Showing results for 
Search instead for 
Did you mean: 

Internal and External Mail Exchange servers server not communicating with IronPort


Hello Support Community,

I have setup external mail exchange server and an internal mail exchange server to test out ironport, those two are not communicating via IronPort neither are they both recieving eachothers sent messages in their inbox, i have setup a smart host in both of those servers to point to ironport but thats still of no help. I have two smtp routes setup as well one's recieving domain: dummy.local which is external and its destination host: softheon.local which is internal which means its smart host is pointing to ironport's data 1. Is there something that im missing which is not letting these two mail exchange servers connect to each other as well as connect with the ironport to catch the msgs being sent


3 Replies 3

Robert Sherwin
Cisco Employee
Cisco Employee

What is message tracking or mail_logs showing when you are trying to send/connect?  Anything at all?


Are you trying to relay through the appliance, or just email the appliance?

If trying to relay through the appliance, make sure the IP address of your exchange server is added to the RELAYLIST under the HAT (host access table) located under Mail Policies Tab - Host Access Table.  Click on the RELAYLIST and add the IP - submit and commit changes.

If you are just trying to email the appliance, you may be getting dropped at the handshake level based on reputation (or lack thereoff).

From your exchange boxes, open up a command prompt and telnet to the ironport on port 25 and initiate a command line email.


telnet IP-OF-IRONPORT 25 (hit enter, you should connect up and see the IronPort banner)

helo (type helo - from here you'll probably get dropped by the IronPort)

mail from: (if you dont get dropped put in your email address)

rcpt to: (put in the other email address)

data (type data and hit enter)

This is a test. (type anything, this is the message body)

. (when done typing, type a single . (period) and hit enter.  The email should send if you got that far.

You most likely need to add the IP addresses of your exchagne boxes to the WHITELIST under the HAT to resolve any reputation issues from your test exchange boxes.



Also, you need to make sure that whatever domain the IronPort is accepting mail for, is entered in the receipient access table. Mail Policies Tab - Recipient Access Table.  If the domain is not in the RAT, the default action will be to reject the email.  Make sure to check the bypass LDAP option for the domain, if you dont have LDAP lookups configured.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: