Solved: 1listener inboud-outbound

ovidio.catrina · ‎11-19-2012

Hy there

i have an ironport

i want to configure just one interface with only one listener.

I want that this listener to filter oubound and inbound mails.

how can I do it.

Example :

1º create the interface from network-ip interfaces.

2º create listener : network listener (any option that should i enable¿?)

3º create mail policies and wich ones¿? can i create 1 for outbound and 1 for inbound?¿

I tried to do this for the outbound as I allready have the inbound created and functional ok.

Click on Add Policy, under GUI-->Mail Policies-->Mail Flow Policies.
Assign the policy a name (Relayed) and choose 'Relay' from the Connection Behavior drop down.
Click Submit and Commit Changes.

B. Adding a new sender group which uses this mail flow policy.

Go to Mail Policies-->HAT Overview and click on Add Sender Group
After entering a name for the Sender Group (RelayList), choose the Mail Flow Policy you recently added, from the Policy drop down.
Click 'Submit and Add Senders' to add your first relay host as example exchange server.

I ask you to explain it to me like a baby because i did the example above and cut the email of the entire public organism here and i allmoast had my balls cut off

Valter Da Costa · ‎11-19-2012

Hi Ovidio,

First, create the new IP interface.

Second, create a new Public listener.

Third Create a new Mail Flow Policy. I would recommend you to name it as "RELAYED".

Fourth Create a new Sender Group. I would recommend you to name it as "RELAYLIST". Make it as the first sender group in the HAT (Host Access Table). You can use the Order: field when creating the Sender Group.

For the Mail Flow Policy, make sure you review the settigs, like maximum message size, maximum recipients per hours.

I would say you can use a trick here. Configure a new listener, this time a private one and make it to listen to the port 2525.

When you go to : Mail Policies > Mail Flow Policies and choose the new private listener, you will see the RELAYLIST sender group and RELAYED policy. Simply copy the seetings from this RELAYED policy to the RELAYED mail flow policy in the public listener.

Finally, list all authorized hosts (IP address is preferable than host name) in the RELAYLIST sender group of the public listener.

Submit and Commit changes.

Test this by injecting a message from an authorized host to see if the appliance will treat is as outbound mail.

This article from our Knowledge Base has the specifics on how to allow outbound traffic.

Article #1233: How do I relay outbound traffic? Link: http://tools.cisco.com/squish/60817

I hope this helps.

Regards,

Valter

View solution in original post

Valter Da Costa · ‎11-20-2012

Hi Ovidio,

You do not need a new IP interface. What I gave you was a full answer to your question, from the begining. You simply need one IP interface to bind a listener. That listener being a public listener will already list all the default sender groups. Then you create a new mail flow policy and listener, as decribed in that article I sent you and proceed in listing the authorized hosts to relay mail through your appliance.

I hope this helps.

Regards,

Valter

View solution in original post

Valter Da Costa · ‎11-19-2012

Hi Ovidio,

First, create the new IP interface.

Second, create a new Public listener.

Third Create a new Mail Flow Policy. I would recommend you to name it as "RELAYED".

Fourth Create a new Sender Group. I would recommend you to name it as "RELAYLIST". Make it as the first sender group in the HAT (Host Access Table). You can use the Order: field when creating the Sender Group.

For the Mail Flow Policy, make sure you review the settigs, like maximum message size, maximum recipients per hours.

I would say you can use a trick here. Configure a new listener, this time a private one and make it to listen to the port 2525.

When you go to : Mail Policies > Mail Flow Policies and choose the new private listener, you will see the RELAYLIST sender group and RELAYED policy. Simply copy the seetings from this RELAYED policy to the RELAYED mail flow policy in the public listener.

Finally, list all authorized hosts (IP address is preferable than host name) in the RELAYLIST sender group of the public listener.

Submit and Commit changes.

Test this by injecting a message from an authorized host to see if the appliance will treat is as outbound mail.

This article from our Knowledge Base has the specifics on how to allow outbound traffic.

Article #1233: How do I relay outbound traffic? Link: http://tools.cisco.com/squish/60817

I hope this helps.

Regards,

Valter

ovidio.catrina · ‎11-20-2012

Hi Valter

Why do I have to create another IP interface

I allready have an IP interface and an inbound listener configured.

All I want to do it is to create a new mai policy and what else I need to filter outbound traffic.

The conf that i have right now is this :

Ip interface

listener as public

routes for smtp traffic

mail policy->mail flow policy

mail polici-> hat overview

and this is functional for inboudn traffic.

all i want to do is to filter the outbound traffic using the same IP interface and the same listener.

How can i do it¿?

Thank you.

Regards

Valter Da Costa · ‎11-20-2012

Hi Ovidio,

You do not need a new IP interface. What I gave you was a full answer to your question, from the begining. You simply need one IP interface to bind a listener. That listener being a public listener will already list all the default sender groups. Then you create a new mail flow policy and listener, as decribed in that article I sent you and proceed in listing the authorized hosts to relay mail through your appliance.

I hope this helps.

Regards,

Valter

ovidio.catrina · ‎11-20-2012

Ah ok Valter

I will try to do it today and will post if it works.

Thanks again.