(connect to cluster8.eu.messagelabs.com[85.158.139.19]:25: Connection timed out)

February 19, 2016, 12:59 am

≫ Next: blocking messages with no sender address

≪ Previous: 501 Connection Rejected by Policy [7.7]

I need a solution

Hello,

I'm having a Linux Virtual Server with some domains on it and sending Mail's to different reciepients are getting this error message:

(connect to cluster8.eu.messagelabs.com[85.158.139.19]:25: Connection timed out)

(connect to cluster1a.uk.messagelabs.com[85.158.139.103]:25: Connection timed out)

and some others, i believe. I'm having this Virtual Server since early February and i believe the past owners of my ip had some issues, or whatever. I checked (and cleared) my ip from all rbl/blackhole list's now, but i'm still getting blocked on some custom networks like yours. Could this be cleared ?

Server's IP: 188.138.122.198

Thank you.

↧

blocking messages with no sender address

February 26, 2016, 8:44 am

≫ Next: Brightmail "release " fails

≪ Previous: (connect to cluster8.eu.messagelabs.com[85.158.139.19]:25: Connection timed out)

I need a solution

Last night we received a couple of spam e-mails in which my Outlook client showed a "friendly name" for the sender, but then when I opened the messages, the sender had only the "friendly name", with no e-mail address. I went to my Exchange server and ran the Message Tracking tool, searching on the subject lines of the messages. The "Sender" column was empty on multiple messages with those subjects.

I was able to look at the MessageId column and get the domain of the sending smtp server, mail.mcdlv.net, which I have added to our blocked domains, since there wasn't a sending domain in the e-mail headers that I could use.

My question is, why don't the spam filters by default block messages with a blank sender? Just like postal mail that arrives at your house with no return address, it's a sure sign it's junk mail.

↧

Brightmail "release " fails

March 6, 2016, 10:52 am

≫ Next: Email security.cloud

≪ Previous: blocking messages with no sender address

I need a solution

MIT email uses Symantec "Brightmail" filter, BUT release fails.

I click "release" which takes me to
https://alum-mailsec-cc.mit.edu/brightmail/quarantine/releas....
then I have to click release again, message disappears and is never seen
again.

↧

Email security.cloud

March 8, 2016, 11:13 am

≫ Next: Customers emails being blocked by Clusterlabs help!

≪ Previous: Brightmail "release " fails

I need a solution

Hi,

I Would like to know that email security.cloud should be able to support hosted lotus notes cloud version.

↧

Customers emails being blocked by Clusterlabs help!

March 15, 2016, 2:59 am

≫ Next: Mail rejetée politique 7.7

≪ Previous: Email security.cloud

I need a solution

Hi,

We are currently having our emails blocked by Symantec's clusterlabs solution, this has been occurring for 2 weeks now. See an example email block message below, this one was an email we sent to OFCOM, but there are many many more examples:

Delivery to the following recipient failed permanently:

email removed for obvious reasons

Technical details of permanent failure:

Google tried to deliver your message, but it was rejected by the server for the recipient domain ofcom.org.uk by cluster3.eu.messagelabs.com. [85.158.139.3].

The error that the other server returned was:

553-Message filtered. Refer to the Troubleshooting page at

553-http://www.symanteccloud.com/troubleshooting for more

553 information. (#5.7.1)

-We have followed all the requirements set out in Symantec's support logs and sent example blocked email headers to their Brightmail email account (5 times now). (https://support.symantec.com/en_US/article.TECH233...) (CLOUDfeedback@feedback-87.brightmail.com), heard no response.

-We have gone onto the IP Removal site http://ipremoval.sms.symantec.com/lookup/ and checked our MAIL IP and it is not listed.

-We believe our domain has been listed thekmgroup.co.uk but we can't find anywhere on the Symantec sites where you can check to see if its been blacklisted.

-We have tried everything to get this block removed which was applied in error I imagine by Symantec, but to no avail.

It's very unlike us to post on forums directly but there is simply no other official channel we can use to get this resolved, is there anyone who can advise us what more we can do, we are losing business because we can't get our communications through to customers and other businesses.

Thanks for any help

↧

Mail rejetée politique 7.7

March 16, 2016, 2:23 am

≫ Next: Email being blocked - 553 Message filtered

≪ Previous: Customers emails being blocked by Clusterlabs help!

