Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4600
Views
5
Helpful
1
Replies

Email between two domains not successfully exchaning

Muhammad Farhan Bhatti
Level 1
Level 1

‎02-21-2014 12:32 PM

Hi,

I need your help regarding ESA. I have deployed  ESA in my LAN. I have installed two MDaeom Email software in different  machines and DNS. After installation, i have tried emails between two  different domains within LAN and its working fine. After that I redirect  email and MX records in DNS for ESA Ironport. I have configured the ESA  according to Cisco SBA Guide. 

After installation, i am trying to send an email but email is not exchanging betwen these two domain.Logs are mentioned below,

Message Details

Envelope and Header Summary

Received Time: 16 Feb 2014 16:36:02 (GMT +01:00)

MID: 1210973, 1210975

Message Size: 3.46 (KB)

Subject: going valentine

Envelope Sender: user1@yamamah.ly

Envelope Recipients: farhan@ironport.ly

Message ID Header: <004f01cf2b2c$c8601850$592048f0$@ly>

SMTP Auth User ID: N/A

Attachments N/A

Sending Host Summary

Reverse DNS Hostname: exh.yamamah.ly (verified)

IP Address: 192.168.1.202

SBRS Score: rfc1918

Processing Details

MAIL POLICY "DEFAULT" MATCHED THESE RECIPIENTS: farhan@ironport.ly

16  Feb 2014 16:36:02 (GMT +01:00) Protocol SMTP interface Data1 (IP  192.168.1.25) on incoming connection (ICID 213) from sender IP  192.168.1.202.

Reverse DNS host exh.yamamah.ly verified yes.

16 Feb 2014 16:36:02 (GMT +01:00) (ICID 213) RELAY sender group RELAYLIST match 192.168.1.202 SBRS rfc1918

16 Feb 2014 16:36:02 (GMT +01:00) Start message 1210973 on incoming connection (ICID 213).

16 Feb 2014 16:36:02 (GMT +01:00) Message 1210973 enqueued on incoming connection (ICID 213) from user1@yamamah.ly.

16 Feb 2014 16:36:02 (GMT +01:00) Message 1210973 on incoming connection (ICID 213) added recipient (farhan@ironport.ly).

16 Feb 2014 16:36:02 (GMT +01:00) Message 1210973 contains message ID header '<004f01cf2b2c$c8601850$592048f0$@ly>'.

16 Feb 2014 16:36:02 (GMT +01:00) Message 1210973 original subject on injection: going valentine

16 Feb 2014 16:36:02 (GMT +01:00) Message 1210973 (3538 bytes) from user1@yamamah.ly ready.

16 Feb 2014 16:36:02 (GMT +01:00) Message 1210973 matched per-recipient policy DEFAULT for outbound mail policies.

16 Feb 2014 16:36:24 (GMT +01:00) Message 1210973 queued for delivery.

16  Feb 2014 16:36:24 (GMT +01:00) (DCID 0) Message 1210973 to  farhan@ironport.ly bounced by destination server. Reason: 5.1.2 - Bad  destination host

('000', ['DNS Hard Error looking up ironport.ly (A): domain has no A record'])

16 Feb 2014 16:36:24 (GMT +01:00) Start message 1210975 on incoming connection (ICID 0).

16 Feb 2014 16:36:24 (GMT +01:00) A new message 1210975 was generated to handle bounce of message 1210973.

16 Feb 2014 16:36:24 (GMT +01:00) Message 1210975 enqueued on incoming connection (ICID 0) from .

16 Feb 2014 16:36:24 (GMT +01:00) Message 1210975 on incoming connection (ICID 0) added recipient (user1@yamamah.ly).

16 Feb 2014 16:36:24 (GMT +01:00) Message 1210975 (4633 bytes) from ready.

16 Feb 2014 16:36:24 (GMT +01:00) Message 1210975 queued for delivery.

16  Feb 2014 16:36:24 (GMT +01:00) SMTP delivery connection (DCID 255)  opened from Cisco IronPort interface 192.168.1.25 to IP address  192.168.1.25 on

port 25.

16 Feb 2014 16:36:24 (GMT +01:00) (DCID 255) Delivery started for message 1210975 to user1@yamamah.ly.

16  Feb 2014 16:36:24 (GMT +01:00) (DCID 255) Message 1210975 to  user1@yamamah.ly bounced by destination server. Reason: 5.1.0 - Unknown  address

error ('550', ['#5.1.0 Rejected by bounce verification.'])

16  Feb 2014 16:36:24 (GMT +01:00) Double bounce: Message 1210975 to  user1@yamamah.ly. Reason: 5.1.0 - Unknown address error 550-'#5.1.0  Rejected

by bounce verification.'

Double bounce: Message 1210975 to user1@yamamah.ly. Reason: 5.1.0 - Unknown address error 550-'#5.1.0 Rejected

by bounce verification.'

=====================================

Received Time: 19 Feb 2014 11:53:30 (GMT +01:00)

MID: 1213213

Message Size: 10.69 (KB)

Subject: new send

Envelope Sender: farhan@ironport.ly

Envelope Recipients: user1@yamamah.ly

Message ID Header: <002201cf2d60$78fa1780$6aee4680$@ly>

SMTP Auth User ID: N/A

Attachments N/A

Sending Host Summary

Reverse DNS Hostname: (unverified)

IP Address: 192.168.1.25

SBRS Score: rfc1918

Processing Details

MAIL POLICY "DEFAULT" MATCHED THESE RECIPIENTS: user1@yamamah.ly

19 Feb 2014 11:52:46 (GMT +01:00) SMTP delivery connection (DCID 680) opened from Cisco IronPort interface 192.168.1.25 to IP address 192.168.1.25 on

port 25.

19 Feb 2014 11:53:06 (GMT +01:00) Protocol SMTP interface Data1 (IP 192.168.1.25) on incoming connection (ICID 582) from sender IP 192.168.1.25.

Reverse DNS host None verified no.

19 Feb 2014 11:53:06 (GMT +01:00) (ICID 582) ACCEPT sender group UNKNOWNLIST match sbrs[none] SBRS rfc1918

19 Feb 2014 11:53:30 (GMT +01:00) Start message 1213213 on incoming connection (ICID 582).

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 enqueued on incoming connection (ICID 582) from farhan@ironport.ly.

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 on incoming connection (ICID 582) added recipient (user1@yamamah.ly).

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 contains message ID header '<002201cf2d60$78fa1780$6aee4680$@ly>'.

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 original subject on injection: new send

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 (10942 bytes) from farhan@ironport.ly ready.

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 matched per-recipient policy DEFAULT for inbound mail policies.

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 scanned by Anti-Spam engine: CASE. Interim verdict: Negative

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 scanned by Anti-Spam engine: CASE. Final verdict: Negative

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 scanned by Anti-Virus engine. Final verdict: Negative

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 scanned by Outbreak Filters. Verdict: Negative

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 queued for delivery.

19 Feb 2014 11:53:30 (GMT +01:00) (DCID 680) Delivery started for message 1213213 to user1@yamamah.ly.

19 Feb 2014 11:53:30 (GMT +01:00) Incoming connection (ICID 582) failed to receive mail. Number of messages received per connection exceeds limit.

19 Feb 2014 11:53:30 (GMT +01:00) (DCID 680) Message 1213213 to user1@yamamah.ly delayed. Reason: 4.3.2 - Not accepting messages at this time

('421', ['#4.x.2 Too many messages for this session']) []

19 Feb 2014 11:53:30 (GMT +01:00) Message 1213213 to user1@yamamah.ly pending until Wed Feb 19 11:54:30 2014 as per bounce profile Default.

Labels:
Preview file
122 KB
Preview file
122 KB
Preview file
123 KB
Preview file
123 KB
0 Helpful
1 Reply 1

Enrico Werner
Cisco Employee
Cisco Employee

‎02-26-2014 03:58 AM

Hi,

MID 1210973 is handled as outbound message because the connection from .202 hit the RELAYLIST sendergroup with RELAY action. This is because .202 is most likely added as sending IP address in the RELAYLIST sendergroup (Mail Policies > HAT Overview). The message to ironport.ly could not be delivered because there was no SMTP Route configured under Network > SMTP Route. When there is no SMTP route AsyncOS will use DNS instead and ironport.ly has no MX record and no A record either as you can see in the mail log. Therefore it was bounced. So to solve this issue you need to add appropriate SMTP Routes so that messages can be delivered to the next mail server if they are incoming. For outbound messages you usually do not need to add SMTP Routes as AsyncOS will lookup the MX records in DNS. You can try sending a test message to your email account e.g. on gmail.com using the same IP .202 as sending address. This should go through if the appliance has connectivity to the Internet. You can check the status on the CLI using the command hoststatus. The command tophosts is also very useful.

MID 1213213 is handled as inbound message because the connection from .25 hit the UNKNOWNLIST sendergroup with ACCEPT action. The appliance then was trying to deliver the message via DCID 680 to 192.168.1.25 which is the appliance itself. I assume that domain yamamah.ly has been added as SMTP route with destination 192.168.1.25 which would create a loop. This would then explain why you see „failed to receive mail. Number of messages received per connection exceeds limit“ which is a limit in the mail flow policy for that UNKNOWNLIST sendergroup. In order to solve that you need to correct the destination host in the SMTP Routes to point it to a mail server that is hosting domain yamamah.ly.

I hope this helps.

Best regards,

Enrico

Customers Also Viewed These Support Documents