Symatec Messaging Gateway 10.6 Configuration error

January 25, 2017, 1:16 am

≫ Next: user cant receive mail

≪ Previous: Import HTTPS Certificates

$

0

0

I need a solution

Dear All,

 

While I am doing POC of SMG 10.6, I am not able to configure symantec messaging gateway (SMG) 10.6 successfully.

 

To describe about the configuration I have made, I have only one nic provision for both inbound and outbound traffics and both the scanner and controller are on same single hyper-V instance. I have configuration send connector (smart host) in exchange pointing to SMG and I have followed installation guide of SMG 10.6 but not worked for me. The mail from internet to internal and vice-versa did not work.. While i have tried to send mail from gmail to internal mail, it showed up the error msg as address not found.

 

Please find  the error occured snapshots during configuration are attached below with network topology and please suggest what the correction I have to make to work properly.

 

Thanks in advance...

0

• topology.jpg
• error_log_2.JPG
• error_log1.JPG
• exchange_msg_err_log.jpg
• LogDetails.txt
• mail_from_gmai_error.JPG

---

user cant receive mail

January 30, 2017, 6:48 am

≫ Next: SMG integrate with AD

≪ Previous: Symatec Messaging Gateway 10.6 Configuration error

$

0

0

I need a solution

Hello guys. Need some help.

Have remote mail server. Today user "example" dont receive mail. In web logs reason: system allowed email address or domail, contect filtering violation: delete executables, both ways.

I'm write to admin.He says, he add mailbox to antispam filtr, but mail's still delete. Mailbox settings dont changes, and they still like other users.

0

SMG integrate with AD

February 2, 2017, 1:17 am

≫ Next: Problem with upgrade to 10.5.6

≪ Previous: user cant receive mail

$

0

0

I need a solution

Hi,

Anyone integrate SMG with AD?

What's the recommended practise to have this configure? To allow SMG (at DMZ) to query the domain controller directly which is in the internal segment?

Is it a good idea to setup this way?

I'm just now comfortable to have the SMG querying the domain controller directly.

Please advise.

0

Problem with upgrade to 10.5.6

February 3, 2017, 1:46 am

≫ Next: Backup message audit log

≪ Previous: SMG integrate with AD

$

0

0

I need a solution

Hello, 

i have some problems with my upgrade i just upgraded the gateway form 10.5.3-4 to 10.5.4-4 now i try to update the gateway to 10.6.2-3 i get this error "Please read the corresoponding description before continuing with the software update" 

is there any solution to get this done over GUI? 

Best regards, 

0

Backup message audit log

February 3, 2017, 3:58 am

≫ Next: Messaging gateway block my ip address

≪ Previous: Problem with upgrade to 10.5.6

$

0

0

I need a solution

Hi,

I would like to know whether it is possible to backup only messaging audit log. At times we have request from clients for emails received on a certain date, but we do not have the data. I thought of exporting the log as CSV file, but in 30 minutes we already have 1000 entry; so it is not feasible. How can I proceed? Is there a guide to send to syslog. Syslog server readily available.

Thanks to help

0

Messaging gateway block my ip address

February 6, 2017, 10:23 am

≫ Next: SMG ATP integration

≪ Previous: Backup message audit log

$

0

0

I need a solution

I am trying to send to the chubb.com who is using the symantec messaging gateway antispam.

It turns out that the emails do not even reach the destination.
By the way, at this moment it appears in the site: http://ipremoval.sms.symantec.com/lookup/ that I am blocked.

My Ip: 164.132.49.180

My host sender: iguacuseguros.com.br

Please not move this message to "Email Security.cloud" forum

0

SMG ATP integration

February 10, 2017, 12:34 am

≫ Next: Messaging Gateway with two email server

≪ Previous: Messaging gateway block my ip address

$

0

0

I need a solution

Is there any roadmap or plan for above?

seems lacking sandbox capability for the appliance based smg...

thanks

0

Messaging Gateway with two email server

February 10, 2017, 11:52 am

≫ Next: The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.

≪ Previous: SMG ATP integration

$

0

0

I need a solution

Hello.

I need help with the follow.

We have a one Symantec Messagin Gateway and two email server.  One is Exchange and the other is SendMail under Centos SO.

The SMG is sycronyzed with the Active Directory.  All user has a AD account.

In the AC I have two groups, one called MailA and second called MailB The propouse of this groups is:  The users from the AD into de MailA group the mails go to Exhange mail server.  The users from the AD into the MailB group, the mails go to SEndMail server mail.

I would to know, how is the configuration into the SMG for routing the messages.

Appreciate you help.

Thank you

0

• topologia.jpg

---

The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.

February 13, 2017, 11:48 am

≫ Next: Gateway Email Encryption compliance

≪ Previous: Messaging Gateway with two email server

$

0

0

I need a solution

For some reason one of my servers gets marked with a negative reputation for sending out spam in a format that is similar to snow shoe spamming techniques. My server is on no other list than that of Symantec and my logs show no evidence of spam. Also my mail queue is more or less empty, not something you would expect of a spam host. I have asked on several occasions for evidence of this spam but have not received anything and am stuck. I think it's good to have ways of stopping spam, but accusing someone of something without providing evidence is just wrong!

All the domains that use this sever for sending out emails (mainly registration confirmations) have the specified IP and hostname in the spf record, but still the server has a negative reputation. Any ideas how to solve this would be much appreciated.

0

Gateway Email Encryption compliance

February 15, 2017, 3:04 am

≫ Next: Connection rejected my MTA (sender mimecast)

≪ Previous: The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.

$

0

0

I need a solution

Hi,

We're considering Gateway Email Encryption solution to manage our email encryption with third parties. What I would like to know does this solution meet our requirements? The requirements are as follows:

1. Public key encrypted emails must be exchanged between us and third party
2. PGP Public keys must be exchanged between organisations for encryption (meaning no symmetric or per-email keys to be used)
3. Centralised Key management
4. Must be third party vendor agnostic (ability to communicate with any third party organisation’s Public key)
5. Must support:
   1. Secure (using encryption) shared mailbox in secure way
   2. Secure (using encryption) single (personal) mailbox
   3. Mobile devices
6. Private Key must not be held on end-point devices i.e. Laptops or PCs
7. Must be scalable, highly-available

If these requirements can't be met with this solution, is there a solution that supports all of these?

Kind regards,
Igor

0

Connection rejected my MTA (sender mimecast)

February 15, 2017, 12:58 am

≫ Next: Blacklist removal 164.132.127.32/27 - IP Reputation

≪ Previous: Gateway Email Encryption compliance

$

0

0

I need a solution

We have a strange issue with mails coming from mimecast hosts. The sender is getting "Recipient server unavailable or busy" and trying multiple times to deliver the message. SMG is always rejecting the message without further information. IP connection class of the sending ip seems ok (class 4). The message will get through if the ip is whitelisted - but that's no solution (as sending ips may change from this provider).

The issue is listed in the forum multiple times:

https://www.symantec.com/connect/forums/rejected-m...
https://www.symantec.com/connect/forums/messaging-...

But no solution...

Any help would be greatly appreciated.

Thanks

0

Blacklist removal 164.132.127.32/27 - IP Reputation

February 15, 2017, 4:39 am

≫ Next: Do I need directory integration and SMTP authentication?

≪ Previous: Connection rejected my MTA (sender mimecast)

$

0

0

I need a solution

Hi,

I first post in the cloud infrastructure forum : https://www.symantec.com/connect/forums/blacklist-... ; they say that they are not block our IPs.

As I said it before, early 2017, we have acquired new IPs range. But it seems that these IPs are blocked by your system (http://ipremoval.sms.symantec.com/lookup/). We request by the form to remove IPs from the system but every 24h, the IPs are blocked again even for IPs not in used for emails... I have checked http://www.symantec.com/security_response/landing/... and IPs unused and not configured on our network are blocked too (despite unblock asked from Ip Removal tool).

