User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

1101

40-22

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 40 Testing and Troubleshooting

Troubleshooting the Listener

• Check firewall permissions.

The appliance may need all of the following ports to be opened in order to function properly: ports

20, 21, 22, 23, 25, 53, 80, 123, 443, and 628. (See Firewall Information.)

• Send email from the appliance on your network to dnscheck@ironport.com

Send an email from within your network to dnscheck@ironport.com to perform basic DNS checks

on your system. And auto-responder email will respond with the results and details of the following

four tests:

DNS PTR Record - Does the IP address of the Envelope From match the PTR record for the

domain?

DNS A Record - Does the PTR record for the domain match the IP address of the Envelope From?

HELO match - Does the domain listed in the SMTP HELO command match the DNS hostname in

the Envelope From?

Mail server accepting delayed bounce messages - Does the domain listed in the SMTP HELO

command have MX records that resolve IP addresses for that domain?

Troubleshooting the Listener

If you suspect problems with injecting email, use the following strategies:

• Confirm the IP address that you are injecting from, and then use the listenerconfig command to

check for allowed hosts.

Is the IP address allowed to connect to the listener you have created? Use the

listenerconfig

command to examine the Host Access Table (HAT) for the listener. Use these commands to print the

HAT for a listener:

listenerconfig -> edit -> listener_number -> hostaccess -> print

The HAT can be configured to refuse connections by IP address, block of IP addresses, hostname,

or domains. For more information, see “Specifying Hosts that are Allowed to Connect” on page 107.

You can also use the

limits subcommand to check the maximum number of connections allowed

for a listener:

listenerconfig -> edit -> listener_number -> limits

• On the machine that you are injecting from, use Telnet or FTP to manually connect to the appliance.

For example:

You can also use the

telnet command within the appliance itself to connect from the listener to the

actual appliance:

injection_machine% telnet appliance_name

mail3.example.com> telnet

Please select which interface you want to telnet from.

1. Auto