I need a solution

Bonjour,

Nous somme une entreprise de commerce automobile nos mails sont bloqués par Symantec depuis que nous avons remplacé notre serveur dédié et recupéré une nouvelle adresse IP alors que si je vais sûr http://ipremoval.sms.symantec.com/lookup/ je ne suis pas blacklisté ainsi que mxtoolbox et d'autre RBL.

Nous ne pouvons plus envoyer de mail car ils sont bloqués par votre support.

(Hôte cluster3.eu.messagelabs.com [85.158.137.83] a refusé de me parler: 501 Connexion rejetée par la politique [7.7] 14006, s'il vous plaît visitez www.messagelabs.com/support pour plus de détails à propos de ce message d'erreur.)

Pouvez-vous débloqué l'adresse IP concernée : 212.129.2.157

Merci par avance,

Cordialement.

↧

Email being blocked - 553 Message filtered

March 18, 2016, 7:09 am

≫ Next: Email from our domains being blocked

≪ Previous: Mail rejetée politique 7.7

I need a solution

Email from our domain (ideasnetwork.co.uk) sent via our Office365 email service to several of our clients is being blocked, with the following error:

server-14.tower-184.messagelabs.com gave this error:

Remote server returned an error -> 553 Message filtered. Refer to the Troubleshooting page at;http://www.symanteccloud.com/troubleshooting for more;information. (#5.7.1)

I have followed the steps on the troubleshooting guide and I have also forwarded an attached message to CLOUDfeedback@feedback-87.brightmail.com but we are still being blocked.

Please can anyone advise how we get the block lifted.

Thanks!

↧

Email from our domains being blocked

March 24, 2016, 1:06 pm

≫ Next: DMARC

≪ Previous: Email being blocked - 553 Message filtered

I need a solution

We have several customers and vendors that use you guys for email, and when we attempt to send email to them, we are getting the following error message:

Failed (comms): Communicating with server 216.82.242.38:25
Failed (comms): Communicating with server 216.82.241.195:25
Failed (comms): Communicating with server 216.82.249.179:25

What do we need to do to fix this?

↧

DMARC

March 30, 2016, 11:29 am

≫ Next: [124:1:2] smtp: Attempted command buffer overflow

≪ Previous: Email from our domains being blocked

I need a solution

I am using the Symantec Email Security Cloud solution for anit-spam and anti-virus. We do have the SPF option enabled and configured however the DMARC feature is not checked (off). I would like to enable the DMARC feature but was curious as to what other configuration is required for the DMARC to work. Do we have to create any DNS records or do anything on the Exchange side of things?

Other soltuions that have the DMARC feature seem to require special DNS configuration. However I can't seem to find anything for the Symantec Email Security Cloud solution. Is it as easy as just putting a check in the box and thats it? Also, after it is enabled, how do i know if its working? Something in the email header to verify?

Thanks in adance.

↧

[124:1:2] smtp: Attempted command buffer overflow

April 4, 2016, 11:40 am

≫ Next: SSL error on login page

≪ Previous: DMARC

I need a solution

Hi,

I have been getting a lot of alerts from Sourcefire recently all of the same type. The originating IPs map to messagelabs servers and the target is our email server. Is anyone aware of what is causing this to trigger so often? Below is more detail, attached is the actual packet associated to the alert:

[124:1:2] smtp: Attempted command buffer overflow [Impact: Potentially Vulnerable] From "192.168.28.12" at Mon Apr 4 17:27:35 2016 UTC [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {tcp} 216.82.250.247:29127 (united states)->xxx.xxx.xxx.xxx:25 (unknown)

Frame 1: 1434 bytes on wire (1434 bytes captured (11472 bits)
WTAP_ENCAP 1
Arrival Time Apr 04, 2016 13:32:24.585398000
Time shift for this packet 0.000000000 seconds
Epoch Time 1459791144.585398000 seconds
Time delta from previous captured frame 0.000000000 seconds
Time delta from previous displayed frame 0.000000000 seconds
Time since reference or first frame 0.000000000 seconds
Frame Number 1
Frame Length 1434 bytes (11472 bits)
Capture Length 1434 bytes (11472 bits)
Frame is marked False
Frame is ignored False
Protocols in frame eth:ip:tcp:smtp
Ethernet II (Src: XX:XX:XX:XX:XX:XX, Dst: XX:XX:XX:XX:XX:XX)
Destination

Address: XX:XX:XX:XX:XX:XX
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Source

Address: XX:XX:XX:XX:XX:XX
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Type IP (0x0800)
Internet Protocol Version 4 (Src: 216.82.243.55, Dst: xxx.xxx.xxx.xxx)
Version 4
Header length 20 bytes
Differentiated Services Field

0100 10.. = Differentiated Services Codepoint: Assured Forwarding 21 (0x12)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length 1420
Identification 0x5a8f (23183)
Flags

0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set

Fragment offset 0
Time to live 53
Protocol TCP (6)
Header checksum

Good: True
Bad: False

Source 216.82.243.55
Destination xxx.xxx.xxx.xxx
Transmission Control Protocol (Src Port: 51758 (51758), Dst Port: 25 (25), Seq: 1, Ack: 1, Len: 1368)
Source port 51758 (51758)
Destination port 25 (25)
Stream index 0
Sequence number 1 (relative sequence number)
Next sequence number 1369 (relative sequence number)
Acknowledgment number 1 (relative ack number)
Header length 32 bytes
Flags

000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set

Window size value 37
Calculated window size 37
Window size scaling factor -1 (unknown)
Checksum

Good Checksum: False
Bad Checksum: False

Options

No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Timestamps: TSval 3663478221, TSecr 70721423
Kind: Timestamp (8)
Length: 10
Timestamp value: 3663478221
Timestamp echo reply: 70721423

Bytes in flight: 1368

Simple Mail Transfer Protocol
Command Line

Command: ^RA\313
Request parameter: \265\357U\370\370\033\212|\v\365

Command Line

Command: =g\017\301
Request parameter: r\347{\240\310\210\032\264\210\320\313\210@\301{\345'\344\366\364#j\031\2300\002;+\344^c&\304\242\265&)\024\346

Command: \324\332\266c
Request parameter [truncated]: \204N\366[\030Q\367\304\v!\271\313\023)0\314\204\361\201;\005\347c\322O|\373\220\370W\026U\307LvO\311\324\213:\331\355\256\257SI$\343\276\032\3425e\234\224m5\375p\362\307V\317\226\260WQ\312\311\004\277\357h\3

Command: \036\247q\330
Request parameter [truncated]: \v\222\2637E\261\367\021j\337\375\215\2373\237\276\315\377\031C\327\307z\256\376Q\235\333\362\363`\257}\2378\310\320\245\f\003\266c\313\307\364\321JQP\354\276\215\335\3655\002R\035\274\016\374(\252\215\365\36

Command Line

Command: y\342\346y
Request parameter: \226\353UW\273\323\336HoH\310b\020\232L;\v\322\v\265\330\2072\220\004\236\362

Command Line

Command: \206c9\210
Request parameter: \333\316\004_\206\017)\334\375\355\376\016{G$\333\177\033\235\330\333\237\330#?C\251\f\027cx\300pnJ\230\272\222#9B\301o\257\263&\034\366R\212\345\314\244\017b-

Command Line

Command: \205N\002r
Request parameter: \f\215\255=\367\236<\332

Command Line

Command: E_Ik

Command: \0331\252\242
Request parameter [truncated]: \262\035\032\234\333\226\037]\363\236\331\217\f]\340Z\037\252k\334\340\201io\276{\236H+\036H\255\303]\206\322\204\211\376\364\l\252\364\311|lOnB\215\a`?\245&\251\362\270\237\225\202g-\233p\215@6\254\t\311\256

Command Line

Command: \333\\304\324
Request parameter: \240\243\345g\370+\262\022\225\031hS]\315\373\322\001\233\243\201#\272\255\225u\377\203p\026eG\306\273\352I\350\234b\3176\226Q\313\252\201\002\2753\017

Command Line

Command: >\200\023\265
Request parameter: *}\342N\231;\365W\253\377\261\210\253\306\217\250\365\\3073e\263,Kj\223\300\323\356?\315j\313\026\226.\310\256\034\326}\207N\244\200\213\216\322\343O

Command Line

Command: \262\356\323\256
Request parameter: \274\001\366\235~S+\275\332\033B\267

Command: 7\020\0218
Request parameter [truncated]: \253\366\245RE\316\250\377\356S\320\200l?Z \317D5\257\363\275L5\250\002\270[\025\367H\\267&\362*\370\2311\324\334\251\355\303`\001\020\360\376\212p\250\320C

smtp buffer overflow.txt

↧

SSL error on login page

April 12, 2016, 5:32 am

≫ Next: Need more information about the ClientNet problem on April 11

≪ Previous: [124:1:2] smtp: Attempted command buffer overflow

I need a solution

When trying to login into "https://identity.symanteccloud.com/" i get "This connections is insecure" msg (SSL error).

Something wrong?

↧

Need more information about the ClientNet problem on April 11

April 12, 2016, 6:02 am

≫ Next: 501 rejected by policy

≪ Previous: SSL error on login page

I need a solution

On April 11 and 12, 2016, we have seen the message at https://clients.messagelabs.com/

ML ClientNet not availalbe...

However, we would appreciate more "background information", to help us understand the situation, and make decisions here.

Thanks.

===================

1460492220

↧

501 rejected by policy

February 9, 2016, 6:40 am

≫ Next: Connection timed out - two days later

≪ Previous: Need more information about the ClientNet problem on April 11

I need a solution

Hi, I am facing an issue, when trying to send email to goshawk.aero domain, emails leave but never arrive with no return message, or reports

My new server whIch has the following IPs, 141.105.65.24, 141.105.65.44 . Domain is DATAMATICSUK.COM

Please advise

Thanks

Chris

↧

Connection timed out - two days later

February 14, 2016, 1:09 am

≫ Next: 501 Connection Rejected by Policy [7.7]

≪ Previous: 501 rejected by policy

I need a solution

Hello!

My companyoperatesservers.

My partnerwould like to send more e-mails to his partners who are under messagelabs domain.

Two days later, come back the error mail from messagelabs: Connection timed out.

My IP: 79.172.241.35

The http://ipremoval.sms.symantec.com/lookup/ answer: The IP address you submitted, 79.172.241.35, does not have a negative reputation and therefore cannot be submitted for investigation.

Please help me!

Thank you!

Anthony Meszaros

↧

501 Connection Rejected by Policy [7.7]

February 17, 2016, 5:06 am

≫ Next: (connect to cluster8.eu.messagelabs.com[85.158.139.19]:25: Connection timed out)

≪ Previous: Connection timed out - two days later

I need a solution

Hello.

We had an email server moved over the weekend to a new setup and some email are being rejected with the "501 Connection Rejected" error.

IPs: 64.191.166.60 & 64.191.166.61

Thank you.

1455733800

↧

(connect to cluster8.eu.messagelabs.com[85.158.139.19]:25: Connection timed out)

February 19, 2016, 12:59 am

≫ Next: blocking messages with no sender address

≪ Previous: 501 Connection Rejected by Policy [7.7]

I need a solution

Hello,

I'm having a Linux Virtual Server with some domains on it and sending Mail's to different reciepients are getting this error message:

(connect to cluster8.eu.messagelabs.com[85.158.139.19]:25: Connection timed out)

(connect to cluster1a.uk.messagelabs.com[85.158.139.103]:25: Connection timed out)

Server's IP: 188.138.122.198

Thank you.

↧

blocking messages with no sender address

February 26, 2016, 8:44 am

≫ Next: Licence Counting

≪ Previous: (connect to cluster8.eu.messagelabs.com[85.158.139.19]:25: Connection timed out)

I need a solution

My question is, why don't the spam filters by default block messages with a blank sender? Just like postal mail that arrives at your house with no return address, it's a sure sign it's junk mail.

↧

Licence Counting

May 3, 2016, 3:03 am

≫ Next: Licence Counting

≪ Previous: blocking messages with no sender address

I need a solution

Hello,

Is it possible to inform me please how the mail security.cloud solution count the users licences.

For Example, if i have 10 users with 1 Email address for each and 5 aliases, the total number of the needed licences is 15 or 10 ?

Thanks in advance for your help.

↧

Licence Counting

May 3, 2016, 3:03 am

≫ Next: Emails being rejected to my clients - 501 Connection

≪ Previous: Licence Counting

I need a solution

Hello,

Is it possible to inform me please how the mail security.cloud solution count the users licences.

For Example, if i have 10 users with 1 Email address for each and 5 aliases, the total number of the needed licences is 15 or 10 ?

Thanks in advance for your help.

↧

Emails being rejected to my clients - 501 Connection

May 9, 2016, 2:05 am

≫ Next: Help with in/outbound routes

≪ Previous: Licence Counting

I need a solution

I have a new dedicated IP that for some reason is on the Symantec blacklist. We're not on any other blacklists.

The error I receive is:

host cluster3.eu.messagelabs.com [194.106.220.51]
SMTP error from remote mail server after initial connection:
501 Connection rejected by policy [7.7] 9203, please visit
www.messagelabs.com/support for more details about this error message.

My IP address is 31.187.71.9

It is causing me severe problems emailing my clients.

↧

Latest Images