Messaging Gateway

Hello, I have a little problem with Symantec Brightmail Gateway 8.0.3. A mail with an attachment is incoming. The Message Audit Log said: Verdict: System allowed email address or domain, Unscannable Action: Hold message in Spam Quarantine And now the problem, the mail is not in the quarantine "e-Mail Spam" or "e-Mail suspect virus". Is there a problem with Brightmail version 8, or where are the emails go? If you require more information, please contact me. best regards S. Röhner

In Message Audit Log, what value does it show for "Delivered To".

In Message Audit Log, I have no "Delivered To", only the title name "Time", "From", "To", ...

In filed "To" is the value an internal mail address. This user have the mail not in the brightmail quarantaine folder (user Brigtmail website).

I don't think you are looking in the right place, click the link in the MAL list like this:



You'll see this:




What does it say under Delivered to?

Actions taken:	Hold message in Spam Quarantine
	Delivery:	Delivery Failure Failure Time Attempted Delivery to: <IP Adress from Brightmail> Error: 554 transaction failed  Monday, Aug 02, 2010 01:15:42 PM CEST

 

OK, so that's your problem right there, it can't deliver to the quarantine server.

The value should read "192.168.1.12:41025", obviously replacing the IP address with your SBG server IP address.

Is the port number there as well?  

It should correspond to the value found under:
ADMINISTRATION > Control Centre > Listeners tab

Default is 41025

Hello,

I check the configuration. I can say, that only see the IP-adresse and no port.

So, I have check the configuration:

Control Centre --> Listener port: 41025

The IP-Adress from the Brightmail Gateway is 192.168.1.10

Delivery Failure	Failure Time
Attempted Delivery to: 192.168.1.10 Error: 554 transaction failed	Monday, Aug 02, 2010 01:15:42 PM CEST

 

I can not see the port, in the delivery field.

Can you telnet to the IP address and quarantine port successfully?

I have checked:

telnet 192.168.1.10 41025
220 SMTP service ready

--> Port is open

DId you do that telnet test from one of the scanners?

Are your Scanners in a DMZ, and your Control Center on the inside of your network?  If so, do you have port 41025 open from the DMZ to the Control Center?

Hello,

I have test with telnet from a other server in the domain.

Are your Scanners in a DMZ, and your Control Center on the inside of your network?  If so, do you have port 41025 open from the DMZ to the Control Center?

I do not understand the question. I have a server with VMware Server 2.x. The Symantec Brightmail Gateway 8 is a virtual machine that is in the internal network. I have only one server, no separate scanner and a separate control center.

A little question, can this error occurs when the mail attachment is bigger than 21 MB?

Or in other words, there is a limit (size limit) per e-mail can be quarantined.

Hi YoWoo,

Your issue is most likely related to the message size, check out this KB article on the topic:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009090413373854

Is it imperative you quarantine these files and have you looked at the possibility of using compliance folders instead?  If you need to use the spam quarantine here you can put a call into Support and they should be able to give a hand at raising the attachment limit size.  If you do this I'd also suggest moving to version 9 as it can handle attachments in quarantine better than version 9.

Cheers,

Kevin
 

 

Was this limit removed in SBG 9.x?  I know that quarantine files are no longer stored in the mySql database, but as .EML files.  I'm wondering about items placed in quarantine via suspect malware/virus verdicts.

Hi Cricket was just checking and think you are right.  I can't remember if we completely removed the limit or if we just set it to something quite high which won't cause problems.  The Suspect Virus Quarantine would have had the same limits as the Spam Quarantine so the same should apply for it as well.

Cheers,

Kevin