Ironport as Smarthost for Exchage - Page 2

ddockter_ironport · ‎08-01-2008

I'm trying to set up the Ironport as a Smarthost for my Exchange server. I've set up the Ironport according to the following instructions I found on a post here (see below). When I send an e-mail it get bounced with the following message - "<ironport>" Below are the entries from the log.

Fri Aug 1 14:55:15 2008 Info: New SMTP ICID 1534143 interface Management (10.1.255.48) address 10.1.255.30 reverse dns host unknown verified no
Fri Aug 1 14:55:15 2008 Info: ICID 1534143 RELAY SG Exchange match 10.1.255.30-31 SBRS rfc1918
Fri Aug 1 14:55:15 2008 Info: Start MID 133540 ICID 1534143
Fri Aug 1 14:55:15 2008 Info: MID 133540 ICID 1534143 From: <Doug>
Fri Aug 1 14:55:15 2008 Info: MID 133540 ICID 1534143 RID 0 To: <dadockter>
Fri Aug 1 14:55:15 2008 Info: MID 133540 Message-ID '<0C4A10F36EA3674CAE378A13BC44ED67021FCE46>'
Fri Aug 1 14:55:15 2008 Info: MID 133540 Subject 'test e-mail'
Fri Aug 1 14:55:15 2008 Info: MID 133540 ready 4754 bytes from <Doug>
Fri Aug 1 14:55:15 2008 Info: MID 133540 matched all recipients for per-recipient policy DEFAULT in the outbound table
Fri Aug 1 14:55:15 2008 Info: ICID 1534143 close
Fri Aug 1 14:55:15 2008 Info: MID 133540 interim AV verdict using Sophos CLEAN
Fri Aug 1 14:55:15 2008 Info: MID 133540 antivirus negative
Fri Aug 1 14:55:15 2008 Info: MID 133540 queued for delivery
Fri Aug 1 14:55:15 2008 Info: New SMTP DCID 65814 interface 10.1.255.48 address 10.1.255.30 port 25
Fri Aug 1 14:55:15 2008 Info: Delivery start DCID 65814 MID 133540 to RID [0]
Fri Aug 1 14:55:15 2008 Info: Bounced: DCID 65814 MID 133540 to RID 0 - Bounced by destination server with response: 5.1.0 - Unknown address error ('550', ['5.7.1 Unable to relay for dadockter@comcast.net'])
Fri Aug 1 14:55:15 2008 Info: Start MID 133541 ICID 0
Fri Aug 1 14:55:15 2008 Info: MID 133541 was generated for bounce of MID 133540
Fri Aug 1 14:55:15 2008 Info: MID 133541 ICID 0 From: <>
Fri Aug 1 14:55:15 2008 Info: MID 133541 ICID 0 RID 0 To: <Doug>
Fri Aug 1 14:55:15 2008 Info: MID 133541 ready 5994 bytes from <>
Fri Aug 1 14:55:15 2008 Info: MID 133541 queued for delivery
Fri Aug 1 14:55:15 2008 Info: Message finished MID 133540 done

Create a new mail flow policy as follows:
- Go to 'Mail Policies -> HAT overview' link in GUI.
- Select the Mail Flow Policies link, beneath the HAT Overview.
- Click the Add Policy button.
- Name the policy.
- Set connection Behavior set to RELAY.
- In the Security Features, turn on Virus Protection and disable Spam Protection.
- Submit and commit changes.

Create a new sendergroup as follows:
- Go to 'Mail Policies -> HAT overview' link in GUI.
- Add a new Sender Group and set the order # to 1. Associate the new
mail flow policy(created above) to this sendergroup.
- Submit and commit changes.

Now click on the new sendergroup and add the ip address of the exchange server to this sendergroup. Once again, submit and commit changes.

ddockter_ironport · ‎08-20-2008

I missed that I sent an incoming message in my post. Below is an outgoing message to dadockter@gmail.com.

Tue Aug 19 17:10:26 2008 Info: MID 143293 ICID 1638913 RID 0 To:
Tue Aug 19 17:10:26 2008 Info: MID 143294 ICID 1638912 RID 0 To:
Tue Aug 19 17:10:26 2008 Info: MID 143293 Message-ID '<0C4A10F36EA3674CAE378A13BC44ED670246F4DA>'
Tue Aug 19 17:10:26 2008 Info: MID 143293 Subject 'test e-mail from Doug'
Tue Aug 19 17:10:26 2008 Info: MID 143294 Message-ID '<0C4A10F36EA3674CAE378A13BC44ED670246F4DA>'
Tue Aug 19 17:10:26 2008 Info: MID 143294 Subject 'test e-mail from Doug'
Tue Aug 19 17:10:26 2008 Info: MID 143293 ready 4820 bytes from
Tue Aug 19 17:10:26 2008 Info: MID 143294 ready 4820 bytes from
Tue Aug 19 17:10:26 2008 Info: MID 143293 matched all recipients for per-recipient policy DEFAULT in the outbound table
Tue Aug 19 17:10:26 2008 Info: MID 143294 matched all recipients for per-recipient policy DEFAULT in the outbound table
Tue Aug 19 17:10:26 2008 Info: ICID 1638913 close
Tue Aug 19 17:10:26 2008 Info: ICID 1638912 close
Tue Aug 19 17:10:26 2008 Info: MID 143293 interim AV verdict using Sophos CLEAN
Tue Aug 19 17:10:26 2008 Info: MID 143293 antivirus negative
Tue Aug 19 17:10:26 2008 Info: MID 143293 queued for delivery
Tue Aug 19 17:10:26 2008 Info: New SMTP DCID 71834 interface 10.1.255.48 address 10.1.255.30 port 25
Tue Aug 19 17:10:26 2008 Info: Delivery start DCID 71834 MID 143293 to RID [0]
Tue Aug 19 17:10:26 2008 Info: Message done DCID 71834 MID 143293 to RID [0]
Tue Aug 19 17:10:26 2008 Info: MID 143293 RID [0] Response '2.6.0 <0C4A10F36EA3674CAE378A13BC44ED670246F4DA> Queued mail for delivery'
Tue Aug 19 17:10:26 2008 Info: Message finished MID 143293 done

kluu_ironport · ‎08-20-2008

In the sample provided, it appears that it was accepted by the IronPort alright and then processed and successfully handed off to "10.1.255.30"

Tue Aug 19 17:10:26 2008 Info: New SMTP DCID 71834 interface 10.1.255.48 address 10.1.255.30 port 25
Tue Aug 19 17:10:26 2008 Info: Delivery start DCID 71834 MID 143293 to RID [0]
Tue Aug 19 17:10:26 2008 Info: Message done DCID 71834 MID 143293 to RID [0]
Tue Aug 19 17:10:26 2008 Info: MID 143293 RID [0] Response '2.6.0 <0C4A10F36EA3674CAE378A13BC44ED670246F4DA> Queued mail for delivery'
Tue Aug 19 17:10:26 2008 Info: Message finished MID 143293 done

I missed that I sent an incoming message in my post.  Below is an outgoing message to dadockter@gmail.com.

Tue Aug 19 17:10:26 2008 Info: MID 143293 ICID 1638913 RID 0 To: 
Tue Aug 19 17:10:26 2008 Info: MID 143294 ICID 1638912 RID 0 To: 
Tue Aug 19 17:10:26 2008 Info: MID 143293 Message-ID '<0C4A10F36EA3674CAE378A13BC44ED670246F4DA>'
Tue Aug 19 17:10:26 2008 Info: MID 143293 Subject 'test e-mail from Doug'
Tue Aug 19 17:10:26 2008 Info: MID 143294 Message-ID '<0C4A10F36EA3674CAE378A13BC44ED670246F4DA>'
Tue Aug 19 17:10:26 2008 Info: MID 143294 Subject 'test e-mail from Doug'
Tue Aug 19 17:10:26 2008 Info: MID 143293 ready 4820 bytes from 
Tue Aug 19 17:10:26 2008 Info: MID 143294 ready 4820 bytes from 
Tue Aug 19 17:10:26 2008 Info: MID 143293 matched all recipients for per-recipient policy DEFAULT in the outbound table
Tue Aug 19 17:10:26 2008 Info: MID 143294 matched all recipients for per-recipient policy DEFAULT in the outbound table
Tue Aug 19 17:10:26 2008 Info: ICID 1638913 close
Tue Aug 19 17:10:26 2008 Info: ICID 1638912 close
Tue Aug 19 17:10:26 2008 Info: MID 143293 interim AV verdict using Sophos CLEAN
Tue Aug 19 17:10:26 2008 Info: MID 143293 antivirus negative 
Tue Aug 19 17:10:26 2008 Info: MID 143293 queued for delivery
Tue Aug 19 17:10:26 2008 Info: New SMTP DCID 71834 interface 10.1.255.48 address 10.1.255.30 port 25
Tue Aug 19 17:10:26 2008 Info: Delivery start DCID 71834 MID 143293 to RID [0]
Tue Aug 19 17:10:26 2008 Info: Message done DCID 71834 MID 143293 to RID [0] 
Tue Aug 19 17:10:26 2008 Info: MID 143293 RID [0] Response '2.6.0  <0C4A10F36EA3674CAE378A13BC44ED670246F4DA> Queued mail for delivery'
Tue Aug 19 17:10:26 2008 Info: Message finished MID 143293 done

ddockter_ironport · ‎08-20-2008

I opened a case with IronPort tech support. They determined that I had an SMTP ROUTE set for ALL, which was redirecting all outbound emails from my IronPort back to the Exchange server. Removing this entry corrected the problem.