ACE module, TLS and smtp

Hello,
On a ACE module running software version ACE2(1.0), I have defined a virtual smtp server that is load-balanced to a serverfarm containing 2 SMTP servers. Normal SMTP connexions on port 25 work fine. SMTPS connexions to port 465 of a second vserver also work fine: SSL termination occurs at the ACE module and SMTP connexions to the real servers are in clear text on port 25. But I am having problems with TLS.
If a client connecting to port 25 of the first vserver tries to negotiate TLS, it works but it's the real server that handles TLS encryption. This is normal behavior - but the certificate has to be installed on each of the real servers. I would like the ACE module to handle TLS (it's supported according to the documentation). That way the certificate would only have to be installed on the ACE module.
So I tried to setup a third vserver on port 587 with the same "proxy-service" as the second vserver used for SSL. If a client connects to port 587 of the vserver via TLS, we only see the 3-way handshake between the client and the vserver, then a pause of a few seconds, then a FIN from the client and finally an ACK and a RESET from the vserver.
There are absolutely no lines in the log that could help me find out what's happening.
I found the "debug ssl" command in the documentation but I don't know how to use it - I entered the command and nothing happened; I don't know where the debugging information goes. This is probably why there's a warning that says that "The ACE debug commands are intended for use by trained Cisco personnel only."...
So my questions are: why is TLS not working? How can I find out why it's not working? Where does the "debug" information go when we use the "debug" commands?
Thanks a lot for any help you can give me!
Regards,
Marc.

SMTP over TLS is not supported in ACE currently.
SMTP doesnt use SSL/TLS simply as a secure transport like LDAP, IMAP, POP, HTTP.
In case of SMTP client needs to open a new conn.
So ACE or for that matter any other SMTP relay device needs to terminate conn, look in to the SMTP pkts and punch hole according to the new client conns.
You can get more details at
http://tools.ietf.org/html/rfc2487
Syed

Similar Messages

  • ACE module hung and required hard reset !!Plz help

    ACE module had bit flip and it was hunged after that.I was not able to run any command(i.e For ex if i run show ft status nothing was displayed).I was not able to run any command on the standby ACE as well is this could be both the ACE module ACTIVE?
    Manuaaly reboot from the ACE did not work. I had to forced hardare reset from cat 6500.
    Is this a bug or strange behaviour?
    I am running ACE A2(2.3) version on the module.
    Thanks
    ALEX

    Usually in the case of the bit flip the ace will reset itself, which clears the problem.  In order to understand what is happining to your ACE, you would have to open a TAC case, and provide show tech information, as well as any files that were generated in the "core:" directory.  You can view these using the command "dir core:"
    It seems odd that the standby ACE also wouldn't respond to any command input.  Did you have to reset it as well? If you had to reset it as well, then it may have encountered the same conditions that caused the hang on the primary.
    Was there any syslog messages generated on the 6500 switch during the time?

  • ACE module client and real servers on same subnet

    I am working on a ACE load balancing implementation,which has following requirement? Can someone let me know if this can be implemented and how?
    Configuration
    test context
    real server vlan 233
    real server subnet - 167.6.233.x
    VIP vlan - 539
    VIP subnet - 167.6.238.128/25
    production context
    real server vlan 232
    real server subnet - 167.6.232.x
    VIP vlan - 538
    VIP subnet - 167.6.238.0/25
    Load balancing is coinfigured in routed mode with ACE as gateway for test and prod real sever subnets (233 and 232 subnets).
    Test and production servers are mixed in these subnets. So we need to configure source NAT to access the test servers in the production subnet (232) and vis versa.
    Here are the scenarios and questions
    1. clients need to access the real servers in prod subnet (232) through VIP configured in test context (vlan 539) - this is done by SNAT at vlan 539 and working.
    2. real servers in test subnet (233) needs to access real servers in same subnet (233) through VIP configured in test context (vlan 539) - this is done by SNAT at vlan 233 and working
    3. real servers in prod subnet (232) need to access the real servers in test subnet (233) through VIP configured in test context (vlan 539) - this appears to be working fine without any additional configuration
    4. real servers in test subnet (233) needs to access another real servers in prod subnet (232) through VIP configured in test context (539)  - this is not working
    5. real servers in test subnet (233) needs to access another real server which is not on one of the subnet (167.6.56.x) behind ace - this is not working.
    Can we implement the scenarios 4 and 5?

    Hi Suresh,
    I see it's a bit complex and we do not have the config at hand.
    However for the scenario 4 if you apply the policy already applied on vlan 539 on the interface vlan233 then the ACE should catch the packets and apply the policy (i.e. forward the packets to the serverfarm you want)
    Alessandro
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Loadbalancing ldaps on ACE module

    Is it possible to configure loadbalancing of ldaps with end-to-end mode (encryption from end to end) on ACE module ?
    And if yes, do i have to use a special script for health checking ?

    Please correct me if this is wrong or bad design: I have ldaps running just by permitting the port in the ACLs and VIP class. Customer says it works fine.
    I'm sure you're aware of the health probe scripts you can get from Cisco (attached). This script defaults to ldap port (386) if none is specified. So you can specify the port under the "probe scripted LDAP_PROBE" config to use ldaps (636). Perhaps you should use both scripted probes together so that if one port is unavailable the server will be taken out of service.

  • ANM, ACE module device type

    I have a pair of ACE modules installed and maintained through ANM.  We
    started with ANM 2.X and recently upgraded to 3.0.
    The ACE modules were running code A1(6.3) and are now on A2(2.3).
    ANM is identifying the devices as Device Type ACE v1.0, and device types
    seem to limit the features that ANM exposes for configuration.
    The GUI does not expose the HTTP/SSL rewrite features in Expert mode, but I
    can configure the devices in the CLI.
    I have been unable to find an info on how devices are identified, or if they type
    can be changed..
    The exact module installed is a ACE20-MOD-K9.  Can anyone shed some light
    on if this is an 'ACE V1.0' and if not, how to convince ANM of the correct type?

    Just a thought - when you upgraded did you change the default www user password on the ACEs? I remember the upgrade instructions instructing that this step was necessary to allow manipulation of the configuration via xml (which I believe the ANM tool requires to exercise its full functionality).

  • Configure the tcode SCOT and SMTP for the SPM module in the R/3

    Hello,
    I want to know if I have to configure the tcode SCOT and SMTP for the SPM module (SAP GRC AC 5.3 SP5) in the R/3 if I want to send information toe the owner & controller.
    Best Regards.
    Pablo Mortera.

    Pablo,
    This would normally be a basis function. Be very careful as this is not specific to GRC.
    This will impact any external notifications using email / fax etc.
    It will also depend on your version and infrastructure.
    If you have web application servers, you will be able to do a lot more than if you have standard (older) application servers.
    You need to create a node under the INT and assign the appropriate tcp / ip rfc connection to direct it to your email server.
    You will then need to define the types of communications to be sent via that method and any appropriate email domain settings.
    You also need to create and set the appropriate send jobs to run periodically which will then automatically call the rfcs to process the waiting documents.
    Simon

  • Cisco ACE Module with Bluecoat Cache Proxy, Transparent and spoofing client IP

    Hello Dears,
    I'm trying to implement Cache loadbalancing through Cisco ACE Module.
    I have 2 Bluecoat cache proxies, when i do configure transparent proxy without spoofing client IP, everything work properly, but when I enable spoofing client IP (reflect client IP address), clients are not able to access internet, although they are going to cache servers, I can see their sessions.
    I'm afraid that I have a problem in the returned traffic PBR.
    can anyone help please.
    Thanks

    Hi Ibrahim
    I ahve reviewed the config. The ACE config is all god but I do see some issue with the switch side. If you are doing ip spoofing, then "match ip address" in pbr should be the client ip address. However, what you did is ip address between the ACE and MSFC. Try to configure the test client ip address into the below access-list.
    msfc---vlan 265---ACE--vlan 264----CE farm
    interface vlan 265
      description Interface_With_MSFC_SUBS_2_INTERNET
      ip address 168.168.1.52 255.255.255.248
      access-group input PERMIT_ALL
      service-policy input L3L4_PM
      no shutdown
    ip route 0.0.0.0 0.0.0.0 168.168.1.50
    ip access-list extended HSDPA_2_CACHE
    permit tcp 168.168.0.0 0.0.255.255 any eq www   <<<-- wrong
    ip access-list extended Internet_2_CACHE
    permit tcp any eq www 168.168.0.0 0.0.255.255   <<<---wrong
    interface Vlan 265
    description Interface_With_ACE
    ip address 168.168.1.50 255.255.255.248
    route-map INTERNET_2_HSDPA permit 10
    description "PBR for Response HTTP Traffic"
    match ip address Internet_2_CACHE
    set ip next-hop 168.168.1.52
    route-map HSDPA_2_INTERNET permit 10
    match ip address HSDPA_2_CACHE
    set ip next-hop 168.168.1.52
    regards
    Andrew

  • Can ACE module and 4710 appliance work redundant together

    Hi.
    I am setting up a testlab for ACE loadbalancing and need to test functionality on both the ACE module and the 4710 appliance.
    Can one of each of these two be set up redundant together with full functionality? Or do I have to test redundancy for 2x ACE modules and 2x 4710 appliances seperate?
    Thanks in advance for any help!

    It won't work.
    The code checks if the devices are the same during the HA negotiation.
    If you do a 'show ft peer detail' you should see at the end :
    SRG Compatibility            : WARM_COMPATIBLE
    License Compatibility        : INCOMPATIBLE
    These 2 entries indicate if the box are compatible to run HA between each other.
    The version is checked and the license.
    Both would be different between an ACE module and ACE appliance.
    Gilles

  • ACE module SSL url rewrite and path rewrite

    Hi all,
    I'm hoping some of you helpful people on this forum can guide me or suggest a solution to a problem I'm faced with.
    I am currently load balancing exchange 2010 traffic via an ACE module.  Software version is A2(3.3).  I have most parts of it working fine however I am having an issue when it comes to SSL termination for Outlook Web Access (OWA).
    The problem comes down to a HTTP header (field is location).  I have configured an action list to re-write the SSL pure URL as per page 96 of the "Cisco Application Control Engine Module SSL Configuration Guide".  example:
    ssl url rewrite location bnecas\.mycompany\.com sslport 443
    That part works, the http header location field that comes back from the GET request is changed to https://cas.mycompany.com which is great.  However, in addition to that url, there is also a path or something following that part.  The actual string that is returned is:
    https://cas.mycompany.com/owa/auth/logon.aspx?url=http://cas.mycompany.com/owa/&reason=0
    The first bit of it, (https://cas.mycompany.com) is changed by the ssl url rewrite command, however the last part (http://cas.mycompany.com/owa/&reason=0) isn't changed.
    This is where I've been trying to get the http Header Rewrite command to do something.  I don't know if it can work in conjunction with the ssl url rewrite function however with the ssl rewrite function it seems it can't change bits of the string that aren't the pure URL at the front.
    The end result is that while I have an SSL connection to the OWA login page, when I do login to OWA it reverts back to HTTP.  I'm fairly sure it is because of the last part of the location string above.  Is there a way to change that location string to do the following:
    1.  change the first part of the string to be https://cas.mycompany.com (like the ssl url rewrite function)
    2.  change the last part of the location string to put https in there instead of http
    Ideally I would love to have this string
    http://cas.mycompany.com/owa/auth/logon.aspx?url=http://cas.mycompany.com/owa/&reason=0
    replaced with this one
    https://cas.mycompany.com/owa/auth/logon.aspx?url=https://cas.mycompany.com/owa/&reason=0
    I had originally tried the following in the action list:
    header rewrite response location header-value "(owa/auth/logon\.aspx\?url=)http(://bnecas\.thiess\.aus/owa/&reason=0)" replace "%1https%2"
    ssl url rewrite location bnecas\.mycompany\.com sslport 443
    but it didn't work.  I'm probably screwing up the regex somewhere however there doesn't seem to be very clear examples anywhere I can find.
    Any help will be greatly appreciated and of course I will be sure to rate every post that responds to my plea for help.
    Brad

    Hi Brad,
    try this:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    action-list type modify http X
      header rewrite response Location header-value "http://(.*url=)http://(.*)" replace "https://%1https://%2"
    we wont be using ssl url rewrite in this case
    Also we will be needing persistence rebalance applied through application parameter map and apply that under the VIP class

  • Difference between ACE module and ACE appliance

    Hi All,
    Can someone help to understand the difference between ACE module and ACE appliance, as i am observing ACE module is providing more throughput when compared the ACE appliance, Is the only advantage we getting with contexts ....
    thanks inadvance,
    Narayana Mallidi

    Hi Narayan,
    Apart from providing throughput, ACE module has more to offer ,
    http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_ACE_Resource_Limits
    The above link will provide a comparision of ACE module and Ace appliance interms of scalability. Apart from that legacy modules wont support compression, but ACE 30 module can support compression.
    The major advantage of ACE 30 module is with resepct to SSL throughput, SSL TPS, L4 & L7 CPS, & Concurent Connections per second, apart from the increased contexts
    ACE 4710 Data Sheet :
    http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/Data_Sheet_Cisco_ACE_4710.html
    ACE20 Data Sheet
    http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/product_data_sheet0900aecd8045861b.html
    ACE 30 Data Sheet
    http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/data_sheet_c78_632383.html
    Regards
    Abijith

  • ACE Module and Limiting Connections

    We currently use the ACE module to Load-balancing IPSEC connection into SPA's.  Since the SPA's only support 60 new connections per second.  I was looking for a way to limit the amount of connecitons from the ACE to the SPA's.

    Hello,
    Have a look at the Configuring Real Server Rate Limiting section of the ACE documentation.  I think this will meet your needs.
    Hope this helps,
    Sean

  • ACE Module and IPSEC

    Hi,
    can i Loadbalance IPSEC to a Couple of Routers via the ACE Module?
    Sven

    Yes, the ACE module supports ipsec.
    You need stickyness based on src ip to guarantee that the isakmp traffic goes to the same router as the ipsec traffic.
    Gilles.

  • Design ? about SNMP operation in ACE module ... Traps sent to different Mgmt Stations

    Good Day everyone,
    I searched the site, and I could not find the answer I was looking for, so If anyone happens to know or point me to a link I would greatly appreciate it.
    Topic:
    Can ACE module sent different Traps (oid) to different management station? Split decision processing to send specific traffic to specific stations, based on the alert it has detected.
    Scenario:
    Our network equipments have a demarc point on what devices are managed via SNMP (Traps, syslog, EMS, etc...); Routers, Switches, ACE modules, and so forth.
    However, we are not responsible for the App Servers assigned to various broadcast domains.
    Customer would like to receive Notification from the ACE module when a Real Server is taken out of rotation , when specific probes have failed.
    My team manages the ACE module, so any alerts from the ACE will be sent to the management station configured in our network.
    Unfortunately I do not have a Test Lab to test my theory, so any help would be greatly appreciated before I submit my Production configs.
    Design Requirements:
    Customer would like the following traps generated and sent to their management station:
    1) Real Server host name
    2) TCP port
    3) Real Server IP address
    4) If capable, percentage threshold for each real server, based on the prediction configured for each Server Farm
    5) Can a NetIQ agent be download on the ACE module to communicate with the NetIQ management station?
    As always thank you for any help you can provide, and if you happen to be around Huntsville Alabama/USA.. you got a cold beer waiting for you!!!!
    Cheers,
    -raman

    Gilles,
    Thank you for your prompt answer.
    When you have time please look over the following question and let me know if it is possible to implement, if the Proxy server is not an option?
    Can a Custom TCL script be executed to sent an notification via SMPT if a health probe fails?
    The SMTP message will contain the server info (IP address, Host name, TCP port).
    The script procedure will execute certain actions based on the returned result.
    Thanks,
    raman
    P.S
    Sorry about not being up to speed on TCL. I am reading up on the TCL capability, and trying to provide some options to my customer.

  • A problem with ACL in the class-map on the ACE module

                      Hi all,
    I configured the following on the ACE module:
    object-group network test
      host 192.168.1.21
      host 192.168.1.22
      host 192.168.1.23
    object-group service port
      tcp eq www
      tcp eq 8080
    access-list T line 8 extended permit object-group port object-group test any
    I tried to configure a class-map for matching this ACL:
    ACE-4710-2/Lab-OPT-11(config)# class-map match-any TEST_C
    ACE-4710-2/Lab-OPT-11(config-cmap)# match access-list T
    Error: Cannot associate acl having object-group ACEs in class-map.
    So couldn't I  configure the class-map by using ACL with object-groups involved? Is it the bug or the normal behaviour? Because the customer uses object-groups in ACLs and he has to configure ACL without object-groups for the traffic classification. It is horrible.
    Thank you
    Roman

    Hi Roman,
    I'm afraid it's the expected behavior. You cannot use an ACL with object-groups inside a class-map.
    Regards
    Daniel

  • How to send email to a SMTP server over a secure channel using STARTTLS setting of a send connector (Exchange and SMTP server are in the same domain)

    I’m trying to send email using exchange send connector STARTTLS setting to the SMTP server. I have read multiple documents on configuring TLS for send connector, but they talks about outbound connections to internet facing servers. My Exchange 2013 and SMTP
    server is in the same domain (let’s say A.com) and I’m creating dummy domains on my SMTP server (e.g.
    [email protected],
    [email protected] ) and their respective send connectors on the exchange server end. In the smart host section added the IP address of the SMTP server and in the scoping section added the SMTP domain address (e.g. dummy1.local ). In the FQDN field, added
    the FQDN of the exchange server 2013 which certificate is enabled with SMTP service.
    Could you tell me a step by step procedure, where I’m going wrong or any extra settings needs to added?
    Presently, it is giving me an error that 530 5.5.1 TLS encrypted connection is required.
    Note: I’ve created the Microsoft CA certificates for the SMTP and exchange servers and imported them in the personal certificate container. In which, the exchange certificate is created with FQDN name of the server and enabled for the SMTP service.
    I’m using OPENSSL certificate for making the SMTP server TLS enabled. (let me know, if I need to import the OPENSSL certificate anywhere on the exchange end)?
    Thanks!

    -IgnoreSTARTTLS is set to false on the send connector properties.
    I'm trying to established a HTTP over TLS connection. I'm not using mutual TLS between these two server.
    The send connector protocol logging is attached as below,
    2014-09-22T20:09:45.468Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,2,10.219.3.74:24939,10.219.3.73:25,<,220 SMTP.A.local Welcome (MTA version),
    2014-09-22T20:09:45.546Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,3,10.219.3.74:24939,10.219.3.73:25,>,EHLO Exchange.A.local,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,4,10.219.3.74:24939,10.219.3.73:25,<,250-SMTP.A.local Exchange.A.local OK,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,5,10.219.3.74:24939,10.219.3.73:25,<,250-SIZE,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,6,10.219.3.74:24939,10.219.3.73:25,<,250-8BITMIME,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,7,10.219.3.74:24939,10.219.3.73:25,<,250-BINARYMIME,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,8,10.219.3.74:24939,10.219.3.73:25,<,250-PIPELINING,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,9,10.219.3.74:24939,10.219.3.73:25,<,250-HELP,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,10,10.219.3.74:24939,10.219.3.73:25,<,250-DSN,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,11,10.219.3.74:24939,10.219.3.73:25,<,250-CHUNKING,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,12,10.219.3.74:24939,10.219.3.73:25,<,250-AUTH SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,13,10.219.3.74:24939,10.219.3.73:25,<,250-AUTH=SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,14,10.219.3.74:24939,10.219.3.73:25,<,250-STARTTLS,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,15,10.219.3.74:24939,10.219.3.73:25,<,250-DELIVERBY,
    2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,16,10.219.3.74:24939,10.219.3.73:25,<,250-MT-PRIORITY,
    2014-09-22T20:09:45.640Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,17,10.219.3.74:24939,10.219.3.73:25,<,250 ENHANCEDSTATUSCODES,
    2014-09-22T20:09:45.655Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,18,10.219.3.74:24939,10.219.3.73:25,>,STARTTLS,
    2014-09-22T20:09:45.671Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,19,10.219.3.74:24939,10.219.3.73:25,<,220 2.7.0 Ready to start TLS,
    2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,20,10.219.3.74:24939,10.219.3.73:25,*,,Sending certificate
    2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,21,10.219.3.74:24939,10.219.3.73:25,*,CN=Exchange.A.local,Certificate subject
    2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,22,10.219.3.74:24939,10.219.3.73:25,*,"CN=DC-CA, DC=A, DC=local",Certificate issuer name
    2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,23,10.219.3.74:24939,10.219.3.73:25,*,63E7E70100000000000B,Certificate serial number
    2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,24,10.219.3.74:24939,10.219.3.73:25,*,CAEB1200CDF49715E5F2E4B8315EFDDC01F8F945,Certificate thumbprint
    2014-09-22T20:09:45.780Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,25,10.219.3.74:24939,10.219.3.73:25,*,Exchange.A.local,Certificate alternate names
    2014-09-22T20:09:46.654Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,26,10.219.3.74:24939,10.219.3.73:25,-,,Local
    2014-09-22T20:09:46.669Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,0,,10.219.3.73:25,*,,attempting to connect
    2014-09-22T20:09:46.685Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,1,10.219.3.74:24940,10.219.3.73:25,+,,
    2014-09-22T20:09:46.701Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,2,10.219.3.74:24940,10.219.3.73:25,<,220 SMTP.A.local Welcome (MTA version),
    2014-09-22T20:09:46.701Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,3,10.219.3.74:24940,10.219.3.73:25,>,EHLO Exchange.A.local,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,4,10.219.3.74:24940,10.219.3.73:25,<,250-SMTP.A.local Exchange.A.local OK,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,5,10.219.3.74:24940,10.219.3.73:25,<,250-SIZE,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,6,10.219.3.74:24940,10.219.3.73:25,<,250-8BITMIME,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,7,10.219.3.74:24940,10.219.3.73:25,<,250-BINARYMIME,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,8,10.219.3.74:24940,10.219.3.73:25,<,250-PIPELINING,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,9,10.219.3.74:24940,10.219.3.73:25,<,250-HELP,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,10,10.219.3.74:24940,10.219.3.73:25,<,250-DSN,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,11,10.219.3.74:24940,10.219.3.73:25,<,250-CHUNKING,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,12,10.219.3.74:24940,10.219.3.73:25,<,250-AUTH SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,13,10.219.3.74:24940,10.219.3.73:25,<,250-AUTH=SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
    2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,14,10.219.3.74:24940,10.219.3.73:25,<,250-STARTTLS,
    2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,15,10.219.3.74:24940,10.219.3.73:25,<,250-DELIVERBY,
    2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,16,10.219.3.74:24940,10.219.3.73:25,<,250-MT-PRIORITY,
    2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,17,10.219.3.74:24940,10.219.3.73:25,<,250 ENHANCEDSTATUSCODES,
    2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,18,10.219.3.74:24940,10.219.3.73:25,*,,sending message with RecordId 52652004081667 and InternetMessageId <[email protected]>
    2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,19,10.219.3.74:24940,10.219.3.73:25,>,MAIL FROM:<> SIZE=7653 BODY=BINARYMIME,
    2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,20,10.219.3.74:24940,10.219.3.73:25,>,RCPT TO:<[email protected]>,
    2014-09-22T20:09:46.825Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,21,10.219.3.74:24940,10.219.3.73:25,<,530 5.5.1 A TLS-encrypted connection is required,
    2014-09-22T20:09:46.950Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,22,10.219.3.74:24940,10.219.3.73:25,<,503 5.5.1 unexpected RCPT command,
    2014-09-22T20:09:46.981Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,23,10.219.3.74:24940,10.219.3.73:25,>,RSET,

Maybe you are looking for

  • Configuration steps to Trigger IDOC from R/3 to XI

    Hi All, I have read several forums , and i am in confusion to follow which one of them. Let me describe the process of configuration steps in r/3 and XI in step by step and correct me when i am wrong. Steps in R/3 1)  Goto SALE.    Basic settings->Lo

  • Migration tool for migrate MII objects from 11.5 to 12.1

    Hi All, We can use any of the tools SP01/02/03/04 for migrate MII objects from 11.5 to 12.0. Our requirement is to migrate MII objects from 11.5 to 12.1. Can we use the same tool to accomplish our requiremnt ? Or is there any other tool for this? Ple

  • Can't Install Adobe flashplayer on my powerbook G4. Running on Ubuntu.

    I've tried downloaded the Ubuntu version and even the Linux versions and windows versions. It's an apple PowerBook G4, 2006 model. What I keep getting is "Error: Wrong architecture 'i386'" I'm pretty sure it's Ubuntu 8.04. Nothing seems to be working

  • Printing my icloud calender from the past year

    I have an iphone.  I use my icalender for all my appointments.  I also back up my iphone on my mac, and save its contents to the icloud.  I must print off every calender from July 2011 up until now, May 2012 (10 months worth of stuff). When reviewing

  • Hello all! I lost my Iphone and don't know it number - what can I do?

    I inspired by your brand as almost all people in the world! Few weeks ago I lost my iphone 5 and now have some problems with purchasing new! I believe in miracles and decided to try to ask Apple support me. I bogged down in work and study: I organize