Showing results for 
Search instead for 
Did you mean: 

C370 Cisco ironport applicance | hold incoming emails 48hrs



we are moving from a 3rd party hosted exchange to Office 365. currently we have a C370 that all incoming emails go to, then it is sent to the 3rd party email system. we still want to use our C370 applicance when we move to Office 365.

When we will be switching from 3rd paty email to Office 365 there will be a 24hr to 48hr period of quasi downtime.

anyway. can the C370 be configured to hold all incoming emails and not try to deliver them or send any NDR's for the 48hr period.

then when Office 365 is fully ready we can point the ironport box to Office 365. then send all the emails ironport is holding to Office 365.

what is the best way to do this.



4 Replies 4

Ken Stieers
VIP Advisor VIP Advisor
VIP Advisor

I think you can do this by suspending delivery...  Depending on what else you need to change (LDAP look up?) you may want to pause the work queue as well...

Taken from the help file on the box:

Suspending Email Delivery
To temporarily suspend email delivery for maintenance or troubleshooting, use the suspenddel command. The suspenddel command puts Cisco IronPort AsyncOS into suspended delivery state. This state is characterized by the following:
•  Outbound email delivery is halted.

•  Inbound email connections are accepted.

•  Log transfers continue.

•  The CLI remains accessible.

The suspenddel command lets open outbound connections close, and it stops any new connections from opening. The suspenddel command commences immediately, and allows any established connections to successfully close. Use the resumedel command to return to regular operations from the suspended delivery state.
Note  The “delivery suspend” state is preserved across system reboots. If you use the suspenddel command and then reboot the appliance, you must resume delivery after the reboot using the resumedel command. 

Example> suspenddel
Enter the number of seconds to wait before abruptly closing connections.
Waiting for outgoing deliveries to finish...
Mail delivery suspended.

Resuming Email Delivery
The resumedel command returns Cisco IronPort AsyncOS to normal operating state after using the suspenddel command.
resumedel> resumedel
Mail delivery resumed.

that is a great suggestion and seems to accomplish what is needed. we will suggest to turn off ldap.

I will reply once the decision has been made to use this method.



I am looking to do something similar, but only want to hold incoming emails for one of many email domains being processed by our IronPort.  We are moving one of our email domains to an external Exchange server, and will want to pause delivery of emails for a couple hours, then change the SMTP route for that domain and release any messages that are queued.  Is this possible?

Please find the following to try and assist --- If the mail server is down, how long will the Email Security Appliance queue the mail? Link:

By default, mail is queued for 72 hours (259200 seconds) OR 100 retry attempts before it bounces to the original sender. 

This setting is configurable from the command line (CLI): type "bounceconfig" and edit the "default" settings.  Also, you can modify this from the GUI interface by going to "Network > Bounce Profiles" and click on the Default profile.

Also, the queue could fill up if there is too much mail. However, if the system reaches its storage limit, it will soft bounce further attempts by other mail servers to deliver more messages. This ensures that no messages will get lost, as these mail servers will reattempt message delivery as well until the ESA accepts messages again.

Note: If you plan to shut down your internal mail server for maintenance for a longer period (more than a couple hours), best practice is to suspend the incoming listeners on your Email Security Appliances as well (CLI: suspendlisteners). As mentioned before, in this case any connection attempts will be soft bounced, and retried later. This way, you leave the task of storing the messages to the sending mail server, which will prevent the mail queue on your email appliances filling up quickly. No messages will be lost however, once you got your internal mail server back into service, also resume the listeners on your Email Security Appliances (CLI: resume), to allow delivery from remote hosts again.

Recipients and hosts that are scheduled for later delivery can be immediately retried by using the delivernow command. The 'delivernow' command allows you to reschedule email in the queue for immediate delivery. All domains that are marked down and any scheduled or soft bounced messages are queued for immediate delivery.

The 'delivernow' command can be invoked for all recipients or specific recipients in the queue (scheduled and active). When selecting specific recipients, you must enter the domain name of the recipients to schedule for immediate delivery. The system matches the entire string for character and length.

I hope this helps!



(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers