Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8074
Views
0
Helpful
7
Replies

How to configure SMTPS relay server for outgoing email in Ironport

rishabhjain1
Level 1
Level 1

‎05-27-2014 09:30 AM

Hi, Can I configure Ironport C170 to relay all our outgoing email through an ISP  mail server which accepts connection on SMTPS with authentication as currently we have this configuration in our environment.

Also, can I test it once configured without making it live?

Thanks

 

Labels:
0 Helpful
7 Replies 7

Ken Stieers
VIP
VIP

‎05-27-2014 04:41 PM

I pulled this from the online help:

 

 

Outgoing SMTP Authentication

SMTP Authentication can also be used to provide validation for an outbound mail relay, using a username and password. Create an ‘outgoing’ SMTP authentication profile and then attach the profile to an SMTP route for the ALL domain. On each mail delivery attempt, the Cisco appliance will log on to the upstream mail relay with the necessary credentials. Only a PLAIN SASL formatted login is supported.

Procedure

 

  1. Choose Network > SMTP Authentication.
  2. Click Add Profile.
  3. Enter a unique name for the SMTP authentication profile.
  4. For the Profile Type, select Outgoing.
  5. Click Next.
  6. Enter an authentication username and password for the authentication profile.
  7. Click Finish.
  8. Choose Network > SMTP Routes.
  9. Click the All Other Domains link in the Receiving Domain column of the table.
  10. Enter the name of the Destination Host for the SMTP route. This is the hostname of your external mail relay used to deliver outgoing mail.
  11. Select the outgoing SMTP authentication profile from the drop-down menu.
  12. Submit and commit your changes.
0 Helpful

hostmaster_at_dsb_net
Level 1
Level 1
In response to Ken Stieers

‎05-28-2014 12:14 AM

Hi,

I have a similar question with one difference. I setup a sender based routing in Outgoing Mail Policies, which works fine.
This alternate mailhost will require smtp auth in future and my question is how to achieve this.
I would guess to create an outgoing smtp auth profile and a smtp route. But I'm not sure what to put in the receiving domain field. The sender domain or IP of the alternate mailhost, or...?

Thanks in advance,

Pascal

0 Helpful

Ken Stieers
VIP
VIP
In response to hostmaster_at_dsb_net

‎05-28-2014 10:04 AM

Hey Pascal,

This is a spot where I"m not quite sure...

It may just be a matter of setting a destination that requires TLS under Mail Policies/Destination Controls.

 

 

0 Helpful

rishabhjain1
Level 1
Level 1
In response to Ken Stieers

‎05-28-2014 08:26 AM

Hi Kstieers,

ISP requires below settings for outbound relay.

Secure SMTPS:mail.internode.on.net
SMTP:
465

Configure your existing SMTP settings (in your email program) to:

  • use authentication:
    enter your Internode username and password
    Do not include @internode.on.net with your username.
    note: your password is cAsE-SensitivE.
  • enable SSL for sending email (SMTPS).

 

Where can we enable SSL for sending email (SMTPS)?

I can't seems to find this option neither in SMTP Authentication (Outgoing) nor in SMTP routes.

 

Thanks

0 Helpful

Ken Stieers
VIP
VIP
In response to rishabhjain1

‎05-28-2014 10:02 AM

Try Mail Policies/Destination Controls.

That's where you set TLS config...

But I'm not sure if it will do what you need, you may want to open a TAC case...

 

 

0 Helpful

rishabhjain1
Level 1
Level 1
In response to Ken Stieers

‎05-29-2014 07:58 AM

Hi,

I have tried setting TLS config in Destination Controls but I don't think its working.

I will try to explore a little further otherwise I may have to open a TAC case.

 

Thanks for help Kstieers.

0 Helpful

rishabhjain1
Level 1
Level 1
In response to rishabhjain1

‎06-16-2014 11:49 PM

Cisco ESA does not support SMTPS.

Got a response back from TAC,

......I’m sorry, but SMTPS is not supported by the Email Security Appliance. We support only STARTTLS and SMTP AUTH as part of the ESMTP protocol. The SMTPS protocol has been depreciated in the late 1990s with the introduction of STARTTLS and the IANA has reassigned the SMTPS port 465 for other purposes. The SMTPS protocol is only in use nowadays for backwards compatibility for mail servers that do not support ESMTP......

 

I have contacted our ISP for the alternative.indecision

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents