Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 986 articles
Browse latest View live

Phishing Email - Spoofed From Email Address

0
0
I need a solution

Good day All,

I wanted to reach out regarding efforts to further prevent Phishing Email Messages that are bypassing the following Email Services;

- Anti-Spam, including Sender Policy Framework.

- Anti-Malware.

The scenario is as follows;

- Inbound Email Message, sent from an External Source, destined to Company Internal Email Addresses / Destinations.

- The Inbound Email Message has a Spoofed From Address.

- The Email Message contains an ".HTM" attachment.

- The ".HTM" attachment contents has references to External Web Addresses that are Malicious.

The experince is as follows;

- The Inbound Email Message is successfully received into the Internal Email Address / Destination mailbox.

- The Company Perimeter Web Protection then identifies the Outbound Browser Request, after the ".HTM" file is opened, as being Malicious.

The required Solution;

1. How would you prevent / block Inbound Email Messages that have a Spoofed From Address?

-- SPF is not an option as the Domain being used in the Spoof does not contain a SPF record...

2. Is it not an option to perform a check, comparing the Inbound Email Address "FROM" Address with the "RETURN-PATH" Address?

All comments are welcome and will be appreciated.

Thanks.

0

Phishing Emails - Spoofed FROM Address

0
0
I need a solution

Good day All,

I wanted to reach out regarding efforts to further prevent Phishing Email Messages that are bypassing the following Email Services;

- Anti-Spam, including Sender Policy Framework.

- Anti-Malware.

The scenario is as follows;

- Inbound Email Message, sent from an External Source, destined to Company Internal Email Addresses / Destinations.

- The Inbound Email Message has a Spoofed From Address.

- The Email Message contains an ".HTM" attachment.

- The ".HTM" attachment contents has references to External Web Addresses that are Malicious.

The experince is as follows;

- The Inbound Email Message is successfully received into the Internal Email Address / Destination mailbox.

- The Company Perimeter Web Protection then identifies the Outbound Browser Request, after the ".HTM" file is opened, as being Malicious.

The required Solution;

1. How would you prevent / block Inbound Email Messages that have a Spoofed From Address?

-- SPF is not an option as the Domain being used in the Spoof does not contain a SPF record...

2. Is it not an option to perform a check, comparing the Inbound Email Address "FROM" Address with the "RETURN-PATH" Address?

All comments are welcome and will be appreciated.

Thanks.

0

501 Connection rejected by policy [7.7]

0
0
I need a solution

Hello,

I have a small email system on IP: 78.47.168.142

Some of my users and I have been getting some mails returning with: "501 Connection rejected by policy [7.7]"

The server is not black listed, implements DMARC and DKIM, and on http://ipremoval.sms.symantec.com/lookup/ it reports:

"The IP address you submitted, 78.47.168.142, does not have a negative reputation and therefore cannot be submitted for investigation."

Could you please check why this address is getting blocked?

Thanks,

Ohad

0

501 Connection rejected by policy [7.7]

0
0
I need a solution

Hello,

I have an email system on IP: 188.165.166.129

My users and I have been getting some mails returning with: "501 Connection rejected by policy [7.7]"

The server is not black listed, implements DKIM, and on http://ipremoval.sms.symantec.com/lookup/ it reports:

"The IP address you submitted, 188.165.166.129, does not have a negative reputation and therefore cannot be submitted for investigation."

Could you please check why this address is getting blocked?

Thanks,

0
1479804616

553 Message Filtered False Positive Bounces at seemingly all messagelab servers

0
0
I need a solution

Friends,

It started mid last week and it seems no correspondence is going from tcf.org domain to any client using anti-spam cloud. 

I've sent a number of individual instance reports to Cloudfeedback... starting last Friday afternoon.  I've followed all the http://www.symantec.com/docs/TECH233678 guidelines. We aren't on any Blacklists, SPF and DKIM all check out and we haven't sent any spam.  Its possible there are other issues with footers or something I can't determine. What do I need to do to get off the aparent list?

A colleague at one of the intended recipient's IT department submitted  to CLOUDfeedback.. early Friday 11/18 and has not heard back. I sent my first note to CLOUDfeedback report Friday afternoon but have not heard back.

Thanks so much for your assistance.

