Problem with access to Ironport C370

dzenansirco · ‎04-16-2013

Hi,

We have C370 (upgraded to last version) configured and everythings work fine! But one day, from some reason, we cant access Ironport via HTTPS, HTTP and SSH, only works ping. Problem with network is not because we try access Ironport direct from Managment port. After reboot, then access is fine. Please can you tell me how I can figure out what was a problem, which logs I need to analyze.... Why I could not access to ironport via HTTP/S, SSH?

dzenansirco · ‎04-16-2013

Also, after few minutes when I rebooted Ironport, SMTP traffic doesnt work, on my mail server which is relayed on Ironport: I got error from Ironport: Error 452 4.3.1. insufficient storage.... What is a problem?

Valter Da Costa · ‎04-16-2013

Hi Dzenan,

This error:

Error 452 4.3.1. insufficient storage

Is most likely on the MS Exchange side of the communication. Please check the MS Exchange logs and disk space available on the server.

It is not exact the same error but for your reference, please check:

Article #1424: Why am I seeing the error "452 4.3.1 Insufficient system resources" when delivering to my own domain?

Link: http://tools.cisco.com/squish/AE381

I hope this helps and if so, please mark the questin as answered.

Regards,

Valter

dzenansirco · ‎04-16-2013

I dont think that problem is exchange because problem also was about accessing to ironport, I think that some problem is on ironport:

Tue Apr 16 16:08:52 2013 Info: New SMTP DCID 15929874 interface 172.30.20.4 address 65.55.37.88 port 25

Tue Apr 16 16:08:52 2013 Info: ICID 5276886 Receiving Failed: Out of Memory

Tue Apr 16 16:08:52 2013 Info: ICID 5276886 close

Tue Apr 16 16:08:53 2013 Info: Delayed: DCID 15929873 MID 11206813 to RID 0 - 4.1.0 - Unknown address error ('450', ['too many connections from your IP (rate controlled)']) []

Tue Apr 16 16:08:53 2013 Info: MID 11206813 to RID [0] pending till Tue Apr 16 17:08:53 2013 [Default]

Tue Apr 16 16:08:53 2013 Info: Connection Error: DCID 15929873 domain: shop.com IP: 216.136.0.12 port: 25 details: EOF interface: 172.30.20.4 reason: network error

Tue Apr 16 16:08:53 2013 Info: ICID 5276890 Receiving Failed: Out of Memory

Tue Apr 16 16:08:53 2013 Info: ICID 5276890 close

Tue Apr 16 16:08:53 2013 Info: New SMTP DCID 15929875 interface 172.30.20.4 address 216.136.0.12 port 25

Tue Apr 16 16:08:53 2013 Info: Delivery start DCID 15929874 MID 11744351 to RID [0]

Tue Apr 16 16:08:53 2013 Info: New SMTP ICID 5276899 interface data (172.30.20.4) address 172.29.18.137 reverse dns host unknown verified no

Tue Apr 16 16:08:53 2013 Info: ICID 5276899 RELAY SG RELAY match 172.0.0.0/8 SBRS rfc1918

Tue Apr 16 16:08:53 2013 Info: Connection Error: DCID 15929874 domain: hotmail.com IP: 65.55.37.88 port: 25 details: 421-"RP-001 (COL0-MC2-F35) Unfortunately, some messages from 195.222.56.65 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors." interface: 172.30.20.4 reason: unexpected SMTP response

Tue Apr 16 16:08:53 2013 Info: Delayed: DCID 15929874 MID 11744351 to RID 0 - 4.3.2 - Not accepting messages at this time ('421', ["RP-001 (COL0-MC2-F35) Unfortunately, some messages from 195.222.56.65 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors."]) []

dzenansirco · ‎04-16-2013

Also, when I remove ironport from network, mails works fine, so problem is on ironport....

Valter Da Costa · ‎04-16-2013

In this case, my previous recommendation stands. You can either search the status logs or open a support ticket.

Regards,

-Valter

Valter Da Costa · ‎04-16-2013

This info about ICID (Receiving Failed: Out of Memory) was not in your previous email.

There could be an issue with memory resources in your Cisco ESA (Email Security Appliance).

You can check status logs to try to determine if this could be realted to massive emails or open a support ticket for further/deeper assistance.

Regards,

-Valter

dzenansirco · ‎04-16-2013

OK, please tell me which logs I need to look?

Valter Da Costa · ‎04-16-2013

Hi,

the log is status log.

esalab.cisco.com> tail

Currently configured logs:

Log Name Log Type Retrieval Interval

---------------------------------------------------------------------------------

.

3. antispam Anti-Spam Logs Manual Download None

4. antivirus Anti-Virus Logs Manual Download None

5. asarchive Anti-Spam Archive Manual Download None

6. authentication Authentication Logs Manual Download None

.

16. mail_logs IronPort Text Mail Logs Manual Download None

17. reportd_logs Reporting Logs Manual Download None

.

21. snmp_logs SNMP Logs Manual Download None

22. sntpd_logs NTP logs Manual Download None

23. status Status Logs Manual Download None

24. system_logs System Logs Manual Download None

25. trackerd_logs Tracking Logs Manual Download None

26. updater_logs Updater Logs Manual Download None

Enter the number of the log you wish to tail.

=============================================

We have a tool available at

https://supportforums.cisco.com/docs/DOC-9075 named "Status Log Tool" which can assist you by building a graphich with info from the status log.

Regards,

-Valter