We have email protection, no relay host, we don't send mailing list or other things ; only some internal emails and a few externals...

This is the list of all IPs:

164.132.169.168
193.70.12.112 (seems unblocked)

164.132.127.33
164.132.127.34
164.132.127.35
164.132.127.36
164.132.127.37
164.132.127.38
164.132.127.39
164.132.127.55

164.132.127.32
164.132.127.40
164.132.127.41
164.132.127.42
164.132.127.43
164.132.127.44
164.132.127.45
164.132.127.46
164.132.127.47
164.132.127.48
164.132.127.49
164.132.127.50
164.132.127.51
164.132.127.52
164.132.127.53
164.132.127.54
164.132.127.56
164.132.127.57
164.132.127.58
164.132.127.59
164.132.127.60
164.132.127.61
164.132.127.62

Can you help to unblock them? We are the ownership these IPs since early 2017.

Best regards,

Stéphane

0

Do I need directory integration and SMTP authentication?

February 16, 2017, 4:22 am

≫ Next: Remove a IP address reputation from Messaging gateway products

≪ Previous: Blacklist removal 164.132.127.32/27 - IP Reputation

$

0

0

I need a solution

Hi, I have a SMG in my network border and an Exchange 2013 on-premise server. The SMG is configured to send mail accepting them from the Exchange and to route emails to the Exchange. We are recently facing a lot of smtp authentication tentatives from outside and I'd like to protect my internal domain from attacks. I see that Directory Integration is enabled, and LDAP server is configured and the only feature enabled is Authentication. The question is: do I need this feature to be active for receiving and sending emails from/to my internal exchange? I really can't understand if this feature only let users authenticate directly on the appliance, and if yes, I don't need it since my users send emails from outlook connected to exchange, the SMG only sends and receive emails from/to it. I have no CAS or other appliances and I have local users to login into the control panel.

Thank you

0

Remove a IP address reputation from Messaging gateway products

February 15, 2017, 7:42 pm

≫ Next: The IP address 37.187.7.98 was found to have a negative reputation.

≪ Previous: Do I need directory integration and SMTP authentication?

$

0

0

I need a solution

Dear,

We are still facing sending issue with our customer who are using the Symantec messaging gateway product. Atfer raising the issue to cloud infrastructure at https://www.symantec.com/connect/forums/cannot-remove-ip-symantec-blacklist-permanently. We found that our problem is related to Messaging gateway products, not .cloud infrastructure.

Our mail gateways are listed below.

1. mail.tma.com.vn = 103.199.4.135

2. mail1.tma.com.vn = 103.199.4.139

3. mail2.tma.com.vn = 103.199.6.66

Our customer domain: alcatel-sbell.com.cn

Could you please consider to remove our IPs from your blacklist permanently or could you give me some advice to work with our customer to fix this soon?

Thanks for your consideration

Regards,

Tho Quach

0

The IP address 37.187.7.98 was found to have a negative reputation.

February 16, 2017, 7:33 am

≫ Next: Creating a SSL certificate for the WebServer interface

≪ Previous: Remove a IP address reputation from Messaging gateway products

$

0

0

I need a solution

Hi,

I have been trying to get out of your negative reputation for a while, without success.

I first tried the wrong forum apparently: https://www.symantec.com/connect/forums/ip-address...

In short: I asked for an investigation a few times. I could get out of bad reputation for a short period, but was back into bad reputation rapidly, because of "snow shoe spamming techniques". I am quite certain my server is well configured, and sends no spam. I have spf, dkim, dmarc. My server sends only a few registration emails, and some notifications. Rarely more than 10 messages a day, and they don't look like they could be mistaken for spam. I checked the logs of the mail server carefully.

The IP address 37.187.7.98 was found to have a negative reputation. Reasons for this assessment include:

• The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.

Can you help me?

Thanks.

