Messages released or forwarded from SEG quarantine are not delivered by Exchange


This article applies to:

  • Trustwave SEG
  • Microsoft Exchange
  • Other email servers that track or block messages based on Message-ID

Symptoms:

  • Messages released or forwarded from SEG quarantine are not delivered by Exchange
  • The issue affects all release methods (Console, SQM, and Digests)

Causes:

  • In SEG 8.1.2, the default behavior is to not change the Message-Id when a message is released from quarantine. This default behavior is a change from all other versions of SEG and MailMarshal.
  • Exchange duplicate message handling might discard the released message as a duplicate if the message was previously delivered to some other users.

Resolution:

You can control the behavior of changing the MessageId, using a registry entry. This entry applies to all versions of SEG.

  1. On the Array Manager, edit the Registry (10.X: use Advanced Settings in the Management Console)
  2. Navigate to the SEG Controller key:
    • In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Controller
    • 10.X: value names have the prefix Controller. (Controller dot).
    • For full details of the location for each product version, see article Q10832.
  3. Add or edit a DWORD value DontChangeMessageID
    • To change the ID when a message is released, set the value to 0 (default for most versions).
    • To retain the ID when a message is released, set the value to 1 (default for 8.1.2 only).
  4. Commit configuration changes.
  5. Restart the Controller service on processing servers.

Warning: As always, take due care when editing the Registry. Make a backup before making changes.

Notes:

  • In some cases the "Default" registry key is named "Default(1)" or another version number.

Last Modified 4/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle21049.aspx