5 Replies Latest reply: Aug 23, 2014 9:07 AM by brachole RSS

    Enterprise 8.8 blocking SMTP Port 25

    brachole

      Hi, I have Enterprise 8.8 installed on a Server 2008r2. I'm running a few websites on the server where certain applications are sending email confirmation using CDOSYS. I have configured IIS6 with port 25 and local host for SMTP and also made sure SMTP was installed and running in my services. The problem is this. Everytime the ASP page sends an email, the mail gets stuck in the Queue folder in mailroot and is never sent untiol I reboot the entire server.

       

      I tried restarting both IIS6 and SMTP without success. If I reboot the server, then the mail is sent successfully. However, mail gets stuck in Queue again once the server is fully booted. So I'm suspecting that McAfee is blocking port 25 and mail is sent right before McAfee is started.

       

      I understand that McAfee Enterprise is blocking Port 25, but how do I add that exception?

       

      In the McAfee Virus Console, I go to Access Protection and then to Anti-Virus Standard Protection. I can see a checkmark under Block next to "Prevent mass mailing worms from sending mail". I tried removing the checkmark, but mail is still stuck. If I go in Edit, I see that I can add a "Process to Exclude". The problem is that how do I know which process to add? Is it SMTP, IIS6, etc...

       

      Also, do I need to reboot the server for the changes to take effect? Because I also tried disabling McAfee and mail still wouldn't send from Queue?

       

      Any advice or help would be greatly appreciated.

       

      Thank you.

        • 1. Re: Enterprise 8.8 blocking SMTP Port 25
          ansarias

          Hello,

           

          For policy to take effect no reboot is required. Again after disabling McAfee still mail issue is there than its not related to McAfee.

          Please check McAfee logs if it is blocked by Access Protection, On access scanner.

          • 2. Re: Enterprise 8.8 blocking SMTP Port 25
            llamamecomoquieras

            Morning,

             

            To make sure is not McAfee related, please go to the vse 8.8 product guide and follow under troubleshooting section how to disable component to troubleshoot an issue. It is not enough only disabling components as in the section I am pointing there are a couple of drivers and one of them is network driver.

             

            Please,  let me know the result of the test.

             

            Cheers,

             

            Jose Maria

            • 3. Re: Enterprise 8.8 blocking SMTP Port 25
              brachole

              here's what I had done before i posted here:

               

              • Mail was stuck in the Queue folder
              • Went into Access Protection and uncheck the mark under "Block" for "Prevent mass mailing etc...". Clicked Apply and OK.
              • Did not reboot server. Stopped IIS6 and restarted it.
              • It seemed like it attempted to re-send those emails because the timestamp changed on those files
              • Repeat the process with SMTP in Services, same results
              • Went back to Access Protection, right-clicked and selected Disable.
              • Went back to IIS6 and did the same thing I did above without any luck.

               

              After posting here, I went back to the server and did the following:

               

              • Went into Access Protection and disabled it.
              • Rebooted the server completely (of course, mail was sent then)
              • Sent a test email and sent right away (mail did not get stuck in Queue)
              • Went to Access Protection again and re-enabled it.
              • Went into Standard Anti-Virus and unchecked the box for "Block" next to "Prevent mass mailing...etc".
              • Rebooted the server completely and sent a test email
              • Email sent right away, without being stuck

               

              So for me, semeed like I had to reboot for the policies to take effect. The question now is this. Is it a bad idea to leave "Prevent mass mailings, etc.." unblocked? This is not a Mail Server, just running a couple of website. Access Protection is enabled. If I should leave "Block", I know I can add exclude a service, but I don't know which one.

               

              In the Log, all entries are related ti WinLogin and Win Updates...nothing about mail.

               

              i.e.

               

              8/22/2014    2:01:22 AM    Blocked by Access Protection rule     NT AUTHORITY\SYSTEM    C:\Windows\servicing\TrustedInstaller.exe    C:\Windows\SoftwareDistribution\Download\200dda5405b35d1db3ff8cec01ff6376\inst\ amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235 a9\smss.exe    Anti-virus Standard Protection:Prevent Windows Process spoofing    Action blocked : Create

               

              8/22/2014    2:01:24 AM    Blocked by Access Protection rule     NT AUTHORITY\SYSTEM    C:\Windows\servicing\TrustedInstaller.exe    C:\Windows\SoftwareDistribution\Download\200dda5405b35d1db3ff8cec01ff6376\inst\ amd64_microsoft-windows-smss_31bf3856ad364e35_7.1.7601.18113_none_fbd00b07bab8de 78\smss.exe    Anti-virus Standard Protection:Prevent Windows Process spoofing    Action blocked : Create

              • 4. Re: Re: Enterprise 8.8 blocking SMTP Port 25
                rmetzger

                Since this is an IIS6 server, I would consider the exclusions listed here:

                VirusScan Enterprise / SaaS Endpoint Protection exclusions for Exchange Server when running Security for Exchange / GroupShield for Exchange

                McAfee KnowledgeBase - VirusScan Enterprise / SaaS Endpoint Protection exclusions for Exchange Server when running Secur…

                (URL=https://kc.mcafee.com/corporate/index?page=content&id=KB51471)

                 

                The exclusions listed are recommended and may help with many problems you may encounter.

                 

                Also, look here for a list of additional exclusions that may be involved

                McAfee KnowledgeBase - Default exclusions for Port Blocking in VirusScan 8.x

                Technical Articles ID:  KB65718

                (URL=https://kc.mcafee.com/corporate/index?page=content&id=KB65718)

                 

                I hope this is helpful.

                Ron Metzger

                • 5. Re: Enterprise 8.8 blocking SMTP Port 25
                  brachole

                  before considering the exclusion you recommended, I decided to perform more tests. Because I had realized that later during the day yesterday, SMTP had stopped working, even though that "prevent mass mailing..." was disabled. Once again, I disabled Access Protection and rebooted the server and started working again. I re-enabled Access Protection leaving "Prevent mass mailing..." disabled and rebooted the server again, emails were flowing no problems. I even tested 30 minutes after the server had booted and emails were working again.

                   

                  So I started thinking of a services that was starting really later. I can't imagine a service with Delayed Starting with start more than 30 minutes after booting. So it had to be a manual start up of some sort.

                   

                  I then realized that a VPN is running on this server. I'm using SonicWall Net Extender to connect to a client's server in order to access some files on their server (I'm running some VB Scripts and Robocopy to copy files from their server to this production one). It donned on me that after all my testing yesterday, I had to connect the VPN in order for my scripts to work during a business day for my client. That when mail stopped sending and being stucked in Queue.

                   

                  So this morning, when I rebooted, the VPN doesn't connect automatically, so all was working. As soon as I connected the VPN, mail stopped sending. They were stucked in Queue. I disconnected the VPN and mail was cleared from Queue.

                   

                  So that's what it is.The VPN. I rebooted the server with Access Protection enabled and also Prevent mass mailing enabled, without adding any additional exclusions, and without connecting the VPN, and voila! it works.

                   

                  So McAfee isn't the issue obviously, so I need to figure out a way around it.