How to troubleshoot Symantec Mail Security for Microsoft Exchange (SMSMSE) When Symantec Premium AntiSpam (SPA) fails to detect SPAM or effectiveness is low
search cancel

How to troubleshoot Symantec Mail Security for Microsoft Exchange (SMSMSE) When Symantec Premium AntiSpam (SPA) fails to detect SPAM or effectiveness is low

book

Article ID: 177173

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

The Symantec Premium AntiSpam (SPA) component of Symantec Mail Security for Microsoft Exchange (SMSMSE) is not detecting spam emails or the effectiveness is low.

Environment

 

  • 64-bit = Symantec Mail Security for Microsoft Exchange 7.9.x or later.
  • 32-bit = Symantec Mail Security for Microsoft Exchange 7.5.x or earlier.

Resolution

To troubleshoot this issue perform the following tasks in this order:

A. Fix possible license problems.

B. Enable and Configure Premium AntiSpam.

C. Confirm InternalSMTPServers is not preventing Antispam processing with Exchange 2007 and later.

D. Confirm transport agent priority for Exchange 2007 and later.

E. Remove all existing SPA rules and download new ones

F. Invalid records under the Allowed Senders list.

G. Confirm X-Brightmail-Tracker is present on messages from External senders.

 

A. Fix possible license problems

1. Stop the following Windows services:

Symantec Mail Security for Microsoft Exchange
Symantec Mail Security Utility Service

2. Open Windows Explorer to the following directory:

C:\ProgramData\Symantec Shared\Licenses
 
Note: ProgramData is a hidden folder by default.
 
3. Open each SLF file and copy the Premium AntiSpam and Anti-Virus licenses to a temporary directory. Remove the original license files you copied from the directory

These licenses have one or both of the following XML nodes present:

<name>SAVFMSE Virus Definitions</name>
<name>Brightmail AntiSpam Content</name>

4. Remove the file SPALicense.slf from the following directory:

64-bit: <Drive:>Program Files\Symantec\SMSMSE\<version>\Server\SpamPrevention
32-bit: <Drive:>Program Files (x86)\Symantec\SMSMSE\<version>\Server\SpamPrevention
where <version> is replaced with the version of SMSMSE installed.  The following is an example for SMSMSE 6.5 32-bit:

C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention

5. Remove the files cert.pm and cert.pem, if they exist, from the following directory: 

64-bit: <Drive:>Program Files\Symantec\SMSMSE\<version>\Server\etc
32-bit: <Drive:>Program Files (x86)\Symantec\SMSMSE\<version>\Server\etc
where <version> is replaced with the version of SMSMSE installed.  The following is an example for SMSMSE 6.5 32-bit:

C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\etc

6. Remove all the .slf files, if they exist, from the following directory:

64-bit: <Drive:>Program Files\Symantec\SMSMSE\<version>\Server\UPLOADS
32-bit: <Drive:>Program Files (x86)\Symantec\SMSMSE\<version>\Server\UPLOADS
where <version> is replaced with the version of SMSMSE installed.  The following is an example for SMSMSE 6.5 32-bit:

C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\UPLOADS

 7. Start the following Windows services:

Symantec Mail Security for Microsoft Exchange
Symantec Mail Security Utility Service

8. Open the SMSMSE console and verify that it is in a Not Licensed state. If it is still licensed, repeat steps 1-7.

9. Install the SPA and Anti-virus licenses previously saved.

a. Open the SMSMSE Administration console.
b. On the left menu choose Admin > Licensing.
c. Once on the Licensing screen click Browse... and browse to the license file location.
d. After selecting the license file click Install.
e. Check the license status at the top of the licensing screen to verify that the license was installed and accepted.
f. If the license includes SPA, the following prompt may be seen:


Symantec Premium AntiSpam license installed on the server <your server name>. Enable and configure Premium AntiSpam to activate the service.

g. If you received an error about an expired certificate during registration, see: https://knowledge.broadcom.com/external/article/194705 

 

B. Enable and Configure Premium AntiSpam 

a. Open the SMSMSE Administration console.
b. Click the Policies tab.
c. In the middle pane click Premium AntiSpam Settings.
d. Check the checkbox Enable Symantec Premium AntiSpam.
e. Check the checkbox Reject the message under the section If message is Spam.
f. Click the Deploy Changes button.

For more information on SPA in SMSMSE see the following article: Overview of Premium AntiSpam in Symantec Mail Security for Microsoft Exchange.

 

C. Confirm InternalSMTPServers is not preventing Antispam processing with Exchange 2007 and later.

Spam is not detected when Symantec Mail Security for Microsoft Exchange (SMSMSE) is installed on an Microsoft Exchange Edge or Hub server.

D. Confirm transport agent priority for Exchange 2007 and later.

Spam is Not Detected When Symantec Mail Security for Microsoft Exchange (SMSMSE) Transport Agents are Low Priority

E. Remove all existing SPA rules and download new ones

How to remove all Symantec Premium AntiSpam (SPA) rules for troubleshooting purposes

F. Invalid records under the Allowed Senders list.

         Emails are not getting scanned by Premium Antispam (SPA) when invalid format email address is added to Allowed Senders list.

G. Confirm X-Brightmail-Tracker is present on messages from External senders.

All messages processed by Premium Antispam will contain an X-Header named X-Brightmail-Tracker.  If this header is not present in the full message headers the message was not processed for spam.  This could be due to whitelisting or a technical issue preventing the processing of the message.  Several of the steps presented earlier in this article were desgined to resolve some of the common causes for the tracker to not be present.

Example:  X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrEKsWRWlGSWpSXmKPExsXCpdPEqdtp6BttMH........

To view the full message headers of a message you will need to locate the option.  The default method is different between different versions of Outlook and OWA.  The following is a method to add "Message Options" to the ribbon bar in multiple versions of Outlook.  This allows you to view the message headers without having to either open or preview the message.

           Outlook 2010, 2013, 2016

  1. File > Options
  2. Select the Quick Access Toolbar on the left.
  3. Set the “Choose commands from” dropdown list to: Commands Not in the Ribbon
  4. From the command list select: Message Options
  5. Press the Add >> button.
  6. Press OK.

Outlook Web Access (OWA) is dependant on not only the version of Exchange but the options can differ based on the used web browser.  For the specific method of viewing the full "Internet Message Headers" using OWA consult Microsoft documentation.