Hi ,
How can i Create A message Policy that will apply on :-
Email Contains 2 Credit Card Number in the same body .
PS :: 1 Credit Number should not violat the Policy but 2 .
Product : Symantec Mail Gateway Version 10.6.0
Thanks
There seems to be a bug in the way TLS ciphers are handled in SMG 10.6.0-7. This is a new installation of version 10.6.0-5 upgraded to 10.6.0-7. When a ran a PCI scan I noticed that insecure ciphers were still supported even though the option "Disable support for SSLv3 and earlier protocols in all SMTP TLS conversations" is enabled.
According to the following webpage https://support.symantec.com/en_US/article.TECH156249.html if sslv3 is disabled only the following ciphers should be enabled:
TLS_Ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-eNULL:-SSLv3
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
When I check with openssl using the command below I get these ciphers:
sslscan --no-failed --starttls-smtp --no-heartbleed --get-certficate <smg-ip-address>:25
Version: 1.10.0 Windows 64-bit (Mingw)
OpenSSL 1.0.2 22 Jan 2015
Testing SSL server <smg-ip-address> on port 25
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression disabled
Supported Server Cipher(s):
Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 256 bits CAMELLIA256-SHA
Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA
Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 128 bits SEED-SHA
Accepted TLSv1.0 128 bits CAMELLIA128-SHA
Accepted TLSv1.0 128 bits IDEA-CBC-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 128 bits RC4-MD5
Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA
Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 128 bits SEED-SHA
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Accepted TLSv1.1 128 bits IDEA-CBC-SHA
Accepted TLSv1.1 128 bits RC4-SHA
Accepted TLSv1.1 128 bits RC4-MD5
Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1.1 112 bits DES-CBC3-SHA
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA
Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits SEED-SHA
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Accepted TLSv1.2 128 bits IDEA-CBC-SHA
Accepted TLSv1.2 128 bits RC4-SHA
Accepted TLSv1.2 128 bits RC4-MD5
Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Preferred Server Cipher(s):
TLSv1.0 256 bits DHE-RSA-AES256-SHA
TLSv1.1 256 bits DHE-RSA-AES256-SHA
TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
Did anyone else notice this beaviour ?
If I run the sslscan with the sslv3 parameter no ciphers are supported so sslv3 is indeed disabled.
sslscan --no-failed --starttls-smtp --ssl3 --no-heartbleed --get-certficate <smg-ip-address>:25
Version: 1.10.0 Windows 64-bit (Mingw)
OpenSSL 1.0.2 22 Jan 2015
Testing SSL server <smg-ip-address> on port 25
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression disabled
Supported Server Cipher(s):
Preferred Server Cipher(s):
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
Hello,
Is there a method or process available to use the whitelist in SMG 10.5.4 and verify the number of times a whitelisted entry has actually passed-through the SMG to my local domain?
I'm certain we don't use every entry in our whitelist or some of them were for products we don't even use anymore, I would like to validate and remove any that haven't been used in 3 to 6 months.
Any assistance you can provide would be most appreciated.
Thank you,
Rod
Is there anyway to do this? I need to compare our list to our internal dns records, which means a lot of copying and pasting. I don't understand if there is an import button why there is no export button?
Hi,
Will whitelisting smtp address / domain skip applying any policy?
Greetings
I'm a system administrator in the company Sirius Extrusion. My company has clients that use your antispam filter. Unfortunately your antispam filter has started to block our emails without any reason. My colleagues receives "553 Message filtered" response. Our domain isn't in any spam database, it has SPF record and our email server isn't open relay.
Could you please stop to block our emails and add our domain to the your whitelist?
Our domain: sirius.pro
Thanks.
P.S. I can provide more detailed information about us if it will be necessary.
HI
I am deploying a SMG VM and need help with policy creation.
What is the difference between using:
If text in From/To/Cc/Bcc Address part of the message contains 1 or more occurrences of
and
Envelope sender/receiver.
Also 10.6 does not contain the bcc component. How can we use that?
