01-29-2009 02:28 PM
Just after the new year started, I upgraded my first of three x1050s to 6.5.0. A few days later after no issues were encountered by this first upgrade, I processed upgrades to my remaining two X's and my M. Unfortunately, on one of these X's I upgraded straight to 6.5.1. Fast forward a few days and another admin went to recreate the cluster, to process some rules, and encountered the out of sync AsyncOSs. A panic ensues and upgrades are applied to the remaining three, all to 6.5.1.
I ran this past through a support ticket and found the actual problem with another MTAs TLS config. Here we check for TLS and require if available. Outside MTAs is available but broken. Prior to upgrades, unsecure email processed through to my internal users without issue. After the upgrades, all messages failed. Support reports that they attempted email with this domain using earlier Async OS versions and all comm still failed.
Allegedly no change on outside MTA. They have broken TLS, know it, have experienced it with other MTAs as well. They are not fixing their corrupt TLS deployment. However, unsecure still worked. Outside MTA domain is sigc.us.
Are my tracking logs gone after an AsyncOS upgrade? Can I recover?
Was TLS enhanced to fail with broken outside TLS config, from 6.4.x to 6.5.1?
6.5.1 is a maintenance release? Should I be running it?
Can I get the bound version of the Ironport AsyncOS 6.5 users guide and advanced users guide? Can I download? I have 5.1 literature. I'd really like to get my ironports dialed in to 6.5.x.
Thanks,
-bear
01-30-2009 02:05 PM
Just after the new year started, I upgraded my first of three x1050s to 6.5.0. A few days later after no issues were encountered by this first upgrade, I processed upgrades to my remaining two X's and my M. Unfortunately, on one of these X's I upgraded straight to 6.5.1. Fast forward a few days and another admin went to recreate the cluster, to process some rules, and encountered the out of sync AsyncOSs. A panic ensues and upgrades are applied to the remaining three, all to 6.5.1.
I ran this past through a support ticket and found the actual problem with another MTAs TLS config. Here we check for TLS and require if available. Outside MTAs is available but broken. Prior to upgrades, unsecure email processed through to my internal users without issue. After the upgrades, all messages failed.
Support reports that they attempted email with this domain using earlier Async OS versions and all comm still failed.
Allegedly no change on outside MTA. They have broken TLS, know it, have experienced it with other MTAs as well. They are not fixing their corrupt TLS deployment. However, unsecure still worked. Outside MTA domain is sigc.us.
Are my tracking logs gone after an AsyncOS upgrade? Can I recover?
Was TLS enhanced to fail with broken outside TLS config, from 6.4.x to 6.5.1?
6.5.1 is a maintenance release? Should I be running it?
Can I get the bound version of the Ironport AsyncOS 6.5 users guide and advanced users guide? Can I download? I have 5.1 literature. I'd really like to get my ironports dialed in to 6.5.x.
Thanks,
-bear
01-30-2009 04:58 PM
So I take it from thsi that all systems in the cluster are now running 6.5.1-004, and the cluster is intact?
By require if available, do you mean TLS preferred-verify? And by all messages, you mean all messages to one domain? It sounds like you should get back in touch with support. They will have access to your configuration.
Your tracking logs should survive an upgrade. Whether you still have data from prior to the upgrade will depend on your mail volume. The tracking database will purge the oldest records when it gets full.
There were no enhancements or bug fixes that would cause the appliance to be more picky about who to send encrypted mail to. If the remote MTA advertises STARTTLS, we will attempt to negotiate a TLS connection. There are a number of reasons this can fail. If you are using TLS Required, the mail will be bounced. If it is TLS Preferred, then it will be delivered plain text.
Absolutely. If you saw it in early January, you must have been on the early availability list. Just this week we released it to all customers.
You can see all of the Documentation in the online help on your appliance. You can alos download PDFs from the Support Portal. If you prefer the printed copies, I'll check and see how you can order that.
02-23-2009 07:02 PM
Bear
Sorry, but this has gotten pretty stale. I've replied to your questions below.
By require if available, do you mean TLS preferred-verify? And by all messages, you mean all messages to one domain? It sounds like you should get back in touch with support. They will have access to your configuration.
Actually just prefer. No verify. By all messages, I mean all messages from sigc.us to us (all messages from anyone to us [we listen for a few domains] we prefer TLS). I think support did what they could, and did a great job at that. I'm just stuck in this "it worked/didn't work quandry," with the only definite change being me upgrading. Without the worked/didn't work data slice, everything support provided is spot on. Sigc.us' TLS is broken..that's not in dispute. It's the behaviour now of my ironports, to their error, that appears to have changed. I have added a destination control specifically for this domain, to not use TLS but these one off fixes trouble me.
Absolutely. If you saw it in early January, you must have been on the early availability list. Just this week we released it to all customers.
Whew...
How did this work? We defintitely didn't request anything. What's the early availability list inclusion criteria?
You can see all of the Documentation in the online help on your appliance. You can alos download PDFs from the Support Portal. If you prefer the printed copies, I'll check and see how you can order that.
I'd love the printed versions if available for a reasonable price. Downloads are adequate, but there's nothing quite like a well creased and dog-eared bound reference on my bookshelf.
Thanks Karl.
-bear
03-12-2009 03:22 PM
Are my tracking logs gone after an AsyncOS upgrade? Can I recover?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide