Hello,
I use symantec messaging gateway (SMG) version 10.6.4.3, i enable TLS. But in the past few days I have had problems with my SMG. Google always marks e-mail coming from SMG with a red Unlocked icon "did not encrypt this message"
Please help with my problem
Thank's
We have a compliance rule which routes matching messages to a domain name using MX records that we have defined in our DNS. There are two MXes with preference 10 and one MX with preference 100.
During our most recent DR test, when both MX 10s were unavailable, the matching emails were just queueing up, Not willing to go to the MX 100 route. I even started a TCPDUMP session which detected zero attempts to connect to the MX 100 target host.
Lowered the MX to 50. Nothing.
Lowered the MX to 10, to match the other two - bingo, the emails flowed out to that target host.
So what's going on there? Is SMG's routing logic broken?
So how is everyone dealing with this, since version 10.7.0-5 started blocking messages with PDFs with embedded Javascript?
We have a lot of business emails going back and forth which contain legitimate PDFs with embedded forms that are based on Javascript.
I thought version 10.7.1-6 would be an improvement? We just updated to v 10.7.1-6 and it is not any better.
I bascially had to remove the JS extention from the executable attachment list, otherwise our business is negatively impacted.
But this means that anyone can send a JS file just like that, which is not good.
Hi guys,
I'd like to enable the trial license for symantec Messaging Gateway appliance v10.7.
I received activation code in the mail without any attached file.
How shall I proceed ?
I tried support@symantec.com but it rejects mails
Hello,
I have trouble with multiple spam attacks who has attached archive files like ace, gz and many more.
Please tell me if have any way to create rule or somthing else to stop all messages with archives different by zip or 7zip
1. Stop all archives exclude Zip and 7zip
2. Return message to sender to send atachments in zip or 7zip
Thanks!
Dear,
I have this issue with one domain ,
The domain is not in a blacklist and dont is in local bad sender or local bad ip.
Anyone can help me?
Image may be NSFW.
Clik here to view.
Hello,
I am using SMG 10.7.
so far its working properly but as our customers is receiving many mails from private persion (applying for a job, sending cv`s and so on....) i found a problem with those domains.
Mails received from gmail.com, gmx.net, web.de, .... are quarantined because of static opl verdict.
What can i do?
____________________
ID:0af08004-d19ff70000002590-35-5d4bc51a2522
Message-ID:
<trinity-c859fbcd-b689-4ed3-b4f6-4f1b8cda4aad-1565246745962@3c-app-webde-bs26>
Accepted From:x.x.x.x(Logical IP = 95.91.240.239 )Image may be NSFW.
Clik here to view.
Received with TLS:No
Scanners:
PV-SC-GW01
Time accepted:Thursday, Aug 08, 2019 08:45:46 AM CEST
Direction:Inbound
Sender:
Authenticated username:(none)
Original recipients:
XXX
Original Subject:
bewerbung um eine stelle als empfangsmitarbeiter
Message Size:1032 KB
Identified attachment(s):
attach.pdf
XXX
| Verdict | Filter Policy | Policy Group | Details |
Symantec Global Bad Sender | static opl | default | None |
H4sIAAAAAAAAA+NgFvrFKsWRWlGSWpSXmKPExsXC9aHhn678Ue9Ygw1XZCzmX7jK6MDosWJh
L2MAYxSvTWFpYlFiXklmXqq+XQJvxvtr/9kLVq53qLjw7AtzA+OsW3ZdjJwcEgImErfuXGfr
YuTiEBLYzShx8V4bC4jDIvCNCch5wQJRZS6xon0CE0TVQkaJR639jCAJXgFBiZMzn7BA2FES
Dy//YwOx2QQ0JFpOLmUHsUUE5CReT/7IDGILC1hKvL9/gAnEZhYIlzjWsB2snkVAReLakcdA
cQ4OTgEhia5dEhDlwhK/b55jhLiBV2JG+1Ow4yQEzjJJ7G0/zQ5SLyHAL7H2kDJE/ACbxL3v
U9knMArNQnLeLCTrIGw1idvbrrJD2LISk598Z4awXSW+LLjCCGErSkzpfoimhgPItpc4dZoH
WckCRs5VjEK5iZk5egU5icW5iWWZJYl6KambGCGRxLKD8cXf13qHGJk4GA8xSnIwKYnyrs/x
jhXiS8pPqcxILM6ILyrNSS0+xKgCNPPRhtUXGKVY8vLzUpVEeO+VecYK8aYkVlalFuXDlElz
sCiJ8/6JkI4VEkhPLEnNTk0tSC2CycpwcChJ8P45BLRAsCg1PbUiLTOnBCHNxMF5iFGCgwdo
+PzDQDW8xQWJucWZ6RD5U4wOHOwcS3fOvMHI0fRy7iJmjh+rlixiFmLOL8gRAjtKSpx3Jkif
AEhfRmke3GhQkoyP/vD+EqOslDAvIwMDgxAP0Fm5mSWo8q8YxTkYlYR5v4FcyJOZVwK3/BXQ
XUxAdxW9A3m6uCQRISXVwHTuwkZPjVMKLv/19ad99fLRnX1s3/+jGcbz2vz1QkQ72w8cPu5/
8Kpj+7dKxu3C11ndzsu/dV6tZanBYD+D/9GWB8cLv7hciTv0eHG9ghB7p9OBkmXWb99WN5xY
ymw8v3j+3+YJD43nMxmoHG3UclXwLjve80830JTtwclCxqUy29NdPZryOjaeXbRwor+VeuMt
IxPPFe8l/FrW6MeLrq3Ye+7C5Ru3F/9bs/bG4q0M61bfk23RbDt5QrWMv6v8c6SJysysw3aN
IQeFpsn113kahshw3HabkXe/vqfqU12xV6vR96X7XMOS19mEKxRULru7IbU819n/eez2LndD
lcdZ0ht+Tlk6qU5ca96rY0osxRmJhlrMRcWJAAJhLhcNBAAA
Actions taken:Hold message in Spam Quarantine
| Delivered To | Delivered with TLS | Delivery Time | Recipient | |
| x.x.x.x:41025 | No | Thursday, Aug 08, 2019 08:45:51 AM CEST | XXX |
Verdicts fired:
| Symantec Global Bad Sender |
Untested verdicts:
| Disarm, Unscannable for Disarm, Content Filtering violation: Sender Authentication: SPF Softfail: Modify subject line with "[SPF Softfail]", Content Filtering violation: Delete Executable Files Violations, Content Filtering violation: Sender Authentication: DKIM Failure: Modify subject line with "[DKIM Failure]", Content Filtering violation: Sender Authentication: SenderID Softfail: Modify subject line with "[SenderID Softfail]", Content Filtering violation: Symantec Data Loss Prevention, Content Filtering violation: Delete Email Policy Violations, Content Filtering violation: Sender Authentication: DMARC, SPF, SenderID Failure: Delete, Content Filtering violation: Sender Authentication: SPF, SenderID Failure: Modify subject line with "[Sender Auth Failure]", Content Filtering violation: Sender Authentication: Validation error: Modify subject line with "[SenderAuthentication Validation Error]", Content Filtering violation: Legal Disclaimer, Content Filtering violation: Delete True Type Executable Files Violations, Content Filtering violation: Sender Authentication: DMARC Failure: Quarantine, User allow, User reject, Virus attack, Directory Harvest Attack, Connection Classification, Blocked language, Known language |
Spam Quarantine:Message released by ebps on Thursday, Aug 08, 2019 09:41:05 AM CEST
So, we have a case of an outgoing email that got quarantined (thanks for those new methods of detecting executables within attachments, Symantec!).
And when we try to release that [totally legitimate] email from the quarantine, the release fails. It turns out the recipient's email system will only accept emails with TLS.
But the Control Center's SMTP engine doesn't support TLS ?
Awesome.
https://support.symantec.com/us/en/article.tech254102.html
Hi buddies,
May I check with you guys if you have experienced the issue mentioned in this topic?
This week we suffered an issue that some external normal emails were placed in a spam quarantine in Exchange server. The Symantec said this is a known bug in 10.6.4 version and advised us to upgrade it to 10.6.6-5.
Meanwhile, however, this upgrade was failed several times due to unknown download error messages. It's curious that is there any official upgrade guide in Symantec to walk us through this problem?
Anyone encountered similar case before? By the way, the hotline is very easy to have someone answer. Still we hope Symantec could provide professional support service as usual. :-)
Thank you!
Best regards,
Alex
Hi There,
We had a problem with one SMG server.
Quite often drop messages from GMAIL with SMTP 500 Syntax error code.
The main problem we can't check the messages, because there don't get to the Brightmail.
We stopped one SMG server from the four and it solve the problem, but after the restart the problem came up again.
What can cause the error ?
And how to capture the dropped messages?
Can check somewhere if the message arrived to the SMG server?
I am in need of a hand to improve our SMTP gateway monitoring service. What we have today is configured some alerts by mail in the application itself but they are insufficient.
I need the smg send me email queue alerts.
Can I upgrade directly from 10.6.2-3 to 10.6.4-3?
Good Morning,
I am looking to be able to have my content filtering policies work differently for multiple recipients in the same email message.
For instance, I have a rule that allows me to bypass further content filtering when the recipient domain is @domain.com. However, I want the Messaging Gateway to look at all recipients, and if there are additional email recipients, not in that domain, I still want those to go through the remaining content filtering.
So far, with my current policy, I have it look for 1 or more occurances of the @domain.com, and the rule is at the top of my policies. However, if it finds any address with the @domain.com address, it bypasses any remaining policy rules. How can I get the system to look at the recipients (All in the same outgoing message), and have it run one policy rule on the @domain.com addresses, and then continue on thru my other policy rules for any other email recipients.
Thanks,
Hi Everyone,
Actually we are recieve one mail whao has spam but my SMG is not quarantine this mail. My symantec email security.cloud is quarantine this same mail.
My question is why is happening why my smg not quarantine this mail.
Kind Regard
Mubashshir Shaikh
Some years ago, my company used Symantec for our email spam filter. When we switched to a new MSP, the records representing our email domain were never deleted from Symantec, and because of this a lot of emails are misdirected by Symantec.
How should we go by getting this resolved? Since we're not Symantec customers today I can't open a regular support case due to no access to My Symantec.
All tips are appreciated!
Thanks,
Svein Erik Fornes
AB Systemer AS
Hii,
What is the difference between Single threat messages,Multiple threat messages and Clean messages that is displayed in SMG Dashboard?
Hello everyone. When a external partner is trying to send us an email he is getting an NDR saying that Denied by policy. TLS conversation required. However accept TLS connection is already enabled under inbound configuration is scanner settings. All the other domains can send us fine over TLS. This is happening with only one domain that is trying to send to us. Is this issue on my side or their side and what needs t o be done to fix this?
My SMG scanner is mail3.saib.com.sa
We are having the issue that is already aknowledged and described at https://support.symantec.com/us/en/article.TECH255476.html
We would like to remove the js extension from our attachment list, and i want to be sure it is replaced with the right true type version like it is described in the document.
But i do not know what true type format corresponds with .js
Is it part of the executable file class? I attached an image so you can see what i mean.
Hello everyone
I would like to know how to bypass content filtering policy Sender Authentication?
Is there any way to add exception for some domains if it is quarantined because sender id failed ?
I receive mails from some important domains but emails end up quarantined with content filtering violations (sender id failed).
