Earthlink

Symantec Connect - Brightmail Gateway - Discussions http://www.symantec.com/connect/brightmail-gateway/forums/feed en Setting maximum quarantine message limit http://www.symantec.com/connect/forums/setting-maximum-quarantine-message-limit <p>Hello.</p> <p>I just want to ask how to change maximum quarantine message limit in Brightmail 8.</p> <p>I remembered in Symantec Mail for Security 5, that there was a hidden settings by pressing shift A in the settings tab to change the maximum quarantine message limit.<br /> In Brightmail 8, how would I change that setting?</p> <p>TIA</p> <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/setting-maximum-quarantine-message-limit#comments Brightmail Gateway Designing Testing Security Thu, 11 Mar 2010 12:01:59 +0000 eccen3k 1239541 at http://www.symantec.com/connect SBG not updating virus definitions http://www.symantec.com/connect/forums/sbg-not-updating-virus-definitions <p>Hi,</p> <p>One of our customers has an issue with a Brightmail appliance that is not updating the AV definitions. (SBG 8.0.3)<br /> I have checked licensing -> OK<br /> We have changed the frequency of liveupdate to 2hours and timeout at 40 mins.</p> <div>Rapid responses work fine but when not selected, we have the error: The JLU process appears to be hanging and will be terminated<br /> Bellow you can see the log files from the jlu_controller.log</div> <p></p> <p>2010-03-10T10:40:02+02:00 (INFO:26927.3071923904): [54041] AV definitions update is available.<br /> 2010-03-10T10:40:02+02:00 (INFO:26927.3071923904): [54030] Poll for new AntiVirus Definitions was successful.<br /> 2010-03-10T10:40:00+02:00 (INFO:26927.3071923904): [54010] Poll for new AntiVirus Definitions was successfully started.<br /> 2010-03-10T10:40:00+02:00 (DEBUG:26927.3071923904): [54043] Executing /usr/java/jre1.6.0_02/bin/java -classpath /opt/Symantec/LiveUpdate/jlu.jar com.symantec.liveupdate.LiveUpdate --available-list /data/scanner/stats/jluGwfUxo [ -p SMS for SMTP Avenge Definitions for x86-redhat7.2 -v 5.0 -l SymAllLanguages -t VirusDef ] <br /> 2010-03-10T10:40:00+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content 30TRY] returned system code 0x80000016.<br /> 2010-03-10T10:40:00+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content] returned system code 0x0.<br /> 2010-03-10T10:40:00+02:00 (INFO:26927.3071923904): [54035] The next JLU poll is scheduled to begin in 0 hours, 0 minutes, and 0 seconds.<br /> 2010-03-10T10:40:00+02:00 (ERROR:26927.3071923904): [54008] The JLU process appears to be hanging and will be terminated.<br />  </p> <p> </p> <p class="MsoPlainText">2010-03-10T09:49:22+02:00 (INFO:26927.3071923904): [54041] AV definitions update is available.<br /> 2010-03-10T09:49:22+02:00 (INFO:26927.3071923904): [54030] Poll for new AntiVirus Definitions was successful.<br /> 2010-03-10T09:49:21+02:00 (INFO:26927.3071923904): [54010] Poll for new AntiVirus Definitions was successfully started.<br /> 2010-03-10T09:49:21+02:00 (DEBUG:26927.3071923904): [54043] Executing /usr/java/jre1.6.0_02/bin/java -classpath /opt/Symantec/LiveUpdate/jlu.jar com.symantec.liveupdate.LiveUpdate --available-list /data/scanner/stats/jluUsALPV [ -p SMS for SMTP Avenge Definitions for x86-redhat7.2 -v 5.0 -l SymAllLanguages -t VirusDef ] <br /> 2010-03-10T09:49:21+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content 30TRY] returned system code 0x80000016.<br /> 2010-03-10T09:49:21+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content] returned system code 0x0.<br /> 2010-03-10T09:39:21+02:00 (INFO:26927.3071923904): [54035] The next JLU poll is scheduled to begin in 0 hours, 10 minutes, and 0 seconds.<br />  </p> <p class="MsoPlainText">2010-03-10T09:39:21+02:00 (INFO:26927.3071923904): [54041] AV definitions update is available.<br /> 2010-03-10T09:39:21+02:00 (INFO:26927.3071923904): [54030] Poll for new AntiVirus Definitions was successful.