SBS, Exchange, POP3 and Anti-virus – A sticky combination

I went through a steep learning curve on the SBS 2003 Exchange POP3 connector yesterday.  One of our clients had complaints that they weren’t receiving the majority of their emails, but still receiving some.  My first thought was that their ISP had a failure, but after confirmation of that it was found that the Exchange server was successfully downloading all POP3 mailboxes from the ISP.

My second port of call was to setup a POP3 mailbox on a server under my control and test full connectivity.  All worked well and the incoming and outgoing messages were delivered within a minute.

Realising that the POP3 connection was fine, and that routing between the connector and Exchange was working, I started checking Exchange queues.  All seemed fine here, with no messages waiting for routing, and only a few messages hitting the bad mail queue.

Time to dig a little deeper.

Noticing that the POP3 connector passes messages using the file system to the Exchange SMTP router, I did a search for any files with the .eml extensions.  Lo and behold, I found a folder with over 900 of these, under C:\Program Files\Microsoft Windows Small Business Server.

I took a few of the files and moved them to the Pickup folder for the Exchange SMTP router, and confirmed whether people were now getting mails they were looking for.  Some of them were.  On the right track.

I started moving more files, with all messages getting delivered.  So, the problem was that files weren’t moved from the POP3 connector to the SMTP router.

But why?

The answer popped up literaly when I tried to move the oldest file in the queue. “Trend Anti-virus has found <virus>, no action needed”

Whenever the application that delivered files from the POP3 connector to the SMTP router picked up this one message that contained said virus, Trend killed the process, and happily told the console user that all is in order.  It wasn’t, there was a long queue of emails to be moved.

It looks like the app sorts them by GUID, so some of the messages were getting through, but most weren’t.  I’ve now excluded this folder from the anti-virus, and have to trust that the scan on the client side will get rid of any contaminations.

Leave a Reply

Your email address will not be published. Required fields are marked *