Endpoint Protection Small Business Edition

Here's my documented attempt to have Symantec send me email notifications upon all sorts of alerts.

From this link :

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008031219333348

Im running Exchange 2003 SP2 server for mail on port 25

I configured the email server and have tried the folowing variations:


Server Address: mail.domain.com
Port number" 25
User Name: symantec@domain.com
Password: password



Server Address: 10.0.1.100
Port number: 25
User Name: symantec@domain.com
Password: password



Server Address: External Ip Address
Port number: 25
User Name: symantec@domain.com
Password: password


Server Address: server
Port number: 25
User Name: symantec@domain.com
Password: password


Server Address: server.arc.local
Port number: 25
User Name: symantec@domain.com
Password: password


Server Address: mail.domain.com
Port number: 25
User Name: symantec
Password: password


The notifications are set for every type of risk there is such as New Risk detected, Virus definition out of date etc.

Im using EICAR (http://www.eicar.org/anti_virus_test_file.htm) to test the notifications

I have also followed the http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040309460648

and it seems that while Delete EICAR events is unchecked and the damper is set to 20 minutes on every type of risk, Im not getting the EICAR events to appear under Monitors>Logs>Risk Logs

At this point im not sure whether its a matter of bad mail server configuration or EICAR not even reporting to SEPM console.

I do however see bunch of

March 17, 2010 5:19:08 PM CDT:  Email sending failed  [Site: Site server2]  [Server: server2]

notifications under Admin > Servers log at the bottom

I will appreciate any help, advice or pointers in the right direction

Hi Drudnev,

My notification are working fine with just the mail server's IP address and port specified: try leaving the user name and password blank.

(I'm also using that SP of Exchange 2003, with SEP 11 RU5 running on a 64-bit server....)

This forum thread may contain some extra tips:  No longer receiving e-mail alerts from SEP R11.5 Server

Please let the forum know of your progress!

Thanks and best regards,

Mick

Hi Drudnev,

My notification are working fine with just the mail server's IP address and port specified: try leaving the user name and password blank.

(I'm also using that SP of Exchange 2003, with SEP 11 RU5 running on a 64-bit server....)

This forum thread may contain some extra tips:  No longer receiving e-mail alerts from SEP R11.5 Server

Please let the forum know of your progress!

Thanks and best regards,

Mick

Ive tried removing the user name and password  with following combinations for server name:

10.0.1.100 (internal ip)
servername
server.domain.local
external ip

no luck.

Drudnev -

First you should not have any username and password. You only utilize username and password if your mail server  is setup for authentication for sending and receiving mail.

If the Exchange server is on the same machine as the SEP SBE 12.0 management server then try localhost.

THe other thing you can try is telnet 'mail server  host name ' 25 from the SEP management server. If you are able to establish a connection, try sending an email through the command line using the SMTP commands. See http://www.garnetchaney.com/how_to_telnet_to_a_mail_server.shtml (SMTP - to send mail).

If you are able to sccessfully send mail, then your SEP management server should also be able to send mail.

Last option, just leave the "Server, Username, and Password" filed blank. The way SEP SBE was designed is if it cannot connect to the mail server, it becomes a mail server and tries to send email directly by looking up the MX record of the recepients domain.

Hope that helps, let us know how it goes.

best regards,

Nimesh.