Problem Of The Relay Funcation In Cisco ESA

afrizal.mohamed1 · ‎12-04-2016

Hi,

I would like to get help regarding the relay function in the Cisco ESA. The following scenarios below were encountered.

Scenario A

- On Cisco ESA, we added the server’s IP address into the relay list.

- We performed a test and we were unable to relay emails to the Cisco ESA.

- We performed a ping test from the server to the Cisco ESA. There is a reply for all the ping requests. The funny thing is that when we check from the firewall, the ping request will have an echo request. However for this case, the Cisco ESA does not send out the echo request but the server shows the successful ping request.

- The necessary ports for communication and relay have been permitted on the firewall.

Scenario B

- Without adding the server’s IP address into the relay list, it seems that the server is still able to relay emails to the Cisco ESA.

- Ping test performed and all seems well.

Just wondering why these 2 scenarios occur. Any ideas on this?

Thank You.

Libin Varghese · ‎12-05-2016

Hi Afrizal,

I'm unsure of how you are currently performing the tests.

Could you confirm if you are able to telnet to the ESA over port 25 from the sending server? If the telnet is successful it should register as an incoming connection (ICID) in the mail_logs immediately which should confirm which sender group (Relaylist or any other) connection matches.

The mail_logs would be the best way to determine why you are unable to relay emails through the ESA. You can use the below command to grep the mail_logs

grep "IP of the server" mail_logs

The ESA would accept connections over port 25 from all sending servers, IP's matching the sender group with relay action would be treated as outbound while all other would be treated as inbound.

Thanks
Libin Varghese