rule to white list emails based on attachment

February 22, 2016, 5:38 am

≫ Next: Vulnerable JavaScript Libraries

≪ Previous: Email Submission Client

$

0

0

I need a solution

I would like to create a rule that does the following:

• if an email contains an attachment that meets some conditions, that email should not be filtered or considered spam
• in particular, I need to be sure that emails containing XML files are never filtered in any way

Is this possible using Symantec Messaging Gateway?

I was looking in the email policies at the Spam tab, but the conditions there are pre-configured and only few options are given. Also, I was not able to find how to do this in the Content tab.

Any ideas? Thanks!

0

---

Vulnerable JavaScript Libraries

February 23, 2016, 5:32 pm

≫ Next: TLS Gmail alert

≪ Previous: rule to white list emails based on attachment

$

0

0

I need a solution

Is there any document / suggestion regarding following issue?

The JavaScript library used on the server https://<SMGServer>/brightmail/ scripts/jquery-ui-1.9.1.js contained a Cross Site Scripting vulnerability in the Dialog widget in jQuery UI

0

TLS Gmail alert

February 25, 2016, 5:05 am

≫ Next: Exchange error 5.7.136 SenderNotAuthenticated

≪ Previous: Vulnerable JavaScript Libraries

$

0

0

I need a solution

Hi,

recently Gmail added a red open padlock icon on the messages we deliver through SMG.

This is the article

Basically it alerts that "yourdomain.com did not encrypt this message"

How can I configure SMG to make the padlock icon disappear ?

Thanks for help.

0

Exchange error 5.7.136 SenderNotAuthenticated

March 1, 2016, 7:18 pm

≫ Next: Liveupdate Virus definitions stop in 2016-03-02

≪ Previous: TLS Gmail alert

$

0

0

I need a solution

Hi, we recevied a report from one of our sender that their distribution group mail recevied bounce email with error : "#< #5.7.136 smtp;550 5.7.136 RESOLVER.RST.SenderNotAuthenticatedForRecipient; authentication required; Delivery restriction check failed because the sender was not authenticated when sending to this recipient> #SMTP#".

However, if they send from user mailbox, this issue does not happen. It only happen when they send using distribution group mail. The NDR generated from their mail server. in SMG, we did not recevied any log mentioned about this attempt of delivery. any suggestion or help is much apprecaited.

0

Liveupdate Virus definitions stop in 2016-03-02

March 4, 2016, 5:05 pm

≫ Next: Gmail security warning - TLS related

≪ Previous: Exchange error 5.7.136 SenderNotAuthenticated

$

0

0

I need a solution

Hi,

I understand that Spam definitions are updated several times a day and Virus definitions at least one.

My question is if the Symantec official site shows that the latest definitions are newer that the ones installed, how I can determine that my connection is working properly.

 https://www.symantec.com/security_response/definitions.jsp?pid=4dd83795c1f5d

I tried rapid release and the definitions are correctly updated, but when I try the certified ones, it come again to two days ago.

Maybe I am wrong and definitions are not daily, but this can lead to bypass attachments that SEP, endpoint Protection, are able to catch, as it happen with our mail.

I will keep you updated,

Greetings

Javier.

0

Gmail security warning - TLS related

March 5, 2016, 7:18 am

≫ Next: filter outgoing email based on both sender and receiver domain

≪ Previous: Liveupdate Virus definitions stop in 2016-03-02

$

0

0

I need a solution

Hi guys, need some advice on this matter.

When composing a email from gmail, after entering the email address of our domain users, a red padlock appears indicating some security problems with our mail server.

I was previously on SMG version 10.5.3  2 weeks ago. Have tried enabling the TLS option in the SMTP configuration, advanced setting, delivery. After that, we verified that inbound and outbound deliverys were established with TLS from the email headers.

However, when composing a mail in gmail, the red padlock still appears.

We did another upgrade to 10.6.0-7 2 days ago, disabled SSLv3. verified that TLS 1.2 is being used when sending emails to gmail domain. Gmail is still marking our domain with the red padlock.

Running a SMTP test from mxtoolbox shows pass result on every item.

Anything else I should configure to clear the red padlock status from Gmail?

Regards,

Hans

0

filter outgoing email based on both sender and receiver domain

March 8, 2016, 6:24 am

≫ Next: Is SMG 10.5.4-4 affected by CVE-2016-0800?

≪ Previous: Gmail security warning - TLS related

$

0

0

I need a solution

HI

We need to filter outgoing email based on both sender and receiver domain.

for eg:

a user at user1@abc.com can only send & rec from an email to a single domain like out@xyz.com and nowhere else.

We tried this with some policies in content filtering but the user action somehow matches the policy below the one we have created.

Thanks.

0

Is SMG 10.5.4-4 affected by CVE-2016-0800?

March 8, 2016, 8:32 am

≫ Next: Regular Expression - Maximum number of matches

≪ Previous: filter outgoing email based on both sender and receiver domain

$

0

0

I need a solution

Was asked to check our estate using this link to see if we were vulnerable to CVE-2016-0800. It is showing our mail servers as vulnerable but just wondering whether I need to upgrade to the latest version (was holding off as advised by Symantec support until all issues had been ironed out). Alternatively do we just need to disable support for SSLv3 and earlier in Protocols> Settings > SMTP > SSL Restrictions?

Regards,

Barry

0

---

Regular Expression - Maximum number of matches

March 10, 2016, 2:17 pm

≫ Next: Search emails when no subject

≪ Previous: Is SMG 10.5.4-4 affected by CVE-2016-0800?

$

0

0

I need a solution

Hello Folks,

I've recently added a regex to our system to flag messages with numbers those contain 10 digits.

\b^[0-9]{10}$\b appears to work well for this - but up to 40 matches. When there's more than 40 items inside a message, the pattern doesn't work. How - do you think - should I go ahead with making this work for messages with more than 40 matching items? What am I missing?

Thanks.

0

Search emails when no subject

March 11, 2016, 1:29 pm

≫ Next: Excessive spam, all tagged with "AAAAAA==" - is something not working?

≪ Previous: Regular Expression - Maximum number of matches

$

0

0

I need a solution

How can I search emails from the audit log that come in with no subject?

0

Excessive spam, all tagged with "AAAAAA==" - is something not working?

March 13, 2016, 2:53 pm

≫ Next: DKIM for multiple domain names

≪ Previous: Search emails when no subject

$

0

0

I need a solution

I'm seeing an unusually high amount of obvious spam avoiding my filters.  They all contain the header:

X-Brightmail-Tracker: AAAAAA==

which suggests to me that something is not getting scanned at all?  Normally, it's a huge long random jumble after the :

Obviously it's connecting and all working, otherwise the header would not be there at all, but what might be going wrong here?

0

DKIM for multiple domain names

March 15, 2016, 9:09 am

≫ Next: Messaging Gateway connection to Symantec DLP

≪ Previous: Excessive spam, all tagged with "AAAAAA==" - is something not working?

$

0

0

I need a solution

Hi

We have several domain names. Can someone please confirm if i need to setup a domain key and selector for each each domain name or can i use the same one, with the exception of the Base Domain.

Thanks

0

Messaging Gateway connection to Symantec DLP

March 17, 2016, 7:46 am

≫ Next: DNS Validation - Monitoring and Reports

≪ Previous: DKIM for multiple domain names

$

0

0

I need a solution

Hello, I have configured Messaging Gateway connected with my Symantec DLP, so all emails now sends to DLP for analyse. The issue accrued when I turn on journaling in my main mail server (journaling server is separated stand alone mail server) and starts bulk emailing. Because of huge amount of emails the queue is increasing and emails sticking in mail server. So, is there any possibility to exclude some email addresses (especially journaling address) from checked by DLP. I am added exclusions in all policies in DLP but it don't help. I just want don't send all emails from journaling service to DLP. Is it possible?

0

DNS Validation - Monitoring and Reports

March 24, 2016, 3:42 am

≫ Next: Handling e-mail headers in Symantec Messaging Gateway

≪ Previous: Messaging Gateway connection to Symantec DLP

$

0

0

I need a solution

Hi,

we use the mailgateway (10.6) as an appliance on vsphere and we turned on the "DNS-Validation" feature (option 1 and 4) a few days ago.

now i want to report which IP's and Mail-Addresses were affected.

we found one solution to monitor part of this options in the message audit logs (optional filter: action taken and value: reject messages). 
but there i got only mails which are rejected with the entry: "mail-from domain does not exist in dns"

a second way could be found in the logs: log type: mta, severity: warning
there are entries like: LUA: RDNS: RDNS lookup for connecting IP nnnnnnn returned SERVFAIL 

Is it possible to generate a report which ip-addresses AND email addresses were affected by this setting?

thanks,

best regards

eurass

0

Handling e-mail headers in Symantec Messaging Gateway

March 28, 2016, 2:32 pm

≫ Next: Symantec Messaging Gateway automatic release emails from quarantine

≪ Previous: DNS Validation - Monitoring and Reports

$

0

0

I need a solution

Hello,

Is it possible that SMG (version 10.6.0-7) remove the internal IP address from the outbounding e-mails?

Specifically the "X-Originating-IP" entry.

 Thank you!

0

---

Symantec Messaging Gateway automatic release emails from quarantine

March 30, 2016, 2:43 am

≫ Next: 554 5.7.1 You are not allowed to connect

≪ Previous: Handling e-mail headers in Symantec Messaging Gateway

$

0

0

I need a solution

Hi;

I need a solution for the following request.

Symantec Messaging Gateway automatic release emails from quarantine for a specific mailes.

For exaple for the recipent domain is abc.com its automatically realase this email if not stay in quarantine.

I hope there will be a way for this.

Thanks for your helps

0

554 5.7.1 You are not allowed to connect

March 30, 2016, 9:57 pm

≫ Next: SMG 10.x Can is supported on Microsoft AZURE

≪ Previous: Symantec Messaging Gateway automatic release emails from quarantine

$

0

0

I need a solution

People,

My client is reporting that they can send any email to my domain but not receiving any reply back or even NDR / rejection report.



When the client let say CompanyX try to email us it goes through without any bounce back on their end. When I check our Messaging gateway (Symantec Brightmail) and scan for the past week, but I cannot see our gateway being hit with their emails



CompanyX IT provided the below trace and the interesting part is this connection error “554 5.7.1 You are not allowed to connect.”



I have added *@CompanyX.net as a good sender/whitelisted in the appliance.



Your help and advice is appreciated.



Thank you

0

SMG 10.x Can is supported on Microsoft AZURE

March 31, 2016, 9:00 am

≫ Next: Create a report about mails what delivery failed

≪ Previous: 554 5.7.1 You are not allowed to connect

$

0

0

I need a solution

Hi:

I want to know if SMG Virtual 10.x is supported on MS Azure?

Thanks

0

Create a report about mails what delivery failed

April 8, 2016, 4:22 am

≫ Next: Problem with symantec messaging gateway

≪ Previous: SMG 10.x Can is supported on Microsoft AZURE

$

0

0

I need a solution

Hello,

I need a report about sent mails with status Delivery = Failed. My SMG Version is 10.6.0-7.

It isn't not possible to create this report about Message Audit Logs.

Maybe someone know a way to create a report about the support user. Please give me the command.

Thank you

0

Problem with symantec messaging gateway

April 8, 2016, 2:57 pm

≫ Next: Count Number of Credit Card in Symantec Mail Gateway Policy

≪ Previous: Create a report about mails what delivery failed

$

0

0

I need a solution

Hi i have symantec messaging gateway 10.5.4-4, and whent I go to the administration section then version section in the update tab I get the following message:

Application Error
The applicationencountered an error.Ifyou are the administrator, check thelog filesfor details.

the details are

 class java.lang.NumberFormatException: For input string: "399http:"
	at java.lang.NumberFormatException.forInputString(Unknown Source)
	at java.lang.Integer.parseInt(Unknown Source)
	at java.lang.Integer.parseInt(Unknown Source)
	at com.symantec.smg.controlcenter.softwareupdate.SoftwareUpdateMonitor$UpdateLogParser.parse(SoftwareUpdateMonitor.java:564)
	at com.symantec.smg.controlcenter.softwareupdate.SoftwareUpdateMonitor.getUpdateLog(SoftwareUpdateMonitor.java:176)
	at com.symantec.smg.controlcenter.softwareupdate.RegistrationHelper.retrieveSoftwareUpdateStatus(RegistrationHelper.java:157)
	at com.symantec.smg.controlcenter.softwareupdate.SoftwareUpdateAction.displayVersions(SoftwareUpdateAction.java:946)
	at com.symantec.smg.controlcenter.softwareupdate.SoftwareUpdateAction.view(SoftwareUpdateAction.java:157)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:274)
	at com.symantec.smg.controlcenter.internal.action.DefaultAction.dispatchMethod(DefaultAction.java:97)
	at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:194)
	at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
	at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:411)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338)
	at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1063)
	at org.apache.struts.action.RequestProcessor.internalModuleRelativeForward(RequestProcessor.java:1001)
	at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:560)
	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:209)
	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
	at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.symantec.smg.controlcenter.accesscontrol.AdministratorRoleChecker.doFilter(AdministratorRoleChecker.java:210)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.symantec.smg.controlcenter.internal.http.SessionChecker.doFilter(SessionChecker.java:146)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.symantec.smg.controlcenter.internal.http.CacheBuster.doFilter(CacheBuster.java:97)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.symantec.smg.controlcenter.internal.http.CharacterEncoder.doFilter(CharacterEncoder.java:93)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.symantec.smg.controlcenter.internal.struts.Struts1ParamFilter.doFilter(Struts1ParamFilter.java:44)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.symantec.smg.controlcenter.accesscontrol.HostACL.doFilter(HostACL.java:331)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)

so, do anyone know what is the issue and the solution for it?

0