Avatar of hussainha
hussainha
 asked on

Mailflow from Exchange hub to Ironport

Hi,

Mails were flowing from MS Exchange hub 2010 to Ironport C160 through an old PIX515E,
After we change the PIX to a new ASA5500 the mails stopped flowing with following error

"The message has been queued on server 'jed-caht2.maaden.com' since 5/28/2012 9:27:37 AM (UTC+03:00) Kuwait, Riyadh. The last attempt to send the message was at 5/28/2012 9:36:54 AM (UTC+03:00) Kuwait, Riyadh and generated the error '451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.'."

please help to solve this issue
Hardware FirewallsPCExchange

Avatar of undefined
Last Comment
johan_v

8/22/2022 - Mon
Syed Mutahir Ali

hussainha

ASKER
We did that but no luck
Syed Mutahir Ali

did what?

if you cannot telnet to your Exchange on 25, then you need to allow appropriate ports on your edge device
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER CERTIFIED SOLUTION
johan_v

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
hussainha

ASKER
it displays this
"220 mail.jed.maaden.com.sa ESMTP"

and we tried diasbling ESMTP but we got :

"ERROR: Inspection not installed or parameters do not match"
johan_v

Hi,

And what happens if you send a message via telnet when EMSTP checking is enabled does it work?

Regards,
Johan
hussainha

ASKER
How can I do that????
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
hussainha

ASKER
When I Enable EMSTP i get this

"220 ****************************"
johan_v

Hi,

In that case SMTP is enabled on the ASA. To disable it run the following cmdlets on your ASA:

policy-map global_policy
class INSPECTION_DEFAULT
no inspect esmtp
no inspect smtp

Regards,
Johan
hussainha

ASKER
I did
But it shows error command at

no inspect smtp
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
johan_v

Hi,

Does this happen when executing the cmdlets or when testing afterwards?
Which IOS are you running.

Regards,
Johan