Yesterday users complained that they have send email to outside but recipient did not received yet. And some of the users are received mail delayed email from Exchange server
Here is the delayed message
Delivery is delayed to these recipients or distribution lists:
From : Microsoft Exchange
To: Muhammad Akther
This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.
Delivery of this message will be attempted until 6/26/2011 3:18:53 PM (GMT+03:00) Kuwait, Riyadh. Microsoft Exchange will notify you if the message can’t be delivered by that time.
ok. we realized that some thing wrong in Exchagne server or in relay. First loged in to Exchange Hub Transport server and checked all the services are up and running. It was running. Then went to Queue viewer to see is there any mails are stuck there. We could able see that so much mails are stuck in Queue
Then we tried to Telnet to Email Gateway ( we are using McAfee Secure mail instead of Edge Transport server) port 25. It’s rejected the telnet session. So the issue has confirmed. Hub cannot talk to Email Gateway.
Next we checked what is blocking from Hub to Mail gateway . Is it firewall? or Antivirus ? or some thing else. The culprit was McAfee Antivirus. There was a patch updated on Mcafee and the solution we found it from one of the Mcafee KB
Here is the solution. you have to go to McAfee EPO server and do the below changes
Outbound SMTP email is blocked by VirusScan Enterprise (VSE) 8.5i and 8.7i Access Protection rule for Port 25.
The Access Protection feature of VirusScan Enterprise 8.x allows specific ports to be blocked. Although standard exclusions are set, these rules must be revised manually according to the environment.
Manually exclude the process that is being blocked.
NOTE: Make sure to use the exact process name as found in the Access Protection log.
- Click Start, Programs, McAfee, VirusScan Console.
- Right-click Access Protection and select Properties.
- Click the Access Protection tab.
- Under Categories on the left, select Anti-virus Standard Protection.
- In the right pane, select Prevent mass mailing worms from sending mail, then click Edit.
- In the Processes to exclude section, type the process name, then click OK to close the Rule details window.
- Click Apply then close the Access Protection Properties window.
After encforce policy in Hub Transport Server Emails start releasing from queue.