I’ve been chasing after an issue with a new Exchange deployment not sending any outbound mail. When you telnet to port 25 on any SMTP server it just fails straight away as if there’s a firewall or something in between. I finally got a network trace and the very odd thing was that there was absolutely no network traffic at all. Usually you would see a bunch of TCP SYNs if there was a firewall in the mix.
I noticed that McAfee’s little shield in the tray was bright red which it does when it as something to say. The log had these nice entries (well a lot of them) in it:
6/29/2009 11:39:13 AM Blocked by port blocking rule C:\Exchange\Bin\edgetransport.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 10.100.10.16:25
6/29/2009 11:40:46 AM Blocked by port blocking rule C:\Windows\system32\telnet.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 10.100.10.15:25
You can see Exchange trying to relay mail (the Edge Transport process) and me trying to test it by hand (telnet). Apparently McAfee has kindly inserted itself into the network stack somewhere and is intercepting these connections before they even leave the box.
In order to turn this off, you need to go in ePO and edit the Access Protection policy which applies to your servers. Inside the policy, go to Anti-virus Standard Protection and uncheck both boxes for Prevent mass mailing worms from sending mail:
Don’t forget to do this for both the "Server" and "Workstation" policies (or just the server one).