Digitally signed and encrypted messages hold in the Pending Submission queue on Exchange 2003
Mi compadre Aran sent me an e-mail the other day asking me why some messages on some of the servers we help support are not being delivered. The users were receiving delay notifications:
Subject: Delivery Status Notification (Delay)
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
I was pretty confused about why this is happening, but by the time I could respond, Aran had tracked down the problem. This can happen when an Exchange-aware antivirus software package is installed and the Transport Scanning feature is enabled. The Transport Scanning feature of the AVAPI 2.5 API allows scanning of messages not only in the store, but also when it is going through SMTP.
In this customer's case, Symantec Mail Security for Exchange had the SMTP Transport Scanning enabled. This was the only way we could get Symantec to do some of the Anti-Spam things we wanted it to do. (In hindsight, I wish I had put Symantec Mail Security on the front-end/bridgehead servers and Trend ScanMail on the mailbox servers instead).
KB 842801 Digitally signed messages remain in the Messages pending submission queue and are not delivered in Exchange 2003 outlines the fix for problem. You can either turn off the transport scanning feature or call PSS and get the hot fix.