How SMG witll scan email with attatchment if user compose and send email with attachment in format as outlook .msg file
and outlook .msg file includes password protected attachments?
Does SMG have a prolicy to block such emails?
Hi guys!
I need to download an old version of SMG (10.6.1-3) but it doesn´t appear on File Connect, is it possible to download that version specifically?
Hope anyone could help me.
Greetings!
Hi,
For High availability we want to deploy two scanners 8480v2 and use load balancers to distribute the incoming messages to teh appliances.
Can someone confirm us it is supported to perform snat on the inbound smpt flows ?
Thank you for your advices
Hi,
Our mail server is hosted by ezihosting.com and our IP address is constantly being blocked by messagelabs.
The IP address in question is 27.50.70.87 (mail.boldfood.com.au). I have submitted the IP for removal, but a few days later it gets blocked again.
We have several clients that use messagelabs and we are unable to do business with them. I have checked with our hosting company and there is no SPAM being sent from this domain.
We have updated our SPF records as well.
Would you be able to add this IP or DNS enrty in the witelist on your servers?
Thanks very much,
James
Hello.
I have a customer with an outlook signature containing there website: www.coustomerdomain.dk.
But all emails containing "www.customer-domain.dk" is listed as spam.
If I make a customer-specific rules it says it is "Caught by global rules at submission time".
So how can I delist/remove there website link from symantec global rules?
Greetings,
I am attempting to back up my SMTP gateway to either an FTP or SFTP server. I have used this same FTP server software (freeftpd) on a different server without issue. When I attempt to do a manual backup or the system tries to do a schedule backup, the following messages show up in the logs on the SMTP Gateway;
May 12 2017 08:09:30 [Thread-4080] [ScriptHelper] ERROR - Cannot backup the database.
May 12 2017 08:09:30 [Thread-4080] [ScriptHelper] ERROR - FTP:Can't transmit the file: Opening BINARY mode data connection for //db-backup.10.6.2-7.brightmail.May-12-17-08-07.full.manual.tar.bz2ERROR: Unable to send to the specified URL.
May 12 2017 08:10:11 [Thread-4085] [ScriptHelper] ERROR - Cannot backup the database.
May 12 2017 08:10:11 [Thread-4085] [ScriptHelper] ERROR - Failed to transmit the file: Error: last line returned was: lost connectionERROR: Unable to send to the specified URL.
This server works with several other applications to back up their data via SFTP. I have tried clearing the known hosts on the SMTP gateway with no luck. Does anyone have any ideas on how to get this working again?
Thanks
I have contacted symantec support several times (atinvestigation@review.symantec.com) about the issue and have gotten no response. It has been over a week.
Posting here is our last resort, our ip 138.197.77.235 has been blacklisted and we have no indication why from symantec.
Hi All,
Rcently I have configured a new SPF on my DNS and in addition SMG support helped me to configure SPF chcker, but from some resaon it doesnt work.
This is the Domain:
Dalas.co.il
SPF details:
> set q=txt
> dalas.co.il
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
dalas.co.il text =
"v=spf1 ip4:207.232.18.126/32 ip4:5.100.250.205/32 -all"
I am trying to send a email through "Contant" on my website: www.dalas.co.il and the mail blocked by SMG because of SPF CHCKER.
The web site IP is 5.100.250.205 which is my website who tries to send email from "dalas@dalas.co.il"
The error on SMG is:
static senderauth fail |
Hi,
We have an "Unscannable due to limits exceeded" error/bug with SMG v10.6.2-7
Our SMTP content scanning options are as follows:
Maximum container scan depth: 20
Maximum time to open container: 60 Seconds
Maximum individual file size when opened: 100MB
Maximum accumulated file size when opened: 200MB
(the maximum message size set in SMTP settings is 50000000 in bytes ie about 50MB)
I have reproduced the error by sending a 17MB Excel file from my GMAIL account. The file contains a single number copied across 390,000 cells and has no formulae or macros.
Our (only) SMG v10.6.2-7 server is a single core VM with 8GB RAM running on HyperV 2012 R2. The hypervisor is running on an HP G9 server with dual Intel Xeon E5-2620v3 processors and 64MB RAM.
I have an Exchange distribution group that is being spammed with LinkedIn invitations. I have users who have valid reasons for accessing LinkedIn, so I can't just add the domain to my local Bad Senders group. And because the target address is for a disto group, I can't log in as a user and add the domain to a user-specifc Bad Senders group. What I need is a way to say, "If sender is linkedin.com and recipient is distro group address delete". Is SMG capable of applying this kind of logic? If so, how is it done?
TIA for any info,
Michael
Hi guys!
Somebody knows if it's possible to edit the alerts the SMG sends?. I received a Quarantine Disk Space alert from one of my two Control Centers and I'm not sure which one sent it.
Also, there's a way to know how much disk space is using the Spam Quarantine?
Hope you could help me.
Greetings!
Hi,
we are a legitimate business who are hosting email and webservices for our clients.
Recently (3 weeks ago) we moved from our old host to a new host at OVH (France).
We bought a block of 8 IPs.
Unfortunately for us Symantec are indiscriminately blocking a huge block of the OVH IPs which ours are a part of
The block we purchased has the range 92.222.106.120 to 127
We use the delist tool at
http://ipremoval.sms.symantec.com/lookup/
We delisted all the IPs and our email server is associated with 92.222.106.120
Upon which the IPs are removed from Symantec list only to be re-added without any sort notification.
And although only 92.222.106.120 has email services associated with it ALL the IPs are blocked with the message re "similar to snow shoe spamming techniques"
Well how can this be since the other IPs dont have email sevices runnign on them?
We only find out when our clients call us to tell us their emails are not reaching there intended destinations.
This is starting to effect our business as some of our clients have to email large coorporations who are Symantec customers!
This is pure indescriminate blocking and we are not happy at this type of applied prejudice.
You can see below that our IP is not on any of the blacklists found at mxtoolbox.com
https://mxtoolbox.com/SuperTool.aspx?action=blackl...
You can also see that we have applied almost every technology currently available to us to show we are a legitimate business running a legitimate email/webhosting service.
What I cannot grasp is how such a simple test as the one proposed below is not implemented against said IPs of bad reputation.
Let say
IP 1.1.1.1 has a bad rep and is associated with bad-domain.com
After a period of time the spammers leave the IP and some time later another person purchases the IP
so....
IP 1.1.1.1 has a bad rep and is now associated with good-domain.com
A simple check could be made to see that the IP 1.1.1.1 is not longer associated with the bad-domain.com and be put on a list that is under surveillance for x amount of time.
If after x amount of time the IP 1.1.1.1 which is now associated with good-domain.com is not found to be doing any sort of frowned upon activity then the IP 1.1.1.1 reputation should be marked a clean and moved to a 'good list'
This to me is a very simple way to stop this indiscriminate blocking of IPs.
So please can someone at Symantec understand that we should not be treated as spammers just because we are using a certain hosting company!
Google is full of people suffering in the same manner as ourselves
https://forum.ovh.us/showthread.php/4084-Symantec-Blacklist-(VERY-FRUSTRATED)
https://www.symantec.com/connect/forums/just-migra...
https://www.symantec.com/connect/forums/issue-fals...
https://www.symantec.com/connect/forums/ip-blocked...
We expected more from an esteemed companay such as Symantec.
With Regards
Andreas Yianni (yes my real name and I am a real person)
PS Windows Server 2016 has been available since September 26 2016 and is not in the dropdown list and yes we are using it as our server OS...................
PPS Please publish
Hello,
Our client is unable to send mail to Symantec Messaging Gateway users. Any attempts to do so are greeted with the following error:
554 5.7.1 You are not allowed to connect.
We have previously attempted to request an investigation using the form located [http://ipremoval.sms.symantec.com/lookup/] but have not received any reply or notice for several days. Additionally, we have confirmed the server in question is not participating in any outbound spamming or malicious activity.
Please assist in removing the blacklisting placed on [138.128.170.18] or providing additional information that may assist our team in resolving this issue.
Thank you for your assistance.
We are experiencing difficulties connecting to messagelabs.com
(connect to cluster8.eu.messagelabs.com[85.158.140.211]:25: Connection timed out)
Our sending IPs are
85.25.43.51
188.138.70.185
188.138.70.186
188.138.70.187
Please unblock those IPs as we are not sending spam.
Hi, We are using Symantec Messaging Gateway Version 10.6.2 and Zimbra 8.0.7 Mail server and it works fine.
And recenty we have a requirment to block external email facility (for other domains ie : XXX@gmail.com ) for selected email addresses.
What is the best way to do this? is it possible to do this using an AD group ?
Thanks
Isuru
Hi everyone,
I have last version of SMG 10.6.2.-7. Two SMG scanners and one CC, all of them on separate virtual machines.
Two months ago, messages began to stuck in delivery queue, but not for all domains. Error for stucked messages - "450 4.4.1 [internal] Connection Timed Out".
I turned off reverse DNS lookup on both scanners, turned off DNS validation global, checked related posts from this forum and did proposed steps, but problem still exist.
I investigated "stucked mail domains" and I noticed that "SMTP transaction time" on these domains is over 15 seconds.
Does anybody know is this related to this problem and how to resolve this issue at all?
On my Messaging gateway, SPF is already enabled. Still we received a spoofed email. Some mails have been held, but the majority has been delivered. How can I go about so that this issue does not happen again? The email seemed to originate from the CEO. Thanks to help!!
So everyone needs emails. Unfortunately most users want to be able to receive attachements and people tend to send unsecure file formats like word, excel and PDF. Even image files cannot be considered secure since in the past there have been threats targeting weaknesses in image libraries.
So we are forced to filter any attachements. The products we can obtain always promise safe email filtering with signatures heuristics and sandboxing. most products deny the admin finetuning like quarantining for 24 hours and scanning after the quarintine because they insist that their scanning technology is state of the art and failsafe.
Unfortunately with every zero day virus the first one gets to pass the filters anyway, at least in our experience. So we limit allowed email attachements to PDF and even have to quarantine them manually.
We are looking for a solution which does the following:
- Scan an email and execute content filtering as set by the admin
- print allowed attached documents with a solution like ghostview to a new PDF (after that there can't be a virus inside the new PDF)
- send the email with the newly generated PDF to the user (but not the original attached document)
- quarantine the original allowed attached document for 24 to 36 hours (adjustable by the admin)
- allow admins to get the documents from the quarantine if time is critical
- allow users access to the quarantined attachement after the time mentioned above, of course only after an additional scan (now that it isn't zero day anymore)
Anyone else who wants a solution like this?
Have a nice weekend everyone!
Yours,
Stefan Walther
Hi All,
with regards to SMG could anyone help me address below queries.
1. Can they get email alerts over email when the system gets updates or is updated.
2. How does Anti Phishing work in SMG
3. Info on how SPF and DKIM-
a. how it works in SMG in detail
b. Bounce attack protection
Appreciate your help.
Hi,
Recently I have enabled the holding of any email 'If the attachment or body part is in the attachment list "Archive Files (default)"'. Problem I am having now is that email addresses in good senders is also being held. What should I do so that good senders email addresses are delivered immediately.
Thanks to help!!