Troubleshooting MailScan for Merak: Common Issues and Fixes

Troubleshooting MailScan for Merak: Common Issues and Fixes

Overview

This guide covers frequent MailScan for Merak (Mailhost/Merak Mail Server) problems and clear, actionable fixes so administrators can restore mail flow and security quickly.

1. MailScan service won’t start

• Symptom: MailScan service fails to start or stops immediately.
• Likely causes:
  • Corrupted configuration file.
  • Port conflicts with SMTP service.
  • Missing or incompatible DLLs or antivirus conflicts.
• Fixes:
  1. Check Windows Event Viewer (Application/System) and MailScan logs for error codes and filenames.
  2. Restore a recent working MailScan configuration file (backup of mailscan.ini).
  3. Ensure Merak/CommuniGate/host SMTP is stopped when MailScan runs in inline mode; verify port bindings with:
     • netstat -ano | findstr :25
     • tasklist /FI “PID eq “
  4. Reinstall MailScan or re-register any missing DLLs listed in errors: run the MailScan installer repair.
  5. Temporarily disable third-party antivirus/firewall to rule out interference, then re-enable and add exclusions.

2. High CPU or memory usage by MailScan

• Symptom: MailScan consumes excessive CPU/memory causing server slowdowns.
• Likely causes:
  • Large message queues, runaway scanning loops, or misconfigured engines.
  • Insufficient server resources for traffic volume.
• Fixes:
  1. Inspect MailScan scan queues and logs to identify repeating messages or looping recipients; clear or quarantine problematic messages.
  2. Review configured scanning engines (antivirus/ASPs) and disable any redundant or outdated engines.
  3. Tune engine threading and scan timeouts in mailscan.ini; reduce max threads if CPU constrained.
  4. Schedule full system scans or resource-heavy tasks during off-peak hours.
  5. Consider upgrading server RAM/CPU or offloading scanning to a dedicated appliance.

3. Delayed mail delivery or queued messages

• Symptom: Outgoing/incoming messages remain in MailScan queue for long periods.
• Likely causes:
  • DNS resolution problems, SMTP relay misconfiguration, or scanning timeouts.
• Fixes:
  1. Verify DNS resolution for recipient domains: nslookup or dig from the server.
  2. Check MailScan routing/relay settings and ensure the Merak mail server and MailScan agree on SMTP ports and relay hostnames.
  3. Increase SMTP timeout values if legitimate recipients are slow to respond.
  4. Inspect logs for repeated transient errors (⁄₄₂₁) and configure retry intervals appropriately.
  5. Clear stuck items manually or move them to a quarantine folder for inspection.

4. False positives / legitimate mail blocked or quarantined

• Symptom: Valid emails classified as spam or infected and blocked.
• Likely causes:
  • Aggressive spam/virus rules, outdated signatures, misconfigured filters.
• Fixes:
  1. Update virus signatures and spam rule databases to the latest versions.
  2. Review and relax overly strict rules (e.g., heuristics thresholds, attachment blocking).
  3. Add trusted senders/domains to an allowlist; ensure correct syntax in allow/deny lists.
  4. Examine sample quarantined messages to determine which rule triggered the block and adjust accordingly.
  5. Implement a quarantine notification workflow so users can request release when appropriate.

5. Scanning engines fail to initialize or report license errors

• Symptom: Antivirus engines don’t load; license errors in logs.
• Likely causes:
  • Expired licenses, misconfigured paths, or permission issues.
• Fixes:
  1. Confirm license validity with engine vendor and apply updated license files.
  2. Verify engine installation paths and that MailScan points to the correct engine directories in mailscan.ini.
  3. Ensure the MailScan service account has read/execute permissions on engine folders and license files.
  4. Reinstall the problematic engine following vendor guidance and restart MailScan.

6. Problems with TLS/SSL on SMTP connections

• Symptom