cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1460
Views
9
Helpful
3
Replies

2 x Ironport C170s(In cluster) - rejecting connections on port 25

johnelliot6
Explorer
Explorer

Hi,

 

Earlier this morning, both our C170's stopped accepting incoming connections on 25...Incoming mail has a public listener (port 25), interface is correct (data 2 / External)...any suggestions/ideas what could have caused both to stop accepting connections at the same time?

 

Thanks

3 Replies 3

Mathew Huynh
Cisco Employee
Cisco Employee

Hello John


I would suggest looking at these commands:

 

To ensure the system was not playing up on the port as well:

---

Netstat

---

Looked at active connection and see if your Port 25 is listening or not, if not.

 

Try a

---

Resume

---

 

 

If no resolution, go to check the listeners

---

Listenerconfig

---

 

Ensure your listener is configured and available

Make sure your listener is also connected to an IP interface that also exists

If required, edit the settings and check the IP interface linked to the listener.

 

 

If all of this is fine.

Please attempt a telnet on port 25 to itself

 

CLI > telnet <IP interface> 25

 

And let us know the result if there is any errors or not.

Hi - Thanks for the reply....this is now resolved...the above steps were performed yesterday, and nothing was running on port 25 on both....listernerconfig revealed why: no listerners configured?

 

Cause - "Someone" had changed the clusterlevel config...cluster was configured with listerns, but someone had changed both C170's to manually override the cluster with machine level config....checking the logs (gui_log and cli_log), I can see "someone"(We only have 3 staff who login to these devices, but all with "admin" and all from the same nat IP), had edited the listeners 3 days ago, a commit was applied 2 days ago, and another commit was done yesterday morning...so it really doesn't add up..If the listeners were changed 3 days ago, and commit done 2 days ago, why didn't both boxes stop listening on port 25, 2 days ago....Is the logging on these devices not reliable, or doesn't log "everything".....It's now resolved (forced both 170's to use the cluster settings for listeners)...but Im still very interested in how to accurately audit when it was changed, and by who....as it's not something that is "easily/accidentally" done...

 

 

 

 

Hello John,

 

I believe I was the engineer who handled that TAC case who corrected the issue for you when the case was raised up.

 

With regards to those auditing.

The GUI and CLI logs will display who has logged in and what commands were used or page was reviewed.


While i explained to Shaun and Michael on the information this log has, we do not have a direct way to audit every change that was issued (atleast from my knowledge).

 

I apologise if there isn't an exact auditing log available to provide this information that you're seeking with what and who made that change.

 

At most you can narrow down who was logged into the device at the time the mails ceased to work by grepping the time-stamp against the gui_logs and cli_logs


Also to keep in mind to review both devices as their logs will yield different information.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: