Quantcast
Channel: Symantec Connect - Messaging Gateway - Discussions
Viewing all 1067 articles
Browse latest View live

"Snow shoe spamming" false positive

June 8, 2017, 9:55 am
$
0
0
I need a solution

Hello,

We have an uncompromised mailserver with four IPs:

- 212.129.48.30
- 212.129.48.31
- 212.129.48.32
- 212.129.48.33

IP lookup on the Symantec page shows that this four IPs have a negative reputation: "The host has been observed sending spam in a format that is similar to snow shoe spamming techniques".
http://ipremoval.sms.symantec.com/lookup/

This is a recurring problem.
I assume your system confuses some notifications sent from the server with this spam technique.

Our IPs is not listed on any other blacklists (very good reputation on SenderScore), and the server have been scanned thoroughly and are clean.

Please let me know what we can do to clear the reputation for our IP permanently.

Regards,
Thibault

0
Search

Symantec Global Bad Sender (NOT)

June 8, 2017, 7:57 pm
$
0
0
I need a solution

hi I wasn't sure where to post this but have chased down every contact with symantec and has gone nowhere

we changed our web hosting about 3 months ago and its been a ongoing fight to try and get our bank to receive emails from anyone at our company

our ip address for our mail is 149.56.204.49 I have checked the ip address reputation investigation and it says its ok

but for whatever reason the banks mail server is rejecting it as Symantec Global Bad Senders see attached

we really need to get this resolved as its costing us a lot of time and money

thank you very much for any help

Rod

0

Snow Shoe Spamming Issue

June 9, 2017, 12:46 pm
$
0
0
I need a solution

Hi,

we have a new spam filter we are trying to put into production, but for some reason the IP address it is on has a reputation with Symantec Cloud Security for "snow shoe spamming" which isn't something I'd heard of until this issue came up.

It seems that Symantec is the ONLY spam filter that lists our IP address with this negative reputation, I've checked literally hundreds of other spam filters and they all show us as having a clean reputation, or listing us as whitelisted!  I've put in many requests to have our IP reputation investigated and cleared but nothing ever seems to come of it.  When I try to call Symantec they say they can't help since I'm not a customer, and getting our customers to get their clients to talk to Symantec to fix the issue has not gotten us anywhere.

The IP address in question is 173.239.120.245, if you can please have this IP reputation investigated and cleared.  There shouldn't be anything that still causes this reputation to occur, though if you see something we need to clear up I'm certainly happy to do that; I just need to know what that is.

If you could help me resolve this soon it would be very much appreciated!

0

lots of false nagatives...

June 12, 2017, 4:51 am
$
0
0
I need a solution

Hello Symantec

We recive LOTS of false negatives in the last months.
It's allways just a plain image with no text but explicit subject. Not that hard to filter by a spam appliance i guess.....

Definitions are up to date, release is on 10.6.2.
I already let someone from symantec check the configuration - everything ok. Spam Score is now on 55!!! and we still get 5+ false negatives per day and user in our inbox.

Yes, we forward the mails as attachement to the eurosubmit address.

Has anyone the same problem?

0

Change in domains, mail flow

June 15, 2017, 7:53 pm
$
0
0
I need a solution

Until recently all emails sent to xyz.com was coming on my SMG. Thus in protocols>domains, I just had xyz.com. We are now doing some changes. Whereby xyz.com will now go through office365 first, then email for users not on office365 will be relayed to the SMG. For this MX change will have to be done.

I would like to know whether it is possible to put xyz.com as well as individual email address tom@xyz.com, bob@xyz.com (users not on office365) in protocols>domains. I want to do this so that once MX change is done I can just delete xyz.com and save time. Please help. This way will have limited impact on mail flow.

0

Ip Reputation

June 15, 2017, 5:25 pm
$
0
0
I need a solution

Hello,

I'm have problem with emails, i'm still appears at symantec reputation list ..

I was talked K Brosnan Symantec the said its ok with my server .. but level3 still do not receive my emails, so he need to try help here.

my ips 192.99.8.30, 192.99.75.224

Thanks for help.

0

SMG: How to Configure Directory Integration with Groupwise EDiscovery

June 21, 2017, 10:58 am
$
0
0
I need a solution

Hello everyone.

I am appealing to the experience of this forum. We are Symantec service partners in Argentina. This is the first time we have implemented SMG with Groupwise (we always do with AD). We need information on how to implement Authentication, Recipient Validation and Address Resolution on this environment.

All the information you can provide, beyond the one related to the Administration Guide, is welcome!

Thank you!

