02-25-2018 03:23 AM - edited 03-08-2019 07:33 PM
Hello,
I'm deploying ESAv as a demo on a local network, I've configured an Email server too and it works fine (sends email).
But the issue is that the ESA seems to not see these emails, when I use the command line (using helo and mailto commands) to send an email it works but not via a client mail or webmail.
Any idea what's the problem ?
Solved! Go to Solution.
02-26-2018 02:06 AM
It works now!
My issue was the email server didn't point to the ESA, I added it as a smarthost in the email server and it worked.
Thanks!
02-25-2018 04:54 AM
You are not seeing the mail hit the ESA at all in the mail_logs? Connection trying to be established, etc.?
Things that may aide you in setup:
Cisco Email Security Appliance Initial Setup
Also, attached - (little older, but still a wise read...) Design Guide
02-25-2018 05:03 AM
02-25-2018 02:06 PM
Hello a.shambesh,
Can you check in the CLI tophosts command and see if there's anything at all, if not can you do the following:
On the ESA CLI, use tail mail_logs
After which, go to your mail client(s) you're using for testing and send a test email - monitor this mail log if there's any output.
If there is none - that means the connections it not reaching the ESA's IP/listener.
If there is information, please sanitize it and share it with us if possible so we can assist.
Thanks,
Matthew
02-26-2018 01:12 AM
nothing shows with the tophosts command, and the tail mail_logs shows the following :
Mon Feb 26 10:53:50 2018 Info: ISQ: on-box Destination is /tmp/euq_server.sock Mon Feb 26 10:53:50 2018 Info: SMTP listener outmail starting Mon Feb 26 10:53:53 2018 Info: Quarantine system ready Mon Feb 26 10:55:51 2018 Info: SDS_CLIENT: URL scanner daemon state 0 Mon Feb 26 10:55:51 2018 Info: SDS_CLIENT: URL scanner enabled=0 Mon Feb 26 10:55:51 2018 Info: SDS_CLIENT: URL scanner enabled=0 Mon Feb 26 10:55:51 2018 Info: SDS_CLIENT: URL scanner enabled=0 Mon Feb 26 10:58:50 2018 Warning: Received an invalid DNS Response: rcode=Refused data="'+?\\x81\\x05\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\tphonehome\\nsenderbase\\x03org\\x00\\x00\\x01\\x00\\x01'" to IP 10.10.100.17 looking up phonehome.senderbase.org Mon Feb 26 10:58:52 2018 Info: SenderBase upload: 0 hosts totaling 3410 bytes
but nothing shows during and after sending an email.
Ping, nslookup and dig all work though.
02-26-2018 01:20 AM
Nothing in the mail_logs suggest the connection did not reach the ESA.
Are you seeing any errors on the server sending emails to this ESA. If this is MS exchange there should be a send connector pointing to the listener on the ESA.
Are you able to telnet from the server to the ESA? If this telnet works it will log a new ICID in the mail_logs.
Regards
Libin Varghese
02-26-2018 01:42 AM
02-26-2018 02:06 AM
It works now!
My issue was the email server didn't point to the ESA, I added it as a smarthost in the email server and it worked.
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: