JES MS 6.2 and Symantec Brightmail 6.0.1

We are trying to get Brightmail version 6.0.1 working on Solaris 9 with MS 6.2. Brightmail is on the same server as the MTA is running on. It doesn't look like mail is bring processed by Brightmail, when I send test messages through the MTA the counters on the Brightmail web admin stats page do not increment, nor do I see any information in the bmserver_log file...
Here is snippet from the imta.cnf file:
! tcp_local
tcp_local master_debug slave_debug smtp mx single_sys remotehost inner switchchannel identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 destinationspamfilter1optin spam,virus sourcespamfilter1optin spam,virus
tcp-daemon
! tcp_intranet
tcp_intranet master_debug slave_debug smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel saslswitchchannel tcp_auth missingrecipientpolicy 4 destinationspamfilter1optin spam,virus sourcespamfilter1optin spam,virus
tcp_intranet-daemon
Here is the spamfilter stuff from option.dat:
Spamfilter1_config_file=/opt/Symantec/sbas/Scanner/etc/bmiconfig.xml
Spamfilter1_library=/opt/Symantec/sbas/Scanner/lib/libbmiclient.so
Spamfilter1_null_action=data:,addtag "[SPAM]";
Spamfilter1_string_action=data:,addtag "[SPAM]";
Spamfilter1_verdict_virus=data:,discard
One thing is the actual library file in the lib file is named libbmiclient.so.1, though Sun docs say to use libbmiclient.so.
Help is greatly appreciated.

Hi Bill,
I am running BM 6.0.1 on fully patched Solaris 9, with JES 2005Q1 MS 6.2-1 (patch 1). We are able to send email through the MTA now, but the BM scanner is not incrementing as mail passes through the MTA. Here is our current configuration:
imta.cnf:
++++++++++++++++++++++++++++
! tcp_local
tcp_local slave_debug master_debug smtp mx single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 sourcespamfilteroptin spam,virus
tcp-daemon
! tcp_intranet
tcp_intranet slave_debug master_debug smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel saslswitchchannel tcp_auth missingrecipientpolicy 4 sourcespamfilteroptin spam,virus
tcp_intranet-daemon
+++++++++++++++++++++++++++++
option.dat:
++++++++++++++++++++++++++++++
spamfilter_library=/opt/Symantec/sbas/Scanner/lib/libbmiclient.so.1
spamfilter_config_file=/opt/Symantec/sbas/Scanner/etc/bmiconfig.xml
spamfilter_string_action=data:,require ["addheader"];addheader "$U";
++++++++++++++++++++++++++++++++++
we are running the JES MTA as mailwall:bmi user:group too.
Here is the output of CRLE:
++++++++++++++++++++++++++++++++++++
bash-2.05# crle
Configuration file [version 4]: /var/ld/ld.config
Default Library Path (ELF): /lib:/usr/lib:/opt/Symantec/sbas/Scanner/lib
Trusted Directories (ELF): /usr/lib/secure:/opt/SUNWmsgsr/lib
Command line:
crle -c /var/ld/ld.config -l /lib:/usr/lib:/opt/Symantec/sbas/Scanner/lib -s /usr/lib/secure:/opt/SUNWmsgsr/lib
+++++++++++++++++++++++++++++++++++
perms on brightmail lib:
drwxr-xr-x 2 mailwall bmi 1024 Apr 9 18:09 lib
+++++++++++++++++++++++++++++++++++
I tried to use your config, with sourcebrightmailoptin spam,virus as well as the option.dat settings for spamfilter_library..ect...still no go..
Thanks for your help!
Adam

Similar Messages

  • ISE and Symantec SEP 11 Interworkering Question

    Hi guys,
    I have a question about ISE and Symantec SEP 11.
    In my customer envrionment, they want to build a wireless byod work place.  But the endpoints are installed SEP software.
    Do you know the workflow for the SEP, when it check the system is not secrity then put my endpoints to the guest VLAN.
    In my opinion, the endpoints should authenticationed and authorized by ISE first.
    Then, the endpoints should connect to internet successfully.
    Now, if the endpoints using SEP software to check the system status.
    What should the SEP do if the system is not safe?
    Is the SEP return a signal to Switch, let it change the Vlan configuration of the interface to the Guest Vlan ?
    But this action will cause the AP disconnect to the WLC, and makes all the clients which is connect to this AP is disconnect.
    Somebody knows it ?
    Thank you !

    HI Chetan,
    Thanks for your reply.
    I've search the SEP web site and found some work flow. And I combine them to my environment.
    I'm not sure it's right, the flow is:
    1. Client computer connects and send logon through EAP.
    2. The WLC forwards the user name and passwrod to the LAN Enforcer.
    3. The LAN Enforcer forwards the username and password to the ISE server.
    4. The ISE server generates and EAP challenge.
    5. The LAN Enforcer receives the EAP challenge and adds the Host Integrity check.
    6. The LAN Enforcer checks the Host Integrity results and forwards them to the ISE server.
    7. The ISE server performs EAP authentication and sends the result to the LAN Enforcer.
    8. The LAN Enforcer receives the authenticaiton result and forwards it and the action to take to the WLC.
    9. If the client passes the EAP and Host Integrity challenges, the WLC allows network access.
    But when i configure the WLC, the RADIUS server address is the ISE server ip address. That means WLC forwards the username and password to the ISE server directly, and it will not through to the LAN Enforcer.
    So this is very confused me.
    Do you know why?
    Thank you !
    Regards,
    Yuxiang.

  • WAAS and Symantec Vertitas Volume Replicator

    Hi,
    We are forwarding Symantec replication traffic via our WAAS infrastructure over a 20Mb WAN link. The CM appears to register the traffic but does not optimize it at all. Has anyone had any experience with WAAS and Symantec Veritas Volume Replicator (VVR) 4.3?

    I tested with VVR in the lab. VVR default uses UDP and using the nerd knob in the GUI did not force VVR to start using TCP. To get VVR to use TCP, I had to input these commands:
    vrport data 1999-1999
    vrport heartbeat 2000-2000
    or use what ever ports you want to use. The previous answer was asking if you were seeing TCP sessions in the WAE's. This can be seen by telneting to the WAE and issueing a "show tfo connection summary". Can you post the output of that command?

  • Have you fixed the compatibility with HP printers and Symantec yet for the latest Firefox? I am waiting before installing.

    You told me to install the 3.7 version in April. It messed up both my printer and my Norton security. I downgraded successfully. I am waiting to hear that HP printers and Symantec are now compatible. You said this was their responsibility, but it is your responsibility to inform us when you have become compatible with the most common devices, security and other programs. How else would we find out except by bombing our computers by upgrading you?

    It seems like Symantec has.Hope this helps-
    http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20100720113635EN&ln=en_U
    About HP, seeing the thread with similar question would be helpful-
    https://support.mozilla.com/en-US/questions/799388
    https://support.mozilla.com/en-US/questions/804465?s=hp+symantec+firefox+&as=s

  • Malformed mime file and Symantec AV SMTP Gateway

    Hi
    We are running 2 versions of JES at the moment, 2003Q4 and 2004Q2, both fully patched. We have just discovered that any messages with attachments that are directed through our AV ASPAM gateway from these systems are dropped with the following error.
    Scan Status: 56 - Malformed MIME file
    The AV product is Symantec AV for SMTP Gateways 3.1.2.35
    On further examination of the AV logs it appears that e-mail from other institutions also running iMS
    are also being dropped.
    The response from Symantec is as follows
    "This error indicates that the scanned email message did not conform to the Multipurpose Internet Mail Extensions (MIME) standards as set forth in RFC 2045 - RFC 2049. Strict adherence to this standard prevents incoming email with virus payloads encapsulated within malformed MIME headers and form."
    See
    http://service1.symantec.com/support/ent-gate.nsf/docid/2002112109330754?Open&src=w
    I have also discovered that similar problems are being encountered by a user trying to send HTML messages via Sun Java Mail.
    So, has anybody seen this beforeand know of a fix? It is a rather frustrating problem.
    I can provide a copy of the full message text if required.
    Many thanks in advance
    Bernard

    Bernard,
    We are using Symantec AV SMTP Gateway with Messaging Server 6.1 and are not experiencing the problems you mention, though we did see a few such issues with an older rev (we're currently using 4.0.0.59). Some of the fixes Symantec lists with ver 3.1.7 are:
    # Some multipart MIME messages with nonstandard boundary markers incorrectly parsed
    # Some multipart MIME messages with numerous plain text attachments not parsed correctly
    # Some multipart MIME messages containing two terminating boundary markers for the primary (outer) boundary generate a false positive malformed mime error
    You might consider upgrading your AV SMTP Gateway to see if this fixes the problem.
    Regards,
    Brian

