Remote Server returned/ Client was not authenticated to send anonymous mail during MAIL FROM [BN6PR12CA0048.namprd12.prod.outlook.com]>

I need a solution

Hello,

We cancled our Symantec account a couple of years ago and sicne then quite a few institutuions/business have been unable to email us as emails addressed to our domain are retunred undeliverable.  Recently we were advised that the issues appears to be that as a former Symantec customer that we did not terminate the service properly after we moved to Office 365. We were advised to contact Symantec to have the service compeletly terminated.  Below is a sample of the error message inclusive of the Diagnostic Info,  recieved by someone attemntting to email us.  A Symantec message does appear in the diagnotic in the diagnostic information: 

(using TLS with cipher AES128-SHA (128/128 bits))

        (Client did not present a certificate)

        by znpcpapbrg01i.bnymellon.com (Symantec Messaging Gateway) with SMTP id 18.7C.04270.F113C6C5; 

Below is the full error message.  Please advise if this can be reolved.  Many many thanks. 

Delivery has failed to these recipients or groups:

erogers@bradmer.com
Your message wasn’t delivered because the recipient’s email provider rejected it.

Diagnostic information for administrators:

Generating server: server-2.bemta.az-d.us-east-1.aws.symcld.net

erogers@bradmer.com
Remote Server returned ‘554 5.7.0 < #5.7.57 smtp; 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [BN6PR12CA0048.namprd12.prod.outlook.com]>’

Original message headers:

Return-Path: <george.gasson@bnymellon.com>

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bnymellon.com;

        s=BNY071018; t=1550594340; i=@bnymellon.com;

        bh=6CKn9+xMacgVsGmREMvRZd4vqsvhSI3dyrd8owANg1Y=;

        h=From:Subject:Date:Message-ID:Content-Type:MIME-Version:To;

        b=hDVm3hyZkP8nMSAIMHRKbKCHkfVy5CuolxDZMQgfL5c0ZG/8kPeRB5s6iGJy17ny0

        rSvDe2KQlABFBoFpw5do1kJCAOY2zSl7T6CL8bme4Z1HPDQwc1jyGojWI7R+8JO839

        lv8ZXnqSoW4gSfDH+WbyI6Jn1mX7Pq/LGTtJHXXn+Y0VcsI2e3WUUv9P7YcSCwWH53

        l1c87rxg1ZdCbNlL8DYi8j3IsU0jsrJNinG3z6NcF3jklLox0ngbGQtMjXY9TrVBjG

        sm5etZNEnqxZQeR380yZJWKQqc0/WvjttDEZsYB7rjr7cqwBv7wLiRyUvqSXKR1c4E

        ROsTtP5On/0Vw==

Received: from [67.219.247.54] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits))

        by server-2.bemta.az-d.us-east-1.aws.symcld.net id 4B/16-27512-4213C6C5; Tue, 19 Feb 2019 16:39:00 +0000

Authentication-Results: mx.messagelabs.com; spf=pass

  (server-29.tower-426.messagelabs.com: domain of bnymellon.com designates

  67.219.247.54 as permitted sender) smtp.mailfrom=bnymellon.com;

  dkim=none (message not signed); dmarc=none header.from=bnymellon.com

X-Brightmail-Tracker: H4sIAAAAAAAAA2VUe0xTdxT2d1+9IMXy0h+ELbPE7GU7cC47y8b

  ijHE3kC0LZiQ6oxZbabNSSFsmbMmCk7HBeIgQgQKF8X5GkOIEBIoPnmMghsFU3gWCCE7jY06B

  3XLBueyfk++c7zvfOecmv8uSrrUOXqwqyqjS6xRaKeNIVfhXn5D5+GkP+l4/7QCmxgEE46MXK

  VhOfUDCaE09Be02CwnTKfk0xD48Q8CfkxYG+lqsNKwMt9KQUmSjIXXwKg3t8cUkXH4wKII/ho

  Pgae9dBIkX8yiIyXwFruR5QsvVDhoqG7IRTJzspCF7cYyB/sk+CmYzx0hYav2OhNrZERLi0vx

  hfqaFghpLLQ0J/c8ouJdoFcGVLBMN15uLKWg+X4JguqMaQX9+G4LR8WYR9NSdoWDwUR4DdS0m

  ChbKlkQwP15FwoW/ykXw26W/CRjJshBwcrGQgIfTJgbi41cQzFTEELCUdwxKZ54gsHYskfDwa

  rUIOptvMDBcZmWge+FHAgZLivgri8YJSK1JJeBmRxfBf6YC/p65eBIscYnMLiWXXmAjuZqnY4

  gbayoXce0lrSTXOeTCdY7EkFzS3DLBxa40iriaqbM0l/WDmeTSpnIQZy18SnIZyc00d/1+C8U

  lxjfS3EzsPPHZtgO0RhcSHnWEVncV6yLMxSgqp6mejEF9GSgBObBYshM3Fw5TCciRdZW0Efhu

  kpkRkssI9zZlEELyDOEnifMiITnHMyeshL2f4ftrkstWvdwkcjz+u13kwLpL3sbnJ6sJAcvxY

  Osdvs6ylGQbHur/2F4WSz7Ad2qnSTtGks34cXfVqpyUbME3bHmEsJ47nrjWwwjYA89NLdMC9s

  EdxWWUoP8W19fdIwVPF9yVZaOEsd4481Teaq+r5DWcZR5a83kZV5+9R9tvwZLTG7HtRAF9Cm0

  2vTDb9IKv6QVfoX4U30oaYwS8Hec33V/Db+KSn+fJdfyrdYr4f307rhtoWPPZiuPis3mNI48L

  EW6qSiHWRXMLi/S6KP2nCVE+ElegnSF6TajaGKbQaGV+vr4yP78dsvdkfnLF1zKlPNIgUykMR

  nt63CA3RIcd1SrlOpXxHOIfqDLCAV1AltLQS8iTJaQe4szXtQddnUPCldFqhUF9WB+pVRkuIW

  +WlWLxbl+ec9GrQlVRxzRa/pWv05h1krqLx+202BChCDNoQgWqGwWyDY8nckm2azUm187w0TJ

  mj42rcbRtNpd0pXThOpXXFvFHdguJ3UIdqXs+YP1PMoBe8nITow0bNrg6Raj0YRrjf/nbaAuL

  pG7Cnk4anfH5Hrf5FQl+RdPKl/YVjYp/Ka8YlNx7oPf9gMGQPTnKkMmSQJ+iykMb31pxf8f8f

  blNseMrj0/V3p8776UOffLL8eTgrVB+q+dm+iNiVLn/m1mb/yZ9256gRbiWG8080zq+OyIrjS

  rb3V8bLJIu9Kk/rMoMIKdUQQEe+5zLX927b1e/T4X8sH9gZ3Bw36aiI5VfeJrTdu2XUga1wu8

  NUm9Q/ANRxQlcRAUAAA==

X-Env-Sender: george.gasson@bnymellon.com

X-Msg-Ref: server-29.tower-426.messagelabs.com!1550594311!2056042!25

X-Originating-IP: [170.61.173.129]

X-SYMC-ESS-Client-Auth: outbound-route-from=pass

X-StarScan-Received:

X-StarScan-Version: 9.31.5; banners=bnymellon.com,-,bradmer.com

Received: (qmail 8740 invoked from network); 19 Feb 2019 16:38:59 -0000

Received: from znpcpapbrg01o.bnymellon.com (HELO znpcpapbrg01i.bnymellon.com) (170.61.173.129)

  by server-29.tower-426.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Feb 2019 16:38:59 -0000

X-AuditID: 0aa06eb7-ff3ff700000010ae-64-5c6c311ff12f

Received: from WTPCPHTMEM02.ams.bnymellon.net (wtpcphtmem02.ams.bnymellon.net [160.254.249.175])

        (using TLS with cipher AES128-SHA (128/128 bits))

        (Client did not present a certificate)

        by znpcpapbrg01i.bnymellon.com (Symantec Messaging Gateway) with SMTP id 18.7C.04270.F113C6C5; Tue, 19 Feb 2019 11:38:55 -0500 (EST)

Received: from WTPCPEXMEM50.ams.bnymellon.net (10.88.250.171) by

WTPCPHTMEM02.ams.bnymellon.net (160.254.249.175) with Microsoft SMTP Server

(TLS) id 14.3.408.0; Tue, 19 Feb 2019 11:38:55 -0500

Received: from WTPCPEXMEM47.ams.bnymellon.net (10.88.250.168) by

WTPCPEXMEM50.ams.bnymellon.net (10.88.250.171) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.1531.3; Tue, 19 Feb 2019 11:38:54 -0500

Received: from WTPCPEXMEM47.ams.bnymellon.net ([10.88.250.168]) by

WTPCPEXMEM47.ams.bnymellon.net ([10.88.250.168]) with mapi id 15.01.1531.003;

Tue, 19 Feb 2019 11:38:54 -0500

From: “Gasson, George” <george.gasson@bnymellon.com>

Subject: Markets in review week ending 2/15/19

Thread-Topic: Markets in review week ending 2/15/19

Thread-Index: AdTIcZkQ+XuS/IPwQHKb7fmVvhjN7A==

Date: Tue, 19 Feb 2019 16:38:54 +0000

Message-ID: <ee9356a4afd54921b7587364d60ee53b@bnymellon.com>

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach: yes

X-MS-TNEF-Correlator:

x-originating-ip: [167.222.211.240]

Content-Type: text/plain

MIME-Version: 1.0

To: Undisclosed recipients:;

X-CFilter-Loop: Reflected NPC6

X-Brightmail-Tracker: H4sIAAAAAAAAA2WTa0ybZRTHfd5radb5DmF7xGVBdIm6UYduyUncjPGDe78YxUSNCwnr4N0l

        K6UpEwdG0wki7dgY2QK0ENpxE9iQIoVtsJYOgRaQAcOOOsO9BUkHygQncrPwQkLit98553/+

        55wneSRk8DwbJjmjOidoVAplBCOlpGZVXWR4lDLmQLr+WTA2PkAwMnSXgpWcORKGLPUUtHut

        JPiyzTSkz+cS8OeYlYEeu4OGVU8zDdmlXhpy3G00tOvKSPhpzs3Cr56PYLH7DwRZd00UaPPD

        odX0PNjbnDTcuFOAYDTNRUPBzDADvWM9FEzmD5Ow3PwNCbWTgyRkXD0C/gk7BRZrLQ363iUK

        ZrMcLLQajDT028oosDWUI/A5qxH0mu8hGBqxsdBVl0uB+28TA3V2IwXTFcss+EduknD7n0oW

        7rf8S8CgwUpA2kwJAfM+IwM63SqCiSotAcumk/D9xAICh3OZhPm2ahZctkcMeCocDHROZxLg

        Li8NXFk6QkCOJYeA35wdROCZigP3TOlIsGZkMe/E89eKvSRvWRxG/HBTJcu3lzeTvGtgB+8a

        1JL8pakVgk9fbWR5y3gNzRu+KyL5q+OFiHeULJJ83mUbzfc/sVN8lq6R5ifS/cSHe49JD8cL

        yjPJgub1t49LT7d39iO1qQKdL2yqJ7WoJw/pUZAEcwexrcRD6ZFUEsy1ErjeYybFoA3hbwvm

        kBisIlzz1y/sWkswZ0X4ln3PGjOBdsvlinWr5zg5HnnoX9eEcG/ihrFqQmQ5djc/DuQlEorb

        iwd6j66lZdxh/LjWR64x4nbip5031+Uktws/8poIcbsQPNrXxYgciqfGV2iRX8LOsor1rUlO

        i3C39iItmu7AHQYvJc7djfOvmBhx51ewoWhgw2gPrq6Zpa+gUOOWecatXsYtXqIoHnf5pwiR

        92Nz0xNG5H24/Lqf3OSfHePE//P7cd2DOxs+L+IMXcHGsDKEO39vR5uiqekZelN07eIoa0ay

        KhSWqlLHqRXqE5pTB6LkJ1QpCYJSmaiSxyUm/IjED3jrNhrNe7cFcRIUsU3moZQxwbQiOSkl

        oQW9HDAbs9zoRWGUKlElRITIoqSBsixekZIqaBJjNZ8rhaQW9IKEitglu278LCaYO6U4J5wV

        BLWg2awSkqAwLdJ1h+kbihZii79wGXuOedXPhA/fazv/1cclH3D1Lu7T+KfJZ/HS/diDDbPj

        ubYg+depF97q2x5tlO88Hlp56NK+aMOS+Yejvo6+hcaknpPbIj/pr+HeM+vnH7pS2PfjstyF

            8t2HYrZXDUyGgynywpeZr2a/saQ5MpdW5Bvodnozo2MiqKTTiqjXSE2S4j+oY7LtiA

0

Related:

Reports generated by SMSMSE 7.9.1.51 are empty

I need a solution

Recently, daily reports generated by SMSMSE version 7.9.1.51 have no information in them for the past week aside from the header, and the template hasn’t been altered (this would be for both the detailed and summary reports). Previous to a couple weeks ago, most of the content of the reports was related to the logging of encrypted attachments and some quarantined messages, as that is the setting for that content. I do not want spam in the reports, and that setting is off. The detail template is set to show all types of violations, no filters are applied, all columns (except violating term and file name under ‘rule violated’) are shown. The executive summary template has all checkboxes marked.