Will using envelope sender cover the "from:" part and will using envelope receiver conver "to/cc/bcc" is my the query i have in specific.
Thanks.
Hi all,
my question is about comparing my local bad sender list with the global list. I wonder if there is a tool that does it automatically and, once it finds a match, it will notice me so that I can "clean" my local list removing the already-blocked senders present in the global list of Symantec, avoiding redundancies.
Thanks for your help
Hello Folks,
I've recently added a regex to our system to flag messages with numbers those contain 10 digits.
\b^[0-9]{10}$\b appears to work well for this - but up to 40 matches. When there's more than 40 items inside a message, the pattern doesn't work. How - do you think - should I go ahead with making this work for messages with more than 40 matching items? What am I missing?
Thanks.
How can I search emails from the audit log that come in with no subject?
I'm seeing an unusually high amount of obvious spam avoiding my filters. They all contain the header:
X-Brightmail-Tracker: AAAAAA==
which suggests to me that something is not getting scanned at all? Normally, it's a huge long random jumble after the :
Obviously it's connecting and all working, otherwise the header would not be there at all, but what might be going wrong here?
Hi
We have several domain names. Can someone please confirm if i need to setup a domain key and selector for each each domain name or can i use the same one, with the exception of the Base Domain.
Thanks
Hello, I have configured Messaging Gateway connected with my Symantec DLP, so all emails now sends to DLP for analyse. The issue accrued when I turn on journaling in my main mail server (journaling server is separated stand alone mail server) and starts bulk emailing. Because of huge amount of emails the queue is increasing and emails sticking in mail server. So, is there any possibility to exclude some email addresses (especially journaling address) from checked by DLP. I am added exclusions in all policies in DLP but it don't help. I just want don't send all emails from journaling service to DLP. Is it possible?
Hi,
we use the mailgateway (10.6) as an appliance on vsphere and we turned on the "DNS-Validation" feature (option 1 and 4) a few days ago.
now i want to report which IP's and Mail-Addresses were affected.
we found one solution to monitor part of this options in the message audit logs (optional filter: action taken and value: reject messages).
but there i got only mails which are rejected with the entry: "mail-from domain does not exist in dns"
a second way could be found in the logs: log type: mta, severity: warning
there are entries like: LUA: RDNS: RDNS lookup for connecting IP nnnnnnn returned SERVFAIL
Is it possible to generate a report which ip-addresses AND email addresses were affected by this setting?
thanks,
best regards
eurass
Hello,
Is it possible that SMG (version 10.6.0-7) remove the internal IP address from the outbounding e-mails?
Specifically the "X-Originating-IP" entry.
Thank you!
Hi;
I need a solution for the following request.
Symantec Messaging Gateway automatic release emails from quarantine for a specific mailes.
For exaple for the recipent domain is abc.com its automatically realase this email if not stay in quarantine.
I hope there will be a way for this.
Thanks for your helps
People,
My client is reporting that they can send any email to my domain but not receiving any reply back or even NDR / rejection report.
When the client let say CompanyX try to email us it goes through without any bounce back on their end. When I check our Messaging gateway (Symantec Brightmail) and scan for the past week, but I cannot see our gateway being hit with their emails
CompanyX IT provided the below trace and the interesting part is this connection error “554 5.7.1 You are not allowed to connect.”
I have added *@CompanyX.net as a good sender/whitelisted in the appliance.
Your help and advice is appreciated.
Thank you
Hi:
I want to know if SMG Virtual 10.x is supported on MS Azure?
Thanks
I need help! O got the error messagem when sending email to a specific address:
#< #5.4.6 smtp; 551 5.4.6 [internal] Private/Loopback Address> #SMTP#
This is the second time in the past two months that valid iCloud.com emails have been deleted with a verdict of "Symantec Global Bad Sender".
Furthermore, adding the email to the Local Good Senders List does not allow the emails through. They still get Deleted.
Is there a resolution to this issue?