TLS support on secondary MX server

December 28, 2018, 3:36 am

≫ Next: Policy Based Encryption Advanced Encrypted Portal

≪ Previous: cluster5.us.messagelabs.com connection timeout

I need a solution

We have a third party who is using the website www.checktls.com to verify that emails sent to our domain covermycab.com use TLS, I have setup an encryption partnership in the messagelabs portal but the website check is still failing. The primary MX record is using TLS but the secondary MX record isn't, is there anyway to correct this?

Thanks

Trying TLS on cluster9a.eu.messagelabs.com[52.59.102.191:25] (20):

seconds		test stage and result
[000.089]		Connected to server
[000.180]	<--	220 mail555.messagelabs.com ESMTP Fri, 28 Dec 2018 11:51:32 +0000
[000.180]		We are allowed to connect
[000.180]	-->	EHLO www6.CheckTLS.com
[000.268]	<--	250-mail555.messagelabs.com Hello ip-100-113-13-142.eu-central-1.aws.symcld.net [100.113.13.142] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-CHUNKING 250-PRDR 250 HELP
[000.269]		We can use this server
[000.269]		TLS is not an option on this server
[000.269]	-->	MAIL FROM:<test@checktls.com>
[000.357]	<--	250 OK
[000.358]		Sender is OK
[000.358]	-->	QUIT
[000.446]	<--	221 mail555.messagelabs.com closing connection

↧

Policy Based Encryption Advanced Encrypted Portal

January 3, 2019, 3:03 am

≫ Next: Issue with delivering emails to messagelabs.com

≪ Previous: TLS support on secondary MX server

I need a solution

Hi Guys

We have been using the Policy Based Encryption Advanced Encrypted Portal for a while now.

Just a quick question whicvh one of our compliance people brought up , is there any way to ensure that mail is readable only by the intended recipient?

For example if an encryped mail is sent to the wrong email address and the mistaken recipient already has an account for the encrypted portal , that person would be able to read the mail right?

The question they are asking is , is there a PBE Advanced way to ensure only the intended recipient can read the email.

Thanks

John

↧

Issue with delivering emails to messagelabs.com

January 3, 2019, 8:30 am

≫ Next: Inbound routes + Email delivery to O365

≪ Previous: Policy Based Encryption Advanced Encrypted Portal

I need a solution

This is the mail delivery agent at Symantec Email Security.cloud.

I was unable to deliver your message to the following addresses:

**********@salesianer.com

Reason: 550 5.7.23 Please see http://www.openspf.org/Why?id=customercare.at=leas...

The message subject was: Reklamation Salesianer 917541 Pool xxxXXXTTGXJR52925 / 917552 ID 157 xxxXXXTTGXJR52926 [ ref:_00D20Cg7Q._5001Gbag1l:ref ]
The message date was: Wed, 2 Jan 2019 12:25:54 +0000 (GMT)
The message identifier was: F3/4E-21338-3DDACxxx
The message reference was: server-12.tower-306.messagelabs.com!1546431952!4056936!2

Please do not reply to this email as it is sent from an unattended mailbox.
Contact your email administrator if you need more information, or
instructions for resolving this issue.

↧

Inbound routes + Email delivery to O365

January 4, 2019, 8:49 am

≫ Next: MessageLabs blocking email

≪ Previous: Issue with delivering emails to messagelabs.com

I need a solution

Is anyone aware of an issue adding new O365 hostnames to inbound routes on Symantec Email Security.Cloud

When I try and add O365 hostname for email delivery, I get an error message. I'm told this is a symantec issue at present (I've not seen any other status posts).

Thanks

↧

MessageLabs blocking email

January 8, 2019, 8:58 am

≫ Next: How to change 14 days time frame to 30 days once email qurantine

≪ Previous: Inbound routes + Email delivery to O365

I need a solution

We cannot email vendors and customers using message labs. Our domain is adveng.com One vendor is ra.rockwell.com.

Generating server: Artemis.adveng.com
Receiving server: cluster6a.us.messagelabs.com (52.206.215.254)

sbkent@ra.rockwell.com
Remote Server at cluster6a.us.messagelabs.com (52.206.215.254) returned '400 4.4.7 Message delayed'
1/7/2019 10:39:15 PM - Remote Server at cluster6a.us.messagelabs.com (52.206.215.254) returned '451 4.4.0 Primary target IP address responded with: "421 4.4.1 Connection timed out." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 52.206.215.254:25'

We are not on spam lists.

Thank you for your help on this matter.

↧

How to change 14 days time frame to 30 days once email qurantine

January 9, 2019, 9:40 pm

≫ Next: MessageLabs.com 421 Service Temporarily Unavailable, TLS negotiation failed with error IllegalMessage

≪ Previous: MessageLabs blocking email

I need a solution

The requirement is need to change 14 days to 30 days once the email quarantine. From where i can change this settings in email security.cloud ? As per understaing once email qurantine it will stay 14 days only in qurantine portal. Apprecaite any assistance.

Thanks

Muamamd

↧

MessageLabs.com 421 Service Temporarily Unavailable, TLS negotiation failed with error IllegalMessage

January 10, 2019, 8:11 am

≫ Next: Negative reputation

≪ Previous: How to change 14 days time frame to 30 days once email qurantine

I do not need a solution (just sharing information)

I have already indeed email a sample message to Symantec (investigation@review.symantec.com) for the NDR message delayed emails.

I poseted in hopes to maybe help with this issue and see if someone else has any ideas.

In the Send connector protocol logs, we see:

2019-01-09T16:42:03.318Z,Internet,08D1234567811DF6,0,,x.x.x.x:25,*,,attempting to connect
2019-01-09T16:42:03.334Z,Internet,08D6723456789DF6,1,x.x.x.x:32944,x.x.x.x:25,+,,
<,220 server-5.tower-347.messagelabs.com ESMTP,
>,EHLO Mail.xxxx.com,
<,250-server-5.tower-347.messagelabs.com,
<,250-STARTTLS,
<,250-PIPELINING,
<,250 8BITMIME,
>,STARTTLS,
<,220 ready for TLS,
*,,Sending certificate
*,"CN=mail.xxxx.com, O=""xxxx, Inc."", L=xxxx, S=xxxx, C=US",Certificate subject
*,"CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US",Certificate issuer name
*,09024235443534F8234324,Certificate serial number
*,FDA0D53434343D933F32345123456789681DAAC3,Certificate thumbprint
*,mail.xxxx.com;autodiscover.xxxx.com;owa.xxxx.com;,Certificate alternate names
*,,TLS negotiation failed with error IllegalMessage
-,,Local

Then we Also See:

2019-01-09T19:35:50.765Z,Internet,08D67123445551F4,0,,x.x.x.x:25,*,,attempting to connect
2019-01-09T19:35:50.765Z,Internet,08D67123445551F4,1,x.x.x.x:48897,x.x.x.x:25,+,,
2019-01-09T19:35:51.093Z,Internet,08D67123445551F4,2,x.x.x.x:48897,x.x.x.x:25,<,"220 mail555.messagelabs.com ESMTP Wed, 09 Jan 2019 19:35:50 +0000",
2019-01-09T19:35:51.093Z,Internet,08D67123445551F4,3,x.x.x.x:48897,x.x.x.x:25,>,EHLO mail.xxxx.com,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,4,x.x.x.x:48897,x.x.x.x:25,<,250-mail555.messagelabs.com Hello ip-100-112-14-171.us-east-1.aws.symcld.net [100.112.14.171],
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,5,x.x.x.x:48897,x.x.x.x:25,<,250-SIZE 52428800,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,6,x.x.x.x:48897,x.x.x.x:25,<,250-8BITMIME,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,7,x.x.x.x:48897,x.x.x.x:25,<,250-PIPELINING,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,8,x.x.x.x:48897,x.x.x.x:25,<,250-CHUNKING,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,9,x.x.x.x:48897,x.x.x.x:25,<,250-PRDR,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,10,x.x.x.x:48897,x.x.x.x:25,<,250 HELP,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,11,x.x.x.x:48897,x.x.x.x:25,*,,sending message with RecordId 10261234567442 and InternetMessageId <1523344547606.84370@xxxx.com>
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,12,x.x.x.x:48897,x.x.x.x:25,>,MAIL FROM:<Paul.xxxx@xxxx.com> SIZE=34071,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,13,x.x.x.x:48897,x.x.x.x:25,>,RCPT TO:<jschxxxx@xxxx.com>,
2019-01-09T19:35:51.186Z,Internet,08D67123445551F4,14,x.x.x.x:48897,x.x.x.x:25,<,250 OK,
2019-01-09T19:35:51.186Z,Internet,08D67123445551F4,15,x.x.x.x:48897,x.x.x.x:25,<,421 Service Temporarily Unavailable,

All Message Labs Servers we see with TLS Negoiation Problems:

server-6.tower-367.messagelabs.com

server-14.tower-387.messagelabs.com

server-35.tower-384.messagelabs.com

server-9.tower-347.messagelabs.com

server-13.tower-407.messagelabs.com

server-35.tower-404.messagelabs.com

server-3.tower-327.messagelabs.com

server-35.tower-344.messagelabs.com

server-8.tower-341.messagelabs.com

server-16.tower-381.messagelabs.com

server-3.tower-361.messagelabs.com

server-4.tower-246.messagelabs.com

MessageLabs with 421 Service Temporarily Unavailable:

mail555.messagelabs.com

↧

Negative reputation

January 15, 2019, 1:20 am

≫ Next: Removing IPs from blacklist.

≪ Previous: MessageLabs.com 421 Service Temporarily Unavailable, TLS negotiation failed with error IllegalMessage

I need a solution

Dear sirs,

I am writing as an e-mail system administrator of Alizon Industrie in France.

Since last week, it seems that our IP address is blacklisted by Symantec (negative reputation) and we need a delist as soon as possible.

To send from 185.147.64.22 to domains which are securized by Symantec our addresses use these domain names:

- accept.fr

- alizonbenelux.lu

- alizondeutschland.de

Today, we encounter problems with schneider-electric.com (the mails are dropped in quarantine) and michelin.com (the mails seem to be sent but do not appear in mailboxes). I've already sent a mail to investigation@review.symantec.com, but in order to solve this issue as soon as possible I create this discussion.

Could you provide us more information about this issue and about your investigations? Are there any actions you require from us?

Thank you in advance.

Kind regards

↧

Removing IPs from blacklist.

January 15, 2019, 5:27 am

≫ Next: Messagelabs Blocking Newly Obtained AWS IP - no bad reputation

≪ Previous: Negative reputation

I need a solution

Hi,

I have repeatedly contacted you through the IP removal tool available at https://ipremoval.sms.symantec.com/ipr/lookup.

My question is in regards to how long it takes for this request to be processed. Should I expect this to take more than a week?

I would very much appreciate an answer.

Thank you kindly.

Best Regards,

Johan

↧

Messagelabs Blocking Newly Obtained AWS IP - no bad reputation

January 15, 2019, 8:14 am

≫ Next: Organizations unable to email us

≪ Previous: Removing IPs from blacklist.

I need a solution

Hi there,

I have done all testing I can do before posting here, I believe this to be an issue outside of my control but willing to check anything as required.

The below happens when trying telnet on any of the IPs.. EXIM gets connection timed out.

$ telnet 46.226.52.198
Trying 46.226.52.198...
telnet: connect to address 46.226.52.198: Connection refused

Please advise as I need this to be resolved before I add extra clients, unfortunately I use messagelabs so its impacting me more than anything!

If it is blocked/trottled, could you advise when the last seen spammy content was?

↧

Organizations unable to email us

January 16, 2019, 7:06 am

≫ Next: Blacklist Removal Request

≪ Previous: Messagelabs Blocking Newly Obtained AWS IP - no bad reputation

I need a solution

Good Morning All,

We have an organization that is unable to email us even though we have white listed them. I can email them but they can not email us. Error message on the bounce back email they get is below. Please help.

<myemailaddress>: host cluster6.us.messagelabs.com[67.219.250.196]

said: 553-Message filtered. Refer to the Troubleshooting page at

553-http://www.symanteccloud.com/troubleshooting for more 553 information.

