Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Incoming Relay and how messages are processed.

Hello, I have just configured Incoming Relays, it seems to work fine.
I finds the original sender IP and it assigns an SBRS score.
But, I just can't find why messages are processed according the outgoing policy.

Tue Oct 7 13:37:42 2008 Info: New SMTP ICID 5316 interface mail_IN (192.168.X.X) address 192.168.Y.X reverse dns host unknown verified no
Tue Oct 7 13:37:42 2008 Info: ICID 5316 RELAY SG RELAYLIST match 192.168.Y.X SBRS rfc1918
Tue Oct 7 13:37:42 2008 Info: Start MID 8040 ICID 5316
Tue Oct 7 13:37:42 2008 Info: MID 8040 ICID 5316 From: <gnivtaap1991>
Tue Oct 7 13:37:42 2008 Info: MID 8040 ICID 5316 RID 0 To: <xxxxxx>
Tue Oct 7 13:37:47 2008 Info: MID 8040 IncomingRelay(xxxxxx): Header Received found, IP 69.214.164.166 being used, SBRS -7.3
Tue Oct 7 13:37:47 2008 Info: MID 8040 Message-ID '<000b01c9289b>'
Tue Oct 7 13:37:47 2008 Info: MID 8040 Subject 'Confirm your order'
Tue Oct 7 13:37:47 2008 Info: MID 8040 ready 3562 bytes from <gnivtaap1991>
Tue Oct 7 13:37:47 2008 Info: MID 8040 matched all recipients for per-recipient policy DEFAULT in the outbound table
Tue Oct 7 13:37:47 2008 Info: MID 8040 queued for delivery
Tue Oct 7 13:37:47 2008 Info: ICID 5316 close
Tue Oct 7 13:37:47 2008 Info: New SMTP DCID 7098 interface 192.168.X.X address xx.xx.xx.xx port 25
Tue Oct 7 13:37:47 2008 Info: Delivery start DCID 7098 MID 8040 to RID [0]
Tue Oct 7 13:37:47 2008 Info: Message done DCID 7098 MID 8040 to RID [0]

Because it's processed like outgoing mail, ALL SPAM passes through the Ironport.

What am I missing?

2 REPLIES
New Member

Re: Incoming Relay and how messages are processed.

You'll probably want to remove the connection ip to a non RELAYLIST sendergroup.

From the sample provided, this entry:

Tue Oct 7 13:37:42 2008 Info: ICID 5316 RELAY SG RELAYLIST match 192.168.Y.X SBRS rfc1918

indicates the connecting IP is put on the relaylist, probably due to the 192.168.*.* subnet. Put this on a non RELAYLIST and then use the "incoming relay" feature to find the prior to the relay.

Then, use this article below to enforce the SBRS. You can see the SBRS of the hop before the relay has a low SBRS score.

Tue Oct 7 13:37:47 2008 Info: MID 8040 IncomingRelay(xxxxxx): Header Received found, IP 69.214.164.166 being used, SBRS -7.3




Matching sending hosts with poor SBRS through an incoming relay

http://tinyurl.com/2xtjz2



Hello, I have just configured Incoming Relays, it seems to work fine.
I finds the original sender IP and it assigns an SBRS score.
But, I just can't find why messages are processed according the outgoing policy.

Tue Oct 7 13:37:42 2008 Info: New SMTP ICID 5316 interface mail_IN (192.168.X.X) address 192.168.Y.X reverse dns host unknown verified no
Tue Oct 7 13:37:42 2008 Info: ICID 5316 RELAY SG RELAYLIST match 192.168.Y.X SBRS rfc1918
Tue Oct 7 13:37:42 2008 Info: Start MID 8040 ICID 5316
Tue Oct 7 13:37:42 2008 Info: MID 8040 ICID 5316 From:
Tue Oct 7 13:37:42 2008 Info: MID 8040 ICID 5316 RID 0 To:
Tue Oct 7 13:37:47 2008 Info: MID 8040 IncomingRelay(xxxxxx): Header Received found, IP 69.214.164.166 being used, SBRS -7.3
Tue Oct 7 13:37:47 2008 Info: MID 8040 Message-ID '<000b01c9289b>'
Tue Oct 7 13:37:47 2008 Info: MID 8040 Subject 'Confirm your order'
Tue Oct 7 13:37:47 2008 Info: MID 8040 ready 3562 bytes from
Tue Oct 7 13:37:47 2008 Info: MID 8040 matched all recipients for per-recipient policy DEFAULT in the outbound table
Tue Oct 7 13:37:47 2008 Info: MID 8040 queued for delivery
Tue Oct 7 13:37:47 2008 Info: ICID 5316 close
Tue Oct 7 13:37:47 2008 Info: New SMTP DCID 7098 interface 192.168.X.X address xx.xx.xx.xx port 25
Tue Oct 7 13:37:47 2008 Info: Delivery start DCID 7098 MID 8040 to RID [0]
Tue Oct 7 13:37:47 2008 Info: Message done DCID 7098 MID 8040 to RID [0]

Because it's processed like outgoing mail, ALL SPAM passes through the Ironport.

What am I missing?

New Member

Re: Incoming Relay and how messages are processed.

Thank you, that worked.

336
Views
0
Helpful
2
Replies