Symantec Connect - Brightmail Gateway - Discussions
http://www.symantec.com/connect/brightmail-gateway/forums/feed
enSetting maximum quarantine message limit
http://www.symantec.com/connect/forums/setting-maximum-quarantine-message-limit
<p>Hello.</p>
<p>I just want to ask how to change maximum quarantine message limit in Brightmail 8.</p>
<p>I remembered in Symantec Mail for Security 5, that there was a hidden settings by pressing shift A in the settings tab to change the maximum quarantine message limit.<br />
In Brightmail 8, how would I change that setting?</p>
<p>TIA</p>
<div class="og_rss_groups"></div>http://www.symantec.com/connect/forums/setting-maximum-quarantine-message-limit#commentsBrightmail GatewayDesigningTestingSecurityThu, 11 Mar 2010 12:01:59 +0000eccen3k1239541 at http://www.symantec.com/connectSBG not updating virus definitions
http://www.symantec.com/connect/forums/sbg-not-updating-virus-definitions
<p>Hi,</p>
<p>One of our customers has an issue with a Brightmail appliance that is not updating the AV definitions. (SBG 8.0.3)<br />
I have checked licensing -> OK<br />
We have changed the frequency of liveupdate to 2hours and timeout at 40 mins.</p>
<div>Rapid responses work fine but when not selected, we have the error: The JLU process appears to be hanging and will be terminated<br />
Bellow you can see the log files from the jlu_controller.log</div>
<p></p>
<p>2010-03-10T10:40:02+02:00 (INFO:26927.3071923904): [54041] AV definitions update is available.<br />
2010-03-10T10:40:02+02:00 (INFO:26927.3071923904): [54030] Poll for new AntiVirus Definitions was successful.<br />
2010-03-10T10:40:00+02:00 (INFO:26927.3071923904): [54010] Poll for new AntiVirus Definitions was successfully started.<br />
2010-03-10T10:40:00+02:00 (DEBUG:26927.3071923904): [54043] Executing /usr/java/jre1.6.0_02/bin/java -classpath /opt/Symantec/LiveUpdate/jlu.jar com.symantec.liveupdate.LiveUpdate --available-list /data/scanner/stats/jluGwfUxo [ -p SMS for SMTP Avenge Definitions for x86-redhat7.2 -v 5.0 -l SymAllLanguages -t VirusDef ] <br />
2010-03-10T10:40:00+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content 30TRY] returned system code 0x80000016.<br />
2010-03-10T10:40:00+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content] returned system code 0x0.<br />
2010-03-10T10:40:00+02:00 (INFO:26927.3071923904): [54035] The next JLU poll is scheduled to begin in 0 hours, 0 minutes, and 0 seconds.<br />
2010-03-10T10:40:00+02:00 (ERROR:26927.3071923904): [54008] The JLU process appears to be hanging and will be terminated.<br />
</p>
<p> </p>
<p class="MsoPlainText">2010-03-10T09:49:22+02:00 (INFO:26927.3071923904): [54041] AV definitions update is available.<br />
2010-03-10T09:49:22+02:00 (INFO:26927.3071923904): [54030] Poll for new AntiVirus Definitions was successful.<br />
2010-03-10T09:49:21+02:00 (INFO:26927.3071923904): [54010] Poll for new AntiVirus Definitions was successfully started.<br />
2010-03-10T09:49:21+02:00 (DEBUG:26927.3071923904): [54043] Executing /usr/java/jre1.6.0_02/bin/java -classpath /opt/Symantec/LiveUpdate/jlu.jar com.symantec.liveupdate.LiveUpdate --available-list /data/scanner/stats/jluUsALPV [ -p SMS for SMTP Avenge Definitions for x86-redhat7.2 -v 5.0 -l SymAllLanguages -t VirusDef ] <br />
2010-03-10T09:49:21+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content 30TRY] returned system code 0x80000016.<br />
2010-03-10T09:49:21+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content] returned system code 0x0.<br />
2010-03-10T09:39:21+02:00 (INFO:26927.3071923904): [54035] The next JLU poll is scheduled to begin in 0 hours, 10 minutes, and 0 seconds.<br />
</p>
<p class="MsoPlainText">2010-03-10T09:39:21+02:00 (INFO:26927.3071923904): [54041] AV definitions update is available.<br />
2010-03-10T09:39:21+02:00 (INFO:26927.3071923904): [54030] Poll for new AntiVirus Definitions was successful.<br />
2010-03-10T09:39:20+02:00 (INFO:26927.3071923904): [54010] Poll for new AntiVirus Definitions was successfully started.<br />
2010-03-10T09:39:20+02:00 (DEBUG:26927.3071923904): [54043] Executing /usr/java/jre1.6.0_02/bin/java -classpath /opt/Symantec/LiveUpdate/jlu.jar com.symantec.liveupdate.LiveUpdate --available-list /data/scanner/stats/jluxIEa7C [ -p SMS for SMTP Avenge Definitions for x86-redhat7.2 -v 5.0 -l SymAllLanguages -t VirusDef ] <br />
2010-03-10T09:39:20+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content 30TRY] returned system code 0x80000016.<br />
2010-03-10T09:39:20+02:00 (DEBUG:26927.3071923904): [10250] The license check for [AntiVirus Content] returned system code 0x0.<br />
2010-03-10T09:39:20+02:00 (INFO:26927.3071923904): [54035] The next JLU poll is scheduled to begin in 0 hours, 0 minutes, and 0 seconds.<br />
2010-03-10T09:39:20+02:00 (INFO:26927.3071923904): [54057] The JLU controller was successfully started.<br />
2010-03-10T08:40:00+02:00 (ERROR:3454.3071751872): [54008] The JLU process appears to be hanging and will be terminated.</p>
<p class="MsoPlainText">2010-03-10T06:40:00+02:00 (ERROR:3454.3071751872): [54008] The JLU process appears to be hanging and will be terminated.</p>
<p class="MsoPlainText">2010-03-10T04:40:00+02:00 (ERROR:3454.3071751872): [54008] The JLU process appears to be hanging and will be terminated.</p>
<p>
Any ideas? I know that this is a common issue but what we could do?<br />
The idea to leave only the Rapid Responses is ok?</p>
<p>From the following article of KB <a href="http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009052813305654" title="http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009052813305654">http://service1.symantec.com/SUPPORT/ent-gate.nsf/...</a><br />
it says that <br />
"Antivirus rulesets are updated hourly (Rapid Release Definitions) and daily (LiveUpdate). Some products by default will use the LiveUpdate method<strong> however we recommend customers whenever is possible to switch to Rapid Release definitions to provide better protection at the Gateway</strong>."</p>
<p>Thanks in advance,<br />
Nikos</p>
<div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/connect/groups/partner-group"><span>Partner Group</span></a></li>
</ul></div>http://www.symantec.com/connect/forums/sbg-not-updating-virus-definitions#commentsBrightmail GatewayLiveUpdateSecurityPartner GroupWed, 10 Mar 2010 22:27:16 +0000nia1238951 at http://www.symantec.com/connectSymantec Mail Security for SMTP
http://www.symantec.com/connect/forums/symantec-mail-security-smtp-0
<p>Hi,</p>
<p>I am running Symantec Mail Security for SMTP version 5.0.1 on a Windows 2000 server. Is there an updated version?<br />
If so, how can I get this new vesion.</p>
<p>Thanks </p>
<p>Carolin </p>
<div class="field field-type-number-integer field-field-forum-solved-comment-id">
<div class="field-items">
<div class="field-item odd">
3694551 </div>
</div>
</div>
<div class="og_rss_groups"></div>http://www.symantec.com/connect/forums/symantec-mail-security-smtp-0#commentsBrightmail GatewaySecurityWed, 10 Mar 2010 15:40:27 +0000carolin1231891 at http://www.symantec.com/connectNAT between scanner and Control center
http://www.symantec.com/connect/forums/nat-between-scanner-and-control-center
<p>Hi,</p>
<p>We plan to install two SBG scanners in DMZ and separate Control center in Intranet. There is a NAT between those two zones. Are there any limitation at such a deployment.</p>
<p>Best Regards</p>
<p>Stano</p>
<div class="og_rss_groups"><ul class="links"><li class="og_links first last"><a href="/connect/groups/partner-group"><span>Partner Group</span></a></li>
</ul></div>http://www.symantec.com/connect/forums/nat-between-scanner-and-control-center#commentsBrightmail GatewaySecurityPartner GroupTue, 09 Mar 2010 18:53:39 +0000stano1230641 at http://www.symantec.com/connect554 5.4.4 [internal] domain lookup failed
http://www.symantec.com/connect/forums/554-544-internal-domain-lookup-failed
<p>I am unable to email to some domains.</p>
<p>I receive this error in the delivery report. "554 5.4.4 [internal] Domain Lookup Failed"</p>
<p>I have found the recipeint email is hosted on google apps.</p>
<p>I am able to run the utilities and do an NSlookup for the MX record for the domain form the BrightMail device</p>
<p>I am also able to telnet to the server from my pc.</p>
<p>Have to use the <> around the email addresses when rcpt to and mail from</p>
<div class="og_rss_groups"></div>http://www.symantec.com/connect/forums/554-544-internal-domain-lookup-failed#commentsBrightmail GatewayError messagesSecurityTue, 09 Mar 2010 16:35:25 +0000Brentwood1230361 at http://www.symantec.com/connectDomain aliases - 554 Recipient address rejected: User unknown
http://www.symantec.com/connect/forums/domain-aliases-554-recipient-address-rejected-user-unknown
<p> Hello,</p>
<p>- Just installed Brightmail 8.0.3-11<br />
- Invalid Recipient Handling is disabled.</p>
<p>When I add domain aliases to the control panel and try to send an email to that alias I get this issue:</p>
<div>
<div>[root@flatliners ~]# telnet protector-01.xxxxxxxx 25</div>
<div>Trying xx.49.56.xx...</div>
<div>Connected to protector-01.xxxxxxxxxx (xx.49.56.xx).</div>
<div>Escape character is '^]'.</div>
<div>220 protector-01.xxxxxxxxxx ESMTP Bow Valley Gateway</div>
<div>helo thisgeek.com</div>
<div>250 protector-01.xxxxxxxxxxx says HELO to xxxxxxxxxx:6887</div>
<div>mail from: <justin@thisgeek.com></div>
<div>250 MAIL FROM accepted</div>
<div>rcpt to: <justin@testalias.ca></div>
<div>554 Recipient address rejected: User unknown</div>
<div>
testalias.ca is already an alias for bvwgroup.com
<p>Am I doing something wrong?</p>
<p>-Justin<br />
</p></div>
</div>
<div class="field field-type-number-integer field-field-forum-solved-comment-id">
<div class="field-items">
<div class="field-item odd">
3689011 </div>
</div>
</div>
<div class="og_rss_groups"></div>http://www.symantec.com/connect/forums/domain-aliases-554-recipient-address-rejected-user-unknown#commentsBrightmail GatewaySecurityTue, 09 Mar 2010 10:34:57 +0000xachen1229621 at http://www.symantec.com/connectOutlook users from internet
http://www.symantec.com/connect/forums/outlook-users-internet
<p>
Hi,</p>
<p>I am using SMS 8380 appliance. Can any one plz help to configure outlook users accessing from internet to connect and access their mails.</p>
<p>I am concerned because I am forwarding port 25 to Symantec mail security, so how will the roaming users access their mail box.</p>
<div class="og_rss_groups"></div>http://www.symantec.com/connect/forums/outlook-users-internet#commentsBrightmail GatewaySecurityTue, 09 Mar 2010 08:30:57 +0000raj.kumar1229481 at http://www.symantec.com/connectSBG False Negative
http://www.symantec.com/connect/forums/sbg-false-negative
<p>I received a report of a false negative from SBG. The message audit log shows the following:</p>
<table class="defaultText" border="0" cellspacing="0" cellpadding="0" width="100%" align="center">
<tbody>
<tr>
<td class="horzDivider2" colspan="3" align="left">Message Data </td>
</tr>
<tr>
<td><img alt="" src="https://kscusbg.kscu.com/brightmail/status/message-audit/images/Spacer.gif" width="10" height="8" /></td>
<td nowrap="nowrap" align="left"><strong>ID:</strong></td>
<td>c0a8cc06-b7c27ae000002466-26-4b9278dc1835</td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Message-ID:</strong></td>
<td><blu138-w2382d1fbc5452eb7090b62a2370@phx.gbl></td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Tracker:</strong></td>
<td>AAAABhMwDsITMDb+EyoXtRMqbX4TKuSCEysKIQ==</td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Accepted From:</strong></td>
<td>65.55.111.164</td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Scanners:</strong></td>
<td>Symantec Brightmail Gateway </td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Time accepted:</strong></td>