  • BSOD on XP with Zenworks and Symantec Endpoint Protection

    After upgrading to Symantec Endpoint Protection (SEP) we are getting Blue Screen after imaging.
    We have SEP included in our image and after pushing the image to another computer, we instantly get a BSOD, when trying to boot up the newly imaged machine:
    *** STOP: 0x00000024 (0x00190203,0x8A4B0DE8,0xC0000102,0x00000000)
    Disable or uninstall any anti-virus, disk defragmentation or backup utilities. Check your hard drive configuration, and check for any updated drivers. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.
    For test purpose I have tried doing the imaging job with Ghost 2003. This works perfectly, so I guess it is the combination of SEP and ZfD that is causing the problem. If I exclude SEP from the image, imaging with ZfD works fine. Imaging with Symantec antivirus ver. 10 also works perfect.
    Anyone out there running ZfD and SEP 11?
    Environtment:
    Windows XP SP3
    ZfD 7.01 sp1 ir1 running on Netware 6.5
    Symantec Enpoint Protection 11.0.3001.2224 (getting the same error with 11.0.2010.25)

    There should an updated patch for ZDM7 available withing a few days. (ZDM7
    SP1 IR3A HP1.)
    I would strongly suggest testing with the updated files when they are
    released.
    The is a much newer Linux Kernal starting with IR3A which could effect your
    problem.
    If you are still seeing an issue, I would suggest opening a ticket with
    Novell.
    Unless somebody here happened to have a copy of SEP, helping here would be
    tough.
    But I have not heard of this issue myself, but anything is possible.
    Craig Wilson - MCNE, MCSE, CCNA
    Novell Support Forums Volunteer Sysop
    Novell does not officially monitor these forums.
    Suggestions/Opinions/Statements made by me are solely my own.
    These thoughts may not be shared by either Novell or any rational human.
    "martinusen" <[email protected]> wrote in message
    news:[email protected]...
    >
    > After upgrading to Symantec Endpoint Protection (SEP) we are getting
    > Blue Screen after imaging.
    >
    > We have SEP included in our image and after pushing the image to
    > another computer, we instantly get a BSOD, when trying to boot up the
    > newly imaged machine:
    >
    > *** STOP: 0x00000024 (0x00190203,0x8A4B0DE8,0xC0000102,0x00000000)
    >
    > Disable or uninstall any anti-virus, disk defragmentation or backup
    > utilities. Check your hard drive configuration, and check for any
    > updated drivers. Run CHKDSK /F to check for hard drive corruption, and
    > then restart your computer.
    >
    > For test purpose I have tried doing the imaging job with Ghost 2003.
    > This works perfectly, so I guess it is the combination of SEP and ZfD
    > that is causing the problem. If I exclude SEP from the image, imaging
    > with ZfD works fine. Imaging with Symantec antivirus ver. 10 also works
    > perfect.
    >
    > Anyone out there running ZfD and SEP 11?
    >
    > Environtment:
    > Windows XP SP3
    > ZfD 7.01 sp1 ir1 running on Netware 6.5
    > Symantec Enpoint Protection 11.0.3001.2224 (getting the same error with
    > 11.0.2010.25)
    >
    >
    > --
    > martinusen
    > ------------------------------------------------------------------------
    > martinusen's Profile: http://forums.novell.com/member.php?userid=26795
    > View this thread: http://forums.novell.com/showthread.php?t=345351
    >

  • XE and Symantec Client Firewall issue

    I noticed that there is an issue when the SYmantec Client Firewall is enabled on a clients machine. I was trying to access XE and the connection was tiiming out. Has anyone else had this issue and how do you rectify the problem.
    Thank you in advanced

    You must set your firewall settings so that allow access to XE.
    The default values for the port numbers are:
    1521: Oracle database listener
    2030: Oracle Services for Microsoft Transaction Server
    8080: HTTP port for the XE graphical user interface (APEX)
    HTH

  • Oracle RAC and Symantec Endpoint Protection

    Hello DBAs
    I am installing Oracle 1gR2 (10.2.0.3.0) two node RAC on Windows 2003 Server.
    The client has installed Symantec Endpoint Protection on the servers. It didnt allow us to install the clusterware successfully.
    But we disabled the whole syamntec service and installation went smooth.
    After that today we enabled SEPP and Clusterware services are not coming up properly...
    Is there any setting in SEPP to be disabled or enabled ........
    Please help...
    The client needs SEPP itself on the server.
    This is a Priority one case...Installer on site....
    Please help...

    Hi Mahesh,
    for: "+After that today we enabled SEPP and Clusterware services are not coming up properly...+" would be good to know why it did not come up... Besides, did you try restarting Clusterware before enabling SEPP? Just to be sure that the restart would work fine at all (without SEPP enabled). Anyways, while I assume the latter, we need some CRSD / CSSD and event manager information why clusterware would not start up.
    Well, let me try a wild guess first (I was lucky lately ;-)): Do you use OCFS? If so, first thing, you may want to try is: exclude all OCFS file systems from SEPP.
    Hope that helps. Thanks,
    Markus

  • WRT320N and Windows 7 64Bit and Symantec Antivirus 64Bit

    I have a Laptop Acer with a Wireless card AGN4965 from Intel, i have upgraded the drivers, and my laptop shows my 320N.I also conected a Worldbook from WD to my 320N and i can also access this worldbook without any problem.
    I have 2 Imac, which can see the WD Worldbook Wireless and the Internet, so surfing with the Mac s i no problem.
    Also i have a EEE Book from Asus, with Windows XP, this one also no problem with surfing on the Internet. 
    But the problem i have is, i can not connect to the internet with my Acer with the windows 7.
    I have a Router Speedtouch 780WL which i used as Modem, because i t is required by my ISP..
    I connected this Router to my 320N just normal on poort 2..
    But i can not turn Windows Firewall of because it is set off by Symantec, because symantec turned on a Firewall....I can not turn this thing off..
    I tried Disable all the options but no result.
    My laptop shows it is connected to the 320N, but not to the Internet...
    NEED HELP, Sorry i do not have pictures
    Thanks
    Harry

    On the computer which does not have internet, open a command prompt window and enter "ipconfig /all". Post the full output.

  • Problens whit Messaging Server and Symantec Scan Engine

    Hi!
    I have installed Symantec Scan Engine 5.0 to check virus in my Messaging Server, but when I try to open the administration interface of Scan Engine installed in port 8004, it appeared the messages:
    �Loading Java Subprogram�
    �Do you want to install the subprogram distributed by Symanted? Yes
    �please wait���.�
    �Subprogram com.symantec.gui.guidelines.ScanEngine Applet started�
    But the apple did not load at all.
    I have installed the right java version.
    bash-2.05# java -version
    java version "1.4.2_09"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_09-b05) Java HotSpot(TM) Client VM (build 1.4.2_09-b05, mixed mode)
    And I open it in Internet Explorer 6.0 sp2.
    bash-2.05# ./imsimta version
    Sun Java(tm) System Messaging Server 6.2 (built Dec 2 2004) libimta.so 6.2 (built 00:34:23, Dec 2 2004) SunOS projes 5.9 Generic_118558-11 sun4u sparc SUNW,Sun-Blade-1500
    I didn�t know what is wrong and why I can not start the administration interface. Can someone help me?
    Thanks in advance.

    What "symantec is supported" means, is that we've tested our product with the scan engine, and it is known to work. It does not mean we have a clue how to support the product itself, only the integration with our product.
    The problem you describe appears to be within the Symantec product itself, not the integration with our product. It's just the integration we would know how to support.
    Also, please do understand:
    1. This forum is not an official Support offering. It's a public forum.
    2. Any answers given here are given by folk that donate their time, with no compensation.
    If you want "technical support", it's something you would have to open a support case for. In this case, what is likely to happen is what happened above. "it's a problem in your Symantec product. Please call them".
    I'm not trying to blow you off, it's just that your Symantec Scan Engine is a "black box" to us. We learned enough about it to integrate it into Messaging Server, but not enough to "support" it as a product, nor should we.

  • JES 2 (2004/Q2 and 118263-14 - Portal 6.3 PC 14)

    Hi all,
    Just wanted to 'ping' the crowd, has anyone else tested JES 2 and the current public release 118263-14 (portal 6.3 and patch cluster 14) ?
    My PC12 (plus patch from 13 to fix a bug regression) is rock solid, but doing some testing with PC14, I find that once 1 single user logs in, and retrieves the authenticated portal desktop, you can refresh the screen (F5) and you'll start to see the 'webservd' threads escalate, and after a short while, it continues past "999" and will soon core dump the webservd process (a single user can cause this within 30 seconds)
    Has anyone else experienced this ?
    I'm not rocking the boat, and only have 115766-01 (Access manager 6.2 PC 1 installed)
    SUN support is on this, but wondering if anyone else has experienced this?
    Thanks
    Dave

    Hey There,
    If you are using 6.0.. stop, pull out! eject ! Do not pass Go. at a minimum java client versions will give you grief. Yep the docs are a tad... errr.. lacking...
    I'd suggest you at a min use 2005/Q1, it seems to be relatively stable, or patch 2004/Q2 to at least PC_9 or PC_10, and you should have a stable platform.
    - We stopped using Netfile (the built-in samba share) due to it's poor performance, and reverted to a GPL version:
    http://www.dragonsdawn.net/~gordon/smb-network/
    - it's awesome with SRA, as it's incrediably fast, only drawback is it doesn't do deletes, whereas netfile gives you this.
    - as far as the original thread, yes waaay back, I saw this error, and it had to do with some of the solaris TCP variables missing on a base install.
    specifically "domainname" (type that at prompt and you should not see a "blank" return. (defaultdomain variable). Check all your other TCP settings as well and ensure everything is fully working,
    Thanks
    dave

  • Managing Windows Phone's and Symantec Code Signing certificate

    Hi,
    We need to renew the code signing certificate from Symantec. However, we only use it to manage the Windows Phone devices and don't publish apps. Do we still need to spend $300 on renewing this cert? Can't I manage them for free like our iOS and Android devices?

    You REQUIRE the Symantec Code Signing Certificate to manage Windows Phones via Windows Intune. This is a requirement of the device rather than the management solution.
    You CAN manage Windows Phones without this cert using only Exchange active sync management in Intune. However this management is very basic and has no advanced features (basically the features provided by Exchange rather than Intune).
    Gerry Hampson | Blog:
    www.gerryhampsoncm.blogspot.ie | LinkedIn:
    Gerry Hampson | Twitter:
    @gerryhampson

  • TMG and Symantec DLP web filter

    Is anyone here using TMG with Symantec's Network Prevent product that utilizes the Network Prevent web filter capture traffic?
    The Symantec web filter will crash randomly and there seems to be no resolution in the future.
    Just reaching out to the community to see if anyone has seen the same and what resolution, if any, exists.

    Hi,
    Based on your description, it is not enough for us to locate the issue.We suggest you provide more detailed information and how do you judge the issue is related to TMG. You also can contact Symantec engineer to assist to locate the issue.
    Best Regards
    Quan Gu

  • Cisco ISE 1.2 and Symantec Endpoint Protection

    Hi Experts,
    Good Day!
    I'm just wondering if ISE 1.2 is able to detect an application/software in a laptop like the Symantec Endpoint Protection before giving the user an access to the network? Is it possible?
    I tried to searched over the internet however, I can't find any documentation about it.
    Thank you for your support.
    Cheers,
    Niks

    hello ,have you checked posturing service of ISE , with ISE posture service enabled you can check Antivirus Installation , Antivirus Version/ Antivirus Definition Date etc . Check the following link for different Posture Assessment Options  available
    http://www.cisco.com/en/US/partner/docs/security/ise/1.2/user_guide/ise_pos_pol.html#wp2276381

  • MARS and Symantec Endpoint Protection (SAV 11.x)

    MARS uses AMS to retrieve/parse messages from older versions of Symantec Antivirus. AMS doesn't exist in the newest version (aka Symantec Endpoint Protection). Is there a way to integrate SEP messages into MARS? If not, does anyone know if Cisco has any plans to support SEP with MARS?

    Hi -
    Supporting Symantec Endpoint Protection is under consideration for a future release.
    Have you written a custom parser for this in the meantime?
    thxs
    peter

Maybe you are looking for