Meraki

Community

Meraki MX84 and ArGo Mail Server

jumpy
Here to help
‎Aug 4 2019 8:17 AM
‎Aug 4 2019 8:17 AM

Meraki MX84 and ArGo Mail Server

Hi there,

 

Does anyone have experince of implementing Meraki firewall along with ArGo mail server?

 

My mail server isn't working properly after I install MX84. A lot of pending emails got stuck in the outbox of mail server but it happens occasionally. it took around 10 mins to delivered success.

 

- I have checked bandwith on the MX84 and it's not full when the problem occurred.

- Rule checked on the MX84 (Allow any any at the end).

- I have set the mail server as whitelist in MX84.

- No endpoint firewall on the mail server

 

 

 

Outbox of Mail server when the problem occurredOutbox of Mail server when the problem occurred

 

 

Below is ArGo mail server setting.

 

Screenshot_20190802-151338_AnyDesk.jpgScreenshot_20190802-151344_AnyDesk.jpgScreenshot_20190802-151353_AnyDesk.jpgScreenshot_20190802-151417_AnyDesk.jpg

Screenshot_20190802-151429_AnyDesk.jpgScreenshot_20190802-151457_AnyDesk.jpg

 

Please help me on this.

 

Thank you

0 Kudos
8 Replies 8
BrechtSchamp
Kind of a big deal
‎Aug 4 2019 11:14 AM
‎Aug 4 2019 11:14 AM

I have no experience with ArGo, but are you sure this is due to the MX84? Mailservers sometimes tend to delay delivery to avoid being blocked as spam servers due to high numbers of delivered e-mail.

In response to BrechtSchamp
jumpy
Here to help
‎Aug 4 2019 5:53 PM
‎Aug 4 2019 5:53 PM

Hi @BrechtSchamp 

 

I have pointed to MX84 because the problem started since I installed MX84.

0 Kudos
Seshu
Meraki Employee
Meraki Employee
‎Aug 4 2019 11:25 AM
‎Aug 4 2019 11:25 AM

The only thing that is not bypassed when the Server is whitelisted is IPS/IDS on the MX.

 

Go ahead and disable Intrusion Detection under Security SD WAN -> Threat Protection and see if the outbox starts clearing.

 

 

In response to Seshu
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 4 2019 2:24 PM
‎Aug 4 2019 2:24 PM

I'm thinking @Seshu  is on the right track, it is IPS causing the problem.  It currently has sigatures that firewall on large SMTP headers (can't quite remember, but like 512 bytes or larger).

 

If you go "Security & SD-WAN/Threat Protection", and the go to the "Intrusion detection and prevention" section, and then "White Listed Rules" and then click on "Whitelist an IDS rule" the drop down box shows rules that have recently fired.

You can also enter (smtp) in the search box.  If something shows up that you can make a decision if it is a real threat or not.  If not a threat then add it to the whitelist.

 

 

In response to PhilipDAth
jumpy
Here to help
‎Aug 4 2019 6:01 PM
‎Aug 4 2019 6:01 PM

Hi @PhilipDAth and @Seshu,

 

Thank you for your advice but I'm sorry to say that my MX84 is running on Enterprise license. So, there is no "Intrusion detection and prevention" available.

 

image.png

0 Kudos
In response to jumpy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 4 2019 6:40 PM
‎Aug 4 2019 6:40 PM

You'll need to get a packet capture of it happening ... but it's probably not the MX84 then.

 

Perhaps you are making it onto an MX black list?

In response to jumpy
Seshu
Meraki Employee
Meraki Employee
‎Aug 5 2019 2:14 PM
‎Aug 5 2019 2:14 PM

@jumpy As @PhilipDAth suggested, simultaneous packet captures on MX LAN and WAN interfaces should be the way to go to actually trace if the MX is resetting the connections to/from the server

In response to Seshu
SoCalRacer
Kind of a big deal
‎Aug 6 2019 8:55 AM
‎Aug 6 2019 8:55 AM

Might want to review your MX records and make sure they are set correctly

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.