E-mail Notifications for Risk
Here's my documented attempt to have Symantec send me email notifications upon all sorts of alerts.
From this link :
http://service1.symantec.com/SUPPORT/ent-security....
Im running Exchange 2003 SP2 server for mail on port 25
I configured the email server and have tried the folowing variations:
Server Address: mail.domain.com
Port number" 25
User Name: symantec@domain.com
Password: password
Server Address: 10.0.1.100
Port number: 25
User Name: symantec@domain.com
Password: password
Server Address: External Ip Address
Port number: 25
User Name: symantec@domain.com
Password: password
Server Address: server
Port number: 25
User Name: symantec@domain.com
Password: password
Server Address: server.arc.local
Port number: 25
User Name: symantec@domain.com
Password: password
Server Address: mail.domain.com
Port number: 25
User Name: symantec
Password: password
The notifications are set for every type of risk there is such as New Risk detected, Virus definition out of date etc.
Im using EICAR (http://www.eicar.org/anti_virus_test_file.htm) to test the notifications
I have also followed the http://service1.symantec.com/SUPPORT/ent-security....
and it seems that while Delete EICAR events is unchecked and the damper is set to 20 minutes on every type of risk, Im not getting the EICAR events to appear under Monitors>Logs>Risk Logs
At this point im not sure whether its a matter of bad mail server configuration or EICAR not even reporting to SEPM console.
I do however see bunch of
March 17, 2010 5:19:08 PM CDT: Email sending failed [Site: Site server2] [Server: server2]
notifications under Admin > Servers log at the bottom
I will appreciate any help, advice or pointers in the right direction
Comments
IP and Port
Hi Drudnev,
My notification are working fine with just the mail server's IP address and port specified: try leaving the user name and password blank.
(I'm also using that SP of Exchange 2003, with SEP 11 RU5 running on a 64-bit server....)
This forum thread may contain some extra tips: No longer receiving e-mail alerts from SEP R11.5 Server
Please let the forum know of your progress!
Thanks and best regards,
Mick
With thanks and best regards,
Mick
IP and Port
Hi Drudnev,
My notification are working fine with just the mail server's IP address and port specified: try leaving the user name and password blank.
(I'm also using that SP of Exchange 2003, with SEP 11 RU5 running on a 64-bit server....)
This forum thread may contain some extra tips: No longer receiving e-mail alerts from SEP R11.5 Server
Please let the forum know of your progress!
Thanks and best regards,
Mick
With thanks and best regards,
Mick
Ive tried removing the user
Ive tried removing the user name and password with following combinations for server name:
10.0.1.100 (internal ip)
servername
server.domain.local
external ip
no luck.
Notifications:
Drudnev -
First you should not have any username and password. You only utilize username and password if your mail server is setup for authentication for sending and receiving mail.
If the Exchange server is on the same machine as the SEP SBE 12.0 management server then try localhost.
THe other thing you can try is telnet 'mail server host name ' 25 from the SEP management server. If you are able to establish a connection, try sending an email through the command line using the SMTP commands. See http://www.garnetchaney.com/how_to_telnet_to_a_mai... (SMTP - to send mail).
If you are able to sccessfully send mail, then your SEP management server should also be able to send mail.
Last option, just leave the "Server, Username, and Password" filed blank. The way SEP SBE was designed is if it cannot connect to the mail server, it becomes a mail server and tries to send email directly by looking up the MX record of the recepients domain.
Hope that helps, let us know how it goes.
best regards,
Nimesh.
Would you like to reply?
Login or Register to post your comment.