hussainha
asked on
Mailflow from Exchange hub to Ironport
Hi,
Mails were flowing from MS Exchange hub 2010 to Ironport C160 through an old PIX515E,
After we change the PIX to a new ASA5500 the mails stopped flowing with following error
"The message has been queued on server 'jed-caht2.maaden.com' since 5/28/2012 9:27:37 AM (UTC+03:00) Kuwait, Riyadh. The last attempt to send the message was at 5/28/2012 9:36:54 AM (UTC+03:00) Kuwait, Riyadh and generated the error '451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.'."
please help to solve this issue
Mails were flowing from MS Exchange hub 2010 to Ironport C160 through an old PIX515E,
After we change the PIX to a new ASA5500 the mails stopped flowing with following error
"The message has been queued on server 'jed-caht2.maaden.com' since 5/28/2012 9:27:37 AM (UTC+03:00) Kuwait, Riyadh. The last attempt to send the message was at 5/28/2012 9:36:54 AM (UTC+03:00) Kuwait, Riyadh and generated the error '451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.'."
please help to solve this issue
ASKER
We did that but no luck
did what?
if you cannot telnet to your Exchange on 25, then you need to allow appropriate ports on your edge device
if you cannot telnet to your Exchange on 25, then you need to allow appropriate ports on your edge device
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it displays this
"220 mail.jed.maaden.com.sa ESMTP"
and we tried diasbling ESMTP but we got :
"ERROR: Inspection not installed or parameters do not match"
"220 mail.jed.maaden.com.sa ESMTP"
and we tried diasbling ESMTP but we got :
"ERROR: Inspection not installed or parameters do not match"
Hi,
And what happens if you send a message via telnet when EMSTP checking is enabled does it work?
Regards,
Johan
And what happens if you send a message via telnet when EMSTP checking is enabled does it work?
Regards,
Johan
ASKER
How can I do that????
ASKER
When I Enable EMSTP i get this
"220 **************************
"220 **************************
Hi,
In that case SMTP is enabled on the ASA. To disable it run the following cmdlets on your ASA:
Regards,
Johan
In that case SMTP is enabled on the ASA. To disable it run the following cmdlets on your ASA:
policy-map global_policy
class INSPECTION_DEFAULT
no inspect esmtp
no inspect smtp
class INSPECTION_DEFAULT
no inspect esmtp
no inspect smtp
Regards,
Johan
ASKER
I did
But it shows error command at
no inspect smtp
But it shows error command at
no inspect smtp
Hi,
Does this happen when executing the cmdlets or when testing afterwards?
Which IOS are you running.
Regards,
Johan
Does this happen when executing the cmdlets or when testing afterwards?
Which IOS are you running.
Regards,
Johan
Also, on ASA550 disable ESMTP inspection ;
Have you tried a telnet to your exchange server on port 25 ?