0

SMG - Threat Defense Reporting

June 22, 2017, 10:41 am
$
0
0
I need a solution

Hi all,
I Integreted SMG with Content Analysis.
I can see e-mails on queue, and on Content Analysis screens.

Is there way to see how many mail submitted to Content Analysis, top receipent, top sender etc. as report?

Kind Regards
Mehmet.

PS: I'm on mobile, sorry for typo

0
Search

Bad reputation IP

June 25, 2017, 4:34 pm
$
0
0
I need a solution

Hi, for some reason our servers from 167.114.4.104-107 are getting blocked by the email service and no emails are being delivered.

None of the IPs are listed on any other blacklist so I wonder if this is a false positive. All emails are legitimate email servers.

This is the error I get: 

  • The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.

How can I get them removed permanently?

I remove them and they get listed again.

Thanks much in advance,

Teo

0

refused to talk to me: 554 5.7.1 You are not allowed to connect

June 27, 2017, 2:54 am
$
0
0
I need a solution

We have a problem delivering mail to Messagelabs.

Our sending mail server is clean and not delivering spam, cross checked twice.

Can you please remove this IP?

212.129.11.230

Thanks.

0

Is It Possible To Increase RAM of SMG Appliance 8360?

June 28, 2017, 8:53 am
$
0
0
I need a solution

Hi guys!

We have a SMG Appliance 8360 (Dell PowerEdge R610) with 8 GB RAM but want to increase it, anyone knows if it's possible to do it and what is the maximum RAM that the server support?

Additionally, does anyone know if this server supports the upgrade to 10.6.3-2?

Greetings!

0

Problem with certificate- intermediate certificate missing

June 29, 2017, 3:01 am
$
0
0
I need a solution

Hi,

I have bought certificate from GlobalSign. On my Symantec messaging gateway when I check Certificate Authority, I can see that these have expired on 28/01/09 [GlobalSign Partners CA, Partners CA, GlobalSign nv-sa, BE], [GlobalSign Primary Class 1 CA, Primary Class 1 CA, GlobalSign nv-sa, BE], [GlobalSign Primary Class 2 CA, Primary Class 2 CA, GlobalSign nv-sa, BE], [GlobalSign Primary Class 3 CA, Primary Class 3 CA, GlobalSign nv-sa, BE]. Is there a way to have SMG to update automatically? Upto now, when I check TLS I am having error message 'Cert VALIDATION ERROR(S): unable to get local issuer certificate, certificate not trusted, unable to verify the first certificate. This may help: What Is An Intermediate Certificate'. Looks like if I update the intermediate certificate, then everything will work fine.

Please help 

0

Our whole subnet has a negative reputation due to snow shoe spamming techniques

June 29, 2017, 2:15 am
$
0
0
I need a solution

It seems I've posted on wrong category, sorry for that, I don't know all of your products be kind with me :-)

We have a dedicated server which is hosting several domains using cPanel. Using this server we cannot send any email to any domain that is behind the email security product.

Server is using a specific IP in OVH network as a main IP, and we own a /28 subnet too. Both main IP and the whole subnet are listed as having negative reputation due to snow shoe spamming techniques. The funny is, we don't even use the subnet but still, is listed too. We tried to use it and we can't as your product blocks a subnet and an IP that they never sent spam. For the time we own it anyway.

Our main IP is 149.202.94.225 and we own the IP block 137.74.131.112/28 , can someone of the Symantec take care of this and help me not to fall again in blacklist?

(Any maybe inform me why we are on this list anyway?)

1) Symantec is the only to blacklist our mail servers. Checked another ~40 RBLs, we are clean.

2) There's no spam coming out from our mail servers. No alerts, mail queues or whatsever.

3) There's no virus on our mail servers. Checked and re-checked.

4) Our mail servers are not open relays or sending spoofed emails.

5) Our mail servers has not dynamic IPs

6) Our inverse records are correcly registered for the name of the new server

7) Our SPF records are present and working for the main domain, DKIM too (it's a cPanel server, spf and dkim configured out of the box).

I understand that someone maybe in the same IP block (/24 ? /23 ? the whole /16 block?) maybe is sending spam and you blacklisted the whole ip block

But when a smaller IP Block is owned by someone else why you also block it?

inetnum:        137.74.131.112 - 137.74.131.127

netname:        OVH_124192750

organisation:   ORG-MNOY1-RIPE

org-name:       MyIP net-Works O.E. YPIRESIES DIADIKTYOY

org-type:       OTHER

address:        KANARI 5

address:        67100 XANTHI

address:        GR

Please someone from tech department help.

I've added it here but seems it was a mistake: 

https://www.symantec.com/connect/forums/our-whole-subnet-has-negative-reputation-due-snow-shoe-spamming-techniques

reposted.

0

MALICIOUS EMAIL

June 29, 2017, 9:21 am

refused to talk to me: 554 5.7.1 You are not allowed to connect

June 30, 2017, 4:03 am
$
0
0
I need a solution

We have a problem delivering mail to Messagelabs.

Our sending mail server is clean and not delivering spam, cross checked twice.

Non-secure sender

http://imgur.com/a/r1We6

Thanks

0
Search

Av updates failing

July 3, 2017, 10:00 am
$
0
0
I need a solution

I have symantec brightmail appliance with valid license.

Further my spam definations are updating.

But virus defination is not uptodate.

Please let me know what to be done.

0

554 5.7.1 IP on Symantec's Global Bad Senders list

July 11, 2017, 2:09 pm
$
0
0
I need a solution

I operate mail servers for a few entities and apparently my setup is flagged as snow shoe spamming. Looking that up, that is some pretty weak justification for outright banning my servers. It's just smart to have two domain and 4 mail servers setup to serve my users. My SPF records carefully list them and limit it legitimate email from 4 IPs. Yet, you see this as my load balancing my IP reputation across them. In a way you are entirely correct! Why wouldn't I want so slowly *increase* my IP reputation across these 4? I'm running legitimate services here so that is what you would do.

Please reassess n1n2.solutions. I believe your assessment to be unfair and simplistic. This is keeping legitimate email from going to and from your end user.

0

Application error upon upgrade to 10.6.3-2

July 12, 2017, 6:11 am
$
0
0
I need a solution

Hello,

We just upgraded our SMG to the latest version 10.6.3-2 and now we can't access the control center.  When we access the web console (using admin account), it say that 

Application Error
Application Error
The application encountered an error. If you are the administrator, please check the log files for details.
Click here to return to the previous page 
 
                class com.symantec.smg.controlcenter.internal.dataaccess.DataAccessException: An unexpected database error has occurred. Please contact your system administrator. ; nested exception is: 
java.sql.SQLSyntaxErrorException: Unknown column 'threat_defense' in 'field list'
at com.symantec.smg.controlcenter.internal.dataaccess.DAOHelper.executeQuery(DAOHelper.java:285)
at com.symantec.smg.controlcenter.reporting.ReportDAOMySQL.getStatisticDashboard(ReportDAOMySQL.java:849)
at com.symantec.smg.controlcenter.monitoring.dashboard.DashboardManager.retrieveMsgStatDetailed(DashboardManager.java:274)
at com.symantec.smg.controlcenter.monitoring.dashboard.DashboardManager.calculateTotals(DashboardManager.java:324)
at com.symantec.smg.controlcenter.monitoring.dashboard.DashboardFlow.buildPage(DashboardFlow.java:189)
at com.symantec.smg.controlcenter.monitoring.dashboard.DashboardFlow.view(DashboardFlow.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
...
It seems that database schema migration failed so that a column couldn't be found.  I have full backups (previous version) available. Is there any solution other than reinstall OS and restore it from full backup?  Accessing spam quarantine console for users seems to be working fine.
 
Thank you,
 
0

Receiving mail sent without a user name and password

July 16, 2017, 11:59 pm
$
0
0
I need a solution

Hello everyone,
I have Symantec Messaging Gateway version 10.5.4.
The machine is configured use an LDAP AUTHENTICATION.
Emails sent with username and password are accepted and successfuly forwarded to the recipient without any problem.

I also have IBM servers that don't have the option to send allert emails using username and password.

1. Is it possible to use the same machine to receive and transmit emails without a user name and password?
2. Where can I see IP addresses trying to send emails through the machine and fail due to lack of user name and password?

Thanks in advance,
Oren.

0

Receiving mail sent without a user name and password

July 17, 2017, 2:34 am
$
0
0
I need a solution

Hello everyone,
I have Symantec Messaging Gateway version 10.5.4.
The machine is configured use an LDAP AUTHENTICATION.
Emails sent with username and password are accepted and successfuly forwarded to the recipient without any problem.

I also have IBM servers that don't have the option to send allert emails using username and password.

1. Is it possible to use the same machine to receive and transmit emails without a user name and password?
2. Where can I see IP addresses trying to send emails through the machine and fail due to lack of user name and password?

Thanks in advance,
Oren.

0
Viewing all 1067 articles
Browse latest View live
Search