Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1246
Views
0
Helpful
2
Replies

Incoming mail is delivered, outgoing connection is dropped.

eramos
Level 1
Level 1

‎05-01-2008 12:57 AM

Greetings all.

I'm trying to use our C100 as an enterprise Gateway, according to the manual this will allow our system to receive and route email to our groupware server. Also it will receive SMTP messages from our groupware server and route it to the internet.

During setup I configured the system to receive email for our domain and relay email from our domain. To relay email I used the server's IP addreses, since its a cluster. I added all the ips on the server. I've seen in logs of a barracuda our server sending messages with any of the ips, instead of using the one that represents the virtual smtp.

Incoming Email arrives without problems, but if I try to route mail thru the ironport the smtp connection is dropped.

The internal server is listed in the relay senders group.

I understand from reading the manual that I don't have to add or enable the Incoming Relays in IP Interfaces?

If I telnet from the mail server to the ironport I don't see a banner and as soon as I type a single letter the connection is dropped.

Between the ironport and the mail server is a firewall, there is a rule that allows communication to the ironport. The rule allows me to route mail to a barracuda. That makes me think its not the firewall but I'm not a 100% certain.

I apologize if there are any grammar errors or any other mistakes, english is not my native language.

I opened a ticked with support, they are looking at the configuration file.

But I also wanted to post here just in case someone could give some hints.

Thanks in advance for any help provided.

Labels:
0 Helpful
2 Replies 2

kluu_ironport
Level 2
Level 2

‎05-01-2008 04:23 PM

Here is how I suggest you troubleshoot this to see what sendergroup/mail flow policy your corporate mailserver is connecting in on:


By the way, if you're getting dropped immediately, you are probably not matching the RELAYLIST Sendergroup and then getting rejected. Try using the IP address of your mailserver instead of just the hostname in the RELAYLIST of your private/internal listener.



1. On the command line of the Ironport appliance, type the following command. Let's assume the IP address of your internal mailserver is "11.22.33.44"

grep -it "11.22.33.44" mail_logs


In the above command you're running both a grep and a tail against your mail_logs and looking only for the IP of your mailserver, 11.22.33.44

-i means ignorecase
-t means tail the logs and only show the pattern that you want to see


2. Once you have the grep running, log onto your mailserver and connect to the Ironport on port 25

telnet [ironport ip] 25

telnet 192.168.2.3 25


3. Then, look at the grep on the first window, you should see something like this:

Thu May 1 08:16:22 2008 Info: New SMTP ICID 103 interface Management (192.168.2.3) address 11.22.33.44 reverse dns host unknown verified no

4. Once you see something like that, search for the ICID

press Ctrl-C to cancel the grep and type this new command


grep -i "icid 103" mail_logs


This will tell you what sendergroup your corporate mailserver is matching on.


Feel free to post your results here and I can help anaylze.


Greetings all.

I'm trying to use our C100 as an enterprise Gateway, according to the manual this will allow our system to receive and route email to our groupware server. Also it will receive SMTP messages from our groupware server and route it to the internet.

During setup I configured the system to receive email for our domain and relay email from our domain. To relay email I used the server's IP addreses, since its a cluster. I added all the ips on the server. I've seen in logs of a barracuda our server sending messages with any of the ips, instead of using the one that represents the virtual smtp.

Incoming Email arrives without problems, but if I try to route mail thru the ironport the smtp connection is dropped.

The internal server is listed in the relay senders group.

I understand from reading the manual that I don't have to add or enable the Incoming Relays in IP Interfaces?

If I telnet from the mail server to the ironport I don't see a banner and as soon as I type a single letter the connection is dropped.

Between the ironport and the mail server is a firewall, there is a rule that allows communication to the ironport. The rule allows me to route mail to a barracuda. That makes me think its not the firewall but I'm not a 100% certain.

I apologize if there are any grammar errors or any other mistakes, english is not my native language.

I opened a ticked with support, they are looking at the configuration file.

But I also wanted to post here just in case someone could give some hints.

Thanks in advance for any help provided.

0 Helpful

eramos
Level 1
Level 1

‎05-06-2008 03:51 PM

Sorry for my late reply, there was a bit of chaos going around here but everything is fine now :D .

After trying your suggestiongs I noticed that I wasn't even arriving at the ironport at all.

I configured relay in the Data1 interface and everything started working.

Thanks for your help kluu.

Gotta check those firewalls now to find what is blocking the communication. :D

0 Helpful
Customers Also Viewed These Support Documents