IT Infrastructure blog

June 25, 2011

McAfee blocked Hub transport server releasing emails from queue

Filed under: Exchange 2007,McAfee EPO — Akther @ 2:53 pm
Tags:

Yesterday users complained that they have send email to outside but recipient did not received yet. And some of the users are received mail delayed email from Exchange server

Here is the delayed message

—————————————————————————————————————————————————–

Delivery is delayed to these recipients or distribution lists:

From : Microsoft Exchange 

To: Muhammad Akther

Subject: hi

This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.

 Delivery of this message will be attempted until 6/26/2011 3:18:53 PM (GMT+03:00) Kuwait, Riyadh. Microsoft Exchange will notify you if the message can’t be delivered by that time.

—————————————————————————————————————————————————–

ok. we realized that some thing wrong in Exchagne server or in relay. First loged in to Exchange Hub Transport server and checked all the services are up and running. It was running. Then went to Queue viewer to see is there any mails are stuck there. We could able  see that so much mails are stuck in Queue

Then we tried to Telnet to Email Gateway ( we are using McAfee Secure mail instead of Edge Transport server) port 25. It’s rejected the telnet session. So the issue has confirmed. Hub cannot talk to Email Gateway.

Next we checked what is blocking from Hub to Mail gateway . Is it firewall? or Antivirus ? or some thing else. The culprit was McAfee Antivirus.  There was a patch updated on Mcafee and the solution we found it from one of the Mcafee KB

Here is the solution. you have to go to McAfee EPO server and do the below changes

Problem

Outbound SMTP email is blocked by VirusScan Enterprise (VSE) 8.5i and 8.7i Access Protection rule for Port 25.
 

Cause

The Access Protection feature of VirusScan Enterprise 8.x allows specific ports to be blocked. Although standard exclusions are set, these rules must be revised manually according to the environment.
 

Solution

Manually exclude the process that is being blocked.
 
NOTE: Make sure to use the exact process name as found in the Access Protection log.
  1. Click Start, Programs, McAfee, VirusScan Console.
  2. Right-click Access Protection and select Properties.
  3. Click the Access Protection tab.
  4. Under Categories on the left, select Anti-virus Standard Protection.
  5. In the right pane, select Prevent mass mailing worms from sending mail, then click Edit.
  6. In the Processes to exclude section, type the process name, then click OK to close the Rule details window.
  7. Click Apply then close the Access Protection Properties window. 

 

After encforce policy in Hub Transport Server Emails start releasing from queue.

Reference :

 https://kc.mcafee.com/corporate/index?page=content&id=KB50707

Regards

Akther

 

Advertisements

1 Comment »

  1. Thanks Akther, it’s very useful.

    Comment by lakkireddymadhu — January 25, 2014 @ 9:42 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: