Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Messages bounce between Brightmail Gateway and PGP Universal Server

Created: 19 Aug 2011 | 1 comment

Good afternoon,

I have recently installed a new PGP Universal Server in Gateway mode to interact with my Brightmail device.

I am working with testing outgoing mail at this time, and I am having some issues.

On Brightmail, I have a Content Policy to send any mail item with the word Encrypt in the subject line to the PGP Universal Server. When I send the message, I see it leave my mail server, get to the Brightmail Server, then to the PGP Universal Server, and then it bounces back and forth between Brightmail and PGP Universal Server until Brightmail stops it for Bounce Attack Signature present.

Any ideas on what might be causing this?

Here are the log events:

PGP Universal Server Logs:

SMTP-00002: connection from 131.131.1.140:64697 closed  Fri Aug 19, 2011 at 2:54:38 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: message accepted [250 OK 6E/00-23949-CDEBE4E4]  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: message accepted [250 OK 3E/00-23949-CDEBE4E4]  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: message accepted [250 OK FD/00-23949-CDEBE4E4]  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:33 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK CD/00-23949-CDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK 9D/00-23949-CDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK 6D/00-23949-CDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK 3D/00-23949-CDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK 0D/00-23949-BDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK CC/00-23949-BDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK 9C/00-23949-BDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK 6C/00-23949-BDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK 3C/00-23949-BDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK 0C/00-23949-BDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message accepted [250 OK DB/00-23949-BDEBE4E4]  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:32 PM -05:00 
  SMTP-00002: recipient 1/1 (userxxx@gmail.com): passing through unmodified [0xe9e634]  Fri Aug 19, 2011 at 2:54:31 PM -05:00 
  SMTP-00002: message accepted [250 OK AB/00-23949-BDEBE4E4]  Fri Aug 19, 2011 at 2:54:31 PM -05:00 
  SMTP-00002: message <2D4EF13C8F22AA42BF6653BCF6EDCCC801437C26@Mail.company.local> from user@company.org (1 recipient):  Fri Aug 19, 2011 at 2:54:31 PM -05:00 
  SMTP-00002: SMTP connection from 131.131.1.140:64697 (local address is 131.131.1.143:25)  Fri Aug 19, 2011 at 2:54:31 PM -05:00

Brightmail Logs

Time HYPERLINK "status/message-audit/MessageAuditFlow$sort.flo?sortColumn=1"HYPERLINK "status/message-audit/MessageAuditFlow$sort.flo?sortColumn=2"From HYPERLINK "status/message-audit/MessageAuditFlow$sort.flo?sortColumn=3"To HYPERLINK "status/message-audit/MessageAuditFlow$sort.flo?sortColumn=4"Original Subject HYPERLINK "status/message-audit/MessageAuditFlow$sort.flo?sortColumn=5"Verdict Actions Friday, Aug 19, 2011 02:51:56 PM CDT prvs=6212b1590f=prvs=0212c2ff84=prvs=7212cf0ad2=prvs=721257e051=prvs=9212e6... userxxxuserxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:56 PM CDT prvs=62126dc6d4=prvs=0212805fa1=prvs=6212b1590f=prvs=0212c2ff84=prvs=7212cf... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:56 PM CDT prvs=22129f0dd8=prvs=2212b2a574=prvs=7212887995=prvs=2212a1d6bd=prvs=62126d... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:56 PM CDT prvs=7212887995=prvs=2212a1d6bd=prvs=62126dc6d4=prvs=0212805fa1=prvs=6212b1... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:56 PM CDT prvs=0212805fa1=prvs=6212b1590f=prvs=0212c2ff84=prvs=7212cf0ad2=prvs=721257... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:56 PM CDT prvs=2212b2a574=prvs=7212887995=prvs=2212a1d6bd=prvs=62126dc6d4=prvs=021280... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:56 PM CDT prvs=2212a1d6bd=prvs=62126dc6d4=prvs=0212805fa1=prvs=6212b1590f=prvs=0212c2... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:55 PM CDT prvs=0212396549=prvs=8212993a62=prvs=52126ed30c=prvs=0212a08070=user@s... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:55 PM CDT prvs=0212a08070=user@company.org userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:55 PM CDT prvs=52126ed30c=prvs=0212a08070=user@company.org userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:55 PM CDT prvs=7212cf0ad2=prvs=721257e051=prvs=9212e61798=prvs=0212396549=prvs=821299... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:55 PM CDT prvs=0212c2ff84=prvs=7212cf0ad2=prvs=721257e051=prvs=9212e61798=prvs=021239... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:55 PM CDT prvs=9212e61798=prvs=0212396549=prvs=8212993a62=prvs=52126ed30c=prvs=0212a0... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:55 PM CDT prvs=8212993a62=prvs=52126ed30c=prvs=0212a08070=user@company.org userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:55 PM CDT prvs=721257e051=prvs=9212e61798=prvs=0212396549=prvs=8212993a62=prvs=52126e... userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added Friday, Aug 19, 2011 02:51:54 PM CDT user@company.org userxxx@gmail.com encrypted - test Bounce attack signature present, Content Filtering... Create an informational incident,
Route the message,
Bounce attack signature added

Comments 1 CommentJump to latest comment

PGP_Ben's picture

It sounds like your outbound mail flow on the mail proxy tab is set to directly send all outgoing messages to the brightmail device instead of sending to the recipient (using an mxlookup).

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.