.

• Sender ID Agent
• Sender Filter Agent
• Recipient Filter Agent
• Protocol Analysis Agent
• Content Filter Agent

Releasing messages from Symantec Mail Security for Microsoft Exchange (SMSMSE) generates a new email that is sent as an Anonymous sender to the IP address listed under Monitors>Notification Settings.  If the Receive Connector accepts the message the object is removed from the SMSMSE console due to the expectation that the Receive connector will deliver the message.

In this instance what is occurring is one of the listed Exchange Antispam Agents are detecting the message and taking an action after accepting the email from Symantec Mail Security for Microsoft Exchange.

To resolve the issue identify which Exchange Antispam Agent is causing the issue.

1)  In the Exchange Management Shell run each of the following commands in order choosing "Y" when prompted.

• Disable-TransportAgent -identity "Sender ID Agent"
• Disable-TransportAgent -identity "Sender Filter Agent"
• Disable-TransportAgent -identity "Recipient Filter Agent"
• Disable-TransportAgent -identity "Protocol Analysis Agent"
• Disable-TransportAgent -identity "Content Filter Agent"
• Restart-Service MSExchangeTransport

2)  Confirm the issue has been resolved by releasing a message from Quarantine.

3)  If the issue has been resolved run one of the following commands followed by "Restart-Service MSExchangeTransport" in the Exchange Management Shell.

(Note:  It is required to restart the MSExchangeTransport service for changes to the Transport Agents to go into effect.)

• Enable-TransportAgent -identity "Sender ID Agent"
• Enable-TransportAgent -identity "Sender Filter Agent"
• Enable-TransportAgent -identity "Recipient Filter Agent"
• Enable-TransportAgent -identity "Protocol Analysis Agent"
• Enable-TransportAgent -identity "Content Filter Agent"

4)  Attempt releasing a message after enabling each of the above agents. 

After identifying the Agent at fault you have one of two options:

1. Disable the impacting agent.
2. Contact Microsoft for assistance in configuring the agent in a way that prevents False Positive detections.