Endpoint Protection

 View Only

  • 1.  Email proxy and SMTP connection termination

    Posted Mar 30, 2011 06:41 AM

    Hello,

    We have a software that uses EasyMail object to send email. If I have assumed right, Symantec Email Proxy receives outgoing mail and relays it. The problem is that EasyMail component assumes that mail is successfully sent to the recipient and terminates the smtp session, and because of that SEP gives error message:

    This happens with bigger attachments only.

    Is there a way to work around this without making modifications to the software? Is it possible for example to use SEP to re-establish SMTP session?  This software is often used when high-speed connection isn't available.

    SEP version is 11.0.6100.645

    Thank you in advance!

     

     

     

     

     

     

     



  • 2.  RE: Email proxy and SMTP connection termination
    Best Answer

    Posted Mar 30, 2011 08:14 AM

    Use authenticated SMTP server and that should resolve the issue.



  • 3.  RE: Email proxy and SMTP connection termination

    Posted Mar 30, 2011 08:15 AM

     

    Many Unexpected Pop-Ups from Symantec Email Proxy are Displayed

     

     

    Problem


    A Symantec Antivirus or Symantec Endpoint Protection client which has the optional Email tools installed suddenly begins to display many pop-up warnings or errors about messages that could not be sent. This occurs even when the user has not sent any mail from their mail client (Outlook, Thunderbird, or similar).

    Symptoms
    Pop-up messages will be similar to:

    Your email message was unable to be sent because your mail server rejected the recipient:: 554 Too many recipients
    Your email message was unable to be sent because your mail server rejected the message: 554 5.7.1 Message rejected under the suspicion of SPAM (1003,11)
    Your email message was unable to be sent because your mail server rejected the message: 571 Message Refused
    Your email message was unable to be sent because your mail server rejected the message: 551 5.7.1 
    "Your email message to [email address of recipient] with the subject [email subject] was unable to be sent . . ." (1003,9) 

     

    Cause


    Spam is often sent from botnets of compromised computers. If large numbers of the errors listed above are appearing, it is highly likely that the computer have been infected by an undetected threat and is being used to send unwanted commercial email (UCE).

    Solution


    If subject lines and recipients are displayed, examine them to determine if mails were intentionally sent from the mail client.

    If not, isolate the computer from the network and follow best practice to determine if a currently undetected threat is operating on this computer. Checking what program is using common mail ports (performing a netstat -ao from the command line to learn what process is communicating on port 25) is often the best first step. 


    References
    The following articles will help to identify and remove an undetected threat :

    Best practices for troubleshooting viruses on a network
    Using SEP 11's Network Activity Tool to Identify Suspicious Processes



  • 4.  RE: Email proxy and SMTP connection termination

    Posted Apr 11, 2011 03:00 AM

    Thank you for your help!



  • 5.  RE: Email proxy and SMTP connection termination

    Posted Apr 21, 2011 12:54 PM

    Hello,

    using SEP client on PC with own smtp server I've encountered misbehaviour of SEP scaning SMTP outgoing mails. SEP recieves mail from local SMTP and retunrs him ok, further it tryes to deliver to server using graylisting for spam protection gets a 451 respond, but insted of trying later again or returning this respond back to local smpt, it displays a message 1003,11. This behaviour results in non delivering the message.

    Unfortunately I could not find possibility to switch off smtp check only. Switching off both pop3 and smpt check seems me not appropriate solution.

     

    Please suggest some solution to keep messages checked by SEP and delivering them to servers using greylisting.

     

    Thanks Marek