Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

How to change email routing in IronPort C360

Hi All,

I am new with IronPort. I would like to reconfigure my IronPort especially in its mail routing. The following are current and proposed config.

current config

Exchange <----> Mail antivirus Server <-----> IronPort <------> Internet  <------> External user

Proposed Config

Exchange <-------> IronPort <-------> Internet <--------> External User

What parameter in Iron Port should i change to allow the proposed config running well?

Cheers,

Andi

Everyone's tags (4)
6 REPLIES
Cisco Employee

How to change email routing in IronPort C360

Hi Andi,

For incoming emails from Internet, you just need to change the SMTP route(s) for your domain(s).

1. Under 'Network'-'SMTP Routes', click and edit the destination hosts (i.e. private IP address of your Exchange server) for your domain(s).

For outgoing/relaying emails from Exchange server, since it sends from Exchange server directly to IronPort now instead of mail antivirus server, you need to edit the hosts under RELAYLIST.

1. Under 'Mail Policies'-'HAT Overview', click RELAYLIST of the listener and add the sender with Exchange server's private IP address. (I suggest to add the Exchange server's private IP address instead of replacing the existing mail antivirus server since it allows a smoother migration. You can remove the old mail antivirus server's IP address later or just keep it.)

For Exchange server setting, edit the smarthost configuration to be IronPort outgoing listener's IP address.

Cheers,

Tommy

New Member

How to change email routing in IronPort C360

Hi Tommy,

Thanks for your solution. I will try your advice soon. Thanks for your help.

Cheers,

Andi

New Member

How to change email routing in IronPort C360

Hi Tommy,

Let say we have the following existing config:

                            |-------- Servers

                            |

Exchange <----> Mail Anti VirusServer -<----> IronPort <-----> Internet ---- external usere

                            |

                            |<--------->  Exchange (sister company exchange, different domain)

Proposed:

Exchange <-------> IronPort <-------> Internet <--------> External User

                             |

              Servers----|

                            

* Beside the requirements i mentioned earlier, the mail antivirus server also serve mail flow to/from other sister company.

* The mail flow for sister company is:  user --- exchange ---- mail anti virus server --- sister company. and also vice versa.

* Email from sistem company can only received from Mail Anti virus server, (IronPort after migration).

* Some servers inside relay email using Mail Antivirus server, and then will use Iron Port after migration.

Is there any additional change in the configof IronPort? Please advise.

Cheers,

Andi

Cisco Employee

How to change email routing in IronPort C360

Dear Andi,

You can add a new network interface (and then listener) on IronPort with the same IP address of mail antivirus server if this mail antivirus server is only scanning SMTP traffic.

You need to plan carefully and take scheduled stoppage as well. This will involve less setting changes on servers and Exchange servers. However, each step needs to be taken carefully as well (e.g. stop all servers to deliver emails, let all emails on AV server to deliver nad clean up the delivery queue, then add a new network interface (then listener) on IronPort with AV server's IP address, add those relaying servers (Exchange and sister companies' servers) into RELAYLIST, add the SMTP routes of new sister companies' servers into IronPort).

Use 'telnet x.x.x.x 25' command on servers to test whether emails can be relayed correctly to other servers and Exchange servers.

Then you can resume email delivery of all servers.

Let us know if you still have any question or need any help.

Tommy

New Member

How to change email routing in IronPort C360

Hi Tommy,

The mail antivirus server not only scanning SMTP traffic but also routing mails as well. Actually we plan 3 phases for the migration. Phase 1 we have successfully migrated to IronPort for incoming email from Internet and routing email to local domain. Phase 2 we will migrate to IronPort for handling incoming email from sister company domain and also route them.

Phase 3 is to migrate to IronPort for other important server (in DMZ) which currently using Mail Anti Virus for email to IronPort.

Please check my proposed configuration.

Phase 2

For RELAYLIST i add sister company exchange address. (exisitng is Iron Port and Mail antivirus server address). For SMTP route, i add new domain (sister company) and add ironport IP address.

Phase 3 still no idea what shoud i config

Regards,

Andi

New Member

How to change email routing in IronPort C360

One more question:

How to config selective mail routing, let say we receive emails from sistes company and only relay it to local exchange, not to internet? and only emails from local exchange route to sister company exchange, not from others.

11474
Views
0
Helpful
6
Replies