Symantec Cloud Hosted Endpoint Email Alert information

I need a solution

Hey there, we have quite a number of customer’s each who have their own subscription to the symantec Endpoint Protection Small Business Edition – Hosted Endpoint / Cloud symantec a/v product.

Any of the email alerts about blocked files/sites, viruses, licensing issues, etc go to an email address for the customer but we get them all as they are email aliases on one of our accounts. 

The issue we have, is the emails are all the same and there is no identifying information about what client it is for. The only way to figure it out, unless the computer name happens to indicate which client it is, is to open up the email headers and scroll down and find the “to” field and see the email it was sent to.

Is there a way to just embed the customer and contact name inside the email that is sent out? This seems like such a small thing, yet it’s huge for us. I am including a sample email screenshot to show you what we see, and with a generic name there is no way to know who this is for without wasting time trying to figure it out.

Thanks.

0

Related:

Recipient address rejected from aitelecom.net

I need a solution

Hello,

We can’t send messages to recipients who use messagelabs email service,

Our email server mail.aitelecom.net is at IP address 200.9.182.24 and 200.9.182.6

Is it possible to remove this IP address from the blacklist?

Last month we had an issue with one of our accounts sending spam, but we have fixed since then.

this is a sample of rejected message:

De: Mail Delivery System <MAILER-DAEMON@messagelabs.com> Enviado el: viernes, 14 de diciembre de 2018 05:42 a.m.

Para: ocastillo@aitelecom.net

Asunto: Mail Delivery Failure

This is the mail delivery agent at Symantec Email Security.cloud.

I was unable to deliver your message to the following addresses:

 we ha

ocastillo@aitelecom.net

Reason: 554 5.7.1 <ocastillo@aitelecom.net>: Recipient address rejected: SMTP AUTH is required, or it is a spam with forged sender domain

The message subject was: Directorio Empresarial Mexicano 2019 The message date was: Fri, 14 Dec 2018 05:41:52 -0600 The message identifier was: 0F/69-08740-217931C5 The message reference was: server-9.tower-346.messagelabs.com!1544787715!3047177!8

Please do not reply to this email as it is sent from an unattended mailbox.

Contact your email administrator if you need more information, or instructions for resolving this issue.

Regards,

Manuel Canto

0

Related:

7020932: Getting Flooded by Mailer-Daemon and Postmaster addressed email (BACKSCATTER)

This document (7020932) is provided subject to the disclaimer at the end of this document.

Environment

GWAVA 4, 5, & 6

Situation

Email system is flooded with Mailer-Daemon and Postmaster email

Resolution

These emails are most likely caused by “Backscatter”. This is a common term used to describe undeliverable messages generated by an SMTP server. It is important to understand that these emails are not typically spam. Rather they are legitimately created email messages generated by a compliant SMTP server. The most likely cause is a spammer originated the message, sent it to an open relay or SMTP appliance of some sort, and faked the reply address using a dictionary attack or some other means. When the SMTP relay/appliance attempted deliver to the correct address and was rejected, the only address it could go on to send an undeliverable message to was the reply address. Meaning that the mailer-daemon message created by the SMTP server is sent to you, an unsuspecting email address, rather than the real originator.

For more information about backscatter and ways to avoid it, try the following link or search “backscatter” on your internet search engine.

http://www.spamresource.com/2007/02/backscatter-what-is-it-how-do-i-stop-it.html

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 228

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7019085: Messages with Large Numbers of Recipients are Slowing Jobs

When Retain archives a message it stores just one copy of the message to disk and sets pointers to that message in the database for all the recipients. Generally, this does not take long as most messages only have a few recipients. However, it becomes time consuming when Retain has to update all the users in the database when a message is sent to all mailboxes on the email system. Especially when there are 15k of them.

We can change the number of recipients that Retain updates, the remainder being saved to an xml file that is attached to the message in Retain. On a customer’s Retain system the database was updating about 25 users/second. Retain used to default to 250 recipients but now it is unlimited.

  1. Stop tomcat
  2. For each worker:
    1. Go into/opt/beginfinite/retain/RetainWorker[N]/WEB-INF/classes/config/attachment.properties
    2. Change max.recipients= to something other than 0 (which is unlimited)
  3. Start tomcat
  4. Start a job.

NOTE: Once the max.recipients setting is enabled, the Retain Worker log will log all archived message items that exceed the maximum value with the following entry in the Retain Worker log:

WARN [RTWQuartzScheduler_Archive_Worker-5] com.gwava.caapi.Archiver: Truncated list of recipients, per your settings

Related:

7018955: Messages with Large Numbers of Recipients are Slowing Jobs

When Retain archives a message it stores just one copy of the message to disk and sets pointers to that message in the database for all the recipients. Generally, this does not take long as most messages only have a few recipients. However, it becomes time consuming when Retain has to update all the users in the database when a message is sent to all mailboxes on the email system. Especially when there are 15k of them.

We can change the number of recipients that Retain updates, the remainder being saved to an xml file that is attached to the message in Retain. On a customer’s Retain system the database was updating about 25 users/second. Retain used to default to 250 recipients but now it is unlimited.

  1. Stop tomcat
  2. For each worker:
    1. Go into/opt/beginfinite/retain/RetainWorker[N]/WEB-INF/classes/config/attachment.properties
    2. Change max.recipients= to something other than 0 (which is unlimited)
  3. Start tomcat
  4. Start a job.

NOTE: Once the max.recipients setting is enabled, the Retain Worker log will log all archived message items that exceed the maximum value with the following entry in the Retain Worker log:

WARN [RTWQuartzScheduler_Archive_Worker-5] com.gwava.caapi.Archiver: Truncated list of recipients, per your settings

Related:

SMTP rejected a (%4) mail from ‘%1’ with ‘%2’ connector and the user authenticated as ‘%3’. The Active Directory lookup for the sender address returned validation errors. %5

Details
Product: Exchange
Event ID: 1025
Source: MSExchangeTransport
Version: 8.0
Symbolic Name: SmtpReceiveSendAsDeniedSenderAddressDataInvalid
Message: SMTP rejected a (%4) mail from ‘%1’ with ‘%2’ connector and the user authenticated as ‘%3’. The Active Directory lookup for the sender address returned validation errors. %5
   
Explanation

This Error event indicates a problem validating the e-mail address of a sender that was using “Send as” permission to send a message. The Active Directory directory service lookup for the sender’s address returned the specified validation errors.

The “Send as” permission allows recipients to send e-mail messages as if the message originated from a different recipient. Specifically, recipients who are granted the “Send as” permission to any mail-enabled object can enter the other recipient’s name in the From field for the messages that they send.

For example, assume that Michelle has been granted “Send as” permissions for the mailbox of her manager, Laura. Michelle sends a message to Julia with Laura’s name in the From field. When Julia receives the message, it appears as if it was sent by Laura.

For more information, see: How to Grant Send As Permissions for a Mailbox.

   
User Action

To resolve this error, do one or more of the following:

  • Make sure that the Exchange server that logged this event can communicate with one or more Active Directory servers available in the organization.

  • Verified that the specified recipient has the “Send as” permission granted to the specified mail-enabled object.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.

Related:

How the Postmaster@domain address works

I’m very new to Exchange (in fact, an apprentice and studying it at the moment) and am wondering how the Postmaster@domain.com address works. An example:

A smarthost configured with one mailbox, Postmaster@serverfault.com, with an *@serverfault.com alias so, my understanding, all mail sent to *@serverfault.com is SMTP forwarded onto the postmaster@serverfault.com address.

But what happens now? Does Exchange have a master mailbox Postmaster, that receives all this mail and just dishes it out to the correct mailbox? Or is what I just wrote a pile of garbage!

So I’m a little confused. On the Smart Host – there is SMTP forwarding to forward all SMTP to IP Address x.x.x.x which is active for a mailbox on the smarthost called Postmaster@domain.co.uk with an alias of *@domain.co.uk? How is this working exactly?

Thanks!

Related: