Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 69482 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console Email Alerting not working

ryankurowski

I have enabled email alerting in my Anti-Virus and HIPS Policy but when a virus has been detected on a client I am not getting a email notification. The funny thing is I will get an email about scanning errors from the server that Sophos is installed on but that is it. Please if anyone has any insight into why I am not receiving emails then please reply to my post.

Ryan

:5642


This thread was automatically locked due to age.
  • 0

    Hello Ryan,

    details would help, at least please always state the SAV version and the client OS - otherwise it's just guesswork.

    If I understand correctly you are notified by the server of scanning errors on the server, correct? And you don't get anything from any client but server and clients use the same policy? The alert is sent from the client, thus it has to be able to connect to port 25 of the SMTP server and the server must allow unauthenticated senders.

    Assuming your configuration is correct Wireshark can tell you whether the client connects to the server and what's traveling over the line.  

    Christian

    :5649
  • 0

    Sorry, we currently upgraded everyone to the 9.5 client and all users are on Windows 7. The clients are able to connect to port 25 and the server is configured to all unauthenticated senders. I will use wireshark to see what is going on and once I find out I will post back. Thanks for your response.

    Ryan

    :5663
  • 0

    Hello everyone,

    I am facing exactly the same problem.

    Email alerts about scanning errors works great.

    Email alerts that are configured from Anti-Virus and HIPS Policy never reach our exchange server.

    Most of workstations have winxp sp2 and they are all able to connect to port 25 of the SMTP server .

    Can you please advice me? I spend many hours to find a solution to this problem but still nothing.

    Regards,

    Spilios

    :13901
  • 0

    Hello Spilios ,

    maybe taking a few days off has adversely affected my understanding - Email alerts about scanning errors works great. Email alerts that are configured from Anti-Virus and HIPS Policy never reach ... Now IIRC all those are "configured" (i.e. enabled) using the AV policy's Email alerting tab. Won't say that it is impossible that it works for errors but not detections - but I'd be surprised. Do you have examples?

    Christian

    :13905
  • 0

    Hi Christian and sorry if I wasn’’’’t so clear.

    The first one that works is configured from Tools->Configure Email Alerts

    The second (that doesn’’’’t work) is through Anti-Virus and HIPS policy-> Messaging -> Email Alerting

    Both point at the same smtp server and have the same sender  address.

    :13909
  • 0

    No problem, Spilios .

    Now it's not too hard to give Wireshark a try. Before installing it you could perform the basic check on a client using the Sophos GUI. Configure anti-virus and HIPS -> Alerting/Messaging -> tab Email alerting, button Configure SMTP ... and button Test  - but it only connects to the server, waits for the greeting and then QUITs (BTW: The 'sender' address is only used for the envelope (the SMTP MAIL FROM) but not the mail header). If the test is ok install and run Wireshark (use port 25 as capture filter) and trigger an event (use the EICAR testfile or savtst32.exe from the \sec_4x\tools folder). Wireshark should capture the attempt to send the mail.

    Christian

    :13911
  • 0

    I am getting the same problem and its driving me mad. I have put a packet sniffer on one of my clients and invoked a virus alert, but am getting no SMTP traffic. I have tried every different setting I can think of but am getting no email alerts. I am still getting alerts generated by the console (like number of alerting computers) but nothing generated by clients. I am able to use smtp server from telnet using anonymous connection but looking at my packet sniff I don't think that the smtp server is the problem anyway.

    :18421
  • 0

    Hello Matt55,

    did you try configuring Email alerting/SMTP on the client? Pressing the Test button should show some packages.Won't rule it out but I don't think that email messaging is broken on all clients - BTW which Sophos version? 

    Christian

    :18423
  • 0

    Hi Christian

    I have just tried configuring email alerting from the client. It was already configured from the Enterprise Console policy but I ran the test SMTP whilst at the client. When I did this I could see lots of packets over port 25. However when again introduced a virus to the client (Eicar) there was no traffic whatsoever over port 25. This virus was registered on the console which sent me an email alert for number of machines with virus/spyware but no email from the client giving specific details.

    We administer the network using Enterprise Console 4.5.1.0 and the clients currently have Endpoint Security and Control v9.5. We don't configure firewalls, NAC, App Control, Data Control or Tamper Protection on the clients which are all XP SP3. We do not obtain our updates direct from Sophos, but via SBL/DOBUS.

    Thanks

    :18719
  • 0

    Hello Matt,

    excuse me for asking a seemingly dumb question: Are the correct "Messages to send" boxes ticked and has a recipient been specified (neither the console nor the GUI complain if you don't)?

    Christian

    :18721