10-15-2012 12:35 PM
I have an exchange server behind 2 clustered C170s.
Inbound mail flow from the Internet is flowing correctly, now I want to move my outbound relay from the old barracuda to the C170s.
On the cluster config, I setup a mail flow policy (called relayed), that's conenction behavior is relay, and most of the other settings are default.
I then setup a sender group called relaylist that has the IP address of the exchange server in it.
If I go into Monitoring > delivery status, the remtoes hosts are listed as "Down"
I also tried setting up a relay under Network > Incomming Relays, but that didn't seem to work either.
If I go into Network > SMTP routes, I have a route for my internal domains pointed to my exchange server, the other route "All other domains" is set to (Not Defined). I tried setting it to USEDNS, but it gives the error "The "usedns" option may not be used for the "All Other Domains" route."
Any help would be appreciated.
Mike
Solved! Go to Solution.
10-15-2012 01:22 PM
10-15-2012 01:06 PM
You need to create a listener... and put the Sender Group you created on the appropriate Listener.
I have my box set up with 2 logical interfaces, one "public", one "private" (inside the firewall...), and they are on seperate physical interfaces, and the physical interfaces are wired to a DMZ for the public and internal net for the private.
I created a listener for both... in your case, you're probably just missing the listener for the Outbound...
Go to Network/Listeners, and create a listener, called "outboundmail", on the appropriate IP interface
When you set it up, it has a "Host access table" (HAT), that's where you can configure the approrpriate sender group.
If you go back to MailPolicies/HAT Overview, you'll see that you can pick which listener you're creating the Sender Group for...
The mail flow policy for the Relayed sender group on the Outbound listener defines how can your Exchange boxes talk to the IronPort.
Hope that helps...
Ken
10-15-2012 01:14 PM
I only have 1 IP interface, I NAT it through the firewall, so I cannot add a second listner on port 25.
10-15-2012 01:22 PM
I faced the same issue once,
there was a problem in NATing on ASA
10-15-2012 01:42 PM
Thanks for getting me most of the way there!
I forgot I had set a rule on this customers firewall to only allow outbound SMTP from certain IP addresses, the ironports weren't in there yet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide