Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2068
Views
0
Helpful
3
Replies

Internal and External Mail Exchange servers server not communicating with IronPort

alimfawad
Level 1
Level 1

‎01-13-2014 03:43 PM

Hello Support Community,

I have setup external mail exchange server and an internal mail exchange server to test out ironport, those two are not communicating via IronPort neither are they both recieving eachothers sent messages in their inbox, i have setup a smart host in both of those servers to point to ironport but thats still of no help. I have two smtp routes setup as well one's recieving domain: dummy.local which is external and its destination host: softheon.local which is internal which means its smart host is pointing to ironport's data 1. Is there something that im missing which is not letting these two mail exchange servers connect to each other as well as connect with the ironport to catch the msgs being sent

thanks

Labels:
0 Helpful
3 Replies 3

Robert Sherwin
Cisco Employee
Cisco Employee

‎01-16-2014 01:14 PM

What is message tracking or mail_logs showing when you are trying to send/connect?  Anything at all?

-Robert

Cheers,
Robert Sherwin
0 Helpful

ChrisUCF99
Level 1
Level 1
In response to Robert Sherwin

‎01-17-2014 07:41 PM

Are you trying to relay through the appliance, or just email the appliance?

If trying to relay through the appliance, make sure the IP address of your exchange server is added to the RELAYLIST under the HAT (host access table) located under Mail Policies Tab - Host Access Table.  Click on the RELAYLIST and add the IP - submit and commit changes.

If you are just trying to email the appliance, you may be getting dropped at the handshake level based on reputation (or lack thereoff).

From your exchange boxes, open up a command prompt and telnet to the ironport on port 25 and initiate a command line email.

So:

telnet IP-OF-IRONPORT 25 (hit enter, you should connect up and see the IronPort banner)

helo (type helo - from here you'll probably get dropped by the IronPort)

mail from: test@test.com (if you dont get dropped put in your email address)

rcpt to: test2@test.com (put in the other email address)

data (type data and hit enter)

This is a test. (type anything, this is the message body)

. (when done typing, type a single . (period) and hit enter.  The email should send if you got that far.

You most likely need to add the IP addresses of your exchagne boxes to the WHITELIST under the HAT to resolve any reputation issues from your test exchange boxes.

Regards,

Chris

0 Helpful

ChrisUCF99
Level 1
Level 1
In response to ChrisUCF99

‎01-17-2014 07:51 PM

Also, you need to make sure that whatever domain the IronPort is accepting mail for, is entered in the receipient access table. Mail Policies Tab - Recipient Access Table.  If the domain is not in the RAT, the default action will be to reject the email.  Make sure to check the bypass LDAP option for the domain, if you dont have LDAP lookups configured.

0 Helpful
Customers Also Viewed These Support Documents