<br /> 2010-03-10T09:39:20+02:00 (INFO:26927.3071923904): [54010] Poll for new AntiVirus Definitions was successfully started.<br /> 2010-03-10T09:39:20+02:00 (DEBUG:26927.3071923904): [54043] Executing /usr/java/jre1.6.0_02/bin/java -classpath /opt/Symantec/LiveUpdate/jlu.jar com.symantec.liveupdate.LiveUpdate --available-list /data/scanner/stats/jluxIEa7C [ -p SMS for SMTP Avenge Definitions for x86-redhat7.2 -v 5.0 -l SymAllLanguages -t VirusDef ] <br /> 2010-03-10T09:39:20+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content 30TRY] returned system code 0x80000016.<br /> 2010-03-10T09:39:20+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content] returned system code 0x0.<br /> 2010-03-10T09:39:20+02:00 (INFO:26927.3071923904): [54035] The next JLU poll is scheduled to begin in 0 hours, 0 minutes, and 0 seconds.<br /> 2010-03-10T09:39:20+02:00 (INFO:26927.3071923904): [54057] The JLU controller was successfully started.<br /> 2010-03-10T08:40:00+02:00 (ERROR:3454.3071751872): [54008] The JLU process appears to be hanging and will be terminated.</p> <p class="MsoPlainText">2010-03-10T06:40:00+02:00 (ERROR:3454.3071751872): [54008] The JLU process appears to be hanging and will be terminated.</p> <p class="MsoPlainText">2010-03-10T04:40:00+02:00 (ERROR:3454.3071751872): [54008] The JLU process appears to be hanging and will be terminated.</p> <p> Any ideas? I know that this is a common issue but what we could do?<br /> The idea to leave only the Rapid Responses is ok?</p> <p>From the following article of KB <a href="http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009052813305654" title="http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009052813305654">http://service1.symantec.com/SUPPORT/ent-gate.nsf/...</a><br /> it says that <br /> "Antivirus rulesets are updated hourly (Rapid Release Definitions) and daily (LiveUpdate). Some products by default will use the LiveUpdate method<strong> however we recommend customers whenever is possible to switch to Rapid Release definitions to provide better protection at the Gateway</strong>."</p> <p>Thanks in advance,<br /> Nikos</p> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/connect/groups/partner-group"><span>Partner Group</span></a></li> </ul></div> http://www.symantec.com/connect/forums/sbg-not-updating-virus-definitions#comments Brightmail Gateway LiveUpdate Security Partner Group Wed, 10 Mar 2010 22:27:16 +0000 nia 1238951 at http://www.symantec.com/connect Symantec Mail Security for SMTP http://www.symantec.com/connect/forums/symantec-mail-security-smtp-0 <p>Hi,</p> <p>I am running Symantec Mail Security for SMTP version 5.0.1 on a Windows 2000 server. Is there an updated version?<br /> If so, how can I get this new vesion.</p> <p>Thanks </p> <p>Carolin </p> <div class="field field-type-number-integer field-field-forum-solved-comment-id"> <div class="field-items"> <div class="field-item odd"> 3694551 </div> </div> </div> <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/symantec-mail-security-smtp-0#comments Brightmail Gateway Security Wed, 10 Mar 2010 15:40:27 +0000 carolin 1231891 at http://www.symantec.com/connect NAT between scanner and Control center http://www.symantec.com/connect/forums/nat-between-scanner-and-control-center <p>Hi,</p> <p>We plan to install two SBG scanners in DMZ and separate Control center in Intranet. There is a NAT between those two zones. Are there any limitation at such a deployment.</p> <p>Best Regards</p> <p>Stano</p> <div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/connect/groups/partner-group"><span>Partner Group</span></a></li> </ul></div> http://www.symantec.com/connect/forums/nat-between-scanner-and-control-center#comments Brightmail Gateway Security Partner Group Tue, 09 Mar 2010 18:53:39 +0000 stano 1230641 at http://www.symantec.com/connect 554 5.4.4 [internal] domain lookup failed http://www.symantec.com/connect/forums/554-544-internal-domain-lookup-failed <p>I am unable to email to some domains.</p> <p>I receive this error in the delivery report.  "554 5.4.4 [internal] Domain Lookup Failed"</p> <p>I have found the recipeint email is hosted on google apps.</p> <p>I am able to run the utilities and do an NSlookup for the MX record for the domain form the BrightMail device</p> <p>I am also able to telnet to the server from my pc.</p> <p>Have to use the <> around the email addresses when rcpt to and mail from</p> <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/554-544-internal-domain-lookup-failed#comments Brightmail Gateway Error messages Security Tue, 09 Mar 2010 16:35:25 +0000 Brentwood 1230361 at http://www.symantec.com/connect Domain aliases - 554 Recipient address rejected: User unknown http://www.symantec.com/connect/forums/domain-aliases-554-recipient-address-rejected-user-unknown <p> Hello,</p> <p>- Just installed Brightmail 8.0.3-11<br /> - Invalid Recipient Handling is disabled.</p> <p>When I add domain aliases to the control panel and try to send an email to that alias I get this issue:</p> <div> <div>[root@flatliners ~]# telnet protector-01.xxxxxxxx 25</div> <div>Trying xx.49.56.xx...</div> <div>Connected to protector-01.xxxxxxxxxx (xx.49.56.xx).</div> <div>Escape character is '^]'.</div> <div>220 protector-01.xxxxxxxxxx ESMTP Bow Valley Gateway</div> <div>helo thisgeek.com</div> <div>250 protector-01.xxxxxxxxxxx says HELO to xxxxxxxxxx:6887</div> <div>mail from: <justin@thisgeek.com></div> <div>250 MAIL FROM accepted</div> <div>rcpt to: <justin@testalias.ca></div> <div>554 Recipient address rejected: User unknown</div> <div> testalias.ca is already an alias for bvwgroup.com <p>Am I doing something wrong?</p> <p>-Justin<br />  </p></div> </div> <div class="field field-type-number-integer field-field-forum-solved-comment-id"> <div class="field-items"> <div class="field-item odd"> 3689011 </div> </div> </div> <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/domain-aliases-554-recipient-address-rejected-user-unknown#comments Brightmail Gateway Security Tue, 09 Mar 2010 10:34:57 +0000 xachen 1229621 at http://www.symantec.com/connect Outlook users from internet http://www.symantec.com/connect/forums/outlook-users-internet <p> Hi,</p> <p>I am using SMS 8380 appliance. Can any one plz help to configure outlook users accessing from internet to connect and access their mails.</p> <p>I am concerned because I am forwarding port 25 to Symantec mail security, so how will the roaming users access their mail box.</p> <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/outlook-users-internet#comments Brightmail Gateway Security Tue, 09 Mar 2010 08:30:57 +0000 raj.kumar 1229481 at http://www.symantec.com/connect SBG False Negative http://www.symantec.com/connect/forums/sbg-false-negative <p>I received a report of a false negative from SBG.  The message audit log shows the following:</p> <table class="defaultText" border="0" cellspacing="0" cellpadding="0" width="100%" align="center"> <tbody> <tr> <td class="horzDivider2" colspan="3" align="left">Message Data </td> </tr> <tr> <td><img alt="" src="https://kscusbg.kscu.com/brightmail/status/message-audit/images/Spacer.gif" width="10" height="8" /></td> <td nowrap="nowrap" align="left"><strong>ID:</strong></td> <td>c0a8cc06-b7c27ae000002466-26-4b9278dc1835</td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Message-ID:</strong></td> <td><blu138-w2382d1fbc5452eb7090b62a2370@phx.gbl></td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Tracker:</strong></td> <td>AAAABhMwDsITMDb+EyoXtRMqbX4TKuSCEysKIQ==</td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Accepted From:</strong></td> <td>65.55.111.164</td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Scanners:</strong></td> <td>Symantec Brightmail Gateway </td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Time accepted:</strong></td> <td>Saturday, Mar 06, 2010 07:46:36 AM PST</td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Direction:</strong></td> <td>Inbound</td> </tr> <tr> <td> </td> <td width="150" nowrap="nowrap" align="left"><strong>Sender:</strong></td> <td width="90%">hugoteixeirag@hotmail.com</td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Original recipients:</strong></td> <td><a href="mailto:scrossley@xxxx.com">scrossley@xxxx.com</a> </td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Original Subject:</strong></td> <td>re</td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Full attachment list:</strong></td> <td>None</td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Suspect attachments:</strong></td> <td>None</td> </tr> <tr> <td class="horzDivider2" colspan="3" align="left">Recipient Data </td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Intended recipient:</strong></td> <td><a href="mailto:shaun.crossley@xxxx.com">shaun.crossley@xxxx.com</a></td> </tr> <tr> <td colspan="2"> </td> <td class="horzDivider2" nowrap="nowrap" align="left"> </td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Verdict:</strong></td> <td> <table border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td width="175" nowrap="nowrap"><strong>Verdict</strong></td> <td width="175" nowrap="nowrap"><strong>Filter Policy</strong></td> <td width="175" nowrap="nowrap"><strong>Group</strong></td> <td width="175" nowrap="nowrap"><strong>Details</strong></td> </tr> <tr> <td>None </td> <td>default </td> <td>default </td> <td>None </td> </tr> </tbody> </table> </td> </tr> <tr> <td colspan="2"> </td> <td class="horzDivider2" nowrap="nowrap" align="left"> </td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Actions taken:</strong></td> <td>Deliver message normally </td> </tr> <tr> <td colspan="2"> </td> <td class="horzDivider2" nowrap="nowrap" align="left"> </td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Delivery:</strong></td> <td> <table border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td width="175" nowrap="nowrap"><strong>Delivered To</strong></td> <td width="275" nowrap="nowrap"><strong>Delivery Time</strong></td> </tr> <tr> <td nowrap="nowrap">x.x.x.x</td> <td>Saturday, Mar 06, 2010 07:46:36 AM PST </td> </tr> </tbody> </table> </td> </tr> <tr> <td colspan="2"> </td> <td class="horzDivider2" nowrap="nowrap" align="left"> </td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Untested verdicts:</strong> </td> <td>Message was sent from a suspect spammer, Locally identified suspected virus, Suspected virus, Content Compliance violation: Delete Executable Files Violations, Content Compliance violation: Delete Email Policy Violations, Content Compliance violation: Legal Disclaimer, Content Compliance violation: Delete True Type Executable Files Violations, Unknown recipient, Connection Class, Default Connection Class, Connection Class 1, Connection Class 2, Connection Class 3, Connection Class 4, Connection Class 5, Connection Class 6, Connection Class 7, Connection Class 8, Connection Class 9, Bounce attack signature present, Known language</td> </tr> <tr> <td> </td> <td class="horzDivider2" colspan="2" align="left"> </td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><strong>Other recipients:</strong></td> <td> </td> </tr> <tr> <td> </td> <td height="5" nowrap="nowrap" align="left"> </td> <td> </td> </tr> </tbody> </table> <p>There a couple interesting things to note about this one.  First, the message contents are quite obviously spam:</p> <div><b>From:</b> hugo graça [mailto:hugoteixeirag@hotmail.com] <br /> <b>Sent:</b> March-06-10 3:49 PM<br /> <b>To:</b> <a href="mailto:scrossley@finsvcs.com">scrossley@finsvcs.com</a><br /> <b>Subject:</b> re</div> <div> </div> <div>At <a href="http://digg.com/u3PMl8">medrx</a> got top brand name non generic like Cialis Vicodin Phentermine Xanax and more for less than your local pharmacy from home with no doctor hastles with extremely prompt ordering and descreet shipping. </div> <div align="center"> </div> <p>Hotmail: Free, trusted and rich email service. <a target="_new" href="https://signup.live.com/signup.aspx?id=60969">Get it now.</a></p> <p> Also, the policy for this recipient is using the default, which normally catches things with keywords like this.</p> <p>We have the "cannot retrieve LiveUpdates except for rapid response updates" bug currently affecting us.  Since switching to the rapid response updates, I've been noticing this stuff more and more.  I was advised that the upgrade for SBG 9 will resolve this bug.  Is there an updated release date for the version 9 update?  Anything else I can do to help prevent this sort of stuff from getting through?</p> <p>Thanks!</p> <div class="field field-type-number-integer field-field-forum-solved-comment-id"> <div class="field-items"> <div class="field-item odd"> 3682461 </div> </div> </div> <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/sbg-false-negative#comments Brightmail Gateway Spam Security Mon, 08 Mar 2010 18:15:25 +0000 arrow_203 1228621 at http://www.symantec.com/connect Delayed Mail (still being retried) http://www.symantec.com/connect/forums/delayed-mail-still-being-retried <p>I received the following message after I sent to my friend. However, my friend has already receive my message at the first time. WHAT HAPPEN TO MY BRIGHTMAIL GATEWAY??</p> <p>####################################################################<br /> # THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. # ####################################################################</p> <p>Your message could not be delivered for 1 days, 20 hours, 0 minutes.<br /> It will be retried until it is 5 days, 0 hours, 0 minutes old.</p> <p>For further assistance, please send mail to <postmaster></p> <p>If you do so, please include this problem report. You can delete your own text from the attached returned message.</p> <p><<a href="mailto:xxx@xxx.com">xxx@xxx.com</a>>: 421 xxx.com Error: timeout exceeded</p> <p> </p> <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/delayed-mail-still-being-retried#comments Brightmail Gateway Security Mon, 08 Mar 2010 09:32:43 +0000 tu-R-bo 1227921 at http://www.symantec.com/connect Setup and Implementation with Exchange 2003 SmartHost http://www.symantec.com/connect/forums/setup-and-implementation-exchange-2003-smarthost <p> I have Exchange 2003 setup sending/receiving fine.</p> <p>Inbound mail filtering on my SBG. V 8.03 </p> <p>my Inbound Mail Settings are:<br /> Inbound IP Address x.x.x.36 Port: 25</p> <p>Accpet inbound mail connections from all IP addresses</p> <p>Inbound Local Mail Delivery x.x.x.3 Port 25 MX Lookup No Preference 1</p> <p>This portion works like a champ.</p> <p>Incoming and outgoing mail work fine.</p> <p>I introduce outbound filtering. *following page 109 the the SGB book referenced in other posts.</p> <p>Outbound Mail Settings</p> <p>I use Virtual IP x.x.x.37 Port 25</p> <p>Outbound Mail Acceptance</p> <p>x.x.x.3 <br /> xxxx.net<br /> yyyy.net</p> <p>Outbound Non-Local Mail Delivery<br /> Use Mx Lookup for Non-Local Mail.</p> <p>Now here's the rub.</p> <p>I CAN telnet to x.x.x.36 25</p> <p>I CAN NOT telnet to x.x.x.37 25 </p> <p>554 <unkown [x.x.x.7]>: Client Host rejected: Access denied</p> <p>Connection to host lost.</p> <p> That's the first set of troubles I am having....</p> <p>Second set, which I believe is related.  When I go into MS Exchange/SMTP and Put in SmartHost....all outgoing email is immediately rejected.</p> <p> Solutions?</p> <p>Thanks!</p> <p><br type="_moz" /></p> <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/setup-and-implementation-exchange-2003-smarthost#comments Brightmail Gateway Basics Configuring MS Exchange Error messages Troubleshooting Security Sun, 07 Mar 2010 09:26:55 +0000 ClintMiller 1227581 at http://www.symantec.com/connect