Losing Emails - Mail Security 4.3 for Exchange

Discussion in 'Other ESET Business Products' started by xpcomputers, Jul 31, 2011.

Thread Status:
Not open for further replies.
  1. xpcomputers

    xpcomputers Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    34
    Hi,

    I just inherited the management of an Exchange Server 2007 (on SBS 2008 ) which is configured with Mail Security 4.3.10016.0

    I'm informed they've been losing emails, but they or I have no idea of the extent of the problem, or what needs reconfiguring to sort it out. I am completely new to Mail Security, (and also to Exchange 2007... talk about in at the deep end!). I don't know if the original setup/config was flawed or just not optimised and tweaked. I do know that it business critical.

    I've been scouring the manual but not yet found an overview of how Mail Security interacts with Exchange, and therefore what settings should be in Exchange. I assume it is somewhere in the Eset manual, but haven't found it yet.

    The most urgent question is:
    Does Eset Mail Security replace or interact with Exchange's own Anti-Spam feature in the Hub Transport?

    I need to immediately stem the loss, which will buy me time to resolve the problems and tweak & tune the various settings in Exchange and Eset.

    Will setting a quarantine mailbox in Exchange Hub Transport, capture all emails and therefore stop the loss, and show me how big the problem is... or has Eset already rejected/dumped some emails by that point?

    What is the order of the anti-spam processing chain? Does Exchange Anti-Spam call Eset Mail Security as a module, which then sets various detection parameters, and exchange then deals with processing the detections set by Eset? Or something else?

    As well as answering my immediate most pressing questions, if someone can point me to some useful material which covers how Eset interacts with Exchange (and therefore what settings I should use in Exchange itself), I'd be most grateful.

    Thanks

    Mike
     
    Last edited: Aug 2, 2011
  2. xpcomputers

    xpcomputers Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    34
    So I've tried adding in a Quarantine mailbox into the Content Filter settings in Exchange Hub Transport and set that level at 8 and above. I've temporarily disabled the rejecting and deleting of messages.

    That is certainly yielding spam into the designated mailbox, but because I don't know how Exchange Hub Transport AntiSpam settings interact with Eset Mail Security AntiSpam settings, I don't know if I am now seeing all the spam that hits the server in that mailbox, or if there is a layer being filtered off somewhere else in Eset Mail Security.

    If that quarantine mailbox is getting everything not delivered as genuine mail, then there aren't as many spams arriving as previously feared, and not as many false positives either... although even one false positive is one too many!

    Any info on suitable settings for Exchange Hub Transport, and an overview of how Eset Mail Security interacts with the hub settings would be awesome.

    As it is, I can't keep this up, or I'll waste half of every day checking emails in the spam folders!!!

    Need to find some better settings so that the whole process is better optimised and gains the trust of the userbase.

    My worry is that we are getting exceptional spam filtering rates, but at the expense of lots of false positives which is annoying the users.... and as everyone knows that is not acceptable! I need to get a better balance point even if that means a few spams get through.

    Thanks

    Mike
     
  3. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
    Hello,

    Thank you for the detailed explanation. The bulk of the documentation is contained in the help files for ESET Mail Security for Exchange. If you are on a given part of the software, just press F1 and it should show you relevant information for the settings you're looking at.

    A general recommendation as far as spam goes, you should disable either the ESET antispam module or the Exchange antispam module.

    If you suspect the spam module might be the cause of missing emails, you can set it up to retain messages in a stored location.

    As always, if you are unable to find a solution to a question or problem in our KB, the documentation, or the help files, you are always welcome to open a support case with us.

    Thanks,

    Matt
     
  4. xpcomputers

    xpcomputers Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    34
    Thanks for the reply.

    Since the server was "professional configured" by an outside company (6 months ago - which was before my time here), I wrongly assumed it was probably mostly correctly configured, with just needing a few tweaks to optimise it. I'm pretty surprised that they've installed Eset and also left Exchange's own AntiSpam configured too, when that isn't a recommended setup.

    I think that explains the problems my organisation are having. It felt like settings I changed in either AntiSpam solution weren't solving the problem, as though they were both trying doing the same thing and competing with each other. We have exceptional spam detection / removal rates, which is useless when so many genuine mails dissappear too without warning to the end user.

    Knowing that Eset isn't a module in the Exchange AntiSpam, helps massively in my understanding. (I think I read in your support stuff that Eset Mail Secuirty AntiSpam is a module in the "Hub Transport" and misunderstood that statement to mean Eset was a module in the existing Exchange AntiSpam setup, based on that being the bad setup already here. So whilst intuitively it felt wrong to have both running at once, but I assumed that was how it was meant to be as it was.)

    Anyway...
    So to solve things here (withot making matters worse). Would you recommend just unticking every Exchange AntiSpam feature in Hub Transport so that that layer is out of the picture completely?

    Then I'm guessing I should be setting a quarantine store in Eset, and setting nothing to reject for now, so I can see the level of the problem without losing the organisation any more genuine emails. Then I can start refining things and see the effects off that in the quaratine without risking losing any further emails.

    It might be worth including something in the help file, that is explicit about the recommended Exchange settings, as I was surprised not to find that in the help file. Equally, if it is in there already, then it is not prominant enough, as I have been specifically searching for that info, and not found it.

    Also something giving the overview of how Eset fits into the bigger picture of the mail flow, would help remove some of the mystery.

    Thanks again. I look forward to hearing advice on the way to move this forward safely and effectively.

    Mike
     
Thread Status:
Not open for further replies.