Search

All of Symantec All of Symantec Support Viruses & Risks Home & Home Office Small Business Enterprise Partners VERITAS

Question/Issue:
The Premium AntiSpam (PAS) component of Symantec Mail Security for Microsoft Exchange (SMSMSE) is not detecting spam emails.

Symptoms:
Due to spam volumes and inherent limitations of detection methods, it is considered normal that a small number of spam messages will evade detection. If SMSMSE is not detecting any spam messages, please follow the steps below.

Solution:
To resolve the problem, perform the following tasks in this order:

1. Enable Premium AntiSpam
2. Confirm that Premium AntiSpam is set to reject spam messages
3. Stop Symantec Mail Security services.
4. Fix possible license problems.
5. Fix possible ruleset corruption problems.
6. Restart Symantec Mail Security services.
7. Reinstall your licenses.
8. Re-Enable Premium AntiSpam.
9. Reset IIS to reset the Premium AntiSpam event sink.
10. Set the Default Impersonation Level in DCOM to Identify.
11. Confirm Safelisting of spam is not occuring within Exchange 2007.

To enable Premium AntiSpam

1. In the Symantec Mail Security for Microsoft Exchange interface, in the left pane, click Policies.
2. In the middle pane, click Premium AntiSpam Settings.
3. Check 'Enable Premium AntiSpam.'

To confirm that Premium AntiSpam is set to reject spam messages

1. In the Symantec Mail Security for Microsoft Exchange interface, in the left pane, click Policies.
2. In the middle pane, click Premium AntiSpam Actions.
3. Under 'If message is Spam,' check 'Reject the message.'

The document, Overview of Premium AntiSpam in Symantec Mail Security for Microsoft Exchange includes information about the Premium AntiSpam actions.

If you had to check “Enable Premium AntiSpam” or “Reject the message”, verify that Premium AntiSpam works properly.

To verify that Premium AntiSpam works properly, send an email from an outside email account to an email account within your domain. In the message body, include the following text:

http://www.example.com/url-1.blocked/

Premium AntiSpam should take whatever action you configured for the "If Message is spam" action. If Premium AntiSpam still fails to take whatever action you configured for the 'If Message is spam' action, continue with steps 3-8.

To stop Symantec Mail Security services

1. On the Windows task bar, click Start > Run.
2. In the Run dialog box, in the Open text box, type:
   
   services.msc
   
3. In the Services window, in the right pane, right-click Symantec Mail Security for Microsoft Exchange.
4. On the context-sensitive menu, click Stop.
5. In the Services window, in the right pane, right-click Symantec Mail Security Utility Service. This service is only present when Symantec Mail Security for Microsoft Exchange 6.x is installed.
6. In the context-sensitive menu. click Stop.

A message appears to let you know that the service is stopping.

To fix possible license problems in a Server 2000/2003 environment:

1. Open the C:\Program Files\Common Files\Symantec Shared\Licenses folder.
2. Determine which of the license files are your current Symantec Mail Security license and Premium AntiSpam license.
   The time stamp on the file may help determine which files are the Symantec Mail Security license and Premium AntiSpam license.
3. Move all of the license files to a convenient temporary directory.
4. Open the C:\Program Files\Symantec\SMSMSE\<version>\Server\SpamPrevention folder
5. Delete the file SPALicense.slf
6. Open the C:\Program Files\Symantec\SMSMSE\<version>\Server\etc folder
7. Delete the file cert.pem

You may use the license files when you re-install the licenses.


To fix possible license problems in a Server 2008 environment:

1. Open the C:\Program Data\Symantec Shared\Licenses folder.
2. Determine which of the license files are your current Symantec Mail Security license and Premium AntiSpam license.
   (The time stamp on the file may help determine which files are the Symantec Mail Security license and Premium AntiSpam license.)
3. Move all of the license files to a convenient temporary directory.
4. Open the C:\Program Files\Common Files\Symantec Shared\Licenses folder.
5. Repeat Steps 2-3.
6. Open the C:\Program Files\Symantec\SMSMSE\<version>\Server\SpamPrevention folder
7. Delete the file SPALicense.slf
8. Open the C:\Program Files\Symantec\SMSMSE\<version>\Server\etc folder
9. Delete the file cert.pem

You may use the license files when you re-install the licenses.

To fix possible ruleset corruption problems
See the section below that bests matches your environment:

Windows 2000/2003 environment:
1. Browse to the location where your rulesets are found:

The default location is either:
a. For x86 (usually Exchange 2003 or earlier): <sys vol>:\Program Files\Symantec\SMSMSE\<version>\Server
b. For a 64-bit machine (usually Exchange 2007 or later): <sys vol>:\Program Files(x86)\Symantec\SMSMSE\<version>\Server
2. Delete all BM_Rulesets folders.
3. Delete the following files:  .sequence.0, .sequence.2,  blrm, hashes
(Note: In the 6.0.8.x installed version of SMSMSE the .sequence.0, blrm files do not exist.)
4. Restart IIS from the IIS Console:
a. Open the Internet Information Services ( Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager)
b. Right-click on the name of your server and go to All Tasks > Restart IIS
Note: This generally only takes about 2-5 minutes, depending on the machine.
Warning: This will reset anyone logged into OWA and will reset websites hosted from this machine through this IIS.
5. Start the Symantec Mail Security for Microsoft Exchange service.
Note: You do not need to start the Spam Statistics or Utility Service these are automatic

Exchange 2007 on Windows 2003/2008 Environment:

1. Browse to the location where your rulesets are found:
The default location is:
<sys vol>:\Program Files(x86)\Symantec\SMSMSE\<version>\Server
2. Delete all BM_Rulesets folders.
3. Delete the following files:  .sequence.0, .sequence.2,  blrm, hashes
(Note: In the 6.0.8.x installed version of SMSMSE the .sequence.0, blrm files do not exist.)

4. Restart the Exchange Transport Service once you have started the Symantec Mail Security service (See below).

Helpful link:
Please see the following document for complete instructions for your environment:
'Suspected corruption in the BM_Rulesets for Premium AntiSpam in the Symantec Mail Security for Microsoft Exchange product.'
Document ID: 2006011716254054


To start Symantec Mail Security services

1. On the Windows task bar, click Start > Run.
2. In the Run dialog box, in the Open text box, type
   
   services.msc
   
3. In the Services window, in the right pane, right-click Symantec Mail Security for Microsoft Exchange.
4. On the context-sensitive menu, click Start.

Note: You do not need to start the Spam Statistics or Utility Service these are automatic

A message appears to let you know that the service is starting.

To re-install your licenses for Symantec Mail Security 5.0 or 6.0 for Microsoft Exchange

1. In the Symantec Mail Security for Microsoft Exchange interface, in the left pane, click Admin.
2. In the middle pane, click Licensing.
3. In the right pane, under Step 3, do one of the following:
   • In the Enter path to the license file text box, type the full path to your license file.
   • Click Browse, browse to the license file, and then click Open.
4. Click Install.
5. Repeat steps 3 and 4 for the other license.

Your license files are installed.

To re-install your licenses for Symantec Mail Security 4.6 for Microsoft Exchange

1. In the Symantec Mail Security 4.6 for Microsoft Exchange window, expand Tasks.
2. Click Install/Renew License.
3. In step 3 of the Install/Renew Licenses panel, do one of the following:
   • Type the fully qualified path to the license file, and then click Next.
     If the license file does not reside on the same computer, you can specify a mapped drive or UNC path to the file.
   • Click Browse, select the license file, and then click Next.
     If the License File does not reside on the same computer, you can locate the file in My Network Places.
4. Click Install to install the license file.

Perform this procedure for your Symantec Mail Security license and repeat it for your Premium AntiSpam license.

To reset IIS.

1. On the Windows taskbar, click Start > Run.
2. In the Run dialog box, in the Open text box, type
   
   iisreset.exe /restart
   
3. Click OK.

IIS restarts.

If after completing these steps, Premium AntiSpam fails to take proper actions against the http://www.example.com/url-1.blocked/ test string, please consider the following:

• Premium AntiSpam cannot scan email traffic outside of standard SMTP. It will not work on a POP3 or custom email connector.
• Premium AntiSpam will not scan traffic coming over an authenticated SMTP connection. This means that if email is first received at a front end/gateway server, and it is then routed to a back-end Exchange server with Premium AntiSpam installed, Premium AntiSpam will not work. Read Spam from authenticated SMTP servers is not detected in Symantec Mail Security for Microsoft Exchange version 4.x or version 5.x.

To set the Default Impersonation Level in DCOM to Identify on Windows 2003

1. On the Windows taskbar, click Start > Run
2. In the Open box, type the following text:
   dcomcnfg
3. Press Enter.
4. In the left pane, expand Component Services > Computers.
5. Right-click My Computer > Properties.
6. Click Default Properties.
7. For Default Impersonation Level, click Identify.
8. Reboot the computer.

To set the Default Impersonation Level in DCOM to Identify on Windows 2000

1. On the Windows taskbar, click Start > Run.
2. In the Open box, type the following text:
   dcomcnfg
3. Press Enter
4. Click Default Properties.
5. For Default Impersonation Level, click Identify.
6. Reboot the computer.

To confirm safelisting of spam is disabled in Exchange 2007

Read Premium Antispam fails to detect spam or performs poorly on Windows Server 2008 Small Business Edition.

References:
'Error: "You have insufficient permission to access this application" with Symantec Mail Security 5.x for Microsoft Exchange'
http://service1.symantec.com/support/ent-gate.nsf/docid/2005121915194554

Document ID: 2007020615531854
Last Modified: 10/30/2009
Date Created: 02/06/2007
Operating System(s): Windows 2000 Server SP4, Windows 2000 Advanced Server SP4, Windows Server 2003 Standard SP1, Windows Server 2003 Advanced SP1, Windows 2000 Server/Advanced Server/Data Center SP4, Windows Server 2003 Standard/Enterprise/Data Center (no SP required), Exchange 2000 Server SP3/Enterprise Server, Exchange Server 2003/Enterprise Server
Product(s): Symantec Mail Security 4.6 for Microsoft Exchange, Symantec Mail Security 5.x for Microsoft Exchange, Symantec Mail Security 6.0 for Microsoft Exchange
Release(s): 5.0 [All Releases], SMS 4.6 [All Releases], SMSMSE 6.0 [All Releases]

Site Index · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements