hi
i tried defining SNMP on SMG Version 10.6.2-7
but i cant do SNMP Walk On any of the scanner nodes nor the control server
what trubleshooting i can do ?
it seems the SMG simply does not listen to the 162 defined port
Hi,
We have config Symantec Messaging gateway End user Qurantine, LDAP integration is done. also LDAP user are able to access the quarantine. but not getting the alert notification mail to the end user.
Could any one help here.
Thanks in advance.
Hello,
i need to allow users to send mails only to approved receiepients, when i set-up the rules i have the problem that when one condition is satisfied all mails will be delivered.
so when i i send to one allowed email address, all other cc and to will be delivered.
How can i block the other reciepients ?
Best regards,
Hello All,
We have a policy set that whenever a mail is detected as a Spam mail, the subject of the mail will be appended wit a tag "[SPAM]". This is in a POC stage, and we have received upto 17 Spam mails.
My query is that where can i find the logs for the SPAM mails?
I have viewed the SPAM> Quarantine> Spam mails but it is completely empty.
Could anyone suggest where can I find the logs for the spam mails?
Hello All,
We are planning to use the SMG installed in our environment as a relay server that forwards the mails.
The query is that would SMG Support Authentication while accepting outbound mails from any internal application such as Exchange, Clients etc?
Is it possible and how would you configure the rule to have inbound(internet) email send to DLP (reflect mode) for analysis and based on result continue on its way? Outbound SMG has built in function to do this.
Hi,
I wanted to know how can we add languge in SMG policy group....can we add update regional language such as Hindi to Filtering content of incoming / outgoing email by Hindi Language.
currnetly Hindi Language is not listed in Policy Group - Language option.
appreciate any help
Hi,
a customer of me wants to send an email to someone, but the email cannot be delivered, because it's returning with the message that the mailserver ip is on the Symantec Global Bad Senders-List.
But if i want to submit the ip for investigation via http://ipremoval.sms.symantec.com/lookup/, it is said that the ip has no negative reputation.
But if i check the ip over http://www.symantec.com/security_response/landing/spam/, the reputation is bad.
The ip of the server is 62.75.186.48
So, what can i do now?
The mailserver is clearly not sending any spam and was checked multiple times.
Thanks
Hello, my company out mail server ip adress 213.14.34.134 and i check http://ipremoval.sms.symantec.com/lookup/ my ip dont listen. But i send mail, dont receiver other personel. He says block "Symantec Global Bad Sender". What is my problem i dont listing my ip any spam lists. ?
Hi I am using Symantec Messaging Gateway.
Is there anyway to create a custom report where I want to pull info on all emails where the recipient was a specific domain such as abc.com?
Thanks
Is is possible to get any assitence removing IP from blacklist? I have tired numerous times to remove IP (136.243.89.161) via http://ipremoval.sms.symantec.com/lookup/# but it just get listed again in few hours.
Reason is snowshoe spamming and it seems that at least whole /24 subnet blocked due to some bad behaving servers. Is it possible to get only our IP removed, because it is causing a lot of inconvinience to our customers.
Hi I have an SMG version 10.6.0-3, I have been doing backup of the appliance on the SMG. Since it is live, I cannot restore anything on it. I have thus decided to have another SMG on which I can restore data. I have another one which is on version 10.5.4-4. I wanted to upgrade it to 10.6.0-3, but on the SMG upgrade can only be done to 10.6.2-3 or 10.6.2-7.
Is there a way to upgrade to 10.6.0-3? Even if need do it via command line.
Thanks!!
Hi Team,
We are using SMG-10.6.2-7 (brightmail gateway or messaging gateway).
After scanning some vulnerabilities found for which Symantec technical assistance cann't give me resolution.
Please help to resolve this.
CVE-2016-2183
Port : body,div,table,thead,tbody,tfoot,tr,th,td,p { font-family:"Calibri"; font-size:x-small } 8443,443,25
Synopsis: The remote service supports the use of 64-bit block ciphers. body,div,table,thead,tbody,tfoot,tr,th,td,p { font-family:"Calibri"; font-size:x-small }
Solution : "Reconfigure the affected application, if possible, to avoid use of all 64-bit block ciphers. Alternatively, place limitations on the number of requests that are allowed to be processed over the same TLS connection to mitigate this vulnerability."
Description : "The remote host supports the use of a block cipher with 64-bit blocks
in one or more cipher suites. It is, therefore, affected by a
vulnerability, known as SWEET32, due to the use of weak 64-bit block
ciphers. A man-in-the-middle attacker who has sufficient resources can
exploit this vulnerability, via a 'birthday' attack, to detect a
collision that leaks the XOR between the fixed secret and a known
plaintext, allowing the disclosure of the secret text, such as secure
HTTPS cookies, and possibly resulting in the hijacking of an
authenticated session.
Proof-of-concepts have shown that attackers can recover authentication
cookies from an HTTPS session in as little as 30 hours.
Note that the ability to send a large number of requests over the
same TLS connection between the client and server is an important
requirement for carrying out this attack. If the number of requests
allowed for a single connection were limited, this would mitigate the
vulnerability. However, Nessus has not checked for such a mitigation."
Hello. We found in our firewall, that Messaging Gateway sending a lot of requests on different IP-adresses through port 25. Yes, you can say its normal, but this requests happens every hour and i cant find any information about it in log. For example at 11PM when no one sends email we have tons of requests from Symantec and some requests can be send for several days every hour on one IP but i cant find any information in logs about it. Can anyone say what it can be?
Dear support,
I found this thread: https://www.symantec.com/connect/forums/error-550-571-requested-action-not-taken-message-refused
Have a problem with my customer delivery: salonedelrisparmio.com
These are bounces:
xxxxxxxx@etfsecurities.com
SMTP error from remote mail server after end of data:
host smtp.etfsecurities.com [5.148.1.5]: 550 5.7.1 Requested action not taken:
message refused
xxxxxxx@StateStreet.com
SMTP error from remote mail server after end of data:
host cluster5.us.messagelabs.com [216.82.250.99]:
553-Message filtered. Refer to the Troubleshooting page at
553-http://www.symanteccloud.com/troubleshooting for more
553 information. (#5.7.1)
There is an external company than manages this account.
If I try to send from postmaster@salonedelrisparmio.com (from my email client). Have no delivery problems.
How to solve this?
Thanks
Marcello
Hello,
Some times ips like this 144.217.123.236 are listed with this reason:
The host is unauthorized to send email directly to email servers.
But that has no sense, this IP 144.217.123.236 is the main ip of my dedicated server in OVH datacenter (canada),
why is not autorized to send email to other servers? this is not a dinamyc IP or something similar, this IP is the main IP for a business dedicated server.
could you check this please or contact me to solve this asap.
I have other ips blockt too with this reason:
The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
But there are not spam from that ips, there are secondary ips in some servers assigned to clients that want a dedicated IP, and the email traffic is very low.
i had seen a lot of post in this forums about the same isue, maybe the methods your are using to detect this are not the best.
Tengo problemas, con esta IP: 200.47.45.14 / la ip ya no esta listada, pero quienes verifican con Symantec, me rechazan los correos. pueden ustedes audarme con esto. Muchas gracias !
Hello,
is there a possibility to create something like a whistlist for outbound mails?
My mailflow is like the following:
internet <--> SMG1 <--> Exchange <--SMG2 <-- SAP servers
My SMG2 should accept all mails from my network and deliver all internal. But for external I need something like a whitelist. The "real" whitelist only works for inbound mails.
SMG2 is configured as outbound-acceptance-scanner and need to accept all the mails it receives from all my existing SAP servers (over 500 different systems). They all are allow to send mails to internal recipients (mailboxes within Exchange). But only 300 of them are also allowed to send mails to external recipients.
I already created a content filter rule which says: "If recipient isn't in list "Own Domain" delete the message and send notification". Now i want to create a whitelist like "If mail accepted from IP YX bypass content rule". Is there a way to manage it this way?
Creating policy group is no option. Not all the SAP servers are in my AD. Some of them are Linux servers. Also its not possible to create a list with sending email adresses. Some of them have multiple adresses. The only unique identifyers are the ip adress and/or the hostname.
Messages classified as spam are logged in the "Message audit logs" where do I find messages/connections rejected due to invalid reverse dns or other connection specific rejections?
About 5 or 6 days ago I requested to investigate my email server (IP 212.83.136.185) but you keep listing us as "bad reputation". We check every day all inbound and outbound emails to stay out of malicious or junk email. We have checked several DNS black lists and the ip is not listed there.
If I submit an investigation request on "http://investigate.brightmail.com/lookup/" the response says "The IP address 212.83.136.185 has already been submitted for investigation.".
Please con you take a look at this issue?
Thank you.
Ferran M.