ICT – DLP have problems with ICT tags

I need a solution

Hi all,

We have Symantec ICT and DLP working together.

We just have a rule in DLP to work with ICT. The rule was created to block all documents classified as “Internal” to send to a external domain.

Is a simple rule.

Problem:
When we have just one external domain in the “recipient”, the e-mail or document is blocked to moving by e-mail, web or removible storage. But when we have a external domain and internal domain together in the “recipient”, the e-mail or documents not is blocked by prevents. Emails with “Internal” tagging is passing by Prevents.

Samebody have this problem?

Tks!

0

Related:

blacklisted again anda again only on symantec

I do not need a solution (just sharing information)

Please help me i cannot find any problem this is a fresh server 

IP 51.38.53.28
no spam , spf + dkim , PTR

i also hire specialist IT it tolds me my server is ok 
no other blacklist block me only symantec
i go again and again in this blacklist
please help
i wrote a mail to investagation no1 reply me 
i am frustrated

0

Related:

SMSMSE too many Administrator email notifications

I need a solution

Hello

we’ve got a DAG with 6 Exchange servers.

when a rule/threshold or whatever is reached the notifcation is sent multiple times with the same message to the administrator email (this is a distribution list containing 3 users).

It can occurs from the same server or from different server.

This notification was sent thrice to the same email address by the same server:

email subject : “Administrator Alert:  Symantec Mail Security detected an error (SYM:xxx442769)”

“Location of the message:  SMTP

        Sender of the message: user1@domain.com

        Subject of the message:  mail subject

        The attachment(s) “20200-01.pdf” and/or the message was Logged Only.

        This was done due to the following Symantec Mail Security settings:

        Scan: Auto-Protect

        Rule: Encrypted File Rule

 Server Name: Server01″

Any idea ?

Ty

David

0

Related:

Encrypted mails by PGP server doesn’t go out via symantec messaging gateway.

I need a solution

Hi All,

We have a setup like below;

Client –> Exchange Server –> Symantec Encryption Management Server (aka PGP server) –> Symantec Messaging Gateway –> Internet.

The unencrypted emails are processed and going through as expected. No issues.

When I excrypt that message and send, It doesn’t go through. 

Is there something I need to do in my Messaging Gateway or PGP server? 

Please advise. 

Thanks

0

Related:

Rule to detect sender-recipient

I need a solution

I need to create a rule that covers the scenarios below. We have already checked for support from Symantec and had the answer that it is not possible to set up to detect a sender by sending a message to only one recipient (one to one).

Scenario 1: Detect (@acme for a popular domain- one for one)
sender: @ ACME.com.br
recipient: @ XXX.com

Scenario 2: Do not detect (when you have @YYY.com as your recipient)
sender: @ ACME.com.br
recipient: @ XXX.com
recipient: @ YYY.com.br

0

Related:

Set Up Your Company's Branding in RightSignature

To access your branding options, log into RightSignature and click Account, followed by Branding. You can then access the branding options highlighted below.

Background and Footer Color

This option allows you to change the color of the background and the footer shown on the signing page and in the email signers receive. Use the drop down color menu to make your selection, then click Choose.

User-added image

Company Logo

This option places your company logo on the RightSignature signing screen where the designated signing parties will fill out and sign your documents. Your logo will also be included in emails sent containing the signing links. First click Show your logo, then click Upload.

Footer Options

This allows you to customize what information shows on the footer of the signing screen. You can choose between Sender Name, Company Name, or both. You can also choose to show your Avatar photo here. Once finished with any changes to the custom branding options, click Update.

Email Header

Show sender name in from: This option will show the user name in the email “from” field. If this option is disabled, the email “from” field will show RightSignature.com.

Show company name in subject: This option gives you the ability to designate a custom prefix in the subject line of the notification and reminder emails sent to your signers. When sending a document or a reminder to your signers, your company’s name will appear in the subject of the email.

Use document filename in subject: This option will insert the document filename into the subject of the email, rather than the document name.

Custom Signer Email Greeting

This option lets each user set a custom greeting in the body of the email used to deliver the document signing links. Each user on the account will be able to set a unique custom greeting. To enable the Custom Signer Email Greeting, follow the steps above to access the Branding page; then turn on the Custom Email Greeting switch and click Update.

User-added image

Custom Email Signature

This option lets each user set a custom email signature in the body of the email used to deliver the document signing links. Each user on the account will be able to set a unique email signature. To enable the Custom Signer Email Signature, follow the steps above to access the Branding page; then turn on the Custom Email Signature switch and click Update.

Related:

ShareFile Custom SMTP

ShareFile SMTP IP Address Information

Please see the following KB article for whitelist information.


User Requirements

  • An employee user with the Allow this user to modify account-wide policies permission

Microsoft Office 365 Users

If you are a Microsoft Office 365 user and would like to utilize Custom SMTP, view this set up guide from Microsoft.

Setting up Custom SMTP

  1. Navigate to Admin > Advanced Preferences > Email Settings > Configure SMTP Settings
  2. On the Custom SMTP Configuration page, enter the appropriate information to enable this feature.
  3. Ensure that the Enable checkbox is checked before saving.

User-added image

Required fields

Enable Custom SMTP – This must be selected if you wish to use these settings.

Email Address – This will be the “from” email address of sent emails.

Server – This is the host name of the email server that will be used to send emails.

Port – This is the port number to be used. Port 25 is the default. We allow the following ports: 26, 443, 465, 587, 2525.

Username – This should be the username needed to access the server.

Password – This should be the password needed to access the server.

Notify Email on Failure – This email address will be sent notices if ShareFile is unable to send an email with the given settings.

Optional fields

Use SSL – Choose between Implicit, Explicit, or Off.

Failback to ShareFile –If selected, messages that fail to send using the custom settings will prompt ShareFile to send future emails through standard ShareFile email settings

Authentication Method – Select an authentication method here if a particular one is required by your server


Troubleshooting Your SMTP Setup

“Email Notifications / Messages are Delayed”

This issue may occur when you are utilizing certain filter services or programs processing messages on your local mail servers. Before contacting ShareFile about delays in our system, please verify that your messages are not being delayed by local filter services. One means of verifying that information is to review the full header details of a message and reviewing the time messages send between services or filters.

“Email Notifications / Messages Do Not Arrive”

This issue may occur if you have IP restrictions or policies on your local mail servers. Please click here to make sure you have whitelisted the Custom SMTP IPs. Likewise, please review your mail server authentication methods to ensure that ShareFile can communicate with your servers.

“Too many connections from your host”

This issue may occur when you have exceeded the maximum allowed connections on your SMTP server. To resolve this, you must update or increase your max allowed connections in your SMTP configuration, or use Consolidated Notifications to limit the number of connections you receive on a typical basis.

Related:

Symantec DIP Urgent inquiry

I do not need a solution (just sharing information)

Hello, I will install and implement the Network Prevent for Mail soon in a site that has the Enforce Server and the Network Discover Module are already installed, So I would like to ask you about an issue if I installed the Network Prevent for Mail and integrate it with the MTAs ( forward or reflected ) mode and became inline in the network with the MTAs, when it receives mails from MTA and sends it to another MTA So what will happen or if the network prevent for mail fail over or became down in the network, or if the Enforce server has a problem like that Or any Reason to Become Down what will happen ? Does the mails will drop and doesn’t be sent Or the MTA will ignore the path of DIP and will redirect it to the other MTA directly ? and if that happen that will lead to data leakage and this is a problem too. So I would like to know what is the scenario of this case ? Does the detection server (Network prevent) keep the policies from the Enforce Server and apply it even if the enforce server is down or the Enforce Server is responsible of Applying the policies and configurations. And what is the best practice should I do to ignore this problems and the servers work stable with each other ? Thank you, and I would like to know your advice with this issue ASAP.

0

Related:

Deliver Email

I need a solution

Problems Delivering email

LOG: MAIN
  cwd=/usr/local/cpanel/whostmgr/docroot 4 args: exim -v -M 1iXvli-0006PP-3o
delivering 1iXvli-0006PP-3o
LOG: MAIN
  Sender identification U=interpar D=interpartesdemexico.com S=licitaciones@interpartesdemexico.com
Connecting to cluster9.us.messagelabs.com [67.219.247.54]:25 from 158.69.242.81 ... connected
  SMTP<< 220 server-13.tower-426.messagelabs.com ESMTP
  SMTP>> EHLO s1
  SMTP(close)>>
LOG: MAIN
  H=cluster9.us.messagelabs.com [67.219.247.54]: Remote host closed connection in response to EHLO s1
Connecting to cluster9.us.messagelabs.com [67.219.246.102]:25 from 158.69.242.81 ... connected
  SMTP<< 220 server-11.tower-386.messagelabs.com ESMTP
  SMTP>> EHLO s1
  SMTP(close)>>
LOG: MAIN
  H=cluster9.us.messagelabs.com [67.219.246.102]: Remote host closed connection in response to EHLO s1
Connecting to cluster9.us.messagelabs.com [67.219.251.54]:25 from 158.69.242.81 ... connected
  SMTP<< 220 server-22.tower-366.messagelabs.com ESMTP
  SMTP>> EHLO s1
  SMTP(close)>>
LOG: MAIN
  H=cluster9.us.messagelabs.com [67.219.251.54]: Remote host closed connection in response to EHLO s1
Connecting to cluster9.us.messagelabs.com [67.219.250.198]:25 from 158.69.242.81 ... connected
  SMTP<< 220 server-6.tower-346.messagelabs.com ESMTP
  SMTP>> EHLO s1
  SMTP(close)>>
LOG: MAIN
  H=cluster9.us.messagelabs.com [67.219.250.198]: Remote host closed connection in response to EHLO s1
Connecting to cluster9.us.messagelabs.com [67.219.250.102]:25 from 158.69.242.81 ... connected
  SMTP<< 220 server-2.tower-326.messagelabs.com ESMTP
  SMTP>> EHLO s1
  SMTP(close)>>
LOG: MAIN
  H=cluster9.us.messagelabs.com [67.219.250.102]: Remote host closed connection in response to EHLO s1
Connecting to cluster9.us.messagelabs.com [67.219.246.198]:25 from 158.69.242.81 ... connected
  SMTP<< 220 server-22.tower-406.messagelabs.com ESMTP
  SMTP>> EHLO s1
  SMTP(close)>>
LOG: MAIN
  H=cluster9.us.messagelabs.com [67.219.246.198]: Remote host closed connection in response to EHLO s1
Connecting to cluster9a.us.messagelabs.com [3.222.201.247]:25 from 158.69.242.81 ... connected
  SMTP<< 220 mail555.messagelabs.com ESMTP Fri, 22 Nov 2019 03:47:29 +0000
  SMTP>> EHLO s1
  SMTP<< 250-mail555.messagelabs.com Hello ip-100-112-12-131.us-east-1.aws.symcld.net [100.112.12.131]
         250-SIZE 52428800
         250-8BITMIME
         250-PIPELINING
         250-CHUNKING
         250-PRDR
         250 HELP
  SMTP>> MAIL FROM:<licitaciones@interpartesdemexico.com> SIZE=105809
  SMTP>> RCPT TO:<humberto.villalobos@regalsprings.com>
  SMTP>> DATA
  SMTP<< 250 OK
  SMTP<< 421 Service Temporarily Unavailable
LOG: MAIN
  H=cluster9a.us.messagelabs.com [3.222.201.247]: SMTP error from remote mail server after RCPT TO:<humberto.villalobos@regalsprings.com>: 421 Service Temporarily Unavailable
  SMTP<< 503-All RCPT commands were rejected with this error:
         503-Service Temporarily Unavailable
         503 Valid RCPT command must precede DATA
  SMTP>> QUIT
  SMTP(close)>>
Connecting to cluster9a.us.messagelabs.com [34.237.164.170]:25 from 158.69.242.81 ... connected
  SMTP<< 220 mail555.messagelabs.com ESMTP Fri, 22 Nov 2019 03:47:29 +0000
  SMTP>> EHLO s1
  SMTP<< 250-mail555.messagelabs.com Hello ip-100-112-14-77.us-east-1.aws.symcld.net [100.112.14.77]
         250-SIZE 52428800
         250-8BITMIME
         250-PIPELINING
         250-CHUNKING
         250-PRDR
         250 HELP
  SMTP>> MAIL FROM:<licitaciones@interpartesdemexico.com> SIZE=105809
  SMTP>> RCPT TO:<humberto.villalobos@regalsprings.com>
  SMTP>> DATA
  SMTP<< 250 OK
  SMTP<< 421 Service Temporarily Unavailable
LOG: MAIN
  H=cluster9a.us.messagelabs.com [34.237.164.170]: SMTP error from remote mail server after RCPT TO:<humberto.villalobos@regalsprings.com>: 421 Service Temporarily Unavailable
  SMTP<< 503-All RCPT commands were rejected with this error:
         503-Service Temporarily Unavailable
         503 Valid RCPT command must precede DATA
  SMTP>> QUIT
  SMTP(close)>>
Connecting to cluster9a.us.messagelabs.com [52.73.243.182]:25 from 158.69.242.81 ... connected
  SMTP<< 220 mail555.messagelabs.com ESMTP Fri, 22 Nov 2019 03:47:29 +0000
  SMTP>> EHLO s1
  SMTP<< 250-mail555.messagelabs.com Hello ip-100-112-13-247.us-east-1.aws.symcld.net [100.112.13.247]
         250-SIZE 52428800
         250-8BITMIME
         250-PIPELINING
         250-CHUNKING
         250-PRDR
         250 HELP
  SMTP>> MAIL FROM:<licitaciones@interpartesdemexico.com> SIZE=105809
  SMTP>> RCPT TO:<humberto.villalobos@regalsprings.com>
  SMTP>> DATA
  SMTP<< 250 OK
  SMTP<< 421 Service Temporarily Unavailable
  SMTP<< 503-All RCPT commands were rejected with this error:
         503-Service Temporarily Unavailable
         503 Valid RCPT command must precede DATA
  SMTP>> QUIT
  SMTP(close)>>
LOG: MAIN
  == humberto.villalobos@regalsprings.com R=dkim_lookuphost T=dkim_remote_smtp defer (-44) H=cluster9a.us.messagelabs.com [52.73.243.182]: SMTP error from remote mail server after RCPT TO:<humberto.villalobos@regalsprings.com>: 421 Service Temporarily Unavailable
0

Related:

How to allow or block mail sending in Endpoint Prevent?

I need a solution

Hello,

We are testing Email blocking using Endpoint Prevent with two specific requests:

– We have found multiple situations where the mails are blocked and user wants to send the mail with approval from supervisor. There are several discussions regarding the same issue, but all of them point to a Network Prevent for Email deployment and can be done with the integration of a MTA that supports Quarantining. Can this be done without hext hop mail gateway and with adding an option to a pop up notify message (Endpoint notify) that informs and asks manager for an approval to grant sending specific email? So it is not simple Endpoint notify response or simple Endpoint block response in case of policy violation, but the case “in the middle” where mail gets stucked until someone (e.g. manager) grants or discards mail sending.

Solution for similar request using Network Prevent for Email deployment were described at next discussions, but we are limited on a Endpoint Prevent deployment:

https://www.symantec.com/connect/forums/vontu-email-prevent-catch-block-and-release-capbility

https://www.symantec.com/connect/forums/how-allow-blocked-mail-network-prevent-email

https://www.symantec.com/connect/forums/grant-rights-forward-blocked-email

– The other request regards to a detect emails with a list of email addresses withing the body or attachment that should be stopped in “graduall” way, meaning that if a mail message has a list of 5 to 10 mail addresses, than mail shoud be released and sent, and if mail message has a list of more than 10 mail addresses, than mail shoud be a matter of Endpoint notify or block response. Does anyone have suggestion how to resolve this issue?

 Thanks, best regards.

0

Related: