SMTP Routes, DNS and Failover

Hi !
I'm configuring an outgoing server (i.e. only a private listener) on ESA C370 with AsyncOS 8.0.1.
I use the Internet's Root DNS Servers, and my default SMTP route is empty. My ESA is connected to 3 networks : production (default gateway), administration and failover (1 interface/network).
I would like to deploy a failover solution with an extra ESA on the failover network : if I lose my internet connection (impossible to join DNS and remote MX), my ESA would redirect all its mails to the extra ESA.
How can I do that ?
Thank you for your help.
Best Regards
Quentin

The ESA has no way to automatically fallback to a static IP if DNS in unreachable. The best on-box solution I can suggest is manually changing the 'All Other Domains' SMTP Routes entry when such an event occurs.
I hope this helps!
- Jackie

Similar Messages

SMTP routing table

Hello,
Solaris 8/ Iplanet Messaging Server 4.X
Solaris 8 / SunOne Messaging Server 5.2
My question is about SMTP routing table and for
iMS4.x AND SMS5.2
Question:
In my SunOne Messaging Server 5.X I have 10 domains.
mydomain0.com, mydomain1.com to mydomain9.com
I try to have this:
all peoples from mydomain0.com, send mail to internet,
mail is send to smtp.relay0.com
all peoples from mydomain1.com, send mail to internet,
mail are send to smtp.relay1.com
etc...
And I have 10 relays
Can I do this, and how (I don't see in documentation or
FAQ)
thank you
Christophe Damoy

is this entry valid for routing table in nms v 4.15 p6
* : anotherhot.mydomain.com:5000
assuming that my anotherhost is listening and accepting on port 5000 for smtp connections. and i wanna forward all the mails to that host
regards
Prashant

How to find out the primary and failover DNS name

Hi;
This sounds very stupid, but could some one please tell me how to find out the name/dns name of the primary and failover server without using the CDS console.
any help is appreciated

Is this what you want?
$ /usr/lib/ldap/ldap_cachemgr -g
cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 12729
cachemgr cache data statistics:
Configuration refresh information:
Previous refresh time: 2005/08/07 23:54:59
Next refresh time: 2005/08/08 00:55:00
Server information:
Previous refresh time: 2005/08/14 15:15:00
Next refresh time: 2005/08/15 03:15:00
server: ldap1.example.com, status: UP
server: ldap2.example.com, status: UP
server: ldap3.example.com, status: UP
Cache data information:
Maximum cache entries: 256
Number of cache entries: 0
Gary

Is it possible in IOS to have two static routes for the same subnet, one a higher priority and "failover" between the 2?

Hi All
Is it possible in IOS to have for a particular subnet:
a) Two static routes?
b) Make one static route a higher priority than the other?
c) If one static router "goes down", failover to the lower priority static route?
We have a l2tp/vpdn connection to a supplier which can be accessed via two vlans/routes. I would like to make one route the preferred one but the "route" to failover if the preferred route goes down.
Again, many thanks in advance for all responses!
Thanks
John

Hi John,
Hope the below explaination will help you...
R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2
R1(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.3 10
If you notice the Administrative Distance for the secondary route pointing to ISP2 is increased to 10 so that it becomes the backup link.
The above configuration with just two floating static routes partially accomplishes our requirement as it will work only in the scenario where the routers interfaces connected to the WAN link are in up/down or down/down status. But in a lot of situations we see that even though the links remain up but we are not able to reach the gateway, this usually happens when the issue is at the ISP side.
In such scenarios, IP SLAs becomes an engineer's best friend. With around six additional IOS commands we can have a more reliable automatic failover environment.
Using IP SLA the Cisco IOS gets the ability to use Internet Control Message Protocol (ICMP) pings to identify when a WAN link goes down at the remote end and hence allows the initiation of a backup connection from an alternative port. The Reliable Static Routing Backup using Object Tracking feature can ensure reliable backup in the case of several catastrophic events, such as Internet circuit failure or peer device failure.
IP SLA is configured to ping a target, such as a publicly routable IP address or a target inside the corporate network or your next-hop IP on the ISP's router. The pings are routed from the primary interface only. Following a sample configuration of IP SLA to generate icmp ping targeted at the ISP1s next-hop IP.
R1(config)# ip sla 1
R1(config)# icmp-echo 2.2.2.2 source-interface FastEthernet0/0
R1(config)# timeout 1000
R1(config)# threshold 2
R1(config)# frequency 3
R1(config)# ip sla schedule 1 life forever start-time now
The above configuration defines and starts an IP SLA probe.
The ICMP Echo probe sends an ICMP Echo packet to next-hop IP 2.2.2.2 every 3 seconds, as defined by the “frequency” parameter.
Timeout sets the amount of time (in milliseconds) for which the Cisco IOS IP SLAs operation waits for a response from its request packet.
Threshold sets the rising threshold that generates a reaction event and stores history information for the Cisco IOS IP SLAs operation.
After defining the IP SLA operation our next step is to define an object that tracks the SLA probe. This can be accomplished by using the IOS Track Object as shown below:
R1(config)# track 1 ip sla 1 reachability
The above command will track the state of the IP SLA operation. If there are no ping responses from the next-hop IP the track will go down and it will come up when the ip sla operation starts receiving ping response.
To verify the track status use the use the “show track” command as shown below:
R1# show track
Track 1
IP SLA 1 reachability
Reachability is Down
1 change, last change 00:03:19
Latest operation return code: Unknown
The above output shows that the track status is down. Every IP SLAs operation maintains an operation return-code value. This return code is interpreted by the tracking process. The return code may return OK, OverThreshold, and several other return codes.
Different operations may have different return-code values, so only values common to all operation types are used. The below table shows the track states as per the IP SLA return code.
Tracking
Return Code
Track State
Reachability
OK or over threshold
(all other return codes)
Up
Down
The Last step in the IP SLA Reliable Static Route configuration is to add the “track” statement to the default routes pointing to the ISP routers as shown below:
R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2 track 1
R1(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.3 10
The track number keyword and argument combination specifies that the static route will be installed only if the state of the configured track object is up. Hence if the track status is down the secondary route will be used to forward all the traffic.
Please rate the helpfull posts.
Regards,
Naidu.

WiFi only works close to router, DNS fail, Signal Bars present but Safari says no Internet, I've deleted and readded through to reset and full reset, I had no problem with 4.3.2 only 4.3.3 both my iPhone4 and my iPad2. I am now beside router - no problem

Help
WiFi only works close to router, DNS fail, Signal Bars present but Safari says no Internet, I've deleted and re-added through to reset and full reset, I had no problem with 4.3.2 only 4.3.3 both my iPhone4 and my iPad2. I am now beside router - no problem, but go 20 metres and WiFi becomes unstable. Only way to get either to work is disable WiFi either as a Hot Spot or turn it off and use the 3G connection. This worked with 4.3 & 4.3.2 what has gone wrong? I raised it at the Apple Store in Belfast as a problem but was told that there was no problem with Apple but I must have a faulty router - yeah - that's a lot of faulty routers, my home, my office, my holiday home, Starbucks, my friends house, my son's house. I've tried all the 'fixes'. I think it is a plan to force us to buy Apple Routers

Two ways out, I added two more Belkin Access Points in my house in Spain so that I'm not more than 10Mtrs away, (Reinforced Concrete & solar glass 2010)
I bought 3 Apple Airports, 1 x Extreme and 2 x Express (1 as a hard wired AP, 1 as an extender) for my other house (Brick construction 1930's)
Everthing now works perfectly, as I said 'an apple plot', so either blast them with signal or visit your nearest apple store.
Early beta iOS5 (iPad) is also much inproved in Beta 3, I have not had any problem with 'Lion'
Happy hunting!
john

TLS mutual authentication and Separate default SMTP routes per listener - IronPort c370

Dear all ,
We have two IronPort C370 ESAs , formed in a cluster.
We are in a need to route e-mails targeted to a special group using TLS Required/Verify.
I have two questions :
1. Is TLS mutual authentication possible on both incoming and outgoing ?
2. Due to the nature of the TLS need the existing listener cannot be used. So I created a new listener and respective filters to decide when the recipient requirements are met. The new listener is going to be configured with a policy specifying TLS required/verify. Problem is that there is always a default SMTP route pointing specifically to a cloud service rather than directly to the Internet while for the new listener usedns is required. Is it possible to have two different default SMTP routes assigned to different listeners ?
Thanks and kind regards ,
Gino.
PS : Please bear with me and questions. I am making my first steps in Iron Port administration.

I have made some sort of progress but I would also like to have your expert opinions.
I have came to understand that in order to present TLS mutual authentication for the incoming traffic I will just have to trust the sender(s) CA ( containing SANs etc for both the SMTP domain and the ESA itself ) while if I spread own SANs to the counterparts I will also have TLS mutual authentication on the outgoing traffic as well. Issue is that I will have to declare it in destination controls and it cannot be generic.
Is there any way to make TLS required/verify with mutual authentication the default without having to set destination contol(s) ?
As for my second question I have came to understand that the additional listener is not an aditional MTA and concequently I cannot have separate default SMTP route ( default = what is called as "ALL" in IronPort ). Still if anyone knows something more it would be really helpful if it was shared.

Router DHCP and Server 2008R2 DNS

Hello all,
Netgear Genie WND4300 as DHCP Router/Server
Server 2008 R2 as DNS server (AD DS)
Q: How can I get the DNS server to update automatically from the DHPC router?
And no, I can't move the DHCP role from the router to the server. (Which is probably the best solution but.....)
Thanks in advance,
don

Hi,
Do you want to configure the DHCP server to register and update DNS A and PTR records on behalf of the DHCP-enabled clients? If yes, based on my experience, you need to configure on the DHCP server. Since your DHCP server is a router, you can contact its vendor
for the specific settings.
Best regards,
Susie

On my home wireless network, the iphone 5 won't let me enter the IP address, subnet mask and router info. I was able to enter the DNS and Search Domains. How do I open up those fields?

On my home wireless network, the iphone 5 won't let me enter the IP address, subnet mask and router info. I was able to enter the DNS and Search Domains. How do I open up those fields?

Apparently the router is not sending the info to the iphone. How can I make that happen?

Configd overwrites DNS and routing from OpenVPN

Apologies if this is covered elsewhere. I've looked and found no definitive answers.
Problem:
OpenVPN creates a tunnel on a virtual network interface tap0 which is configured via DHCP. Once up a script is called to update the routing tables and set DNS. On linux and windows this works and is very stable because static routing configurations are employed. On Mac OS X v10.6 routing configurations are dynamic and managed by configd. Once the virtual interface comes up the routing tables and DNS can be changed, but after a short while, configd will come along and change the routing and DNS configurations and break the VPN.
This is covered in some detail in this article.
http://www.afp548.com/article.php?story=20041015131913324
Question: How to write the DNS and routing entries into preferences at the time OpenVPN comes up so that they will persist when configd updates the system?
Details:
1. Commands used by OpenVPN script to update the routing table and DNS
/usr/sbin/ipconfig set "$dev" DHCP
/usr/sbin/scutil <<EOF
d.init
get State:/Network/Service/DHCP-$dev/DNS
d.add SupplementalMatchDomains * $domain_name
set State:/Network/Service/DHCP-$dev/DNS
EOF
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 /sbin/route add -net 192.168.120.1 192.168.1.1 255.255.255.255
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: add net 192.168.120.1: gateway 192.168.1.1
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 /sbin/route delete -net 0.0.0.0 192.168.1.1 0.0.0.0
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: delete net 0.0.0.0: gateway 192.168.1.1
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 /sbin/route add -net 0.0.0.0 192.168.110.1 0.0.0.0
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: add net 0.0.0.0: gateway 192.168.110.1
2. Every looks good for a few minutes
MacBook-Pro:~ user$ netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.110.1 UGSc 0 0 tap0
default 192.168.110.1 UGScI 41 88 tap0
127 localhost UCS 0 0 lo0
localhost localhost UH 0 0 lo0
169.254 link#5 UCS 0 0 en1
192.168.1 link#5 UC 1 0 en1
192.168.1.1 0:1e:e5:86:79:22 UHLWI 1 17 en1 1187
192.168.1.101 localhost UHS 0 0 lo0
192.168.110 link#7 UCS 2 0 tap0
192.168.110.1 0:17:3f:9b:e3:e2 UHLWI 43 8 tap0 1182
192.168.110.3 0:1c:c0:f:90:3b UHLWI 12 137213 tap0 454
192.168.110.29 localhost UHS 0 0 lo0
192.168.120.1/32 192.168.1.1 UGSc 1 0 en1
MacBook-Pro:~ user$ sudo scutil --dnsDNS configuration
resolver #1
domain : celoso.net
search domain[0] : celoso.net
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
nameserver[2] : 4.2.2.3
order : 200000
resolver #2
domain : celoso.net
nameserver[0] : 192.168.110.3
nameserver[1] : 192.168.110.3
order : 100400
3. Then something will trigger configd to update the DNS or routing tables, the only evidence of which I have been able to find is the following message in the system.log
Feb 7 11:20:34 MacBook-Pro configd[13]: network configuration changed.
4. And either the DNS or routing tables will be changed e.g.
MacBook-Pro:~ user$ sudo /usr/sbin/scutil --dns
Password:
DNS configuration
resolver #1
domain : celoso.net
search domain[0] : celoso.net
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
nameserver[2] : 4.2.2.3
order : 200000
resolver #2
domain : local
options : mdns
timeout : 2
order : 300000
MacBook-Pro:~ user$ netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 0 0 en1
default 192.168.110.1 UGScI 52 81 tap0
127 localhost UCS 0 0 lo0
localhost localhost UH 0 0 lo0
169.254 link#5 UCS 0 0 en1
192.168.1 link#5 UC 1 0 en1
192.168.1.1 0:1e:e5:86:79:22 UHLWI 1 17 en1 1196
192.168.1.101 localhost UHS 0 0 lo0
192.168.110 link#7 UCS 2 0 tap0
192.168.110.1 0:17:3f:9b:e3:e2 UHLWI 54 5 tap0 1199
192.168.110.3 0:1c:c0:f:90:3b UHLWI 0 34 tap0 1161
192.168.110.29 localhost UHS 0 0 lo0
192.168.120.1/32 192.168.1.1 UGSc 1 0 en1

The question is what event is causing configd to change configurations.
In general, this will only occur if an interface goes down or if a DHCP address needs to be renewed.

Ironport Management appliance and smtp routes

Hi Guys,
I'm configuring M170 management appliance for two mail security Ironports (for centralized quarantine).
while going through the configuration, i have found that there is SMTP route can be configured, why do i need to configure SMTP route under the management appliance?
As i know it should be confgured on the Ironport email security appliances, but why on management? Do i need it?
Thanks & Regards,
Rami

Hi,
Thanks for your reply, just want to confirm, this is will be used even for end users Quarantine notification, correct?
I mean that Management appliance will send quarantine notifications to end users by using this smtp route, am i right?
Regards,
Rami

SMTP routing table does not seem to be working correctly.

Why isn't the SMTP routing table working properly?

First, make sure you have the routing table setup correctly.
Entries in the Routing table are in the following format:

<incoming recipient domain>:<route to this host>

For example, if you want all mail addressed to [email protected]
to be routed to mailhost1.realdomain.com, you would add the following
line to the SMTP routing table:

virtualdomain.com:mailhost1.realdomain.com

With the above option, any mail coming in addressed to <anyone>@virtualdomain.com
will be routed to mailhost1.realdomain.com. The recipient email
address will not be re-written, so mailhost1.realdomain.com needs to
accept mail addressed to the original address, @virtualdomain.com,
even though it is in realdomain.com.

Before adding, changing or deleting any SMTP routing table entries, double-check
with the DNS Administrator that the host names you specify are valid,
registered host names. If in doubt, you can use IP addresses for the
"route to" host, but not for the "incoming recipient domain".

Wild cards can be used in mail routing table options, but they indicate that a
hostname will fill that spot. For example:

*.domain.com:mailserver1.domain.com

In the above example, any mail addressed to <anyone>@<anyhost>.domain.com
will be routed to mailserver1.domain.com. However, mail addressed to
<anyone>@domain.com will not be routed. To fix this, add this
line:

domain.com:mailserver1.domain.com

Note: You cannot use the SMTP routing table to route all mail
addressed to a specific domain to a specific account. You would need to use
a "Mail Pool" account for this, which is only available in Messaging Server
3.5+.

is this entry valid for routing table in nms v 4.15 p6
* : anotherhot.mydomain.com:5000
assuming that my anotherhost is listening and accepting on port 5000 for smtp connections. and i wanna forward all the mails to that host
regards
Prashant

Accessing business tier cluster using DNS and failvoer1

Hi Guys,
 I think these are jolly interesting questions :-)
 Say I have a web tier and business tier, with business tier and web tier
 each in their own clusters.
 Say I deploy my web applications to web tier, and EJB's to business tier.
 Now if I want to access an EJB from the web tier, I can't just say new
 InitialContext() etc. cos
 I guess the EJB's aren't bound in the web tier, only in the business tier.
 Q1: So do I have to access my business tier by creating a context giving the
 URL of the business tier?
 I am assuming answer to Q1 is yes. If so, the best way is to probably
 somehow map one name to
 each machine. I can do this with DNS easily. Hoever, it is not clear what
 the consequences are
 regarding failover.
 Q2: What if one machine in the business tier goes down? My DNS server will
 still map to it, and hence as DNS round robins if my web tier tries to
 contact my business tier, chances are it may get IP of broken server. What
 will happen? Will it transparently "fail over"?
 Q3: How do I add new machines? Do I have to go and modify the DNS?
 Alternatively, there may be some loadbalancer/router thingie out there that
 I can map by business tier DNS name to, and it
 will transparently route to one of the business servers. I guess they can
 do pings to check health of servers, and possibly see
 new servers coming up?
 Q4: Am I on right track with loadbalancer/router?
 And for the final course :-D, I dont' quite understand something like the
 DataSource which is supposedly clusterable.
 Q5: If I want my business tier to have exclusive access to the database,
 but I want to access a datasource from the web tier, am
 I asking too much? Cos I can't target DataSource to web tier as then I'd
 have to target connection pool, and then I'd have to have
 access to DB from web tier which is somehtin gI want to avoid. ie. is
 there a way to stream data through DS from web tier to business tier.
 If you got this far, thank you!
 Regards,
 Q


 Since the EJBs are deployed to a cluster, you can access them with cluster address
 (URL to retrieve context). See cluster examples in your Weblogic installation.
 Your question 5 is quite wierd for me. If you don't want your web tier to touch
 database at all, use EJBs or RMI on business tier to execute your database related
 task for web tier.
 "Quantos Quattro" <[email protected]> wrote:
 >Hi Guys,
 >
 >I think these are jolly interesting questions :-)
 >
 >Say I have a web tier and business tier, with business tier and web tier
 >each in their own clusters.
 >Say I deploy my web applications to web tier, and EJB's to business tier.
 >
 >Now if I want to access an EJB from the web tier, I can't just say new
 >InitialContext() etc. cos
 >I guess the EJB's aren't bound in the web tier, only in the business
 >tier.
 >
 >Q1: So do I have to access my business tier by creating a context giving
 >the
 >URL of the business tier?
 >
 >I am assuming answer to Q1 is yes. If so, the best way is to probably
 >somehow map one name to
 >each machine. I can do this with DNS easily. Hoever, it is not clear
 >what
 >the consequences are
 >regarding failover.
 >
 >Q2: What if one machine in the business tier goes down? My DNS server
 >will
 >still map to it, and hence as DNS round robins if my web tier tries to
 >contact my business tier, chances are it may get IP of broken server.
 > What
 >will happen? Will it transparently "fail over"?
 >
 >Q3: How do I add new machines? Do I have to go and modify the DNS?
 >
 >Alternatively, there may be some loadbalancer/router thingie out there
 >that
 >I can map by business tier DNS name to, and it
 >will transparently route to one of the business servers. I guess they
 >can
 >do pings to check health of servers, and possibly see
 >new servers coming up?
 >
 >Q4: Am I on right track with loadbalancer/router?
 >
 >And for the final course :-D, I dont' quite understand something like
 >the
 >DataSource which is supposedly clusterable.
 >
 >Q5: If I want my business tier to have exclusive access to the database,
 >but I want to access a datasource from the web tier, am
 >I asking too much? Cos I can't target DataSource to web tier as then
 >I'd
 >have to target connection pool, and then I'd have to have
 >access to DB from web tier which is somehtin gI want to avoid. ie.
 >is
 >there a way to stream data through DS from web tier to business tier.
 >
 >If you got this far, thank you!
 >
 >Regards,
 >Q
 >
 >

Alt-Mailhost / SMTP Routes Question...

Hi All,
I have a query on SMTP routing when using the Alt-Mailhost command in a Message Filter...
Our configuration in overview is two Ironport devices (C650's at AsyncOS 6.4) at separate sites, configured as a cluster (all config is common across sites). At each site, there also exists a 3rd party mail host.
So, I have a message filter which selects messages based on some criteria and I also know which Ironport received it. When I have a match, I want to route this message to the 3rd party mail host on the _local_ site......but if that mail host is down, I want to route it to the 3rd party mail host on the other site. Simple as that!
At the moment, my Alt-Mailhost command looks like this;
<message has been selected> {
<if "Site A" Ironport used> {
alt-mailhost('bogusdomain1.net');
<else>{
alt-mailhost('bogusdomain2.net');
...in my SMTP Routes I'd _like_ to have this;
bogusdomain1.net <3rd-Party-Box-at-Site-A>, <3rd-Party-Box-at-Site-B>
bogusdomain2.net <3rd-Party-Box-at-Site-B>, <3rd-Party-Box-at-Site-A>
...but this doesn't work because multiple hosts in an SMTP route are tried in numerical / alphabetical order...no matter what order you put them into the SMTP Route definition (is this a bug?)....so in reality, they both have to look like this;
bogusdomain1.net <3rd-Party-Box-at-Site-A>, <3rd-Party-Box-at-Site-B>
bogusdomain2.net <3rd-Party-Box-at-Site-A>, <3rd-Party-Box-at-Site-B>
..which is no use.
My only other idea is that I could just have this in the SMTP Routes for those domains;
bogusdomain1.net USEDNS
bogusdomain2.net USEDNS
...and configure my DNS with the above domains, such that there really _is_ a difference in the order of the MX for those domains.
So my question is, how can I do this without using 'USEDNS' and the associated DNS config...i.e. just via the Ironport devices?
Hope the collective can help!
Cheers, Chris.

Check out the latest release notes...
Enhanced: Prioritized SMTP Routes
AsyncOS 7.0 allows you to prioritize the destination hosts for your SMTP routes. AsyncOS will attempt to deliver the message to a destination host in order based on priority. Destinations with identical priority will be used in a “round-robin” fashion.

Ironport back-up smtp routes

Hi Guys,
I have 2 lotus notes servers. Is it possible on the ESA to add these two servers on the SMTP routes while using the same domain name?
How will the ESA forward incoming mail then? Some sort of load balancing, or will it be a priority thing?
Thanks,
Adrian

Hi Adrian,
Q:
I have 2 lotus notes servers. Is it possible on the ESA to add these two servers on the SMTP routes while using the same domain name?
A:
Yes. Please use SMTP Routes option, under Network > SMTP Routes.
Q:
How will the ESA forward incoming mail then? Some sort of load balancing, or will it be a priority thing?
A:Whenever the appliance accept the connection and the message from the sender host, it will check the destination domain of the recipients and look up for SMTP route to reach that destination domain. If there is a SMTP route the appliance will then use the information configured on how to reach the destination. If you have version 7.x of the AsynOS which allows priorization, then the appliance will follow the configuration. If both destiantion servers configured have the same priority, round-robin fashion will be applied.
If you are running a version prior of AsyncOS 7.x then the appliance will connect to the first server configured. If that server is unreachable then it will try the next one configured.
SMTP Routes Overview
SMTP Routes allow you to redirect all email for a particular domain to a different mail exchange (MX) host. For example, you could make a mapping from example.com to groupware.example.com. This mapping causes any email with @example.com in the Envelope Recipient address to go instead to groupware.example.com. The system performs an “MX” lookup on groupware.example.com, and then performs an “A” lookup on the host, just like a normal email delivery. This alternate MX host does not need to be listed in DNS MX records and it does not even need to be a member of the domain whose email is being redirected. The Cisco IronPort AsyncOS operating system allows up to forty thousand (40,000) SMTP Route mappings to be configured for your Cisco IronPort appliance. (See SMTP Routes Limits.)
This feature also allows host “globbing.” If you specify a partial domain, such as .example.com, then any domain ending in example.com matches the entry. For instance, [email protected] and [email protected] both match the mapping.
If a host is not found in the SMTP Routes table, an MX lookup is performed using DNS. The result is not re-checked against the SMTP Routes table. If the DNS MX entry for foo.domain is bar.domain, any email sent to foo.domain is delivered to the host bar.domain. If you create a mapping for bar.domain to some other host, email addressed to foo.domain is not affected.
In other words, recursive entries are not followed. If there is an entry for a.domain to redirect to b.domain, and a subsequent entry to redirect email for b.domain to a.domain, a mail loop will not be created. In this case, email addressed to a.domain will be delivered to the MX host specified by b.domain, and conversely email addressed to b.domain will be delivered to the MX host specified by a.domain.
"The SMTP Routes table is read from the top down for every email delivery. The most specific entry that matches a mapping wins. For example, if there are mappings for both host1.example.com and .example.com in the SMTP Routes table, the entry for host1.example.com will be used because it is the more specific entry — even if it appears after the less specific .example.com entry. Otherwise, the system performs a regular MX lookup on the domain of the Envelope Recipient."
From our documentation:
"A receiving domain can have multiple destination hosts, each assigned a priority number, much like an MX record. The destination host with the lowest number identifies as the primary destination host for the receiving domain. Other destination hosts listed will be used as backup.
Destinations with identical priority will be used in a “round-robin” fashion. The round-robin process is based on SMTP connections, and is not necessarily message-based. Also, if one or more of the destination hosts are not responding, messages will be delivered to one of the reachable hosts. If all the configured destination hosts are not responding, mail is queued for the receiving domain and delivery to the destination hosts is attempted later. (It does not fail over to using MX records)."
I hope this helps.
Cheers,
Valter

RE: Hard Failures, KeepAlive, and Failover --Follow-up

Hi,
It's a really challenging question. However, what do you want to do after
the network crash? Failover or just stop the service? Should we assume
that when the network is down, and so do your name service?
One idea is to use externalconnection to "listen" to your external non-forte
alarm, so do "whatever" after you receive the alarm instead of letting the
"logical connection" to time out or hang.
Regards,
Peter Sham.
-----Original Message-----
From: Michael Lee [SMTP:[email protected]]
Sent: Wednesday, June 16, 1999 12:44 AM
To: [email protected]
Subject: Hard Failures, KeepAlive, and Failover -- Follow-up
I've gotten a handful of responses to my original post, and the suggested
solutions are all variations on the same theme -- periodically ping remote
nodes/partitions and then react when the node/partition goes down. In
other circumstance this would work, but unless I'm missing something this
solution doesn't solve the problem I'm running into.
Some background...
When a connection is set up between partitions on two different nodes,
Forte is effectively establishing two connections: a "physical
connection"
over TCP/IP between two ports and a "logical connection" between the two
partitions (running on top of the physical connection). Once a connection
is established between two partitions Forte assumes the logical connection
is valid until one of two things happen:
1) The logical connection is broken (by shutting down a partition from
Econsole/Escript, by killing a node manager, by terminating the ftexec,
etc.)
2) Forte detects that the physical connection is broken (via its KeepAlive
functionality).
If a physical connection is broken (via a cut cable or power-off
condition), and Forte has not yet detected the situation (via a KeepAlive
failure), the logical connection is still valid and Forte will still allow
method calls on the remote partition. In effect, Forte thinks the remote
partition is still up and running. In this situation, any method calls
made after the physical connection has been broken will simply hang. No
exceptions are generated and failover does not occur.
However, once a KeepAlive failure is detected all is made right.
Unfortunately, the lowest-bound latency of KeepAlive is greater than one
second, and we need to detect and react to hard failures in the 250-500ms
range. Using technology outside of Forte we are able to detect the hard
failures within the required times, but we haven't been able to get Forte
to react to this "outside" knowledge. Here's why:
Since Forte has not yet detected a KeepAlive failure, the logical
connection to the remote partition is still "valid". Although there are a
number of mechanisms that would allow a logical connection to be broken,
they all assume a valid physical connection -- which, of course, we don't
have!
It appears I'm in a "Catch-22" situation: In order to break a logical
connection between partitions, I need a valid physical connection. But
the
reason I'm trying to break the logical connection in the first place is
that I know (but Forte doesn't yet know) that the physical connection has
been broken.
If anyone knows a way around this Catch-22, please let me know.
Mike
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>-
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

Make sure you chose the right format, and as far as partitioning in concerned, you have to select at least one partition, which will be the entire drive.

SMTP Routes, DNS and Failover

Similar Messages

Maybe you are looking for