Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1194
Views
0
Helpful
1
Replies

How to create IronPort Private relay

abhijitbadave1
Level 1
Level 1

‎03-08-2015 05:21 AM

Hello,

 

Looking for IronPort configuration to allow Ironport to send & receive emails from postini.

Exchange server -> IronPort -> Google Postini

Google Postini -> IronPort -> Exchange servers

 

Labels:
0 Helpful
1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

‎03-08-2015 05:58 PM

Hello,


You can achieve this with the following step (There is no right or wrong here, so it comes down to your preference)

 

This is under the assumption your ESA has:

1) Network connectivity to internet

2) DNS servers (or root DNS servers used)
3) IP interface already configured

4) Default gateway configured with network routing done

 

 

1 Listener setup

> GUI > Network > Listeners

Create a Listener -> Public Listener (if it's already created and you have a public listener)

> GUI > Mail Policies > Mail Flow Policies

+ Create a new mail flow policy

+ Name: RELAYED

+ Policy Action : Relay

Leave rest default and submit.

> GUI > Mail Policies > HAT overview

+ Create a new sendergroup

+ Name it RELAYLIST, Order '1'

+ Mail Flow policy to use -> RELAYED

+ Leave rest blank and add sender

+ Sender to be added is the Exchange server IP that will be allowed to "RELAY" (Outbound) emails through your ESA device

+ Submit changes

 

 

> GUI > Mail Policies > RAT (recipients access table)

> Ensure the domains which the postini server will be managing is added here so recipients are accepted

> Submit changes if any

 

Typically for outgoing email routing, it would use DNS for routing to public MX record IPs

However if you want to force your ESA to send emails to a Google Postini server for specific domains or so,

Create a content filter and add your domains as the condition

Action -> Send to alternate mail host -> Specify the IP of The Google Postini Server


Once done, submit changes and enable this content filter on your outgoing mail policies

 

> Submit and commit changes

 

You now have your ESA setup with 1 listener for Exchange server to Relay through to the postini servers/MX records, and the ESA to accept emails from internet/google Postini servers to send to Exchange server.

 

As inbound emails from Google Postini will be treated generally as an external net connection to the ESA.

 

If you are using 2 listeners.

Ensure you have IPs configured for them

 

One listener is public (Inbound)

One listener is Private (Outbound)

 

Private listener should already have a RELAYLIST available

(GUI > Mail Policies > HAT overview > Drop down menu select the private listener)

+ Add the Exchange IP to allow it to RELAY through the ESA

+ Ensure your Exchange server connects to the IP interface tied to the Private listener for outbound

 

 

> Ensure SMTP routes are done for inbound traffic

> Ensure RAT table is updated as well

> Configure the content filter if required for route specific emails to the postini server

 

 

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents