Yesterday morning I got a worried call from one of our clients that none of their machines could send email.
"They were working perfectly fine yesterday", they said, "but this morning we keep getting an error message from Norton Antivirus saying that the connection has been interrupted."
Checking things out on the server revealed that it was running just fine and that the, so-called, interrupted session were still open, at least as far as our server was concerned. Getting the client to do a netstat check for connections on port 25 revealed that the connection their end was closed.
A bit of digging around later and, lo and behold, another client phones up having the same problem.
"Do you know if your version has been updated recently?" I ask.
"I think it updated first thing this morning, why?" They reply.
A few more investigations revealed that if messages were sent in plaintext the were fine, HTML or Richtext failed, with the client terminating the connection before Norton had finished processing the message, hence the "Connection Interrupted" error.
It appears that an old chestnut of the mail-client software handing the mail over to Norton to scan and believing that mail had been succesfully delivered, thus, terminating the outgoing connection to the server before Norton had completed processing had reared it's head again.
A telephone call to Symantec confirmed that there had been an update to the AntiSpyware Edition of Norton Internet Security that was causing this problem and they would be issuing a patch "within the next 24 hours".
Suprisingly, I could find no reference to this problem on the Symantec Website. In the meantime, I've had to set-up a custom tunnel on our Firewall so clients using said version of Norton can alter their SMTP port and bypass the NAV Outgoing Email Scanning proxy and start sending mail again.
Makes me wonder how many thousands of other people out there are suffering from this self-same problem.