05-01-2009 09:00 PM
Hi all. I'm a new Ironport user, having just started working for a company that had a Spam and Virus Blocker already up and running.
We've been put on some blacklists for acting as an open relay. Apparently my predecessor had already done much of the work involved in fixing this problem, but we're still on blacklists. I'm not sure when the last time we really were an open relay was; it could have been before the Ironport was ever installed. I want to clear our name, but before I start requesting removals, I want to be 100% sure that the problem is addressed.
I've run some online open relay tests, and most report that we are not an open relay, but when I tried http://www.rbl.jp/svcheck.php , 5 of their 19 tests came back as "accepted".
I searched the Ironport knowledge base and found that our settings already match the recommendation -- our RAT is set to reject "all other recipients".
Here are the recipients from the tests that came back as "accepted":
>>> RCPT TO: <rlytest%h.rbl.jp@server01.mycompany.com>
>>> RCPT TO: <"rlytest@h.rbl.jp"@server01.mycompany.com>
>>> RCPT TO: <h.rbl.jp!rlytest@server01.mycompany.com>
>>> RCPT TO: <"rlytest%h.rbl.jp"@mycompany.com>
>>> RCPT TO: <"rlytest@h.rbl.jp"@mycompany.com>
05-02-2009 07:45 AM
Hello Tilden,
You can use the CLI (Command LIne) command "findevent" to collect all loglines that belong to a certain message and use that information to see what has happened with the message.
If you search your log (using the grep command on the CLI) for "rlytest" you should find the loglines that are recorded for your relay tests. if you use the MID value found in those lines as input for the "findevent" command you get it clear.
good luck!
Steven
05-04-2009 02:24 PM
Thank you for the quick reply, Steven.
It seems as though my Ironport does not have the "findevent" command. When I tried it I got an "unknown command: findevent" message, and the "help" message does not list findevent. Are you sure that command exists in the Spam and Virus Blocker, and not just other Ironport models?
I notice that there are two upgrades available to download for my Ironport, so maybe it's just that my current version is too old. I'm not sure I'm daring enough to install the upgrades during business hours, so I'll probably do that on the weekend.
Thanks again.
05-05-2009 09:07 AM
What version of AsyncOS are you running, looks like you have an old version since the findevent command is available since around 6.0 if im right..
05-05-2009 02:54 PM
The System Overview section says 4.7.0-148. I see 4.7.2 in my list of available upgrades.
05-06-2009 10:05 AM
I would recommend to upgrade your system, the findevent command is not available in your system, neither are lots of other improvements, features and bugfixes.
You cannot upgrade straight to 6.5.1 from your version, you probably have to upgrade multiple times to get to 6.5.1, starting with 4.7.2, then upgrade to the following available upgrade..
05-06-2009 02:17 PM
Thanks, I'll definitely upgrade as far as I can at some point. It's a question of timing.
What kind of downtime can I expect when performing upgrades? I'm wondering if I can afford to do it during business hours or if I should wait until the weekend.
05-06-2009 02:27 PM
If you have a cluster, you will have almost 'no' downtime.
First upgrade the first appliance, it will continue to deliver mail during the upgrade, you only have some downtime while the system is rebooting. Then upgrade the second.
If you do have a cluster, during the reboot, your second appliance will take over the mailflow. If you don't have a cluster, I recommend to do the upgrades during non-business hours..
05-11-2009 08:11 PM
Wellll....turns out it's a moot point, because now my Ironport is bricked.
One of the updates failed, and our support contract has expired, so Ironport support can't help us fix it. Bummer. I'll have to weigh my options here and decide if it's worth renewing.
The good news is our email server, which no longer sits behind the Ironport, passes every single one of those relay tests.
Thanks a lot for your input, everyone. If I decide to stick with the Ironport, I'm sure I'll be back. :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: