Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1490 Views 8 Replies Latest reply: May 29, 2013 2:34 AM by Aidan RSS
machamma Newcomer 3 posts since
May 12, 2013
Currently Being Moderated

May 20, 2013 2:12 PM

MSME 8 Notifications Blocked by Exchange 2007 Sender ID

Hi!

 

I am not receiving any alerts from MSME.

 

When I set the SenderID of Exchange to "Stamp Message with Sender ID result and continuing processing" I starts to receive the alerts.

 

I noticed on AgentLog from Exchange this:

2013-05-20T18:58:28.918Z,08D01F1274445226,10.10.10.12:25,10.10.10.12:28731,10.10 .10.12,,msme@mydomain.com.br,msme@mydomain.com.br;,sup@mydomain,1, Sender Id Agent,OnEndOfHeaders,DeleteMessage,,Fail_NotPermitted,msme@mydomain.com.br,

 

Also looking at the Header of the Email I see:

 

Received: from server (10.10.10.12) by server.laranjeiras.com.br

(10.10.10.12) with Microsoft SMTP Server id 8.3.297.1; Mon, 20 May 2013

15:48:32 -0300

Date: Mon, 20 May 2013 15:48:31 -0300

thread-index: Ac5ViqAJ0hoHtR4cTme6ylpcBFigVQ==

Message-ID: <91228404FEE1441A82BD89135180606D@domain.com.br>

Content-Transfer-Encoding: 7bit

From: <msme@mydomain.com.br>

X-Mailer: Microsoft CDO for Windows 2000

To: <sup@mydomain.com.br>

Subject: McAfee Security for Microsoft Exchange Alert     

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_402F_01CE5571.7ABC4FB0"

Content-Class: urn:content-classes:message

Importance: normal

Priority: normal

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4913

X-NAI-MSME: 1

Return-Path: msme@mydomain.com.br

X-MS-Exchange-Organization-PRD: mydomain.com.br

X-MS-Exchange-Organization-SenderIdResult: Fail

Received-SPF: Fail (server.domain.com.br: domain of

msme@mydomain.com.br does not designate 10.10.10.12 as permitted sender)

receiver=server.domain.com.br; client-ip=10.10.10.12; helo=server;

X-Auto-Response-Suppress: DR, OOF, AutoReply

 

 

Could you please help me with that? I think that it should be testing the SPF as it is internal..

 

Regards,

Marcos

  • tlange McAfee SME 344 posts since
    Nov 4, 2009

    when msme sends an alert it is sending an eml file to the receive connector or the pickup directory if the server is a hub.  in both cases the email is going to be treated as external.   

  • anee Newcomer 7 posts since
    May 18, 2013

    jpeg.jpg2.jpg

    My users are annoyed with such emails now, its almost 20 to per user in one day. MSME 7.6 Exchange 2007 and windows server 2003.

     

    Why MSME not detecting and blocking them, What should "I do?? Help me tlango(McAfee Man)

     

    Thank you.

  • Aidan McAfee SME 461 posts since
    Nov 4, 2009

    This entry doesn't seem related to topic above - this is not notification related this is a spam issue.

     

    From the details it looks like the spam has been marked with the *****spam**** detail in the subject - but the rest of the header detail would need to be checked to see the total score of all the spam traits found.

     

    Then you would have to know what the low score threshold (under which mail is treated as non-spam and allowed through) and then check the score based action which should have happened.  - look at Gateway Policy - Antispam Settings.

     

    (It would be good to know exact version details of MSME 7.6 (patches/rus/hfs) and E2007 exact version number).     

  • anee Newcomer 7 posts since
    May 18, 2013

    Exch 2007 8.8.83.6

    MSME 7.6.7718.105 no HF no Patch Base install.

    Windows server 2003

     

    My all settings are set to default except GTI threshhold which is 50 now.Anny suggestion to block these spam mails.

    msme.jpg

  • Aidan McAfee SME 461 posts since
    Nov 4, 2009

    Again would need to know the spam score on the mails (in the header of the mail items)

     

    But looks like if the spam score is between 5 and 10 - its allowed through.

    If the Spam score is above 10 and is not getting deleted ensure  HKLM\Software\WOW6432Node\McAfee\MSME - Gateway = 1

    (restart service if this needs changed)

     

    Would strongly recommend to get Patch 1 and RU2 installed - these are both available on the McAfee Download Site and accessible with appropriate grant number.

  • anee Newcomer 7 posts since
    May 18, 2013

    I am sorry machamma,Aidan is listening me here so i will post last time and then you may continue your thread.

    Aidan,

     

    Registery key HKLM\Software\WOW6432Node\McAfee\MSME - Gateway = 1 Exists.

    Email spam score is 7  8 and 9.

    Some of then having spam score 7 are also blocked some time.

    While spam score 8 and 9 never blocked.

    Any suggestion or setting that i shold change.

     

    please suggest me any good workaround because i have to end up this disscussion as per machamma request.

     

    on 5/28/13 5:19:45 AM CDT
  • Aidan McAfee SME 461 posts since
    Nov 4, 2009

    Set Low score to "route to user junk folder"

    or

    if you have a system spam mailbox or mail enabled public folder for spam then specify that in interface - settings & diags - anti-spam as system junk folder and set low score to "route to system junk folder"  

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points