cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.0.0-418
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

4461
Views
0
Helpful
2
Replies
Alejandro Moran
Beginner

ironport C170 not accepting mail, initial config

Hello

This is the first time we are implementing a ironport mail appliance C170, we followed the wizard several times and basically we are using only one interface (data1) for management, incoming and outgoing mail. We have dns, the domains on the relaylist for the HAT, the domain in the RAT, the smtp route pointing to the mail server, and the default gateway. But the mail appliance is not forwarding any mail, acutally from a capture we made, I can see the appliance reseting the smtp conections:

1: 14:32:53.365398 5057.a898.517c 5057.a8e1.e478 0x0800 62: 200.9.128.33.2565 > 10.1.1.242.25: S [tcp sum ok] 2734151427:2734151427(0) win 65535 <mss 1380,nop,nop,sackOK> (DF) (ttl 120, id 11235)

   2: 14:32:53.365520 5057.a8e1.e478 5057.a898.517c 0x0800 54: 10.1.1.242.25 > 200.9.128.33.2565: R [tcp sum ok] 0:0(0) ack 2734151428 win 0 (DF) (ttl 64, id 64812)

   3: 14:32:53.978587 5057.a898.517c 5057.a8e1.e478 0x0800 62: 200.9.128.33.2565 > 10.1.1.242.25: S [tcp sum ok] 1873019677:1873019677(0) win 65535 <mss 1380,nop,nop,sackOK> (DF) (ttl 120, id 11406)

   4: 14:32:53.978663 5057.a8e1.e478 5057.a898.517c 0x0800 54: 10.1.1.242.25 > 200.9.128.33.2565: R [tcp sum ok] 0:0(0) ack 1873019678 win 0 (DF) (ttl 64, id 64813)

   5: 14:32:54.744666 5057.a898.517c 5057.a8e1.e478 0x0800 62: 200.9.128.33.2565 > 10.1.1.242.25: S [tcp sum ok] 2424922470:2424922470(0) win 65535 <mss 1380,nop,nop,sackOK> (DF) (ttl 120, id 11599)

   6: 14:32:54.744742 5057.a8e1.e478 5057.a898.517c 0x0800 54: 10.1.1.242.25 > 200.9.128.33.2565: R [tcp sum ok] 0:0(0) ack 2424922471 win 0 (DF) (ttl 64, id 64814)

And the only logs I get on the tail mail_logs are:

Sat Aug 25 01:38:30 2012 Info: Outbreak Rule: OUTBREAK_0003541 has threat level 3

Sat Aug 25 01:38:30 2012 Info: Outbreak Rule: OUTBREAK_0000971 has threat level 3

Sat Aug 25 01:41:13 2012 Info: SenderBase upload: 0 hosts totaling 2777 bytes

Is there somithing I miss from the initial configuration?

Regards

Alejandro Moran

2 REPLIES 2
Enrico Werner
Cisco Employee

Hi Alejandro,

for outbound mail flow, did you add the IP address of your mail server into the RELAYLIST sendergroup under "Mail Policies - HAT Overview"? For inbound+outbound mail, did you make sure that the listener is configured and listening on port 25? Check under "Network - Listeners".

On the CLI check if any connections come in using the topin command. If there is  connections check if they are queued up using the tophosts command. If they are queued up use diagnostic - network - smtpping and test connectivty.

Regards,

Enrico

Alejandro Moran
Beginner

thanks.

There was a problem with the queue, looks like it was corrupted. Used the resetqueue command, and after a reboot it started working as expected.