[KB3411] Is ESET Mail Security for Microsoft Exchange Server blocking my email? (4.x)

Solution

End of support for version 4 ESET Mail Security and File Security products

ESET Mail Security version 4 and ESET File Security version 4 have reached End of Life status. These products are no longer receiving detection updates to protect against malware. You must upgrade to a more recent version in order to be protected against threats.

 

I. Check the ESET Mail Security Antispam logs

  1. Ensure Antispam logging is enabled (it is enabled by default):
    1. Open ESET Mail Security. How do I open my ESET product?
       
    2. Press the F5 key to display the Setup window.
       
    3. Expand Server protectionMicrosoft Exchange Server, click Log files and then verify that the check box next to Log spam score is selected. If it is not, select the check box and click OK.

Figure 1-1
Click the image to view larger in new window

  1. Verify if ESET Mail Security processed the email by checking the Antispam log:
  1. If the email is in the Antispam log, check the action taken on the email:
  1. If ESET Mail Security handled the valid email as spam, please see the following Knowledgebase article:

NOTE:

For more information about Mail Security Spam scores and categories, please see the Antispam log section in the ESET Mail Security User Guide.

 

II. Check if the email was blocked by ESET Mail Security Greylisting

  1. Check if Greylisting is enabled:
    1. Press the F5 key to display the Setup window.
       
    2. Expand Server protectionAntispam protectionMicrosoft Exchange Server and click Transport agent.
       
    3. Verify that the check box next to Enable Greylisting is selected. If it is not, select the check box and proceed to step 2.

Figure 1-2
Click the image to view larger in new window

  1. Check if Greylisting actions are logged:
    1. Expand Server protection Microsoft Exchange Server and click Log files.
       
    2. Select the check box next to Log Greylisting activity and click OK.

Figure 1-3
Click the image to view larger in new window

  1. Check if there is an entry in the Greylisting log for the sender’s address or domain:
  1. If there is an entry in the Greylisting log for the sender’s address/domain, check the action taken:
    • Rejected: The incoming message was denied using the basic precept of Greylisting (the first delivery attempt is rejected)
    • Rejected (not verified): The incoming message was redelivered by the sending server, but the time limit to deny the connection has not elapsed yet (the time limit starts after the initial connection denial and must elapse before email from the sender’s server will be accepted)
    • Verified: The incoming message was redelivered several times by the sending server, the time limit for the initial connection denial has elapsed and the message was successfully verified and was direct to the other filters within ESET Mail Security

NOTE:

For more information about Greylisting in Mail Security, please see the Spam Filtering - Greylisting section in the ESET Mail Security User Guide.

 

III. Verify the email was received and delivered using Exchange Message Tracking


IV. Verify if there is another Antispam appliance or program in your organization

  • Check if there are any other antispam programs installed on the server or workstations
  • Check if there are any external antispam hardware appliances on your network
  • Check if the MX record for your domain is directed to a third-party email host; if so, do they have antispam or antivirus scanning of your email?
  • Check the header(s) of an email that was received correctly by the intended recipient; if other antispam programs scanned the email, they may write information to the header (for example, the Exchange 2013 Antispam module will write headers using this format): http://technet.microsoft.com/en-us/library/aa996878(v=exchg.150).aspx

Extra hulp