Overview
Several emails are delivered to the users' mailboxes and do not show up in the dashboard logs. It appears that some emails bypass GFI. These messages cannot be found in the logs for further analysis. TLS related errors are appearing in the Event Viewer
logs:
event 36781 schannel
A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
GfiMeSmtpAgent.bak(7987): 2020-11-13,14:56:04,015,1,"#00007D2C","#00000054","error ","GfiMeSmtpAgent","error ItemSourceContext::processItem,Scanning[2]...EXCEPTION: Object reference not set to an instance of an object."
Solution
The TLS errors may cause the anti-spam process to fail and in turn allow emails to reach the users without being displayed in the dashboard logs.
Configure .NET Framework to support strong cryptography
Since SSL has been retired in favor of TLS, we must configure the installed .NET Framework to support strong cryptography.
Open a new PowerShell window as Administrator and run the following commands:
On a 32 bit operating system (x86):
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
On a 64 bit operating system (x86_64):
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
Cleanup old files and logs from the MailEssentials Folder
Please follow the steps described in the Virus and Spam Emails not Getting Detected by MailEssentials article to perform a cleanup of old files and logs in the MailEssentials folder. This will ensure that the application performs optimally.
Testing
After completing the above steps, please monitor the private queues to ensure they do not build up.
Open the MailEssentials configuration and check the Logs tab to ensure spam is being blocked.
If the issue still persists, please generate the troubleshooting logs as follows:
- Make sure that we have tracing enabled.
- Wait for at least 30 minutes to gather enough information and for the issue to be reproduced.
-
Run the troubleshooter:
- Start > Programs > GFI MailEssentials > Troubleshooter
- Follow the Log Generation Wizard for collecting the required and pertinent information.
- Select New Case when completing the log generation.