<td>Saturday, Mar 06, 2010 07:46:36 AM PST</td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Direction:</strong></td>
<td>Inbound</td>
</tr>
<tr>
<td> </td>
<td width="150" nowrap="nowrap" align="left"><strong>Sender:</strong></td>
<td width="90%">hugoteixeirag@hotmail.com</td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Original recipients:</strong></td>
<td><a href="mailto:scrossley@xxxx.com">scrossley@xxxx.com</a> </td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Original Subject:</strong></td>
<td>re</td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Full attachment list:</strong></td>
<td>None</td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Suspect attachments:</strong></td>
<td>None</td>
</tr>
<tr>
<td class="horzDivider2" colspan="3" align="left">Recipient Data </td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Intended recipient:</strong></td>
<td><a href="mailto:shaun.crossley@xxxx.com">shaun.crossley@xxxx.com</a></td>
</tr>
<tr>
<td colspan="2"> </td>
<td class="horzDivider2" nowrap="nowrap" align="left"> </td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Verdict:</strong></td>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td width="175" nowrap="nowrap"><strong>Verdict</strong></td>
<td width="175" nowrap="nowrap"><strong>Filter Policy</strong></td>
<td width="175" nowrap="nowrap"><strong>Group</strong></td>
<td width="175" nowrap="nowrap"><strong>Details</strong></td>
</tr>
<tr>
<td>None </td>
<td>default </td>
<td>default </td>
<td>None </td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="2"> </td>
<td class="horzDivider2" nowrap="nowrap" align="left"> </td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Actions taken:</strong></td>
<td>Deliver message normally </td>
</tr>
<tr>
<td colspan="2"> </td>
<td class="horzDivider2" nowrap="nowrap" align="left"> </td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Delivery:</strong></td>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td width="175" nowrap="nowrap"><strong>Delivered To</strong></td>
<td width="275" nowrap="nowrap"><strong>Delivery Time</strong></td>
</tr>
<tr>
<td nowrap="nowrap">x.x.x.x</td>
<td>Saturday, Mar 06, 2010 07:46:36 AM PST </td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="2"> </td>
<td class="horzDivider2" nowrap="nowrap" align="left"> </td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Untested verdicts:</strong> </td>
<td>Message was sent from a suspect spammer, Locally identified suspected virus, Suspected virus, Content Compliance violation: Delete Executable Files Violations, Content Compliance violation: Delete Email Policy Violations, Content Compliance violation: Legal Disclaimer, Content Compliance violation: Delete True Type Executable Files Violations, Unknown recipient, Connection Class, Default Connection Class, Connection Class 1, Connection Class 2, Connection Class 3, Connection Class 4, Connection Class 5, Connection Class 6, Connection Class 7, Connection Class 8, Connection Class 9, Bounce attack signature present, Known language</td>
</tr>
<tr>
<td> </td>
<td class="horzDivider2" colspan="2" align="left"> </td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><strong>Other recipients:</strong></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td height="5" nowrap="nowrap" align="left"> </td>
<td> </td>
</tr>
</tbody>
</table>
<p>There a couple interesting things to note about this one. First, the message contents are quite obviously spam:</p>
<div><b>From:</b> hugo graça [mailto:hugoteixeirag@hotmail.com] <br />
<b>Sent:</b> March-06-10 3:49 PM<br />
<b>To:</b> <a href="mailto:scrossley@finsvcs.com">scrossley@finsvcs.com</a><br />
<b>Subject:</b> re</div>
<div> </div>
<div>At <a href="http://digg.com/u3PMl8">medrx</a> got top brand name non generic like Cialis Vicodin Phentermine Xanax and more for less than your local pharmacy from home with no doctor hastles with extremely prompt ordering and descreet shipping. </div>
<div align="center">
</div>
<p>Hotmail: Free, trusted and rich email service. <a target="_new" href="https://signup.live.com/signup.aspx?id=60969">Get it now.</a></p>
<p>
Also, the policy for this recipient is using the default, which normally catches things with keywords like this.</p>
<p>We have the "cannot retrieve LiveUpdates except for rapid response updates" bug currently affecting us. Since switching to the rapid response updates, I've been noticing this stuff more and more. I was advised that the upgrade for SBG 9 will resolve this bug. Is there an updated release date for the version 9 update? Anything else I can do to help prevent this sort of stuff from getting through?</p>
<p>Thanks!</p>
<div class="field field-type-number-integer field-field-forum-solved-comment-id">
<div class="field-items">
<div class="field-item odd">
3682461 </div>
</div>
</div>
<div class="og_rss_groups"></div>http://www.symantec.com/connect/forums/sbg-false-negative#commentsBrightmail GatewaySpamSecurityMon, 08 Mar 2010 18:15:25 +0000arrow_2031228621 at http://www.symantec.com/connectDelayed Mail (still being retried)
http://www.symantec.com/connect/forums/delayed-mail-still-being-retried
<p>I received the following message after I sent to my friend. However, my friend has already receive my message at the first time. WHAT HAPPEN TO MY BRIGHTMAIL GATEWAY??</p>
<p>####################################################################<br />
# THIS IS A WARNING ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. # ####################################################################</p>
<p>Your message could not be delivered for 1 days, 20 hours, 0 minutes.<br />
It will be retried until it is 5 days, 0 hours, 0 minutes old.</p>
<p>For further assistance, please send mail to <postmaster></p>
<p>If you do so, please include this problem report. You can delete your own text from the attached returned message.</p>
<p><<a href="mailto:xxx@xxx.com">xxx@xxx.com</a>>: 421 xxx.com Error: timeout exceeded</p>
<p> </p>
<div class="og_rss_groups"></div>http://www.symantec.com/connect/forums/delayed-mail-still-being-retried#commentsBrightmail GatewaySecurityMon, 08 Mar 2010 09:32:43 +0000tu-R-bo1227921 at http://www.symantec.com/connectSetup and Implementation with Exchange 2003 SmartHost
http://www.symantec.com/connect/forums/setup-and-implementation-exchange-2003-smarthost
<p> I have Exchange 2003 setup sending/receiving fine.</p>
<p>Inbound mail filtering on my SBG. V 8.03 </p>
<p>my Inbound Mail Settings are:<br />
Inbound IP Address x.x.x.36 Port: 25</p>
<p>Accpet inbound mail connections from all IP addresses</p>
<p>Inbound Local Mail Delivery x.x.x.3 Port 25 MX Lookup No Preference 1</p>
<p>This portion works like a champ.</p>
<p>Incoming and outgoing mail work fine.</p>
<p>I introduce outbound filtering. *following page 109 the the SGB book referenced in other posts.</p>
<p>Outbound Mail Settings</p>
<p>I use Virtual IP x.x.x.37 Port 25</p>
<p>Outbound Mail Acceptance</p>
<p>x.x.x.3 <br />
xxxx.net<br />
yyyy.net</p>
<p>Outbound Non-Local Mail Delivery<br />
Use Mx Lookup for Non-Local Mail.</p>
<p>Now here's the rub.</p>
<p>I CAN telnet to x.x.x.36 25</p>
<p>I CAN NOT telnet to x.x.x.37 25 </p>
<p>554 <unkown [x.x.x.7]>: Client Host rejected: Access denied</p>
<p>Connection to host lost.</p>
<p>
That's the first set of troubles I am having....</p>
<p>Second set, which I believe is related. When I go into MS Exchange/SMTP and Put in SmartHost....all outgoing email is immediately rejected.</p>
<p>
Solutions?</p>
<p>Thanks!</p>
<p><br type="_moz" /></p>
<div class="og_rss_groups"></div>http://www.symantec.com/connect/forums/setup-and-implementation-exchange-2003-smarthost#commentsBrightmail GatewayBasicsConfiguringMS ExchangeError messagesTroubleshootingSecuritySun, 07 Mar 2010 09:26:55 +0000ClintMiller1227581 at http://www.symantec.com/connect