Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
40-22
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 40 Testing and Troubleshooting
Troubleshooting the Listener
•
Check firewall permissions.
The appliance may need all of the following ports to be opened in order to function properly: ports
20, 21, 22, 23, 25, 53, 80, 123, 443, and 628. (See
20, 21, 22, 23, 25, 53, 80, 123, 443, and 628. (See
•
Send email from the appliance on your network to
dnscheck@ironport.com
Send an email from within your network to
dnscheck@ironport.com
to perform basic DNS checks
on your system. And auto-responder email will respond with the results and details of the following
four tests:
four tests:
DNS PTR Record - Does the IP address of the Envelope From match the PTR record for the
domain?
domain?
DNS A Record - Does the PTR record for the domain match the IP address of the Envelope From?
HELO match - Does the domain listed in the SMTP HELO command match the DNS hostname in
the Envelope From?
the Envelope From?
Mail server accepting delayed bounce messages - Does the domain listed in the SMTP HELO
command have MX records that resolve IP addresses for that domain?
command have MX records that resolve IP addresses for that domain?
Troubleshooting the Listener
If you suspect problems with injecting email, use the following strategies:
•
Confirm the IP address that you are injecting from, and then use the
listenerconfig
command to
check for allowed hosts.
Is the IP address allowed to connect to the listener you have created? Use the
listenerconfig
command to examine the Host Access Table (HAT) for the listener. Use these commands to print the
HAT for a listener:
HAT for a listener:
listenerconfig
->
edit
-> listener_number ->
hostaccess
->
print
The HAT can be configured to refuse connections by IP address, block of IP addresses, hostname,
or domains. For more information, see “Specifying Hosts that are Allowed to Connect” on page 107.
or domains. For more information, see “Specifying Hosts that are Allowed to Connect” on page 107.
You can also use the
limits
subcommand to check the maximum number of connections allowed
for a listener:
listenerconfig
->
edit
-> listener_number ->
limits
•
On the machine that you are injecting from, use Telnet or FTP to manually connect to the appliance.
For example:
For example:
You can also use the
telnet
command within the appliance itself to connect from the listener to the
actual appliance:
injection_machine% telnet appliance_name
mail3.example.com> telnet
Please select which interface you want to telnet from.
1. Auto