0

501 Connection rejected by policy [7.7] 15209

0
0
I need a solution

Hello team, I have several days that a client reports that I can not send emails to certain domains, and when I check the mail queue I see the following error with many of those domains. Please help me.
The ip address of my client is 212.83.144.90

    16370 Wed Nov 23 11:40:35  maria.teran@urbano.com.ec
(delivery temporarily suspended: host cluster5.us.messagelabs.com[216.82.251.36] refused to talk to me: 501 Connection rejected by policy [7.7] 15209, please visit www.messagelabs.com/support for more details about this error message.)
                                         soporte_adminis1@segurosequinoccial.com

0

501 Connection rejected by policy

0
0
No
I need a solution

hello I try send mails from my server but I take this error

(host cluster9.us.messagelabs.com[216.82.242.19] refused to talk to me: 501 Connection rejected by policy [7.7] 19102, please visit www.messagelabs.com/support for more details about this error message.)

When I look in http://ipremoval.sms.symantec.com/lookup/

My Ip is all fine

The IP address you submitted, 212.83.144.90, does not have a negative reputation and therefore cannot be submitted for investigation.

I have DKIM, DMARC etc, but error still continue, but I don' t understand it if my IP have good reputation.

Can yoy help me please?

0
11723571
1480352547

553-Message filtered issues, again

0
0
I need a solution

Hello there.

We are again seeing many of our emails bouncing back with the 553 Message Filtered error. It is adversely affecting the ability of our employees to email their clients.

This was fixed once before, but the problem has resurfaced.

Can an admin please PM me for examples?

Thank you.

0

501 Connection rejected by policy [7.7] 13009

0
0
I need a solution

Our client has been experiencing an issue sending mail to some addresses due to a block:
 501 Connection rejected by policy [7.7] 13009, please visit www.messagelabs.com/support for more details about this error message.

The IP in question is 198.49.76.146 , could you please lift the block on this IP?

0

501 Connection rejected by policy

0
0
I need a solution

Hello,

I have an email system on IP: 104.243.65.51

My users and I have been getting some mails returning with: "501 Connection rejected by policy"

The server is not black listed, implements DKIM, SPF, DMARC and on http://ipremoval.sms.symantec.com/lookup/ it reports: The IP address you submitted, 104.243.65.51, does not have a negative reputation and therefore cannot be submitted for investigation.

Could you please check why this address is getting blocked?

Thanks Michel

0
1480681206

501 Connection rejected by policy [7.7]

0
0
I need a solution

Hello,

I have an email system on IP: 188.165.166.131

My users and I have been getting some mails returning with: "501 Connection rejected by policy [7.7]"

The server is not black listed, implements DKIM, and on http://ipremoval.sms.symantec.com/lookup/ it reports:

"The IP address you submitted, 188.165.166.131, does not have a negative reputation and therefore cannot be submitted for investigation."

Could you please check why this address is getting blocked?

Thanks,

0

Mail delivery failed: returning message to sender

0
0
I need a solution

Hello , 

How may I solve the following problem (bounce message) when sending an email: 

   " host cluster4.us.messagelabs.com [216.82.242.33]

    SMTP error from remote mail server after initial connection:

    501 Connection rejected by policy [7.7] 5504, please visit

www.messagelabs.com/support for more details about this error message."

Right now I have 4 customers with this issue. 

It is possible for you  to reset the reputation for IPs 198.38.82.140 and 198.38.82.168.

0

501 Connection Rejected by Policy [7.7]

0
0
I need a solution

Hello,

Our emails sent to our clients are getting filtered with delivery error "501 Connection rejected by policy [7.7] 19306".

We don't have bad reputation :

The IP address you submitted, 5.135.121.130, does not have a negative reputation and therefore cannot be submitted for investigation.

Could you help me to check problem why our emails are blocked ? 

Best Regard

Fernando Carrión

0
1481124340

501 Connection rejected by policy [7.7] 19605

0
0
I need a solution

Hello. 

Our company experience problems with sending mail to diffrerent receiptents wotj Symantec Spam Protection System.

Previously we used dynamic IP address, now I switched it to static and our permanent address is: 95.84.162.5

Coudl you please kindly add it to white list and remove from blocked list?

Our company works and use this address more than 20 years and after changing ISP now it is impossible to work with part of our customers.

-----Original Message-----

From: Mail Delivery Subsystem [mailto:MAILER-DAEMON] 

Sent: Wednesday, December 7, 2016 7:25 AM

To: isoflex@mail.transit.ru

Subject: Warning: could not send message for past 4 hours



    **********************************************

    ** THIS IS A WARNING MESSAGE ONLY **

    ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **

    **********************************************



The original message was received at Wed, 7 Dec 2016 03:11:08 +0300 (MSK)

from broadband-95-84-162-5.nationalcablenetworks.ru [95.84.162.5]



   ----- Transcript of session follows ----- ... while talking to

cluster2.eu.messagelabs.com.:

<<< 501 Connection rejected by policy [7.7] 4908, please visit

www.messagelabs.com/support for more details about this error message.

... while talking to cluster2a.eu.messagelabs.com.:

>>> DATA

<<< 421 Service Temporarily Unavailable

<luke.antwis@surrey.ac.uk>... Deferred: 421 Service Temporarily Unavailable

Warning: message still undelivered after 4 hours Will keep trying until

message is 2 days old

Thank you in advance!

0

symantec.cloud SPF record missing some IPs

0
0
I need a solution

According to my DMARC reports from various email providers (Yahoo, Google etc.), the following IP address is sending email from my domain but is missing from the Symantec.cloud SPF record:

195.245.231.131

According to the RIPE entry for the IP address, it's part of a block owned by Symantec:

https://apps.db.ripe.net/search/query.html?searcht...

Please can Symantec update their SPF record (spf.messagelabs.com) to include the range?



 

0

Connection rejected by policy [7.7] 4309

0
0
I need a solution

We just installed a new hosted mail server and our webhosting company gave us the IP address 199.96.158.243

Several of our customers are not able to receive mail from us now. Here is an example error:

SMTP error from remote mail server after initial connection: 501 Connection rejected by policy [7.7] 4309, please visit www.messagelabs.com/support for more details about this error message.

​We are not on any blacklists: http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a199.96.158.243&run=toolpage#

0

501 Connection rejected by policy [7.7] 5512

0
0
I need a solution

Dear Symatec,
My customer use my hosting email service in VPS 107.173.88.135, and then they inform me, that they can not send email to their partner. 
They receive message below

-----------
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  steven.thor@aedas.com
    host cluster4.us.messagelabs.com [216.82.242.33]
    SMTP error from remote mail server after initial connection:
    501 Connection rejected by policy [7.7] 5512, please visit www.messagelabs.com/support for more details about this error message.

Action: failed
Final-Recipient: rfc822;steven.thor@aedas.com
Status: 5.0.0
Remote-MTA: dns; cluster4.us.messagelabs.com
Diagnostic-Code: smtp; 501 Connection rejected by policy [7.7] 5512, please visit www.messagelabs.com/support for more details about this error message.
----------------

In this VPS, has only 2 customers and me. 
- 2 customers use email hosting
- I use 2 WHMCS to manage customers, sometimes WHMCS send email to welcome customers, confirm their orders and notice customers when their services expire.
- We don't send spam email.
Please help me to solve this issue, for my customers can send email

Thank you very much

0

501 Connection rejected by policy [7.7]

0
0
I need a solution

Greetings!

Recently, we have transferred all our hosting servers to a new hosting server.

Some email are being rejected with the "501 Connection Rejected" error.

IP: 198.136.59.226

Thank you.198.136.59.226

0

501 Connection rejected by policy [7.7]

0
0
I need a solution

I own a mail/web server with IP 85.17.254.35 for several years already. Zero spam mails have been sent by this server, and as a consequence it is not on any blocklist. According to your Symantac IP Investigation Query "The IP address you submitted, 85.17.254.35, does not have a negative reputation"

Yet to some customers and business relations I can't send mails, the error I get is:

501 Connection rejected by policy [7.7] 14513, please visit www.messagelabs.com/support for more details about this error message.

I believe this has been an issue ever since I have this server. I assumed the problem would vanish automatically, but it doesn't. Can you please have a look? By the way the URL you are referring to (www.messagelabs.com/support) does not exist.

Thank you.

0
1482253758

501 Connection rejected by policy [7.7]

0
0
I need a solution

Hi, our emails sent to one of our partners are getting filtered with the following error: 

SMTP error from remote mail server after initial connection: 501 Connection rejected by policy [7.7] 5515, please visit www.messagelabs.com/support for more details about this error message.

We have checked our mailserver to ensure is properly configured and not blacklisted in any known RBL. Even on "ipremoval.sms.symantec.com" shows "The IP address you submitted, "107.173.254.131", does not have a negative reputation"

Please check your system and authorize our IP address 107.173.254.131, or let us know what actually triggerred the block.

Thanks in advance.

0
1482335623
Viewing all 986 articles
Browse latest View live




Latest Images