cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5417
Views
0
Helpful
13
Replies
Highlighted
Beginner

Fresh Ironport w/ Exchange

I'm configuring an Ironport in an Exchange 2010 environment.  I'm having a little trouble getting outgoing mail to work.  Incoming mail is working, but I'm not quite sure if the Ironport is setup correctly.  My question is when setting up the Ironport, will I change my MX records?  Or am I simply just adding the Ironport as a SmartHost and all mail will go through the SmartHost.  I've pointed the Ironport to my Exchange server and added the SmartHost on Exchange.

Everyone's tags (3)
13 REPLIES 13
Cisco Employee

Fresh Ironport w/ Exchange

Hi Evan,

For outgoing mail to flow through IronPort appliance you need to do following two config changes:

- Configure Exchange server with smarthost pointing to IronPort's Outbound listener.

- Define Exchange's IP address in RelayList Sendergroup on outbound listener.

If you have configured above two settings, than I would recommend checking mail_logs to see what IronPort is doing with the connection coming from the Exchange side. To check the logs, you can use followling command from CLI:

> grep "" mail_logs

NOTE: replace the with actual IP of the Exchange.

Once you get ICID, please grep that ICID to see the details about that connection.

I hope this will help.

Rehan

Beginner

Re: Fresh Ironport w/ Exchange

Hi Rehan,

So I've configured the Smarthost on the Exchange server, I'm not exactly sure where you configure the RelayList Sendergroup on outbound listener on the Ironport.  Where exactly is this on the C170 Ironport?

Collaborator

Re: Fresh Ironport w/ Exchange

There are 2 ways to get to it.

1.  Click on Network>Listeners, in the row for the Outbound listener, click on the HAT link.

Then click on RelayList and add the Exchange servers to the list at the bottom.

2. Click on Mail Policies/HAT Overview.  Select the Outbound Listener.

Then click on RelayList and add the Exchange servers to the list at the bottom.

Beginner

Re: Fresh Ironport w/ Exchange

I actually tried that, but I got the error stating 'Port already used by Listener "IncomingMail" which is for the TCP Port: 25.  This happens when I'm trying to make my Outgoing Mail listener.

Collaborator

Re: Fresh Ironport w/ Exchange

Do you have 2 listeners?

Beginner

Re: Fresh Ironport w/ Exchange

No, at the moment I only have IncomingMail under Listeners.

Collaborator

Re: Fresh Ironport w/ Exchange

You need another listener, call it OutboundMail.

Listeners need their own IP interface (not necessarily a seperate physical interface), but that's what I did...

Take a look at the section in the Online Help titled "Receiving Email with Listeners"

Beginner

Re: Fresh Ironport w/ Exchange

Ken,

Thanks for taking the time to assist.  I probably should read up a little more, but I thought I was on the right track.

I've configured a listener called OutbountMail, typer of listener set as Private, Interface Data 2, and TCP Port: 25 of course yet I still get an error that it's used by InboundMail.  Do I need to set something else to distinguish it from InboundMail?

Beginner

Re: Fresh Ironport w/ Exchange

I think I figured it out.  My interfaces are labeled as Data 2 (external) and Managment (Internal).  Now I was under the impression that the 2nd NIC, the Management port was used as an out-of-band port.  Should these ports be configured as External and Internal, and have a pass-through?  Or am I totally off base here.

Collaborator

Re: Fresh Ironport w/ Exchange

You're on the right track.

Physically, the ports are labled Data1 and Data2

Then you create IP interfaces on them, I'd have used Private and Public, or Internal and External. (l'll use those going forward)  Put External on Data2 and plug it in to your DMZ, put Internal on Data1 and put it on your server subnet.

On the Private/Internal interface turn on the Appliance Management/Spam Quarantine/etc

on the External interface, turn all that off...

Create the InboundListener on the External IP interface

Create the OutboundListener on the Internal IP interface

You probably don't have to do ALL of that, maybe just rename the internal stuff, so its less confusing... And put the second listener on the "internal" interface.

Beginner

Re: Fresh Ironport w/ Exchange

So the external interface of the Ironport will definitly sit on the DMZ, just as my Edge Transport did at one time during testing, good to know.  I wasn't 100% on this so I'm glad that's cleared up.

I'm going to reconfigure it from the ground up as you listed it above.  Thanks so much Ken.  I'll post back my status and findings.

Collaborator

Re: Fresh Ironport w/ Exchange

You don't HAVE to put it on the DMZ, but its best-practice...

Beginner

Re: Fresh Ironport w/ Exchange

Was there a happy ending to this story? Did it finally work?

Sent from Cisco Technical Support iPad App