From your description, it sounds like you've done everything correctly. Check your mail_logs for smtp auth attempts, (e.g. Wed Sep 12 07:59:41 2007 Info: SMTP Auth: (ICID 36) succeeded for user: jsmith using AUTH mechanism: LOGIN with profile: ldap_smtp)
Also, can you briefly go over how you're doing your test? Are you using a mail client like Mozilla Thunderbird and setting the outgoing server to be the IronPort appliance IP/hostname?
Thu Dec 25 13:09:00 2008 Info: ICID 184830 REJECT SG BLACKLIST match sbrs[-10.0: -3.0] SBRS -4.0
I think the problem is that the IP address you're coming from (i.e. *. .broadband.ctm.net) has a low SBRS score and you're getting stopped by the HAT Overview/Blacklist sendergroup first, before you're allowed to transmit your username/password.
Therefore, I don't think the problem is with the smtp auth at this point. It's the low SBRS score.
Create a custom/new sender group just for your ISP and put it at the top of your HAT Overview (or at least above the Blacklist).
1. Create a new sendergroup called "Accept-Broadband". Set the connection behavior to be "Accept" 2. Make sure the order is at the top. 3. For the senders, add ".broadband.ctm.net" to the list of connecting host. 4. This way, you can make sure your connections don't get stopped by the Blacklist.
Then, try the smtp auth again. Try and get that to work first.
We'll discuss the low SBRS score issue later once the smtp auth is working.
And by the way, there's nothing wrong with you, it's just broadband.ctm.net has a low sbrs score. It's like the passenger in the taxi is okay, but the taxi driver is bad.
Hi kevin : I solved it already , There was the Firewall issue . Firewall enable smtp inspect and block the auth command to ironport . so there was Unknown command : XXXX . I test it work successful after i disable firewall smtp inspect feature .
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :