Dear All,

Until last weekend I had a Brightmail v.10.5.2 installation that worked pretty well, but from sunday it suddendly started to give the error described in this article.
https://support.symantec.com/en_US/article.TECH235...

Ok, I thinked that it was time to upgrade to a newer release so I upgrade first to 10.5.3 then to 10.5.4 and at the end to 10.6.4
I had a lot of problem with the last online upgrade because many packets were not available on the mirrors so I upgraded with the iso and everything went well, also virus definition that are correctly updated.

My problem is that many spam emails, especially in italian language are not filtered, and looking at the "message audit logs" one email that today isn't filtered, it was correctly detected as a spam until friday.

My first impression is that during upgrade I've missed definition from some kind of antispam database or similar, the only error that I have in the conduit log is "Network error occurred, Unknown SSL protocol error in connection to aztec.brightmail.com:443 (35), check your network connection settings, check your proxy settings (if applicable), and check to ensure that port 443 (HTTPS) is open through any relevant" but if I check the connection from the command line telnet it can connect.

What could went wrong?

Thanks in advance

Hello,

we have SMG running on 2 appliance hosts from many years (over 10), current version 10.0.3-3 as the hardware doesn't support higher.

Today we received notices from the servers for this issue: from what I understood we received emails with malformed attachments that caused loops and crashes in the Brightmail Engine. We deleted the reported "bad" emails via command line: mta-control bad-msg-delete "queueID". The bad messages queues are now empty of both hosts. However the engine continues to crash and we continue to receive notices about it, not to mention huge logs on the system. The notices we receive now are: 

bmserver crashed on signal 6 on "servername"
exit code: 0x0086

and

bmserver crashed on signal 11 on "servername"
exit code: 0x008B

Storing data in /data/scanner/jobs/bmserver/2018.12.03-16.26.26

This for both hosts. Is there any step we could take to solve the problem? Maybe after empting the bad msg queues we needed to do something else. I have already tried to restart both hosts and even to disable the bad message handling in the settings.

Hi

Symantec Messaging Gateway: Current software version: 10.6.6-5.

Time range: Past day, gives a lot of errors that DNS TXT query for "<ip>.zodiac.brightmail.com" failed unexpectedly.

I think these errors started after changing suspected spam score and after enabling Third Party Senders. Now I have reverted all these settings, but still errors appear. I have already rebooted all my scanners, but no luck.

Our Nagios monitoring reports that our MX scanners SMTP check is CRITICAL - Socket timeout after 10 seconds (flipping between ok and critical). Also, if using online SMTP Test Email Server (https://mxtoolbox.com/SuperTool.aspx) it says SMTP Transaction Time: 7.023 seconds - Warning on Transaction Time.

1. In Spam > Scan Settings the URL repuration filtering is disabled. https://support.symantec.com/en_US/article.TECH234... (solution)
2. DNS servers in scanner settings are also correct. https://support.symantec.com/en_US/article.HOWTO44... (resolution 1)
3. Administration > Hosts > Utilities > Nslookup tool for example "172.19.227.43.zodiac.brightmail.com" (https://support.symantec.com/en_US/article.HOWTO44... (resolution 2).
Output: Cannot execute nslookup.
Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find 172.19.227.43.zodiac.brightmail.com: NXDOMAIN

$ nslookup -type=TXT 172.19.227.43.zodiac.brightmail.com
Server:        x.x.x.x
Address:    x.x.x.x#53

** server can't find 172.19.227.43.zodiac.brightmail.com: NXDOMAIN

Also, if using MXtoobox (https://mxtoolbox.com/SuperTool.aspx) TXT Lookup: txt:172.19.227.43.zodiac.brightmail.com: DNS Record Published     DNS Record not found.

I am runing out of ideas, any ideas or how to solve this problem?

Dear Support,

We need to reject mails from an external party when they send huge volumes of message. Recently our mail delivery queue became full due to this issue (the recipient was invalid one) , we dont need to block the sender becuse it's a notification mail but due to the code error sometime large volumes of mails are recieving .

Please let us know is it possible to reject message if the mail count reach a specific number in certain interval from a specific sender. 

eg :  Condition: if recived mail count from a specific sender  is more than 100 in last 1 hour   

        Action : block / reject 

Thank You

Good afternoon, 

I am looking for a way to send a message to another user account when specific recipients have any inbound emails. 

Exchange 2010 does not allow this( why, I cannot tell you). I am hoping for Symantec Messaging Gateway to be able to help.

I have an example below:

if abc@gmail.com  comes across SMG as a recipient   I would like a message to state " a new message has arrived in the abc@gmail.com account" to another xyz@hotmail account. 

Is this possible.

Hello Everyone,

I'm unable to receive mails from senders which I put into Good Senders list. Its very strange, as I think this is standard and very simple configuration, to put addresses into white list. I have put the whole domain in good senders (please find an attached screenshot), but the message is cought and put in quarantine anyways, with very strange verdict:  Content Filtering violation: Sender Authentication: SPF, SenderID Failure: Treat as spam, System allowed email address or domain  (you can find detailed message audit log in a second attachment).

Please help to understand, how to put people into whitelist to stop treating them as a spam.

I'm running the current version of SMG - 10.6.6-5.

Thanks in advance.

When I Try to release an email from the Spam Quarantine, it is giving me the following message: Cannot release the message. It has either been released already or a delivery error occurred. Please check Brightmail Log for details. Other users are able to release Messages from Spam Quaratine, it is just this one. When I go into the the logs, it tells me [QuarantineManager] ERROR - error.quarantine.unable.release.delivery javax.mail.MessagingException: Exception reading response;

Can someone please let me kno what the issue may be in releasing this one email? The rest of the log entry is listed below:

Dec 12 2018 07:38:17 [http-bio-443-exec-581] [QuarantineManager] ERROR - error.quarantine.unable.release.delivery
javax.mail.MessagingException: Exception reading response;
  nested exception is:
 java.net.SocketException: Connection reset
 at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1764)
 at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1647)
 at com.sun.mail.smtp.SMTPTransport.finishData(SMTPTransport.java:1473)
 at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:738)
 at com.symantec.smg.controlcenter.internal.mail.transport.TransportFactory.sendMessage(TransportFactory.java:311)
 at com.symantec.smg.controlcenter.internal.mail.transport.MailTransportImpl.sendMessage(MailTransportImpl.java:100)
 at com.symantec.smg.controlcenter.internal.mail.transport.MailTransportImpl.sendMessage(MailTransportImpl.java:111)
 at com.symantec.smg.controlcenter.quarantine.spam.QuarantineManager.releaseToMTA(QuarantineManager.java:1470)
 at com.symantec.smg.controlcenter.quarantine.spam.QuarantineManager.release(QuarantineManager.java:1412)
 at com.symantec.smg.controlcenter.quarantine.spam.QuarantineManager.release(QuarantineManager.java:814)
 at com.symantec.smg.controlcenter.quarantine.spam.MessageDetailAction.notSpam(MessageDetailAction.java:240)
 at sun.reflect.GeneratedMethodAccessor1758.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:274)
 at com.symantec.smg.controlcenter.internal.action.DefaultAction.dispatchMethod(DefaultAction.java:97)
 at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:194)
 at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
 at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
 at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:743)
 at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
 at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:410)
 at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
 at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1063)
 at org.apache.struts.action.RequestProcessor.internalModuleRelativeForward(RequestProcessor.java:1001)
 at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:560)
 at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:209)
 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
 at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.accesscontrol.AdministratorRoleChecker.doFilter(AdministratorRoleChecker.java:210)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.internal.http.SessionChecker.doFilter(SessionChecker.java:146)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.internal.http.CacheBuster.doFilter(CacheBuster.java:97)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.internal.http.CharacterEncoder.doFilter(CharacterEncoder.java:93)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.internal.struts.Struts1ParamFilter.doFilter(Struts1ParamFilter.java:44)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.accesscontrol.HostACL.doFilter(HostACL.java:331)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Unknown Source)
Caused by: java.net.SocketException: Connection reset
 at java.net.SocketInputStream.read(Unknown Source)
 at java.net.SocketInputStream.read(Unknown Source)
 at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:106)
 at java.io.BufferedInputStream.fill(Unknown Source)
 at java.io.BufferedInputStream.read(Unknown Source)
 at com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:84)
 at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1742)
 ... 76 more
 

Dear,

I need yours expertice, checking the SMG the Spam definitions show this : 12 Days Ago and this time is correct? I like to know how is the time from update to the Spam definitions, its possible to check from any symantec page?

How can fix this in case its not correct and is out of date?

Miguel Angel

Hello anyone, can anyone share with me the steps or article to integrate SMG with Symantec Web Isolation ? Thanks

Hey folks,

I have a SMG appliance and it's sending logs to a SIEM system. Everything's working fine, but SMG is buffering many log lines in a single log that is sent to SIEM. I wanted to send one line per log entry in SIEM, so I can create better queries.

Is there a way to do that in SMG?

Note: I'm using SMG v10.6.3-2

Regards,

Lopes

Hi,

I searched but didn't find much. I'm working on a content filter based on the email address not being what is expected and sending it to quarantine.

I did search here but didn't see anything on this. Apologies if this has been answered already.

Here's an example of what I want. Say the person emailing with the legitimate address is bob@bob.com and the person emailing with the illegitimate address is anything else. So if the email says it's this:

From: "Bob Parkins"<bob@bob.com>

Then it should not be quarantined. But if it is this:

From: "Bob Parkins"<bobparkins@gmailoryahoooraol.com>

Then it should be quarantined. Bonus points for if I can use a dictionary. I have tried a number of filter combinations for this, but so far I've not had a rule which works. Any ideas on what to try would be great. Thanks for reading.

I bought an SSL certificate to TLS enable our SMG, and it’s working fine. Now I’m wondering if it’s possible to use the same SSL certificate for web access to the Control Center or if I have to buy another one. Does anyone know?

I have recently seen a document about SMG downstream message distribution.

https://support.symantec.com/en_US/article.TECH209...

The document officially says that SMG does NOT provide load balancing feature in the 4 configuration areas mentioned.

I have a question with this.

Does [Content > Email > Add > Actions > Route the massage] also not provide equal downstream distribution when using MX lookup?

I configured a content rule which routes massages to a specific domain which has multiple mx records with equal preference. (actually the next hop is Symantec DLP)

But it doesn't look like SMG distributes messages equally.

Is it supported to run Symantec Messaging Gateway as an EC2 instance at AWS?

I have installed the virtual Messaging Gateway on a Vmware Workstation. Now i hve to questions:

I need to login. But the user: admin and password: symantec did not work.

Also i dont know the ip adress to login over a browser.

What are my faults?

Thanks

Hi there,

Is it possible to route the same domain both inbound and outbound on the same smg device?

Example:

If I have domain abc.com that is considered "local" with the green check mark under protocol, domains (that means I am accepting for abc.com)

Can I then route Email outbound thru the same smg for the same domain for non-local users.

Basically, I am not authoritative for abc.com. I host a few users for abc.com on my exchange systrm. Abc.com is really a router mta with an ldap database where it routes many abc.com Users to many other domains that host other abc.com Users on there Networks.

So basically if I only host 5 abc.com Users locally. Now if someone local on my network wants to send to a non-local abc.com user, I want my exchange (since my local ldap does not contain these users) to route these non-local abc.com Users back thru the same smg device to the internet.

Is this possible?

Thanks.

Hi guys,

can we perform a version rollback in SMG.

Currently the SMG is in version 10.5.1 to version 10.0.3?

Is it possible? and how to do it?

Thanks

Hi Guys,

Anybody has successfully implement DKIM at SMG with 0 @ minor hiccup?

Any tips or tricks?

Thanks

Hi,

Many users on my comapany are receiving mail sent by its own email addresses (with object like : Be sure to read this message! Your personal data is threatened! ).

How can i block this kind of mail by my SMG deployement?

I tried to apply what descriped on the article below by i still have the issue. Maybe something is still missing!

https://support.symantec.com/fr_FR/article.TECH909...

Many Thanks for your help.

Dear

This file is delivery via E-mail and the SMG dont detect as a malware, the detecction is make from SEP 14 as ISB.Downloadergen186.

Its possible to send this file to symantec to update the virus definitions of SMG? 

Regards

Miguel Angel