0

---

Creating a SSL certificate for the WebServer interface

February 17, 2017, 8:43 am

≫ Next: What is included in the SMG diagnostics file?

≪ Previous: The IP address 37.187.7.98 was found to have a negative reputation.

$

0

0

I need a solution

I have Message Gateway v10.6.2 and I'm trying to create a SSL certificate for the WebServer. I've already generated the certs and applied them along with the Root CA however .. the certificate on the Web page still has the Symantec self-signed cert Any ideas???

0

What is included in the SMG diagnostics file?

February 17, 2017, 11:39 am

≫ Next: IP Found To Have A Negative Reputation (Snowshoe)

≪ Previous: Creating a SSL certificate for the WebServer interface

$

0

0

I need a solution

Hi guys!

A client needs to create a full diagnostics file from the Control Center and Scanner but wants to know what kind of information includes. More specifically, find out if it includes internal addressing information, host name, email addresses or content of the emails being filtered.

Hope someone can help me.

Greetings!

0

IP Found To Have A Negative Reputation (Snowshoe)

February 19, 2017, 12:28 pm

≫ Next: [85.158.139.103]:25: Operation timed out

≪ Previous: What is included in the SMG diagnostics file?

$

0

0

I need a solution

I own a small hosting comapny and I have noticed that our sending ip is constantly being blacklisted at http://ipremoval.sms.symantec.com

Apparently because of a showshoe attack. We are extremely strict on our mail policies and monitor all of the major RBL, mail is throttled and we react instantly on any spam report which is very rare.

I have investigated thoroughly and there is no spam coming from our sending IP, in fact there is less than a few 100 e-mails a day most times, and those do not contain anything malicious. Now upon further investigation I see that all the IPs in the range are also being blacklisted. Many of these IPs are not even active and CANNOT be used to send anything at all, the ones that are active are not used for mail.

I have tried to contact Symantec direct over the phone about this but I just go around in circles, nobody knows where to send me or how to answer me.

I hope there is somebody here who can put me in touch with the correct people. If Symantec insists on listing my IPs than I would like some further information if possible such as offending sender address and time.

I have just went through and asked for all these IPs to be unblocked again.

IPs

192.99.28.88 192.99.28.89 192.99.28.90 192.99.28.91 192.99.28.92 192.99.28.93 192.99.28.94 192.99.28.95 192.99.134.184 192.99.134.185 192.99.134.186 192.99.134.187 192.99.134.188 192.99.134.189 192.99.134.190 192.99.134.191 (the actual sending IP) 192.99.232.135 192.99.208.200 192.99.208.201 192.99.208.202 192.99.208.203

The rest of these IP's being listed cannot send e-mail and I have been in possesion of them for over a year in most cases.

I have cheked this:

https://support.symantec.com/en_US/article.TECH828...

Please don't move this to security.cloud forum as I have a thread there and was directed here.

Your help with this would be appreciated.

Regards,

Chuck

0

[85.158.139.103]:25: Operation timed out

February 21, 2017, 1:31 pm

≫ Next: Need to create report for TLS vs non-TLS delivered emails

≪ Previous: IP Found To Have A Negative Reputation (Snowshoe)

$

0

0

I need a solution

Good evening:

I request your support to help me solve the following problem.

Some of my emails are left on my server in deferred and show the following message

connect to [85.158.139.103]:25: Operation timed out

We had an spam incident a few weeks ago but all that has been resolved and we are not listed on any black list, our IP address is 71.123.44.8

Thanks.

0

Need to create report for TLS vs non-TLS delivered emails

February 22, 2017, 12:48 am

≫ Next: SNMP

≪ Previous: [85.158.139.103]:25: Operation timed out

$

0

0

I need a solution

Hi,

I would like to make the following report:

Number of emails delivered last month in plain text.

Number of emails delvered last month with TLS v1.2.

Also is it possible to use filtering in the "Message Audit Logs" to achieve this?

Many thanks,

Jon

0