cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1395
Views
0
Helpful
7
Replies
Highlighted
Beginner

ESAv sending email via command works but not from mail client

Hello,

 

I'm deploying ESAv as a demo on a local network, I've configured an Email server too and it works fine (sends email).

But the issue is that the ESA seems to not see these emails, when I use the command line (using helo and mailto commands) to send an email it works but not via a client mail or webmail.

 

Any idea what's the problem ?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

It works now! 

My issue was the email server didn't point to the ESA, I added it as a smarthost in the email server and it worked.

Thanks! 

View solution in original post

7 REPLIES 7
Highlighted
Cisco Employee

You are not seeing the mail hit the ESA at all in the mail_logs?  Connection trying to be established, etc.?

 

Things that may aide you in setup:

Cisco Email Security Appliance Initial Setup

 

Also, attached - (little older, but still a wise read...) Design Guide

 

 

Highlighted

Yes, no mail logs in the GUI or the mail_logs or any connections , nothing.
Highlighted

Hello a.shambesh,

 

Can you check in the CLI tophosts command and see if there's anything at all, if not can you do the following:

On the ESA CLI, use tail mail_logs

After which, go to your mail client(s) you're using for testing and send a test email - monitor this mail log if there's any output.

If there is none - that means the connections it not reaching the ESA's IP/listener.

If there is information, please sanitize it and share it with us if possible so we can assist.

 

Thanks,

Matthew

Highlighted

nothing shows with the tophosts command, and the tail mail_logs shows the following :

Mon Feb 26 10:53:50 2018 Info: ISQ: on-box Destination is /tmp/euq_server.sock
Mon Feb 26 10:53:50 2018 Info: SMTP listener outmail starting
Mon Feb 26 10:53:53 2018 Info: Quarantine system ready
Mon Feb 26 10:55:51 2018 Info: SDS_CLIENT: URL scanner daemon state 0
Mon Feb 26 10:55:51 2018 Info: SDS_CLIENT: URL scanner enabled=0
Mon Feb 26 10:55:51 2018 Info: SDS_CLIENT: URL scanner enabled=0
Mon Feb 26 10:55:51 2018 Info: SDS_CLIENT: URL scanner enabled=0
Mon Feb 26 10:58:50 2018 Warning: Received an invalid DNS Response: rcode=Refused data="'+?\\x81\\x05\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\tphonehome\\nsenderbase\\x03org\\x00\\x00\\x01\\x00\\x01'" to IP 10.10.100.17 looking up phonehome.senderbase.org
Mon Feb 26 10:58:52 2018 Info: SenderBase upload: 0 hosts totaling 3410 bytes

 

but nothing shows during and after sending an email.

Ping, nslookup and dig all work though.

Highlighted

Nothing in the mail_logs suggest the connection did not reach the ESA.

 

Are you seeing any errors on the server sending emails to this ESA. If this is MS exchange there should be a send connector pointing to the listener on the ESA.

 

Are you able to telnet from the server to the ESA? If this telnet works it will log a new ICID in the mail_logs.

 

Regards 

Libin Varghese 

Highlighted

Telnet connection is refused, but I can use SSH from the server.
I'm using a linux-based server not MS exchange.
Highlighted
Beginner

It works now! 

My issue was the email server didn't point to the ESA, I added it as a smarthost in the email server and it worked.

Thanks! 

View solution in original post

Content for Community-Ad