Exchange and the year 2022 – How to debug sending emails

Your business uses the solution Microsoft Exchange for your messaging? Since January 1, 2022 there is a bug that prevents sending emails.

In an emergency, Microsoft’s teams proposed a fix. Here is how to debug the sending of your emails.

The versions Exchange On Premise 2019, 2016, 2013 are affected since the anti-spam engine is enabled by default. Customers in Office 365 is not affected !

The bug of the year 2022

Only Microsoft Exchange servers installed on site (On premise) are affected. This is a bug for the year 2022 located in the FIP-FS anti-spam analysis engine.

Technically, it is a check performed at the signature level of messages that crashes the malware engine. The messages are then blocked in the queue.
The date is also problematic (as one could imagine for the bug of the year 2000)

To store the value of a date, Microsoft uses a int32 variable (32-bit integer), the maximum value of this variable is 2,147,483,647.

Unfortunately the dates for the year 2022 have the value 2 201 010 001 (which is greater than the maximum value). The application is therefore faulty since it cannot process the date.

Fast command line solution

There is a very simple solution is to apply the following command in the Exchange Management Shell:

Set-MalwareFilteringServer -Identity -BypassFiltering $true

This command simply disables the anti-spam engine! You therefore have a high probability of receiving benefits from spam in your inboxes.

Once the order is validated you must Restart the Exchange services

Microsoft’s proposed workaround

Another solution is to apply the workaround method proposed by Microsoft (a powershell script).

The script stops the Microsoft Filtering Management and Microsoft Exchange Transport services, in order to delete the old Anti-Spam engine files, it then downloads the new engine and restarts the services. There will therefore be an interruption of services (a few minutes).

You have to download the Reset-ScanEngineVersion.ps1 script

Run the Exchange Management Shell as administrator then Run Reset-ScanEngineVersion file

If you cannot run the Powershell script you must allow scripts to run using the command: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.

If you had to stop the Anti Spam engine (command line solution) then you must reactivate it!

Here are the results you should get:

PS] C:Program FilesMicrosoftExchange ServerV15Scripts>.Reset-ScanEngineVersion.ps1
TUTOS-EXCHANGE Stopping services...
TUTOS-EXCHANGE Removing Microsoft engine folder...
TUTOS-EXCHANGE Emptying metadata folder...
TUTOS-EXCHANGE Starting services...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
TUTOS-EXCHANGE Starting engine update...
Running as TUTOS-EXCHANGETutos_Admin.
Connecting to TUTOS-EXCHANGE.tutos.local
Dispatched remote command. Start-EngineUpdate -UpdatePath
[PS] Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.
[PS] C:Program FilesMicrosoftExchange ServerV15Scripts>Get-EngineUpdateInformation

Engine                : Microsoft
LastChecked           : 01/01/2022 08:58:22 PM -08:00
LastUpdated           : 01/01/2022 08:58:31 PM -08:00
EngineVersion         : 1.1.18800.4
SignatureVersion      : 1.355.1227.0
SignatureDateTime     : 01/01/2022 03:29:06 AM -08:00
UpdateVersion         : 2112330001 (note: higher version number starting with 211233... is also OK)
UpdateStatus          : UpdateAttemptSuccessful

The emails will be unblocked progressively, the processing time depends on the number of emails in the queue.

Microsoft specifies that the new engine will carry the version number 2112330001, it is a date which does not exist and it is not that system administrators should worry.

Of course Microsoft will surely offer a new Rollup to correct the problem.