Problem with Bounce verification

Unanswered Question
Mar 17th, 2009
User Badges:

Hi all,
I have a bit of a problem with bounce verification and I am hoping someone can help me.
It could be to do with the way we have mail routing and I am hoping I can explain the routes enough for you to understand.
We have 2 x C300 in place in two locations in the world. One is in Australia and the other is in Vancouver.
We have several domains and depending on the domain used the email will either come in via the Australian or Vancouver ESA.

All AU users go out via the AU ESA, all American / Canadian users go out via the VN ESA.

A user in AU can have an email address of [email protected] and will exit the AU ESA and then when replied to will come in via the VN ESA.

Visa versa, a User in VN can have an email address of [email protected] and it will exit via the VN ESA and enter via the AU ESA.

Any user in AU with a [email protected] will exit and enter via AU and any VN user with a [email protected] will exit and enter via the VN ESA. These type of emails work fine.

Still with me?

I have setup bounce verification on both ESA to have the same Key (is this a bad thing?)

When the [email protected] in AU sends an email, it exits via the AU ESA and then the reply comes back in via the VN ESA and gets rejected, I believe this is because the VN ESA sees the correct KEY, however the IP address is wrong.

This is the error. (some details changed to protect the innocent)
"< mail.AU.ESA #5.0.0 smtp; 5.1.0 - Unknown address error 550-"5.7.1 <[email protected]>... recipient denied, because MX 10 'smtp.VN.ESA.' [192.168.1.1] for <prvs=3198325dc=[email protected]> rejected address saying: #5.1.0 Rejected by bounce verification." (delivery attempts: 0)>"

Is there a better way for me to do this?

Any help you can provide will be great.

Regards,

David

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Douglas Hardison Fri, 03/20/2009 - 13:59
User Badges:
  • Cisco Employee,

Hi,

Setting a matching BV key for each of your IronPort's is imperative for your setup, so that is fine. ( I would double-check them *just to make sure*, as any extra whitespace, etc.. can alter the output the key creates )

That being said, you don't mention what version of AsyncOS you are running on these units.

On some older versions of AsyncOS there was a defect which prevented the appliances from correctly recognizing the encoded tags. This meant that all NDR's were rejected, even valid ones. This defect is fixed in the latest builds of versions 5.5.1, 5.5.2, 6.0.0, 6.1.0, 6.1.5 and 6.3.5, but not for older versions (4.x, 5.1.x, 5.0.x, and so on). If your appliance runs on one of these older versions, you would need to upgrade before employing BV.

-whardison

David.shoesmith73 Mon, 03/23/2009 - 00:07
User Badges:

Thanks for the reply.
The AU appliance is running 6.5.0-405 and the NA us running 6.3.6-003
I have also logged a call with Ironport support, so hopefully they will be able to help.

Regards,

David

Actions

This Discussion