Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
5
Helpful
1
Replies

Send mail to the second server when recipient verification failed on first

Vitalii.Serhiychuk
Level 1
Level 1

‎07-24-2020 01:06 AM

All inbound mail from ESA send to EXIM server. Now I am going to migrate to Microsoft Exchange and I want that ESA to first tries to deliver mail to Exchange (if Exchange has this mailbox), else send the mail to EXIM.
In SMTP Routes section I add two servers and set exchange priority 0. Also, I configured enable recipient validation on Exchange server.
But ESA sends mail for this domain only to exchange, even when Exhange answer - Message to info@mydomain.com bounced by destination server. Reason: 5.3.0 - Other mail system problem ('550', ['5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup'])

Labels:
0 Helpful
1 Reply 1

Nazarevych
Level 1
Level 1

‎08-11-2020 06:35 AM - edited ‎08-11-2020 07:20 AM

Hello! This situation can be solved in such manner.

Firstly create LDAP query filter to your Active Directory in a ESA web interface: System Administration -> LDAP. Set "LDAP Server Profile Name" to anything appropriate and fill form belongs to "Server Attributes". Test it sucessfull conecting to your AD server. Then check "Routing Query" check box and fill the form with the following attributes: 

 

Name: For example "ldap.routing"
Query String: (&(|(mail={a})(proxyAddresses=smtp:{a}))(HomeMDB=*))

Recipient Email to Rewrite the Envelope Recipient: mailRoutingAddress

Alternative Mailhost Attribute: extensionAttribute1

 

"Query String" - filter checking if User Mailbox or Email Alias created on Exchange server and object AD attribute HomeMDB set.

"Alternative Mailhost Attribute" - Points ESA to new Routing domain if User Mailbox Exist on MS Exchange.

 

To have extensionAttribute1 in users AD mailbox you can use "MS Exchange admin center" and add for particular user in a General Tab -> Custom attributes - Add Custom attributes 1 and point to exchange.flowers used in example above.

 

This form should look exactly as on image belowe:

Screenshot_1.jpg

You can use Test Query form to see if recipient should be rerouted through ESA to MS Exchange:

Screenshot_2.jpg

Then create new route in ESA: Network -> SMTP Routes to the virtual domain name - exchange.flowers used in AD additional attributes. And point this route on you newly installed MS Exchange server DNS or IP address.

Screenshot_3.jpg

Save all configs and commit the changes.

Some things to configure MS Exchange server.

For all migration period you should to to provide guaranted way to all emails delivered to end users. Does not matted where user mailbox located on an old MTA Exim or another or on MS Excnage. For that change MS Exchange - "accepted domain" from Authoritative type to Internal relay. And create "send connector" to old the MTA Exim. Configure "Address space" scope for shared domain name that services using 2 MTA. This prevents mail loose on Exchange server and relay all users emails if no mailbox created on MS Exchange. For a users that still use old MTA - create appropriate rule for migrated mailboxes - to delivery all emails to MS Exchange.

Preview file
54 KB
Customers Also Viewed These Support Documents