Video Screencast Help

Mail Proxy Error

Created: 10 May 2013 • Updated: 11 May 2013 | 19 comments

Hello every body

I am using Symantec Endpoint Protection Manager 12.1 it is installed in a virtual machine, win2003 Server.

My own OS is  win7 SP1,

here is my problem : some times I see this error messages :

error.png

error2.png

I don't know what is this errors, I think my system have problem I sending advertising email,

but I can't find it and kill it, here is my nestat information on port number 25. the PID 2124 is SepMaster Service for symantec

D:\Users\hamid>netstat -aon | findstr :25
  TCP    192.168.55.41:55838    98.136.216.26:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55888    66.196.118.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55894    66.196.118.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55896    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55901    98.138.112.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55914    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55922    98.136.217.203:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:55924    66.196.118.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55930    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55935    66.196.118.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55952    98.138.112.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:55967    98.136.217.202:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:55998    66.196.118.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56001    98.138.112.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56016    98.136.217.203:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:56026    98.138.112.33:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56047    98.138.112.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56084    98.136.217.202:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:56125    98.138.112.33:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56127    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56129    66.196.118.33:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56158    66.196.118.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56161    98.138.112.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56183    98.136.216.25:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56222    98.136.217.203:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:56235    98.138.112.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56239    98.138.112.38:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56249    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56266    66.196.118.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56289    98.138.112.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56292    66.196.118.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56304    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56314    98.136.216.26:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56316    98.138.112.32:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56318    98.138.112.38:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56320    66.196.118.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56325    66.196.118.33:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56342    98.138.112.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56350    98.138.112.38:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56389    98.138.112.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56392    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56394    65.55.37.72:25         ESTABLISHED     2124
  TCP    192.168.55.41:56396    65.54.188.94:25        ESTABLISHED     2124
  TCP    192.168.55.41:56399    65.55.92.168:25        ESTABLISHED     2124
  TCP    192.168.55.41:56401    65.55.37.88:25         ESTABLISHED     2124
  TCP    192.168.55.41:56403    65.55.92.184:25        ESTABLISHED     2124
  TCP    192.168.55.41:56405    65.55.37.88:25         ESTABLISHED     2124
  TCP    192.168.55.41:56409    98.138.112.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56416    98.138.112.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56420    66.196.118.240:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:56422    98.138.112.38:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56425    98.138.112.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56426    98.136.217.202:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:56428    66.196.118.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56436    98.138.112.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56447    65.55.37.88:25         ESTABLISHED     2124
  TCP    192.168.55.41:56450    66.196.118.240:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:56453    207.46.163.247:25      ESTABLISHED     2124
