3rd December 2022

Microsoft Exchange Server AntiMalware/Mail Submission Error and Solution

We woke up to the first morning of 2022 with a big surprise. Exchange noticed that the servers could not receive mail. The reason for this is the problem that the mails cannot be sent due to the update error on the Exchange servers and due to the anti-malware scanning. If there is no antimalware product on the Exchange server (on the SMTP level, not at the OS level), it is recommended to turn it on. This service receives updated periodically in the background, but sometimes your servers’ internet access and sometimes an update problem on the Microsoft site can cause an error like this transport agent.

When we look at the application logs from the event viewer on the Exchange server, we see the event id numbered “5801“. When we look at the explanations, we can see that it is already related to filtering.

 event id numbered "5801"
event id numbered “5801”

 

You can also see the event id “5800” besides the “5800” event id.

event id numbered "5800"
event id numbered “5800”

Problem Solution

To solve the problem, we open the “Exchange Management Shell” application with admin authority. With the command below, we look at the status of the “Malware Filtering” feature.

Get-MalwareFilteringServer
Get-MalwareFilteringServer
Get-MalwareFilteringServer

 

According to this output, if your system has a “False” value, it means Malware Filter is scanning. This is the source of the problem. Now we will change this “False” value to “True” on all servers and restart the service. Just write your server name where it says “ServerIdentity“.

Set-MalwareFilteringServer <ServerIdentity> -BypassFiltering $true
Set-MalwareFilteringServer -BypassFiltering $true
Set-MalwareFilteringServer -BypassFiltering $true
Set-MalwareFilteringServer
Set-MalwareFilteringServer

 

LEARN MORE  How to bypass WAF?

Then it will be enough to restart the “Microsoft Exchange Transport” and “Microsoft Exchange Mailbox Transport Submission” services.

Restart-Service MSExchangeTransport
Microsoft Exchange Transport
Microsoft Exchange Transport
Microsoft Exchange Mailbox Transport Submission
Microsoft Exchange Mailbox Transport Submission

 

When all processes are finished, you can check the mail queues with the “Get-Queue” command from “PowerShell“.

Get-Queue

Note: You can disable Anti Malware Agent if you want, we usually use it when searching for the problem for which Transport Agent-based agent in the first checks, but if you do not use this feature or will not use it for a long time, you can disable it instead of bypass. However, if you are using it actively, do not forget to turn it on again.

 

Leave a Reply

Your email address will not be published. Required fields are marked *