Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP blocks outgoing e-mails from groupwise

Created: 05 Feb 2013 • Updated: 05 Feb 2013 | 8 comments

We are recently experiencing a challenge where about 10 users are unable to send e-mails from groupwise. However when troubleshhoting, if you disable symantec from the UI the e-mails will go through. It seems as if SEP blocks this. Please assist with this

Comments 8 CommentsJump to latest comment

.Brian's picture

Do you have the internet Email auto-protect feature enabled?

Can you check your Risk log to see what is showing?

Were there any attachments in the email?

is it block all email or just some?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

wizzy k's picture

E-mail auto-protect is not enabled. E-mails with attachments and without attachment. At some point e-mails will go through but mostly not. At first i thought it was the network but internet will be accessible. Risk log doesn't have anything on.

.Brian's picture

What version of SEP? What components are you using?

Do you have a relay server as well with SEP on it?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

Hi,

Do you have send mail any third party tool ?

What happend if you have send mail singal user ?

Check this thread

https://www-secure.symantec.com/connect/forums/how-do-i-prevent-endpoint-protection-blocking-outbound-emails-large-groups-people

Thanks In Advance

Ashish Sharma

 

 

SebastianZ's picture

Does disabling the firewall allows all emails to be sent out? Any traces of traffic being blocked in firewall traffic logs?

wizzy k's picture

@ Brain...we're on SEP 12.1 and using app & device control, f/w & IPS no external liveupdate (the SEPM get updates from the internet), using embedded db, f/w rules are defaults. No relay server

@shish...No, we are using groupwise not outlook

@sebastian...Unable to turn on/ off windows f/w. notification "This settings are being managed by vendor application Symantec Endpoint Protection"

On the traffic log:

2013/02/06 09:45:51 AM Blocked 10 Incoming UDP FE80:0:0:0:5E95:AEFF:FE5B:572 5C-95-AE-5B-05-72 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 5 2013/02/06 09:45:43 AM 2013/02/06 09:45:49 AM Block IPv6 
2013/02/06 09:45:30 AM Blocked 10 Incoming UDP FE80:0:0:0:9A4B:E1FF:FE3C:3EB5 98-4B-E1-3C-3E-B5 28207 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 28783   Default 1 2013/02/06 09:45:17 AM 2013/02/06 09:45:17 AM Block IPv6 
2013/02/06 09:45:30 AM Blocked 10 Incoming UDP FE80:0:0:0:5E95:AEFF:FE5B:572 5C-95-AE-5B-05-72 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 3 2013/02/06 09:45:11 AM 2013/02/06 09:45:17 AM Block IPv6 
2013/02/06 09:45:02 AM Blocked 10 Incoming UDP FE80:0:0:0:8AC6:63FF:FEFC:8F9B 88-C6-63-FC-8F-9B 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 11 2013/02/06 09:44:35 AM 2013/02/06 09:45:02 AM Block IPv6 
2013/02/06 09:44:56 AM Blocked 10 Incoming UDP FE80:0:0:0:9A4B:E1FF:FE3C:3EB5 98-4B-E1-3C-3E-B5 28207 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 28783   Default 1 2013/02/06 09:44:45 AM 2013/02/06 09:44:45 AM Block IPv6 
2013/02/06 09:44:28 AM Blocked 10 Incoming UDP FE80:0:0:0:9A4B:E1FF:FE3C:3EB5 98-4B-E1-3C-3E-B5 28207 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 28783   Default 3 2013/02/06 09:44:17 AM 2013/02/06 09:44:29 AM Block IPv6 
2013/02/06 09:44:28 AM Blocked 10 Incoming UDP FE80:0:0:0:9A4B:E1FF:FE3C:3EB5 98-4B-E1-3C-3E-B5 26996 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 31037   Default 2 2013/02/06 09:44:15 AM 2013/02/06 09:44:16 AM Block IPv6 
2013/02/06 09:44:28 AM Blocked 10 Incoming UDP FE80:0:0:0:5E95:AEFF:FE5B:572 5C-95-AE-5B-05-72 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 17 2013/02/06 09:44:13 AM 2013/02/06 09:44:29 AM Block IPv6 
2013/02/06 09:43:55 AM Blocked 10 Incoming UDP FE80:0:0:0:5E95:AEFF:FE5B:572 5C-95-AE-5B-05-72 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 1 2013/02/06 09:43:41 AM 2013/02/06 09:43:41 AM Block IPv6 
 

 

Rafeeq's picture

I think its coz of IPV6 

 

IPv6 support in Symantec Endpoint Protection 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH174897
.Brian's picture

IPv6 is blocked by default in SEP 12.1. Allow it and see what the result is.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.