  TCP    192.168.55.41:56457    66.196.118.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56459    98.138.112.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56463    98.138.112.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56466    207.115.21.20:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56473    66.196.118.33:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56490    66.196.118.240:25      CLOSE_WAIT      2124
  TCP    192.168.55.41:56491    66.196.118.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56504    98.136.216.25:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56512    65.55.37.120:25        ESTABLISHED     2124
  TCP    192.168.55.41:56514    65.54.188.126:25       ESTABLISHED     2124
  TCP    192.168.55.41:56518    65.55.37.104:25        ESTABLISHED     2124
  TCP    192.168.55.41:56529    98.136.216.25:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56537    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56541    98.138.112.38:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56543    65.55.92.136:25        ESTABLISHED     2124
  TCP    192.168.55.41:56556    66.196.118.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56562    66.196.118.34:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56567    173.194.74.26:25       ESTABLISHED     2124
  TCP    192.168.55.41:56573    65.55.92.152:25        ESTABLISHED     2124
  TCP    192.168.55.41:56575    98.136.216.25:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56584    98.136.216.26:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56586    98.138.112.33:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56588    98.136.216.25:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56590    65.55.92.136:25        ESTABLISHED     2124
  TCP    192.168.55.41:56593    98.138.112.35:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56594    65.55.37.88:25         ESTABLISHED     2124
  TCP    192.168.55.41:56598    203.188.197.111:25     CLOSE_WAIT      2124
  TCP    192.168.55.41:56605    65.55.92.152:25        ESTABLISHED     2124
  TCP    192.168.55.41:56609    65.55.92.184:25        SYN_SENT        2124
  TCP    192.168.55.41:56611    65.55.92.136:25        ESTABLISHED     2124
  TCP    192.168.55.41:56613    65.55.37.88:25         ESTABLISHED     2124
  TCP    192.168.55.41:56616    66.196.118.37:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56618    66.196.118.33:25       SYN_SENT        2124
  TCP    192.168.55.41:56620    66.196.118.33:25       SYN_SENT        2124
  TCP    192.168.55.41:56623    98.136.217.202:25      SYN_SENT        2124
  TCP    192.168.55.41:56624    66.196.118.37:25       SYN_SENT        2124
  TCP    192.168.55.41:56626    98.136.216.25:25       SYN_SENT        2124
  TCP    192.168.55.41:56628    66.196.118.240:25      SYN_SENT        2124
  TCP    192.168.55.41:56630    98.136.216.25:25       SYN_SENT        2124
  TCP    192.168.55.41:56632    98.138.112.33:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56634    65.55.92.136:25        SYN_SENT        2124
  TCP    192.168.55.41:56636    65.54.188.72:25        ESTABLISHED     2124
  TCP    192.168.55.41:56647    98.138.112.37:25       SYN_SENT        2124
  TCP    192.168.55.41:56649    66.196.118.36:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56651    98.138.112.32:25       SYN_SENT        2124
  TCP    192.168.55.41:56653    65.55.37.72:25         SYN_SENT        2124
  TCP    192.168.55.41:56657    66.196.118.35:25       SYN_SENT        2124
  TCP    192.168.55.41:56659    65.55.92.136:25        SYN_SENT        2124
  TCP    192.168.55.41:56661    65.55.92.136:25        SYN_SENT        2124
  TCP    192.168.55.41:56664    66.196.118.240:25      SYN_SENT        2124
  TCP    192.168.55.41:56666    98.136.217.203:25      SYN_SENT        2124
  TCP    192.168.55.41:56668    65.55.37.88:25         SYN_SENT        2124
  TCP    192.168.55.41:56670    98.138.112.35:25       SYN_SENT        2124
  TCP    192.168.55.41:56672    98.136.216.25:25       SYN_SENT        2124
  TCP    192.168.55.41:56674    98.138.112.38:25       SYN_SENT        2124
  TCP    192.168.55.41:56676    98.136.216.26:25       SYN_SENT        2124
  TCP    192.168.55.41:56678    98.138.112.34:25       SYN_SENT        2124
  TCP    192.168.55.41:56680    66.196.118.36:25       SYN_SENT        2124
  TCP    192.168.55.41:56682    98.138.112.38:25       SYN_SENT        2124
  TCP    192.168.55.41:56684    65.55.92.136:25        SYN_SENT        2124
  TCP    192.168.55.41:56686    98.136.216.26:25       CLOSE_WAIT      2124
  TCP    192.168.55.41:56688    98.138.112.34:25       SYN_SENT        2124
  TCP    192.168.55.41:56690    98.136.217.202:25      SYN_SENT        2124
  TCP    192.168.55.41:56692    65.55.37.88:25         SYN_SENT        2124
  TCP    192.168.55.41:56695    98.138.112.34:25       SYN_SENT        2124 

Operating Systems:

Comments 19 CommentsJump to latest comment

W007's picture

hello,

Many Unexpected Pop-Ups from Symantec Email Proxy are Displayed

Article:TECH122425  |  Created: 2010-01-14  |  Updated: 2012-05-17  |  Article URL http://www.symantec.com/docs/TECH122425

Also try to scan your system

Run the Power Eraser and SERT utility to scan the system.

https://www-secure.symantec.com/connect/forums/you...

 

Check this discussion

https://www-secure.symantec.com/connect/forums/sym...

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

hkhanzadeh's picture

Thanks for your help

I do step by step, some virus and trojan found and deleted,

but still I have same problem :-(

SameerU's picture

Hi

Please repair the SEP client and observe

Regards

 

W007's picture

What sep feature do you have install ?

Try to disable NTP feature

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

hkhanzadeh's picture

I guess my system have Virus and I am looking solution to kill virus I don't want bypass the pop up message

W007's picture

 

yes this issue occured for virus you can update your system latest virus defination and latest microsoft patch and scan in system safe mode with networking.

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

K33's picture

Do you have install any 3rd party software for sending email ?

Could you please try disable outlook scanner on 1 machine as a test on which you see this message .

go to add remove select sep change modify custom and disable outlook scanner and follow the wizard and observe this machine for event logs etc.

hkhanzadeh's picture

No I don't use Email sending software,

some times I am using Outlook on my system,

when outlook is close again I see this error

raju123's picture

Check the link which ia have attached.

SameerU's picture

Hi

Have you got a chance to repair the client

Regards

 

technical_specialist's picture

Check it, here is the solution of your bothe of error.

 

Symantec Email proxy rejection (intermittent) 1003,10

https://www-secure.symantec.com/connect/forums/symantec-email-proxy-rejection-intermittent-100310#comment-6224491

SEP is blocking email sent by a 3rd party program

https://www-secure.symantec.com/connect/forums/sep-blocking-email-sent-3rd-party-program

 

SEP Email Proxy pop-up - Code 1003,8

Article:TECH185912  |  Created: 2012-04-05  |  Updated: 2012-07-21  |  Article URL http://www.symantec.com/docs/TECH185912

 

Symantec Email Proxy pop-up - Code 1003,8

Article:TECH171706  |  Created: 2011-10-13  |  Updated: 2012-07-21  |  Article URL http://www.symantec.com/docs/TECH171706

 

hkhanzadeh's picture

I know a program as unwanted sending advertising email, I want to find this program, and remove it,

In safe mode in network 2 time I scaned full system, and I have lates version of antivirus,

but I have same problem

 

Mithun Sanghavi's picture

Hello,

You could run the SymHelp Utility to check the suspicious file on the client machine and then Submit those to the Symantec Security Response Team:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

If subject lines and recipients are displayed, examine them to determine if mails were intentionally sent from the mail client.

If not, isolate the computer from the network and follow best practice to determine if a currently undetected threat is operating on this computer. Checking what program is using common mail ports (performing anetstat -ao from the command line to learn what process is communicating on port 25) is often the best first step. 

Reference: http://www.symantec.com/docs/TECH122425

Also, check this Thread: https://www-secure.symantec.com/connect/forums/symantec-email-proxy-rejection-intermittent-100310

Chances are that the computer is infected and is sending out spam. I recommend putting the very latest definitions onto that computer, isolating it from the network, and performing a full system scan in safe mode. 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

hkhanzadeh's picture

Dear Mithun Sanghavi

Thanks for links, but I am not beginner user :-), I know my windows have spam problem, and some application sending advertising email without my permission, and I blocked port 25 for outgoing mail, and just using port number 587 for more security,

but I want to found the application on my system sending email

Mick2009's picture

Hi hkhanzadeh,

"Thumbs up" to MIthun's advice- the SymHelp tool will help you to identify the suspicious files.

If I understand this thread correctly, the undetected spambot is on the virtual win2003 server which hosts your SEPM.  There is also a SEP client on that server, correct?  The SEPM by itself does not detect threats.

I also recommend increasing the heuristics level of that SEP client on the SEPM and examining the logs, if there is something undetected there.  With SONAR's features, SEP 12.1 has a powerful tool for detecting unwanted programs.  Here's a good article:

Using SEPM Alerts and Reports to Combat a Malware Outbreak

https://www-secure.symantec.com/connect/articles/using-sepm-alerts-and-reports-combat-malware-outbreak  

With thanks and best regards,

Mick

hkhanzadeh's picture

Exactly the reverse

SEPM is on win2003 Vitual machine and SEP is in my windows7, my windows some times showing the error messages that some unwanted program trying to send spam email and my SEP show error pop up

Mick2009's picture

Is there a SEP client on both the SEPM machine and the Windows 7 machine?  There should be.

With thanks and best regards,

Mick

hkhanzadeh's picture

Problem is only on Windows7. in server I don't have any problem and SEPM and SEP working fine in win 2003