(#5.7.1) (in reply to end of DATA command)

↧

Blacklist Removal Request

January 17, 2019, 7:37 am

≫ Next: Unable to email clients using Symantec email security

≪ Previous: Organizations unable to email us

I need a solution

Hi,

We found out that one of our server ip addresses is on your list.

We had an issue with one client on december (his email account was used to send spam) but this issue was fixed very soon, we have checked the entire server and found no issues, also we check all of our ips against some of the most popular blacklists checkers and we aren't listed on any (over 100 lists checked) but yours.

Please could you please delist our IP address: 51.38.181.24 we have a lot of clients complaining about emails not being delivered properly.

Best Regards.

↧

Unable to email clients using Symantec email security

January 21, 2019, 7:37 am

≫ Next: Can't receive emails from clients using symantec

≪ Previous: Blacklist Removal Request

I need a solution

Hi there,

For the last week now we have a client who is unable to email anyone that uses Symantec Email Security. They constantly get the below message -:

550 5.0.350 Remote server returned an error -> 553 Message filtered. Refer to the Troubleshooting page at;http://www.symanteccloud.com/troubleshooting for more;information. (#5.7.1)

They use Office 365 and all DNS is correct for SPF and DKIM. They do not show as blacklisted anywhere and the majority of emails have no attachments. Strangley though if they email from the Office365 web portal the email sometimes gets through.

I submitted several emails last week and the week before to be checked for false positives but have had no response.

This is causing major disruption for the business as they are finding that more and more suppliers use theis sytem for email filtering. They have had 1 customer whitelist them which allowed email through but they do not want to have to do this with dozens of other clients.

Any help would be appreciated

Kind regards,

↧

Can't receive emails from clients using symantec

January 21, 2019, 5:46 pm

≫ Next: Returned '400 4.4.7 Message delayed' from MessageLabs.com

≪ Previous: Unable to email clients using Symantec email security

I need a solution

Hi,

For nearly 1/2 year now, we've been unable to receive emails from clients using higher-levels of symantec security. We had an issue last year with an infected machine that appears to have given us a negative reputation (Case 00013827), but we had this lifted late last year and we still don't receive emails.

Here's an example:

Diagnostic information for administrators:

Generating server: LV-EX01.lismore.local

rebecca@armsign.com.au
server-18.tower-403.messagelabs.com
Remote Server returned '550 Invalid recipient <rebecca@armsign.com.au> (#5.1.1)'

Original message headers:

Received: from LV-EX01.lismore.local (10.1.2.18) by LV-EX01.lismore.local

(10.1.2.18) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 27 Nov 2018

12:05:35 +1100

Received: from LV-EX01.lismore.local ([fe80::a1e0:dede:77a3:156d]) by

LV-EX01.lismore.local ([fe80::a1e0:dede:77a3:156d%16]) with mapi id

15.00.1367.000; Tue, 27 Nov 2018 12:05:35 +1100

From: Kate Steel <Kate.Steel@lismore.nsw.gov.au>

To: "'rebecca@armsign.com.au'"<rebecca@armsign.com.au>

Subject: test

Thread-Topic: test

Thread-Index: AdSF7UupFZy6WiA5Sf66pQIm+USZgA==

Date: Tue, 27 Nov 2018 01:05:35 +0000

Message-ID: <ad5f04ab2f1e4a3097ad423beff6146e@LV-EX01.lismore.local>

Accept-Language: en-AU, en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

catalogueonsend: False

x-ms-exchange-transport-fromentityheader: Hosted

x-originating-ip: [10.10.2.112]

Content-Type: multipart/alternative;

boundary="_000_ad5f04ab2f1e4a3097ad423beff6146eLVEX01lismorelocal_"

MIME-Version: 1.0

This issue is now happening with other clients who are using symantec products. We are unable to send/receive pretty much with everyone using your products. Can we get this resolved?

↧

Returned '400 4.4.7 Message delayed' from MessageLabs.com

January 27, 2019, 7:22 pm

≫ Next: My client can't receive email from us.

≪ Previous: Can't receive emails from clients using symantec

I need a solution

When we send emails to many customers who are using Symantec's service, we receive refunds, such as

供管理员使用的诊断信息:

生成服务器: CDSSRVDCEX02.hkdc.cds-net.com
接收服务器: cluster5a.eu.messagelabs.com (18.194.106.207)

blau@plumproducts.com
Remote Server at cluster5a.eu.messagelabs.com (18.194.106.207) returned '400 4.4.7 Message delayed'
1/24/2019 10:45:09 AM - Remote Server at cluster5a.eu.messagelabs.com (18.194.106.207) returned '451 4.4.0 Primary target IP address responded with: "421 4.4.1 Connection timed out." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 18.194.106.207:25'

原始邮件头:

Received: from CDSSRVDCEX01.hkdc.cds-net.com (10.1.1.33) by
CDSSRVDCEX02.hkdc.cds-net.com (10.1.1.64) with Microsoft SMTP Server (TLS) id
15.0.1367.3; Thu, 24 Jan 2019 14:52:39 +0800
Received: from CDSSRVDCEX01.hkdc.cds-net.com ([fe80::41b3:7f32:d22f:6b81]) by
CDSSRVDCEX01.hkdc.cds-net.com ([fe80::41b3:7f32:d22f:6b81%16]) with mapi id
15.00.1367.000; Thu, 24 Jan 2019 14:52:38 +0800
From: April Shao <aprilshao@cdsshanghai.com.cn>
To: "op@fanfeitrans.com"<op@fanfeitrans.com>
CC: "blau@plumproducts.com"<blau@plumproducts.com>
Subject: CTCVANL06138SH0
Thread-Topic: CTCVANL06138SH0
Thread-Index: AdSzsUJdsk09dD0MRRSTWf5Qunf96A==
Date: Thu, 24 Jan 2019 06:52:38 +0000
Message-ID: <60de1864092a42339ddefd0e1bf213d3@CDSSRVDCEX01.hkdc.cds-net.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [221.133.242.163]
Content-Type: multipart/related;
boundary="_004_60de1864092a42339ddefd0e1bf213d3CDSSRVDCEX01hkdccdsnetc_";
type="multipart/alternative"
MIME-Version: 1.0

We try to solve this problem with smart hosts, but it can't solve all the problems in the end.

Our domain:cds.com.hk,cdsshanghai.com.cn, cdsningbo.com,cdsqingdao.com,cdsxiamen.com

Our exchange servers IP : 175.45.36.68-70

↧

My client can't receive email from us.

January 27, 2019, 11:20 pm

≫ Next: one of our domains is being email bombed by messagelabs daily

≪ Previous: Returned '400 4.4.7 Message delayed' from MessageLabs.com

I need a solution

Dear Support Symantec.

Our client using messagelabs the statuses was 2.5.0 OK but our client doesn't receive the email.
Can you help to check? We using relay from mailchannels. They can sent us an email. But everytime we reply, the email not receiving on our client.

Here's the status.

Delivered

2019-01-28 11:24 AM

Subject:	Re: Mohon informasi pembayaran
Size:	48,000 bytes
Duration:	2.58 seconds
SMTP Response:	250 ok 1548649474 qp 23789 server-26.tower-385.messagelabs.com!1548649471!1537214!1

From:	c***ier@subahtera.com
To:	a*ni.re@pg.com asa.h@pg.com noana.nn@pg.com p ri.p@pg.com ramani.f@pg.com

What should i do?

↧

one of our domains is being email bombed by messagelabs daily

January 28, 2019, 10:01 am

≫ Next: Remote Server returned '< #5.4.7 smtp; 554 5.4.7 [internal] exceeded max time without delivery>'

≪ Previous: My client can't receive email from us.

I need a solution

For the last week daily from 4PM-5PM PST our mail server has been bombed by 10-15K emails, all being sent from messagelabs.com mail servers, namely mail2.bemta23.messagelabs.com and mail2.bemta24.messagelabs.com. We have attempted to contact messagelabs to resolve this but cannot make our way through Symantec support to contact messagelabs (thry claim we can't talk to messagelabs unless we purchase a support contract). Does anybody know how we can contact them to stop the daily email attacks their servers are subjecting us to?

2019-01-27 17:10:12