Views:

IMSS hot fixes are cumulative. Request the latest hot fix for IMSS instead of requesting a specific one. In case any issue arises, make sure to apply the current hot fix as this will most likely resolve the issue. Recent hot fixes contain improvement for NDR messages to analyze the problems.

A known issue with IMSS 7.0 is that it lacks a module for down-converting 8bitmime (827transfer). This functionality is available in IMSS 7.0 Windows Service Pack 1 or IMSS 7.0 Windows Patch 3 for Service Pack 1.

When IMSS advertises 8bitmime and accepts such an email, it fails to deliver the email if the next hop does not support 8bitmime. As a workaround, disable advertising of 8bitmime on IMSS. This forces the sender to down-convert when 8bitmime is used.

IMSS can have one or more scanners. The basic configuration for all the scanners and SMTP modules is stored in a database (database: IMSS, table: tb_global_setting). This table holds the sections like LDAP, delivery configuration, etc., together with the parameter name, its value and the name of the configuration file it is used in. You can use any SQL Editor to edit these settings. In case MSDE is installed, you might use installed osql.exe or any preferred editor.

These database settings are then distributed to every scanner. You can view the settings stored in the database in the following files:

Same structure is used here:

  • The tsmtpd.ini.db file holds the SMTP configuration from database
  • The imss.ini.db file holds scanning and email processing settings
 
Please do not edit these *.ini.db files because they are overwritten by the database configuration.
 

The database also stores the IMSS Policy settings. To view the customer's policy settings, run the CDT tool and then collect the data for "Event 2". This should dump the contents of the database tables which contain the IMSS Policy settings.

You can change a single scanner or overrule a database setting by changing this setting via its configuration file (*.ini). You may also change settings in the configuration file if you are not comfortable editing a setting in the database.

In a distributed environment, this setting has to be changed on all relevant scanners' configuration files.

Same structure is used here:

  • The tsmtpd.ini file holds the SMTP configuration and overrules the settings of the database shown in the tsmtpd.ini.db file.
  • The imss.ini file holds IMSS configuration and overrules settings of the database shown in the imss.ini.db file.

Configuration files provide information how to edit the file and basic information on all the parameters. When adding a new line, we recommend that you maintain the comment line of the parameter instead of removing it. This is to help you keep track of the changes made.

 

Create a backup of the original configuration file before editing.

Also, you need to restart the Trend Micro IMSS SMTP Service after changing the configuration files. This will also restart the Trend Micro IMSS Scan Service.

 

  1. Create a backup of the tsmtpd.ini file.
     
    Do not edit the tsmtpd.ini.db file.
     
  2. Open the tsmtpd.ini file using a text editor.
  3. Look for the "Enable8BitMIME=1" line.
  4. Below it, add the "Enable8BitMIME=0" line.
  5. Save and close the file.
  6. Restart the IMSS SMTP service.

When you cannot locate the source of the problem, our technical support usually asks for information from the CDT.

The CDT shows the system configuration, IMSS configuration and debug logs. The debug logs are essential when we need to troubleshoot relay problems.

  1. Switch on debug using CDT.
  2. The real-time monitor displays:
    Message<0007bfb400000001@domain.com> not relayed yet.
  3. Open tsmtpd.log.<date>.<count> from the day it occurred. This log file is only written in debug mode.
  4. Analyze the logs.
    1. Check for DNS problems. Search for all lines containing the recipient domain name (example: nonexistent.abc). Its output will indicate a DNS problem like:
      2007/10/04 14:27:44.343 [3856:3884] 00 W SendMail: Query MX for nonexistent.abc failed, use the domain name to relay. [sendmail.cpp(987)]
      2007/10/04 14:27:44.343 [3856:3884] 00 D SendMail: Query A record for nonexistent.abc. [sendmail.cpp(898)]
      2007/10/04 14:27:44.343 [3856:3884] 00 I DNSQuery: _dnsqQueryServer for nonexistent.abc and DNS_TYPE_A, from system DNS server returned 0x10002001 [dnsquery.cpp(373)]
      2007/10/04 14:27:44.343 [3856:3884] 00 E SendMail: Send to [nonexistent.abc] failed. [sendmail.cpp(1261)]
    2. If the DNS is OK and IMSS knows where to deliver the email, check for problems in SMTP handshake by searching for the message-Id in the log. This should return a line like:
      2007/10/04 14:59:16.984 [888:1944] 00 W SendMail: Permanent Fail to Send Mail ,AF: 00247e6800000001@pg2.tm [sendmail.cpp(1291)]
      for this transaction the process/thread ID is: [888:1944]
    3. Search for all lines in the log containing this string. The result should reveal the problem in SMTP handshake.
      2007/10/04 14:59:16.984 [888:1944] 00 I RCPT TO [0],RCPT TO:<nonexisting_user@recipientdomain.com> [smtpclientchanel.cpp(625)]
      2007/10/04 14:59:16.984 [888:1944] 00 I _SendCmd: Command: RCPT TO:<nonexisting_user@recipientdomain.com> [smtpclientchanel.cpp(1036)]
      2007/10/04 14:59:16.984 [888:1944] 00 I _GetOnelineResp: server response string: 550 5.1.1 User unknown
      2007/10/04 14:59:16.984 [888:1944] 00 I _SendCmd: Response: 550 5.1.1 User unknown 2007/10/04 14:59:16.984 [888:1944] 00 I _SendCmd: Command: QUIT [smtpclientchanel.cpp(1036)]
      ...
      2007/10/04 14:59:16.984 [888:1944] 00 E SendMail: Send to [recipientdomain.com] failed. [sendmail.cpp(1261)]
       
      • A text editor with capabilities to return all lines containing a specific string is of great help here.
      • If you are unsure, please provide relevant data to Trend Micro Technical Support.

  1. Download the Case Diagnostic Tool.
    For IMSS7.1 and IMSS7.5, you can find the CDT under <IMSS INSTALLATION Folder>\CDT.
  2. Run CaseDiagnosticTool.exe on IMSS machine.
  3. Select IMSS as product.
  4. Select all modules except for "collect mail in...queue" unless specified otherwise.
  5. Start debug.
  6. Reproduce the issue (wait until email fails to relay or any other problem).
  7. Stop debug.
  8. Set to only collect log files from "today".
  9. Send us the data created by CDT.

Additional Notes:

Since IMSS starting version 7.0 is both a database- and Policy-driven solution, troubleshooting using the CDT tool stated above is also recommended.

This is because IMSS does not have any feature for exporting debugging files. However, using CDT helps the Administrator to debug and collect the logs into a compressed, zip file format.

Therefore, when replicating the issue, make sure to replicate the issue as mentioned in Step 6 (CDT section) above. This will enable the CDT tool to collect and capture the actual errors as they occur in a detailed format via the logs. This is useful for issues like:

  1. Email scanning performance
  2. Global Policy or specific policies problems
  3. Network Communication Issues(In this instance, it is also recommended to request for a copy of the packet capture logs which are generated by sniffers, such as Wireshark).
Keywords: message relay delay,relay issues,relay troubleshooting guide,using cdt,collecting logs using cdt,use case diagnostic tool, Trend Micro\IMSS\cdt