Messaging Gateway

We are not sending email through the appliance, thus I believe this is spoofers. I just need to remove any notifications that get sent to users via the Symantec appliance in regards to NDRs

using Symantec Brightmail  Gateway v7.7 appliance.

Thanks!

From: Mail Delivery System <MAILER-DAEMON@sms.domamer.anhamer.anhrefractories.com>

To: Smith, John

Sent: Mon Jan 12 18:29:08 2009

Subject: Delayed Mail (still being retried)

 <<Delivery report>>

 <<Undelivered Message Headers>> This is the Symantec Brightmail Gateway program at host sms.domamer.anhamer.anhrefractories.com.

####################################################################

# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. # ####################################################################

Your message could not be delivered for 144.0 hours.

It will be retried until it is 5.0 days old.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

                  The Symantec Brightmail Gateway program

<{removed}>: host 10.128.132.75[10.128.132.75] said: 421

    Closing Connection (in reply to end of DATA command)

[Edited: Removed personal information per the community rules and regulations.]

So who is actually receiving these messages, some your internal users? Or is this a postmasters mailbox or someone else?  Do the adresses it is trying to send them to actually exist?  How is the appliance configured in the environment is it receiving inbound messages only and relaying to the internal mail servers?

Kevin

internal users

it doesnt say where the messages are going, from what i can tell by the message information

all outbound email does not go thru the symantec appliance

inbound does come through the appliance to our exchange smtp front end server

And do these internal users do exist and are valid addresses?  Do you have the message audit logs enabled? If you enter some of the addresses as senders and run a query over the past week, does it indicate these users are somehow sending or trying to send outbound messages via the appliance?

We can't actually stop these messages from happening, but if we can figure out what's happening we can look to rectify it.

Actually one thing you might be able to do is to modify the 'Message delay time in queue before notification' so it's actually a longer period of time than the 'Sent message time-out' setting. If you do this in theory the message should be deleted before the delay notification gets sent.  These settings are accessible on the Advanced SMTP settings page, you can get there by editing your Scanner on the Administration -> Hosts -> Configuration page, cliking the SMTP tab, then hitting the Advanced SMTP settings button at the bottom of that page.

Ideally what you need to do is figure out what's going on here though.

Kevin

I have the same problem:

From: Mail Delivery System [mailto:MAILER-DAEMON@Rihanna.visionsoftware.loc]
Sent: martes, 20 de enero de 2009 01:09 p.m.
To: Paola Andrea Barrera Quevedo
Subject: Delayed Mail (still being retried)

This is the Symantec Brightmail Gateway program at host Rihanna.visionsoftware.loc.

####################################################################
# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. # ####################################################################

Your message could not be delivered for 4.0 hours.
It will be retried until it is 5.0 days old.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

                       The Symantec Brightmail Gateway program

<{removed}>: host 172.16.0.198[172.16.0.198] said: 421
   Closing Connection (in reply to end of DATA command)

[Edited: Removed personal information per the community rules and regulations.]

We are experiencing the same problem as well.  It started around January 15th and is affecting all of our internal users.  I tried the suggestion above but to no avail.  Any advice or help would be much appreciated...thanks!

Additionally, we only use the Symantec appliance for incoming email - not outgoing.

We are now starting to receive System Undeliverable as well.

Here is an example of the Delayed Mail:

This is the Symantec Mail Security program at host spammy.gandg.

####################################################################
# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. # ####################################################################

Your message could not be delivered for 4.0 hours.
It will be retried until it is 5.0 days old.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

   The Symantec Mail Security program

<{removed}>: host 192.168.0.2[192.168.0.2] said: 421 Closing
    Connection (in reply to end of DATA command)

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.176 / Virus Database: 270.10.7/1893 - Release Date: 1/20/2009 7:49 AM

HERE IS AN EXAMPLE OF THE SYSTEM UNDELIVERABLE MESSAGE:

Your message did not reach some or all of the intended recipients.

      Subject: RE: Message 44908
      Sent: 1/15/2009 9:08 PM

The following recipient(s) cannot be reached:

   Liane Harrold on 1/20/2009 9:30 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spammy.gandg #4.0.0 X-Symantec-Mail-Security; host 192.168.0.2[192.168.0.2] said:    421 Closing Connection (in reply to end of DATA command)>

(I did not send a message with this Subject Line)

Thanks for any help...

Liane Harrold