Virus Alerts and SEP 11 MR4

Since upgrading from SEP11 MR2 to MR4, my virus alert email to admins no longer works.
As a side note, SEP11 has never allowed me to include the path and file name in the virus notifications. They did allow that in SAV10 and earlier. This is a big step back.
Before the upgrade, the email was sent as [email protected] I believe my mailserver was helpfully making the servername fully qualified. The mail had no issues.
Since upgrading, the notifications are no longer getting through. According to the Symantec Knowledgebase, they did this on purpose.

As of SEP 11.0 Maintenance Release 3 (MR 3), a “.com” suffix has been addred (sic) to the “From:” address used by SEPM ([email protected]_name.com) which should help reduce rejections by the mail server.


Help reduce rejections? Help reduce rejections! How does sending mail as [email protected]servername.com help? That is guaranteed to be rejected by anyone who verifies the sender is a valid domain name.
I’ve opened a case with support asking for them to fix this.
Symantec does not allow you to configure your own sender address in SEP11. They suggest you lower the security posture of your mail server by accepting email regardless of how invalid the From address is. Validating the envelope from domain is a common, easy antispam technique. I dont want to change it.
Looks like I need to add %Server_Name%.com to my internal DNS as a temporary workaround.
Another “improvement” in MR4.
UPDATE 2/17/09
See the comments, there is a way to do this afterall. I’ve asked Symantec to update the KB I referenced.

3 Comments

  1. Try setting a user name in Server Properties: Mail Server. This works for me for scheduled reports.
    The Help text says: “If you want to configure administrator email notifications, you should use the format [email protected] in this text box. If this text box is left blank, [email protected] name sends the notifications.

Comments are closed.