Messaging Gateway

 View Only

  • 1.  i found so many rejection messages

    Posted Sep 16, 2010 01:34 AM

    Hi,

    I found that so many rejection messages inside our 2 Symantec Brightmail Gateway version 9.0.1-1 ,

    /data/logs/scanner/audit_mta_logYEARMONTHDAY0000

    where the xxx.xxx.xxx.xxx is the ip address of the connection come from,

    ---------------------------------------------------------

     

    1284614565|cb5c5643-b7b3aae000003aff-26-4c91a9a55599|IRCPTACTION|<none>|msg_reject_other
    1284614585|cb5c5643-b7b3aae000003aff-27-4c91a9b93407|ACCEPT|xxx.xxx.xxx.xxx:46417
    1284614585|cb5c5643-b7b3aae000003aff-27-4c91a9b93407|IRCPTACTION|<none>|msg_reject_other
    1284614603|cb5c5643-b7b3aae000003aff-28-4c91a9cb91e2|ACCEPT|203.92.86.167:53310
    1284614605|cb5c5643-b7b3aae000003aff-29-4c91a9cdb6a1|ACCEPT|xxx.xxx.xxx.xxx:46427
    1284614605|cb5c5643-b7b3aae000003aff-29-4c91a9cdb6a1|IRCPTACTION|<none>|msg_reject_other
    1284614625|cb5c5643-b7b3aae000003aff-2a-4c91a9e16e23|ACCEPT|xxx.xxx.xxx.xxx:46437
    1284614625|cb5c5643-b7b3aae000003aff-2a-4c91a9e16e23|IRCPTACTION|<none>|msg_reject_other
    1284614645|cb5c5643-b7b3aae000003aff-2b-4c91a9f5e8df|ACCEPT|xxx.xxx.xxx.xxx:46447
    1284614645|cb5c5643-b7b3aae000003aff-2b-4c91a9f5e8df|IRCPTACTION|<none>|msg_reject_other
    1284614665|cb5c5643-b7b3aae000003aff-2c-4c91aa094255|ACCEPT|xxx.xxx.xxx.xxx:46457
    1284614665|cb5c5643-b7b3aae000003aff-2c-4c91aa094255|IRCPTACTION|<none>|msg_reject_other
    1284614685|cb5c5643-b7b3aae000003aff-2d-4c91aa1de0df|ACCEPT|xxx.xxx.xxx.xxx:56117
    1284614685|cb5c5643-b7b3aae000003aff-2d-4c91aa1de0df|IRCPTACTION|<none>|msg_reject_other
    1284614705|cb5c5643-b7b3aae000003aff-2e-4c91aa3181e1|ACCEPT|xxx.xxx.xxx.xxx:56127
    1284614705|cb5c5643-b7b3aae000003aff-2e-4c91aa3181e1|IRCPTACTION|<none>|msg_reject_other
    1284614725|cb5c5643-b7b3aae000003aff-2f-4c91aa45c188|ACCEPT|xxx.xxx.xxx.xxx:56137
    1284614725|cb5c5643-b7b3aae000003aff-2f-4c91aa45c188|IRCPTACTION|<none>|msg_reject_other
    1284614745|cb5c5643-b7b3aae000003aff-30-4c91aa59d150|ACCEPT|xxx.xxx.xxx.xxx:56147
    1284614745|cb5c5643-b7b3aae000003aff-30-4c91aa59d150|IRCPTACTION|<none>|msg_reject_other
    1284614765|cb5c5643-b7b3aae000003aff-31-4c91aa6d7325|ACCEPT|xxx.xxx.xxx.xxx:56157
    1284614765|cb5c5643-b7b3aae000003aff-31-4c91aa6d7325|IRCPTACTION|<none>|msg_reject_other
    1284614773|cb5c5643-b7b3aae000003aff-32-4c91aa75b29f|ACCEPT|203.92.86.55:38517
    1284614773|cb5c5643-b7b3aae000003aff-32-4c91aa75b29f|IRCPTACTION|<none>|msg_reject_other
    1284614773|cb5c5643-b7b3aae000003aff-33-4c91aa75a01e|ACCEPT|203.92.86.55:38518
    1284614773|cb5c5643-b7b3aae000003aff-33-4c91aa75a01e|IRCPTACTION|<none>|msg_reject_other
    1284614785|cb5c5643-b7b3aae000003aff-34-4c91aa818fb3|ACCEPT|xxx.xxx.xxx.xxx:56167
    1284614785|cb5c5643-b7b3aae000003aff-34-4c91aa818fb3|IRCPTACTION|<none>|msg_reject_other
     

    ---------------------------------------------------------

    but we are able to send/receive email through our Symantec Brightmail Gateway version 9.0.1-10 , only concern about those message , how we can find out whether that message due to certain policies/rules implemented ?
     
    Thanks,
    Cheers,
    harris


  • 2.  RE: i found so many rejection messages

    Posted Sep 16, 2010 05:00 AM

    ouch, i found the cause, since that ip address (where the connection came from) is not listed in the allowed ip address list on Symantec Brightmail,

    adding that ip address solved my problem,

    Thanks,

    Cheers,

    Harris

     

     



  • 3.  RE: i found so many rejection messages

    Broadcom Employee
    Posted Sep 16, 2010 11:14 AM

    So, they are legitimate messages?

    The best place to look for information would be the Message Audit Log. You can runa  query on the connection IP and it will show you the logs for connections from that IP.



  • 4.  RE: i found so many rejection messages

    Posted Sep 16, 2010 12:16 PM

    I'm hoping that was an outbound interface and not your inbound interface.  Do you know you can use CIDR notation in the IP address range rules as in 10.0.0.0/8



  • 5.  RE: i found so many rejection messages

    Posted Sep 17, 2010 01:00 AM

    Hi Cricket17,

    Thanks for your response, adding those ip addresses from /data/logs/scanner/audit_mta_logDATE0000  to the  "Outbound Mail Acceptance" or "Inbound Mail Acceptance"  as long that those ips are legitimate on , solved my problem 

     

    Cheers,



  • 6.  RE: i found so many rejection messages
    Best Answer

    Posted Sep 17, 2010 01:00 AM

    Hi Cricket17,

    Thanks for your response, adding those ip addresses from /data/logs/scanner/audit_mta_logDATE0000  to the  "Outbound Mail Acceptance" or "Inbound Mail Acceptance"  as long that those ips are legitimate on , solved my problem 

     

    Cheers,



  • 7.  RE: i found so many rejection messages

    Posted Sep 17, 2010 01:05 AM

    Hi Davis,

    yup they were legitimate messages , thanks for the response and  for very useful information,

    Cheers