Messaging Gateway

 View Only

  • 1.  Duplicate Internet email entries showing in Audit Log

    Posted Aug 11, 2009 09:56 AM
    We are running SBG 8.02. In the Audit log, when I search for inbound internet emails such as gmail.com or hotmail.com I notice that the audit logs show 2 entries for 1 email. And it shows 2 actions that the appliance applied. I redacted our domain address, hence the  ------.com. The result is the emails do get delivered which is fine but whats up with the second entry that says "Message rejected by MTA"?

    Here's a couple exampes:

    Tuesday, Aug 11, 2009 09:45:56 AM EDT msdavis.06@gmail.com mdavis@---------.com re: hey Known language Deliver message normally Tuesday, Aug 11, 2009 09:45:56 AM EDT msdavis.06@gmail.com None re: hey   Message rejected by MTA Tuesday, Aug 11, 2009 09:43:45 AM EDT gary.sonterpat@gmail.com hcollins@---------.com atlantis sale status Unscannable Deliver message normally Tuesday, Aug 11, 2009 09:43:45 AM EDT gary.sonterpat@gmail.com None atlantis sale status   Message rejected by MTA   


  • 2.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Aug 11, 2009 05:29 PM
    So I found this document that discusses Aliasing, 
     
    Title: 'Message rejected by MTA due to alias transformation'
    Document ID: 2009042211325354

    However, the odd thing is that the mail is showing "None" for the address on the second line. I can't say as I know what is happening there, but are you doing any aliasing that might be the culprit?

    Let me know.
    Thanks! 


  • 3.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Aug 13, 2009 10:34 AM
     


  • 4.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Aug 13, 2009 04:12 PM
    Hi there,

    What's your environment setup? Is the SBG Appliance at the gateway ? Are you using LDAP ?

    Thank you,
    Marco Bicca


  • 5.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Aug 14, 2009 01:33 PM
     The Scanner appliance sits in the DMZ as the gateway and the Control Center sits in our lan. We are using LDAP. No issues with LDAP in our logs...


  • 6.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Aug 29, 2009 03:07 AM
    Hi There..

    Did you checked in the audit logs for both same mail coming from same  source address ?

    Did your brightmail is enable with IP Reputation service ?


    awaiting for reply !!



  • 7.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Oct 03, 2009 02:41 AM
    You said you are using LDAP Right? Are you seeing recipients being rewritten in the Audit Log? Can you actually post a screenshot of exactly what you see in the Message Audit Log screen results?


  • 8.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Oct 21, 2009 10:48 AM
    10-21-2009 10-37-26 AM.png 


  • 9.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Oct 21, 2009 10:49 AM
    so you can see with the pic above, the appliance thinks its getting 2 emails and behaves differently on the second one...Never saw this before we upgraded to ver 8.

    Need help! :)
    Stephen 


  • 10.  RE: Duplicate Internet email entries showing in Audit Log

    Posted Oct 21, 2009 11:39 AM
    Hi,

    I've seen a similar issue in the past and is documented in the following KB article:
    service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009101313280854
    I remember there was an upstream device blocking the inbound SMTPO EHLO command forcing the remote MTA to fail back to HELO (apologies if this is too technical).
    Hope it helps. Let me know.

    Regards,

    Federico