05-24-2007 04:26 PM
Hi,
last Tuesday we had a small discussion at the IronPort Partnerday about the Knowledge Base article 610
"Configure two ESAs where the backup hosts the ISQ with Centralized Management".
The main problem with the proposed solution is that you have to break your clustered configuration for HAT/RAT. Which means you need to configure white-/blacklisted Servers and Recipients in the Access table on both machines again. Therefor I would like to suggest a new way of doing this, which leaves me the benefit of the Centralized Managment for the cost of having an idle listener:
Instead of adding the Listener only on one appliance, you add the listener to the Cluster. This will not break anything on the Non-ISQ Box, as there is no traffic routed to this Machine. And don't forget to add the IP Address of the backup ESA into the Incoming Relays list, otherwise you could break your reputation. :)
If you have a special IP Address for the ISQ, you can also add this Interface on the second Box with the same name.
Any comments welcome,
Adrian Woizik
06-11-2007 01:34 PM
I have several systems configured that way, never had a problem with them. You can't sell centralized management if the first thing you need to do is break the cluster config again ;)
I can't seem to find #610 anymore but i remember that some older KB articles said to use a message filter like this to send spam received on the QuarantineListener to the spam quarantine:
if (recv-listener == "QuarantineListener") {
alt-mailhost("the.euq.queue");
}
if (recv-listener == "QuarantineListener") {
skip-spamcheck();
skip-viruscheck();
skip-vofcheck();
insert-header("X-Ironport-Quarantine", "Quarantine");
deliver();
}
06-11-2007 11:12 PM
Adrian, Bart,
we typically use a configuration similar to yours, but I configure the dedicated ISQ listener as a private (outbound) listener. So the quarantined mails are not counted in the inbound statistic.
Cheers,
Jörg
10-31-2007 03:50 PM
So what happened to KB ID 610?
I would have liked to read this post.
11-01-2007 01:30 PM
It got pulled, as it had some configuration options set that did more bad then good.
Support has the changed version of the article, it is not published yet, as 5.5 has put some holes in the new workaround again. For those who don't use the safe and block list in 5.5 the version you can get from support, works well.
Best Regards,
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide