Virus Filter Log Matches: ERROR???

Raise/discuss any potential issues with MailEnable for consideration in project issue register.
Post Reply
jake-ptg
Posts: 2
Joined: Wed Jan 21, 2015 11:42 pm

Virus Filter Log Matches: ERROR???

Post by jake-ptg »

Trace: Tracing message with Message ID [898167C01D8241B5A357583380905F77.MAI] from the SMTP Inbound Queue

Result: [898167C01D8241B5A357583380905F77.MAI] was not routed from the SMTP inbound message queue by the local MTA Service.
SMTP Debug log matches:


Virus filter log matches:
Error with reading log file C:\Program Files (x86)\Mail Enable\LOGGING\MTA\MEAVGEN-Report-150125.log. Error Could not find file 'C:\Program Files (x86)\Mail Enable\LOGGING\MTA\MEAVGEN-Report-150125.log'.

Important: Message ID [898167C01D8241B5A357583380905F77.MAI] has not been routed through MailEnable queues. Check the log details for the reason. If in a cluster you will need to check each cluster server log files.

Can anyone tell me what this means?

keith@vfsremote.com
Posts: 25
Joined: Fri Mar 20, 2015 7:53 pm

Re: Virus Filter Log Matches: ERROR???

Post by keith@vfsremote.com »

Getting the same error here. When I navigate to the logs folder there isn't one there from today or yesterday.

Trace: Tracing message with Message ID [680C046625EB4E868AA7505CFDD3EBDB.MAI] from the SMTP Inbound Queue

Result: [680C046625EB4E868AA7505CFDD3EBDB.MAI] was not routed from the SMTP inbound message queue by the local MTA Service.
SMTP Debug log matches:
06/19/15 15:30:22 ME-I0149: [1772] 680C046625EB4E868AA7505CFDD3EBDB.MAI was received successfully and delivery thread was initiated

Virus filter log matches:
Error with reading log file C:\Program Files (x86)\Mail Enable\LOGGING\MTA\MEAVGEN-Report-150619.log. Error Could not find file 'C:\Program Files (x86)\Mail Enable\LOGGING\MTA\MEAVGEN-Report-150619.log'.

Important: Message ID [680C046625EB4E868AA7505CFDD3EBDB.MAI] has not been routed through MailEnable queues. Check the log details for the reason. If in a cluster you will need to check each cluster server log files.

Time Action MessageID Connector Filter Result Account Sender ClientIP
06/17/15 11:50:03 Start - - - - - - -
06/17/15 11:50:03 ->DeleteFiles::[MTAFILTER] Could not delete file C:\PROGRA~2\MAILEN~1\Scratch\1776B514007541EB9024E86BA6BD7F05.MAI\1776B514007541EB9024E86BA6BD7F05.MAI (Error: 5)
06/17/15 11:50:09 ->DeleteFiles::[MTAFILTER] Could not delete file C:\PROGRA~2\MAILEN~1\Scratch\1776B514007541EB9024E86BA6BD7F05.MAI\2.ATT (Error: 5)
06/17/15 11:50:15 ->DeleteFiles::[MTAFILTER] Could not delete file C:\PROGRA~2\MAILEN~1\Scratch\1776B514007541EB9024E86BA6BD7F05.MAI\3.ATT (Error: 5)
06/17/15 11:50:21 ->DeleteFiles::[MTAFILTER] Could not delete file C:\PROGRA~2\MAILEN~1\Scratch\1776B514007541EB9024E86BA6BD7F05.MAI\4.ATT (Error: 5)
06/17/15 11:50:21 ->CleanupScratchArea:: [MTAFILTER] Could not remove directory C:\PROGRA~2\MAILEN~1\Scratch\1776B514007541EB9024E86BA6BD7F05.MAI (Error: 2)
06/17/15 16:26:34 Cleaned 04F6CA19DBE44AFBADAFDFEABC13C2E8.MAI SMTP MTAFILTER 1 REDACTED.com e76fab4a7@REDACTED.ca 5.10.67.159
06/17/15 16:27:46 Cleaned 1EE79154DFA24B3DA0D969DA6E77617A.MAI SMTP MTAFILTER 1 REDACTED.com burke@REDACTED.com 5.10.67.161
06/17/15 16:29:18 Cleaned 2A165292D11344FEB162B51B95A5DAF1.MAI SMTP MTAFILTER 1 REDACTED.com bietnar@REDACTED.com 5.10.67.93
06/17/15 16:32:13 Cleaned 75F9045A9852426D8A64CF6F6B47B58F.MAI SMTP MTAFILTER 1 REDACTED.com carroll@REDACTED.com 5.10.67.99
06/17/15 16:44:27 Cleaned 6DD0F703955246A9B7EF92F6E80EC7E0.MAI SMTP MTAFILTER 1 johnn@REDACTED.com.au 5.10.67.164
06/17/15 16:47:33 Cleaned 09EAD7589F9C4B55BFB4429B9E05F106.MAI SMTP MTAFILTER 1 REDACTED.com afiaamherst@REDACTED.com.au 5.10.67.103
06/17/15 16:48:08 Cleaned 3746F9F8F85F467281B7908C78167BDE.MAI SMTP MTAFILTER 1 REDACTED.com mkmgbc@REDACTED.com 208.70.91.148
06/19/15 15:58:09 End - - - - - - -
Keith Damron
Manager of Customer Support

VisionFriendly.com
1250 E. Diehl Road, Suite 302
Naperville, IL 60563
630 553-0000 x112
Keith@visionfriendly.com

jhayes
Posts: 12
Joined: Thu Feb 19, 2015 1:24 pm

Re: Virus Filter Log Matches: ERROR???

Post by jhayes »

Did anyone find a resolution to this issue? We are noticing the same problem with the Virus Filer log Not being created to show why a message was not routed. The file is not present nor are any MEAVGEN Report files. I seem to only have MTAFILTER Reports in this file.

Virus filter log matches:
Error with reading log file D:\MailEnable\Logging\MEAVGEN-Report-160906.log. Error Could not find file 'D:\MailEnable\Logging\MEAVGEN-Report-160906.log'.

Important: Message ID [61AD56CD26E14732970AB4BAEC8147AF.MAI] has not been routed through MailEnable queues. Check the log details for the reason. If in a cluster you will need to check each cluster server log files.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Virus Filter Log Matches: ERROR???

Post by MailEnable-Ian »

Hi,

Most likely the message was not fully accepted during the SMTP transaction or an SMTP security setting such as Reverse DNS blacklisting has removed the message before the MTA could pickup from the inbound queue. Search the SMTP debug log file for the same date/time and search for 61AD56CD26E14732970AB4BAEC8147AF.MAI.
Regards,

Ian Margarone
MailEnable Support

jhayes
Posts: 12
Joined: Thu Feb 19, 2015 1:24 pm

Re: Virus Filter Log Matches: ERROR???

Post by jhayes »

The reference from the SMTP Debug shows:
09/06/16 08:56:14 ME-I0070: [61AD56CD26E14732970AB4BAEC8147AF.MAI] (recv) socket [4932] was gracefully closed during [QUIT] command by the remote client 173.244.184.197.
The references from the SMTP Activity are:
09/06/16 08:54:32 SMTP-IN 61AD56CD26E14732970AB4BAEC8147AF.MAI 4932 173.244.184.197 220 mail.firstfamilyinsurance.com ESMTP MailEnable Service, Version: 9.12--9.12 ready at 09/06/16 08:54:32 0 0
09/06/16 08:54:32 SMTP-IN 61AD56CD26E14732970AB4BAEC8147AF.MAI 4932 173.244.184.197 EHLO EHLO xl27-c.jsmtp.net 250-firstfamilyinsurance.com [173.244.184.197], this server offers 7 extensions 191 23
09/06/16 08:54:32 SMTP-IN 61AD56CD26E14732970AB4BAEC8147AF.MAI 4932 173.244.184.197 STARTTLS 24 10
09/06/16 08:54:32 SMTP-IN 61AD56CD26E14732970AB4BAEC8147AF.MAI 4932 173.244.184.197 STARTTLS STARTTLS 24 10
09/06/16 08:54:32 SMTP-IN 61AD56CD26E14732970AB4BAEC8147AF.MAI 4932 173.244.184.197 EHLO EHLO xl27-c.jsmtp.net 250-firstfamilyinsurance.com [173.244.184.197], this server offers 6 extensions 177 23
09/06/16 08:54:33 SMTP-IN 61AD56CD26E14732970AB4BAEC8147AF.MAI 4932 173.244.184.197 MAIL MAIL FROM: <jmarra@firstfamilyinsurance.com> 250 Requested mail action okay, completed 43 46
09/06/16 08:56:14 SMTP-IN 61AD56CD26E14732970AB4BAEC8147AF.MAI 4932 173.244.184.197 RCPT RCPT TO: <sbrobst@firstfamilyinsurance.com> 250 Requested mail action okay, completed 43 45
09/06/16 08:56:14 SMTP-IN 61AD56CD26E14732970AB4BAEC8147AF.MAI 4932 173.244.184.197 QUIT QUIT 221 Service closing TLS SSL transmission session 50 6

There is no reference to 61AD56CD26E14732970AB4BAEC8147AF.MAI in the MTA Activity or Debug. From everything I can see the message should have been delivered as there was a batch of 232 of the same email sent at the same time from the same sender that mostly got delivered without any issues. Out of the emails received only a half dozen did not get delivered.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Virus Filter Log Matches: ERROR???

Post by MailEnable-Ian »

Hi,

The issue is not at the MTA level. The SMTP debug log you posted reports that the connection was dropped at the QUIT command.

Code: Select all

09/06/16 08:56:14	ME-I0070: [61AD56CD26E14732970AB4BAEC8147AF.MAI] (recv) socket [4932] was gracefully closed during [QUIT] command by the remote client 173.244.184.197.
Does the SMTP debug log file report that the message was successfully accepted prior to the QUIT error? Search in the debug log file up for the socket number [4932]. You should see a line like the example below:

Code: Select all

ME-I0149: [4932] 61AD56CD26E14732970AB4BAEC8147AF.MAI was received successfully and delivery thread was initiated
Also are you running a clustered configuration?
Regards,

Ian Margarone
MailEnable Support

jhayes
Posts: 12
Joined: Thu Feb 19, 2015 1:24 pm

Re: Virus Filter Log Matches: ERROR???

Post by jhayes »

We are not running a cluster configuration and I could not find a received successfully message either the only messages correlating to the socket closed are:
09/06/16 08:54:32 [4932] Successfully started inbound SSL conversation
09/06/16 08:54:33 ME-I0101: [4932] Local Delivery: Address ([SMTP:sbrobst@firstfamilyinsurance.com]) is local.
09/06/16 08:56:14 ME-I0074: [4932] (Debug) End of conversation

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Virus Filter Log Matches: ERROR???

Post by MailEnable-Ian »

Hi,

Ok looking in more detail at the activity log snippet there is no DATA command sent from the remote connection and data transmitted. There is only the RCPT to and then the QUIT (which errors out). Therefore the message was never full transmitted to the server.
Regards,

Ian Margarone
MailEnable Support

jhayes
Posts: 12
Joined: Thu Feb 19, 2015 1:24 pm

Re: Virus Filter Log Matches: ERROR???

Post by jhayes »

This is understand but looking at the logs from the other side it seems that MailEnable is the reason the transmission was terminated. Below I have copied the log from the relay side to see if that assist in resolving this issue.

Thank you in advance for any insight.

9/6/2016 12:54:02 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 - 220+mail.firstfamilyinsurance.com+ESMTP+MailEnable+Service,+Version:+9.12--9.12+ready+at+09/06/16+08:54:32 - - 0 0 0 SMTP - -
9/6/2016 12:54:02 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 EHLO xl27-c.jsmtp.net - - 0 0 0 SMTP - -
9/6/2016 12:54:02 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 - 250+firstfamilyinsurance.com+[173.244.184.197],+this+server+offers+7+extensions - - 0 0 0 SMTP - -
9/6/2016 12:54:02 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 STARTTLS - - - 0 0 0 SMTP - -
9/6/2016 12:54:03 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 - 220+Ready+to+start+TLS - - 0 0 0 SMTP - -
9/6/2016 12:54:03 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 EHLO xl27-c.jsmtp.net - - 0 0 0 SMTP - -
9/6/2016 12:54:03 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 - 250+X-SAVETOSENT - - 0 0 0 SMTP - -
9/6/2016 12:54:03 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 MAIL+FROM <jmarra@firstfamilyinsurance.com> - - 0 0 0 SMTP - -
9/6/2016 12:54:03 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 - 250+Requested+mail+action+okay,+completed - - 0 0 0 SMTP - -
9/6/2016 12:54:03 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 RCPT+TO <sbrobst@firstfamilyinsurance.com> - - 0 0 0 SMTP - -
9/6/2016 12:54:34 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 - DROPPED - - 0 0 0 SMTP - -
9/6/2016 12:54:34 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 QUIT - - - 0 0 0 SMTP - -
9/6/2016 12:55:05 173.244.184.197 SYSTEM xl27-c XL27 497839 T.7030301183 583914.7030301183T187808 sbrobst@firstfamilyinsurance.com 71.16.161.213 25 - DROPPED - - 0 0 0 SMTP - -

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Virus Filter Log Matches: ERROR???

Post by MailEnable-Ian »

Hi,

That doesn't help much as it just says DROPPED but does not indicate who dropped the connection.

It looks like there is some sort of proxy or spam gateway filtering the SMTP conversation and dropping at the RCPT to command. Not sure why. I did try to telnet to your server and perform a telnet test and send to the rcpt in the log snippets. The RCPT to command took a long time to respond. When it did it respond the following 550 HELO error was returned which not a MailEnable SMTP response:

Code: Select all

250-SIZE 30720000
250-HELP
250-AUTH=LOGIN
250-STARTTLS
250-XSAVETOSENT
250 X-SAVETOSENT
mail from:<ian@mailenable.com>
250 Requested mail action okay, completed
rcpt to:<sbrobst@firstfamilyinsurance.com>
550 HELO argument [there] is malformed. See http://spamauditor.org/best-practice
s/valid-helo-identifier/ for more information. Protection provided by MagicSpam
2.0.3-1 http://www.magicspam.com
The above indicates that your running an SMTP plugin within MailEnable named "MagisSpam" which most likely is filtering the SMTP conversation. You need to inspect the MagicSpam log files for more information in regards your problems with the rcpt to command being dropped. Try and disable MagicSpam and try sending again. You are also running 9.12 of MailEnable and you need to upgrade to 9.18 to ensure you have all the latest fixes and updates to the MailEnable core services.
Regards,

Ian Margarone
MailEnable Support

jhayes
Posts: 12
Joined: Thu Feb 19, 2015 1:24 pm

[SOLVED] Virus Filter Log Matches: ERROR???

Post by jhayes »

Thank you for your assistance with this matter. After much research, it was found that the issue was on the third-party relay side. They have assured me that the issue is resolved and I will monitor to ensure this is the case.

Post Reply