Symantec Brightmail Gateway is configured to delete Spam while quarantining suspected Spam. Checking the quarantine; no suspected Spam items are present. This not as expected and a reason why these messages are not making it into quarantine is required.
Possible errors can be found within the Brightmaillog.log. Within the diagnostic file created on the appliance, this log file may show multiple errors including:
ERROR - Quarantine failed to resolve email address (email@domain here) DDS has encountered an error.
com.brightmail.common.BrightmailException: null ; nested exception is:
com.brightmail.service.ldap.impl.DDSClientException: Authentication to LDAP server unsuccessful. Invalid bind credentials. DDS error code: 800206
Oct 09 2011 03:21:06 [Thread-2] ERROR - Cannot obtain the Java LiveUpdate Controller log information.
Oct 09 2011 03:21:06 [Thread-2] ERROR - --- Host Name: 10.x.x.x
Oct 09 2011 03:21:06 [Thread-2] ERROR - --- Agent Port Number: 41002
Oct 09 2011 03:21:06 [Thread-2] ERROR - The response object is null.
Oct 09 2011 03:21:06 [Thread-2] ERROR - com.brightmail.common.BrightmailException: The Agent running on 10.x.x.x is temporarily unreachable. Please check the specified host. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
This issue can have multiple reasons. The solutions and causes are listed below:
1. If you received the erros in the logs stating it is unable to resolve email addresses:
The reason why suspected Spam items are not making it to quarantine is due to Directory Integration source not being configured with the correct password. The Symantec Mail Gateway is unable to resolve the email recipients for the messages destined to the quarantine. The result is quarantine not accepting the messages destined to it.
2. If you received the errors in the logs stating that it is unable connect or the host is unreachable:
Due to the client is inaccessible on port 41002, the process is unable to complete. Tracert/Traceroute tests from the control center to the scanner and vise-versa may show that one host is unable to connect like the other.
Issue 1: Update and confirm the directory source password and make a record of the information set for the Directory Integration source(s) that have been configured.
Issue 2: Verify that your firewall and routers are allowing port traffic on ports 410xx bidirectionally. We use ports 41002 through 41025 for communication with the control center and scanner.