I’m still receiving emailed notifications of SMSME finding the encrypted files in email and logging them. The Event Log also shows the logging of the encrypted attachments, as it should, but I did notice that the logging seems to be truncated to start at 22Nov19 no matter what ‘entries since’ selection I make. That suggests to me that there is a problem with the logs, maybe a permissions or corruption issue.

I checked the properties of the ‘logs’ folder in C:Program FilesSymantecSMSMSE7.9Server has security settings for SMSMSE Admins and SMSMSE Viewers and both seem to have appropriate access (full and read, respectively), although I do not know if those are relevant.

I did notice that there are a lot of errors logged for Brightmail license not being valid, even though the Licensing section of SMSMSE shows status of valid with 155 days left (as of today) for both virus definitions and Premium AntiSpam, in case that’s important info. SymDiag reports the same issue, although it also suggests my version of SMSMSE is newer than what it thinks it should be. SymDiag thinks that version 7.9.1.0 is the latest. I reinstalled the license file but it did not have an effect on this problem. The virus definitions are up to date.

This is on Windows Server 2016, Exchange Server 2016. SymDiag also suggests that Windows Server 2016 is not supported even though it’s listed in the system requirements, as is Exchange Server 2016.

Looking for some pointers on where to go from here. Since nothing has changed with the product, it might be related to a security update for Exchange Server 2016 that was installed on the last date the log worked (KB4523171).

0

Related:

Cannot submit the selected message(s) to Symantec Security Response. Control Center command error:

I need a solution

Hi, I’m using Symantec Messaging Gateway 10.7.0-5.

When I try to submit the spam email to Symantec Security Response, is show a error message: Cannot submit the selected message(s) to Symantec Security Response. Control Center command error.

Is that anyone have same error? I need hellp with this error

0

Related:

Email sent from our organization to MessageLabs customers not delivered

I need a solution

I have already reached out to investigation@review.symantec.com several times and have been given what feels like a brush-off.

Many of our customers/clients are MessageLabs customers and for the past few weeks we have been encountering serious deliverability issues with those clients.  The problem isn’t that our emails are being filtered, it’s what looks like a MessageLabs configuration issue or something else unrelated to us but support has yet to even acknowledge the problem.

I have uploaded a PDF of the SMTP Diag utility results as well as telnet sessions to the two MessageLabs MTAs (one that shows connections are accepted and one that shows “service temporarily unavailable” – except it always returns that message).  It is always server5.inboundmx.com that is the problem.

Sent: Monday, April 15, 2019 8:15 AM
To: ‘investigation@review.symantec.com’ <investigation@review.symantec.com>
Subject: FW: Investigation Results
Importance: High

Good morning,

We continue to have problems sending to MessageLabs customers when our email servers try to connect to server5.inboundmx.com.  This is affecting our customers, who believe we are not being responsive to them.  We are a financial company and some of our emails, depending on the customer, may contain trade execution data that needs to be received in a timely manner.  We need to get this issue resolved ASAP.

Please see all of the below, including the follow up email I sent on 04/09/2018 and still have not received a reply to.

Delivery is delayed to these recipients or groups:

dpark@nettworth.us

bschwartz@nettworth.us

Subject: Dan Murphy | First Trust

This message hasn’t been delivered yet. Delivery will continue to be attempted.

Diagnostic information for administrators:

Generating server: mx0a-00398b01.pphosted.com

dpark@nettworth.us
server5.inboundmx.com
Remote Server returned ‘<server5.inboundmx.com #4.4.1>’

bschwartz@nettworth.us
server5.inboundmx.com
Remote Server returned ‘<server5.inboundmx.com #4.4.1>’

Original message headers:

Return-Path: <SStoczynski@xxx.com>
Received: from pps.filterd (m0180415.ppops.net [127.0.0.1])
            by mx0a-00398b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x3CHTeZs028437;
            Fri, 12 Apr 2019 12:32:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ftportfolios.com; h=from : to :
subject : sender : date : message-id : content-type : mime-version;
s=dkim-ftportfolios; bh=62RbTxGsOMsu/gHJl7PH0eXr7eF/de9Ih2TIYKG++vQ=;
b=tNVyhtSxo/LDr+IdwsMFHZBaT3VaGeh8OuXij0qF5s921qDHQU4ECOkJNc07x2G0Pfl9
t5NiNz/Y/ZTc3UiGHopHvzCRx2LJFletUK3Y5f9nydconMIRwIPM+vQhEdwSe0q0l3hg
i0eMA8BeWFKekyTiZAlr7JfmBobyY2+MNMQF3VS69Wf23O9kiHMNZpfIHTgtvfGjPwcn
NjMPMXCoLA3RViLnutPF/oSMWq4dfjsCulDKPUUAYbGKGCLH0hP0tC9/prOftBMj6skn
MzyowVFD3Y4dpsGJwS/oFdlZxSwsKzL01NSLc6t3zhJq/BUJpz0fvVHShwtjilkWQHq0 Pw==
Received: from mail.ftportfolios.com (exchmbx02.ftportfolios.com [198.199.191.211])
            by mx0a-00398b01.pphosted.com with ESMTP id 2rtrtx0ajx-15
            (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
            Fri, 12 Apr 2019 12:32:38 -0500
Received: from MbxArc01.ftportfolios.com (10.1.0.228) by ExchMbx02.ftportfolios.com
(10.1.0.98) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 12 Apr 2019
12:32:42 -0500
Received: from ExchMbx01.ftportfolios.com (10.1.0.97) by MbxArc01.ftportfolios.com
(10.1.0.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 12 Apr
2019 12:32:36 -0500
Received: from ExchMbx01.ftportfolios.com ([fe80::dded:1736:e4bd:59fc]) by
ExchMbx01.ftportfolios.com ([fe80::dded:1736:e4bd:59fc%17]) with mapi id
15.00.1473.003; Fri, 12 Apr 2019 12:32:36 -0500
From: “Murphy, Dan” <DMurphy@xxx.com>
To: “dpark@nettworth.us” <dpark@nettworth.us>, “bschwartz@nettworth.us
            <bschwartz@nettworth.us>
Subject: Dan Murphy | First Trust
Thread-Topic: Dan Murphy | First Trust
Thread-Index: AdTxVZsxowgZPeI7RripI5lnagqF2wAABwkA
Sender: “Stoczynski, Scott” <SStoczynski@xxx.com>
Date: Fri, 12 Apr 2019 17:32:36 +0000
Message-ID: <073a44f6ca9345e38280304c2f63c21d@ExchMbx01.ftportfolios.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 2
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.1.0.90]
Content-Type: multipart/alternative;
            boundary=”_000_073a44f6ca9345e38280304c2f63c21dExchMbx01nikeseclpcom_”
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-12_10:,,
signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0
mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
scancount=1 engine=8.0.1-1810050000 definitions=main-1904120117

Sent: Tuesday, April 9, 2019 1:54 PM
To: ‘Symantec Brightmail Investigations’ <investigation@review.symantec.com>
Subject: RE: Investigation Results
Importance: High

Thank you for the reply – I appreciate it.  I would disagree with the result however.  I’m not sure if you reviewed the delayed delivery attachment along with the samples I included (also attached here), because they indicate it is the MessageLabs MTAs that are responding with 4.4.1 and causing delayed delivery.

If it was our server causing the delay, there would be no server5.inboundmx.com Remote Server returned ‘<server5.inboundmx.com #4.4.1>’ response.  Please also see the below screen capture, which illustrates the results of using a tool called smtpdiag to simulate an SMTP conversation from one of our MTAs to MessageLabs, using MX record lookup.  There is either a configuration problem with server5.inboundmx.com or we are being filtered/delayed/throttled by that server.  Connections to server4.inboundmx.com are properly accepted, which also reinforces there is an issue on the MessageLabs side and not ours.

Please also see the results of a telnet session, both to server5.inboundmx.com (first screen capture) and server4.inboundmx.com.  MessageLabs recipients are the only users we are currently having consistent issues sending to.

From: Symantec Brightmail Investigations <investigation@review.symantec.com>
Sent: Tuesday, April 9, 2019 12:53 PM

Subject: Investigation Results

Dear,

We received your sample message and found no Symantec filter sidelining it, which leads us to believe that Symantec Brightmail is not doing the filtering against your company’s messages.

Best Regards,

Symantec Investigation Team

0

Related:

Admin audit logs on symantec messaging gateway

I do not need a solution (just sharing information)

There is no option to send Symantec messaging gateway administrator audit logs (Brightmail_Admin_Events ) to syslog server

it would be a great feature as administrator logs are so critical to check who released email, who created a policy and who deleted it.?

I hope Symantec consider this in next release

0

Related: