Email blocking on port 25

[netadminTO]

Help!

Over the weekend, all our outgoing mail (exchange 5.5) stopped working. I think I figured out the problem, there was a rule on Virus Scan 8.0 (on the exchange box) that was blocking mail on port 25. Seems that the rule "Prevent Mass Mailing Worms from Sending Mail" was stopping the process. This started on this past Friday evening until this morning - however, the last dat that our EPO 3.5 server picked up was last Wednesday. I'm confused, can anyone shed some light? Is this a virus of some sort? Just seems that this rule was defined automatically - like I said, email works fine now ever since I deleted the rule.

Thanks for your help!

McAfee EPO/Virus Scan 8.0 ROOKIE

 

[bfralia]

If Exchange stops sending e-mail then I've experienced the same problem. Once it stops you can't turn off anything to get it to go.

I had to uninstall 8.0i and go back to 7.1. I've got a ticket open with McAfee but I've got to put 8.0i back on the e-mail server and run the MER. I'm not sure if I'm supposed to wait until the server screws up to run the MER or to run it anytime.

 

[simonjcook]

The default port for SMTP is 25...
By default the mass mailing rule is enabled for servers and workstations.
If VSE 8.0i is deployed to a node which needs to communicate on port 25 it will get blocked.

The blocking rules do not appear to take effect immediately after deployment.
They appear to activate after a reboot.

Deploying patch 1 for VSE8.0i requires a reboot, maybe this is when the rule activated?

I would recommend keeping the port 25 blocking rule enabled for systems which do not rely on it, ie desktops.

For systems which do rely on it, such as Exchange IMS, WebShield, InterScan etc... it should be switched off.

To avoid any possible issues, switch the rule off for servers at the ePO directory level and enable it on a per node or group basis once you have identified that communication on port 25 is not required.


Regards

Simon J Cook

< Keyboard Error - Press F1 to continue >

 

[bfralia]

I just figured it out a few moments ago! I had uninstalled 8.0i in favor of 7.1 on our three e-mail servers. In ePO, I had the deployment flag set to not inherit but someone or ePO decided it should inherit and 8.0i was automatically reinstalled last night!

Anyway, the e-mail stopped and I figured out the problem for Exchange 5.5. McAfee left MSEXCIMC.EXE out of the program exclusion list. I put that in and hola it's now sending e-mail. It's the Exchange Internet Mail Service.

In ePO;

1) Got 8.0i policies.
2) Click on Access Protection Policies.
3) Select the port blocking tab if it's not the default
4) Make sure the Settings For box is set to Server.
5) Highlight the Prevent Mass Mailing Worms from Sending e-mail
6) Click the edit button.
7) When the policies screen comes up, you'll notice a list of excluded processes toward the bottom of the window.
8) Add MSEXCIMC.EXE to the end of the exclusion list and your Exchange 5.5 Server should start sending e-mail.

Warning: It's slow if you've got a big queue build up.

If you're not using epo you can set the same policy on the virus scan console on the server.