The more anti-spam and anti-virus scanning filters, the better?

Many administrators like to turn on multiple scanning filters on their network to help protect against spam, viruses, and specific potential harmful attachments. With multiple types of scanning software, this can be a good redundancy option in case one vendor lets one slip through, the other most probably will block the email.

What administrators do not realize is that when a problem arises or a user complains about a missing email, troubleshooting what happened can be more than you bargained for. Many firewalls now include some sort of email scanning. Some of their logging is not very explanatory as they have very minimal information, leaving us administrators to guess what the problem could be. Often there are hidden features turned on which block certain content in emails or attachments but we do not know why. You see the email transfer request hitting the logs on the mail server,  but it gets stuck on the data portion and the transfer doesn’t complete. This may lead you to believe that the issue is on the mail sever since the message did get there, but the firewall may be holding the data because it didn’t like a piece of it. This can be frustrating when trying to figure out what is going on, especially when it is the CEO waiting for an email you know how it goes.

Dealing with email scanning has become more time consuming for administrators, so here are some tips on how to be better prepared before a problem arises.

1. When purchasing a new product, familiarize yourself with it: for example, get training from the vendor. Those 2 hours of training will save you many more in troubleshooting.
2. Make sure you know your network: understand how an email flows within your network infrastructure.
3. Understand the problem: ask many questions of the person having the issue. Example, What is supposed to be in the email? Who is it going to or from? When was it sent? How was it sent?
4. Make sure you have full logging turned on so it will be quicker to identify where the problem is coming from.
5. If you have to, turn off mail scanning from the firewall and check if the problem still occurs. This will help you determine which software is giving you issues.
6. If you are stuck without a clue about what is happening do not wait to call your vendors support department. That is what they are there for!!