cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2455
Views
0
Helpful
2
Replies

Configuring Listener on IronPort C160

abhishek.1024
Beginner
Beginner

Hi,

     We are currently in the process of configuring IronPort C160 system. The email appliance is going to be set up in the DMZ. We already have a listener for Incoming Mail and has the IP address in the DMZ network. We have also configured SMTP routes fto accept mails for our domains(Receiving domains) and forward it. However, I am not sure do we need a listerner for the outbound mail. Also we have routes for incoming mail that specify the destination host. Do we need to have something for emails going outbound ?

can somebody please help?

2 Replies 2

Christopher Smith
Enthusiast
Enthusiast

Hi,

So I am not sure if I am following all of your throught process here as there are several questions.

As far as do you need an outbound listener?  Multiple listeners (inbound and outbound) are not required but in some cases they make sense. WIth a DMZ configuration it may make sense to do this depending on your network layout. Based on some of the other statements and comments in your post I would think you probably would want a seperate listener for inbound and outbound.

I may need some clarification on your network configuation to give you an accurate answer on the remaining questions.  For outbound you can utilize smtproutes if you want to force traffic to a speicifc host or IP ( bypass DNS).  Typically outbound traffic is routed through the relaylist sendergroup in the HAT from there the appliance simply looks up the recipient domain via DNS to get the MX record for recipient domain.  If you need to relay to another host prior to sending the messages out to the rest of the world then you would probably want to set up an smtproute to point to that host.

It may be easier to not think of the appliance as having inbound or outbound. In reality the appliance does not really know or care about inbound or outbound it simply processes the messages and routes them based on DNS or specified routes through something like smtproutes.

Not sure I fully answered your question  , but hopefully that helped a bit. If you can provide a bit more detail I think I can help clarify things for you.

Christopher C Smith

CSE
Cisco IronPort Customer Support 

viahmed
Cisco Employee
Cisco Employee

Hello Abhishek,

You dont need to have a seperate listerner for outbound. You can use existing listener for outbound traffic. This procedure involves mainly two steps.

A. Adding a new mail flow policy with 'relay' bahviour.

To do this:

  1. Click on Add Policy, under GUI-->Mail Policies-->Mail Flow Policies.
  2. Assign the policy a name (Relayed) and choose 'Relay' from the Connection Behavior drop down.
  3. Click Submit and Commit Changes.

B. Adding a new sender group which uses this mail flow policy.

  1. Go to Mail Policies-->HAT Overview and click on Add Sender Group
  2. After entering a name for the Sender Group (RelayList), choose the Mail Flow Policy you recently added, from the Policy drop down.
  3. Click 'Submit and Add Senders' to add your first relay host as  example exchange server.

At this stage, IronPort will be ready to relay your traffic outbound.

For outbound traffic, you dont need any smtp routes since DNS servers will route all external traffic based on destination domain MX record unless you have any special requirements.

Cheers,

Viquar Ahmed

Customer Support Engineer

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: