Brightmail Gateway
jkoffa
|
November 19th, 2009
In Symantec Brightmail Message Filter 6.1.1 there is no way to determine the exact Antivirus definitions including revision number. This information is helping in troubleshooting a virus situation where you want to verify the Rapid release and Daily Certified versions running on brightmail Brightmail.
0 comments
RudeAdmin
|
November 19th, 2009
Hi
I'm new on Symantec Brightmail Gateway. So i have make today a testinstallation (on a ESXi Server) on our Enviroment! Now i have some troubles with this Product and i can't solve them... so i hope you can help me....
After General Setup, i have configure our AD as LDAP Server! Then i have synchronise LDAP to CC and CC to Scanner. This work an no Error in the lOG... But if i try to logon with a user account from LDAP, i only see the Error: Bad Username or Password.... i can only Login To CC with the admin Account!
Then i see that SBG has handelt 40 Message! And all of this message are Spam... but in the SPAM Quarantain i see no Messages...
So i will aks if anyone have a "How To" for me, that shows a beginner how he must configure SBG to use it in a Windows SBS 2008 Enviroment....
Kind Regards and many Thanks...
3 comments
NorDoc
|
November 19th, 2009
Hi
We're using Brightmail Message Filter 6.1.1.0 and we're having problems receiving mail from gmail.com. The weird thing is that 30-40% of e-mails sent from gmail.com arrives to the receiver, and the rest disappear.
As a temporary solution we have added gmail.com to the accepted senders list. This has of course resulted in a lot of spam, because a lot of spammer authenticate as gmail.com.
Any other domain works as expected as far as we're concern.
How can we troubleshoot this?
6 comments
dries_vb
|
November 18th, 2009
Although the LDAP sync is successful between LDAP (Active Directory on Win2k3) and Control Center, the replication to the scanner fails every single time after just a few seconds.
SBG is installed as a virtual appliance in a combined Control Center and Scanner role.
Any ideas why this happens?
Thank you!
Dries
3 comments
Lacko
|
November 18th, 2009
Hello,
I just have installed a new appliance (8.0.3-11) and set up basic settings.
I selected that the the appliance should filter both incoming and outgoing mails, therefore
I had to choose two interfaces, one for incoming and the other - virtual - for outgoing mails.
I configured that incoming mails should be accested from any ip addresses and outgoing mails
only from a specific address.
It turns out, that when I try to telnet into the allpiance using the ip address of the
interface configured for incoming connections, I get the 5.5.4 you are not allowed to connect,
before I could enter any address information. So the appliance refuses smtp connection
to this interface.
If I try to connect to this address from the server - which ip address is set up on the appliance
to accept outgoing mail connections from - then the connection is succesful.
Eventually it seems that either me or the appliance do not understand what is incoming
mail connection or what is outgoing. Am...
3 comments
PeterGust
|
November 18th, 2009
I get this respond for a mail when I look in Delivery queue:
450 4.4.1 [internal] Connection Timed Out
When I Flush it, I receive this message: 451 4.4.2 [internal] no BODY response
What does that mean, is there some problem with the receiving SMTP server?
I can connect to the smtp server with telnet.
//Peter
1 comments
brhode
|
November 17th, 2009
Many spam messages contain a characteristic in which the sender and the recipient are the same. Currently there is no way to configure a compliance policy to react to this. It would be nice to have the ability to toggle an advanced setting in which sender=recipient.
0 comments
panos83
|
November 17th, 2009
Hello.I have a problem and i want a solution if someone can help.SMS Virtual Directory Server service is not starting automatically or manually.It crashed i reboot the system and i cannot start it back.And many services depending from that cannot start also.
event id 7009 Timeout (30000 milliseconds) waiting for the SMS Virtual Directory Server service to connect.
and event id 7000 The SMS Virtual Directory Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
is what i get in event viewer.Any help appreciated because it is really urgent
9 comments
infotipp
|
November 15th, 2009
We have unwanted messages - approx. 1000 by day - we cannot catch them. These spams have tipically the following characteristics:
RDNS fails
the body contains only HTML tags (img src, href)
tipically Chinese pharma spams
no plain text content
IP of the sender is changing - probably DNS pool
sender address: xyz@hotmail.com, xyz@yahoo.com - where xyz is random generated string
contains only remote image with link
Step by step description needed... General theoretical solutions do not help me.
Thanks,
Ferenc
4 comments
Stephan Gruhn
|
November 13th, 2009
System:Brightmail 8.03 Server
Plattform:ESX 3.5
Our Brightmailsystem is backuped with Omniback Data Protector.
We use an offline Backup (the machine is suspended)
When the backup job has finished the Brightmail system is rebooting and the time sync is lost and the CPU usage is increasing up to 100%.
As a workaround we renew the timeserver settings and after that CPU usage is normal again.
In addition to the cpu performance issue the system has the wrong time after the backup. This is a problem when analysing logfiles etc.
So we need a solution that leads to the state that the system syncs itself with the timerservers after reboot autmoatically without any manual configuration.
Is this a known issue?
please help :)
If you need further informations i will provide them
best regards
Stephan Gruhn
4 comments
plockel
|
November 13th, 2009
Bonjour,
Utilisation de la virtual image "Symantec_Brightmail_Gateway_VMimage-8.0.1-7_Linux_Int.zip"
Après configuration je fait une mise à jour vers la version 8.0.3-11 qui après redemarrage du serveur
il se met en mode panic puis redemarre toute juste après avoir charger le systeme linux.
1 comments
mon_raralio
|
November 13th, 2009
I'd like to have a feature for Symantec Brightmail Gateway to replicate between Control Centers. At least sychronize the alerts and notifications and/or the configuration, so it can be managed by either CCs or at least on primary CC can control a secondary one.
This is useful for disaster recovery should one machine or network go down. For disaster recovery stuff.
0 comments
infotipp
|
November 13th, 2009
1. I have an SBG 8.0.3 and an SMS for SMTP 5.01 gateway installed. Most of RDNS failed sender e-mails are going through the gateways. I would like to set up the gateway to filtering out and move to quarantine the RDNS failed e-mail. How to set it up?
2. If the mail HTML formatted and contains only an img src and a href, the dictionary filtering does not working. - Tipically Chinese pharma spams... - Why?
Add. info:
these emails senders are usually xxx@hotmail.com, or xxx@yahoo.com - I don't want to block all of yahoo mails;
the sender IP resolvable but RDNS fails, the IP's are tipically changing - probably from DSL pool;
the body does not contain plain text, only remote images with links;
standard built-in filtering rules are not filtering out these mails
3. How can I find out a "scanned and quarantined" and "filtered out" message's spam score? The header does not contain this info in the quarantine...
Many thanks
Ferenc
2 comments
Brentwood
|
November 12th, 2009
I had a user send emails to two bad email addresses.
He received delay messages for days after it. (he didnt report it to me until day 4)
421 4.4.0 [internal] no MXs for this domain could be reached at this time
When I did a lookup for the domains, they were non-exsistant.
So why didnt BrightMail just send an undeliverable back to him, instaed of retrying for several days?
5 comments
ANDREY FYODOROV
|
November 11th, 2009
Hi all.
We have Vontu DLP and enabled the Vontu DLP Connect (on the Compliance page).
It seems to work well, except it is producing strange effects with some messages.
We have some email generated by our app servers (javamail) and sent to clients. Well, since we turned on Vontu DLP Connect, the clients started receiving those messages as a message attached to another message.
Normally they receive these messages just as simple plain text email, with all the contect in the message body, not attachments.
With Vontu DLP turned on, they receive the email with the correct subject and From/To lines, but the body is blank. However there is another message attached to that without any From or To or Subject, but it has the right information in the body.
Has anyone seen anything like that?
1 comments
Naor Penso
|
November 11th, 2009
Today,
you can define how much the anti-virus gets inside a zip file (up to X times). but if the zip is inside a larger amount of zip's then the anti-virus transfers it like is OK,
and it could be malicious (refer to en.wikipedia.org/wiki/Zip_bomb for example).
I want to be alerted when a file is zipped for more then X times (could be 10 could be 100) and I want to be able to block zip files that are zipped for more then X times.
Its a serious threat that isn't dealt by any Security company.
It could also refer to Vontu DLP with its file scanning engine (it could be a way to extract confidential data outside the organization)
It could also refer to Bright Mail when it receives malicious mails.
Hope to see it soon.
Thanks.
11.x, Emerging Threats, Security, Features, Brightmail Gateway, Data Loss Prevention (Vontu), Endpoint Protection (AntiVirus), Endpoint Protection Small Business
1 comments
mon_raralio
|
November 10th, 2009
Hi, we currently have setup an SBG 8.0 appliance and we have another in the test environment. Both are setup to be Control Centers and we'll be moving one to a Disaster Recovery Site. We need to make sure that the logs will be replicated between the appliances. I've checked the admin guide and can't fully grasp the concept.
Do I replicate the CC/Scanner from one to the other by adding the scanner only?
11 comments
ArqStor
|
November 10th, 2009
Somebody knows if Brightmail Gateway or Brightmail Message Filter can works on SuSe Linux ??
3 comments
RudeAdmin
|
November 10th, 2009
Hi
Has anyone already trie to install Brightmail Gateway on a virtual session on a Hyper-V Server?
The installation and first configuration runs fine... But at the restart i will see errors to bring up the network. Is there someone, perhaps a solution?
Thanks
2 comments
ActCare
|
November 10th, 2009
Hello everyone,
I have 2 Brightmail gateways which I initially configured as Control Center and Scanner.
I decided to switch one of the appliances to scanner mode but I was not able to find where exactly that is done.
I tried opening the first appliance and browse to Administration -> Configuration -> Add but obviously I couldn't add it since the second is also configured as Control Center and Scanner.
At the end I had to restore factory settings on it and assign it as a scanner.
Is this is the only way to change the Brightmail gateway mode?
I just need someone to shed some light regarding this process.
Thank You,
Best Regards,
4 comments
doni
|
November 9th, 2009
Question re SBG 8.0.3's official support for ESX 4.0 (vSphere):
What is the best practice for ESX 4.0 support? Normally you would upgrade VMware Tools and then virtual hardware (to v.7). However, since the vAppliance doesn't include a full version of VMware Tools, how would we upgrade the virtual hardware (drivers are normally supplied by first upgrading VMware Tools)? Should we just not upgrade the virtual hardware?
My main reason for wanting to upgrade the virtual hardware to ESX 4.0's v.7 is to support the new vStorage API and new changed block tracking, which allows for MUCH shorter backup windows and therefore the potential for more-frequent recovery points.
Thanks
2 comments
mrmuggyd
|
November 9th, 2009
Good Morning,
We are a current Mail Security for SMTP 5.x customer. We received notification of a free upgrade to Brightmail Gateway. We downloaded it and currently testing it. We setup this product on a test IP address and test Hostname. When we are ready to move it into Production, we want to be able to use the current Mail Security server name and IP address so we have little impact on the enviroment. In Mail Security, you were not able to do this because the Spam Quarantine would not register the new IP address (Fixed by hacking the MySQL Database).
Question, I'm I going to have the same problems as before with Brightmail Gateway or did the developers take this into account?
Thanks in advance!!!!
Doug
1 comments
stano
|
November 9th, 2009
In our SBG there is a lot of compliance rules to create incident with "Hold message for review". After some time there is a lot of incidents, which occupies disk space. If I want to delete old messages I do it by GUI (Reject or Approve Incident and then Delete).
Is it possible to delete more incidents by CLI in specific folder for specific time range, or something similar?
6 comments
Hayden 2
|
November 9th, 2009
Hi Guys,
I think SMTP Mail Security and Endpoint Security are the two best Symantec products I've used. Shame one of them has reached end of life :/
We've been using Symantec SMTP Mail Security to filter many of our customers email. By using local domains we've been filtering about 30 customers email domains. I understand this was not intended. Ignoring that, is there a Symantec replacement for this sort of product? We need to be able to filter many domains. Each domain is being forwarded to a specific mail server.
If Symantec doesn't have a product (I don't want to resell their hosted product), is there anyone else (maybe Ironport?).
Help is needed as a bit of planning and research is required.
Thanks
1 comments