cancel
Showing results for 
Search instead for 
Did you mean: 

Monitoring Inbound SMTP

SOLVED
Here to help

Monitoring Inbound SMTP

I recently started employing the Barracuda Cloud Protection Layer to filter inbound email. I've waited now 7 days since changing our public MX records. Mail is flowing fine, there's no problem with that. Today I changed our MX100 firewall NAT rule such that SMTP port 25/587 traffic is now only being accepted from Barracuda's IP ranges. Mail is still flowing fine. What I would like to do now, however, is monitor inbound port 25 traffic, to see if any legit mail from our customers or vendors is being blocked. I know that changing public MX records can take sometimes crazy amounts of time to propagate based on doing this at a former employer. Believe it or not back then (6 years ago) I was still seeing legit SMTP traffic coming in from customers and vendors a full month after having made the public DNS change. I'd like to avoid the possibility of losing revenue due to anti-spam policies. How can I monitor this inbound SMTP traffic via the Meraki Dashboard? Also is there any way to see past SMTP inbound traffic, via report or some other mechanism? TIA

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Monitoring Inbound SMTP

It is a real ping.  Basically you have to log to a Syslog server.

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over...

 

You are better to allow the traffic through to an internal server and check its logs.  Then deny it again once you are happy.

11 REPLIES 11
Here to help

Re: Monitoring Inbound SMTP

I have no idea why the Subject of this post reads "Monitoring MR's with Nagios" as that is NOT what I entered. Weird.

Community Manager

Re: Monitoring Inbound SMTP

Hi @threeonesix - Let me know what you'd like the title to be and I can update it for you!

Caroline S | Community Manager, Cisco Meraki | @merakicaroline
New to the community? Get started here
Here to help

Re: Monitoring Inbound SMTP

I think I entered "Monitoring Inbound SMTP" or something like that. That would be more appropriate as I'm not using Nagios Smiley Wink

Thanks!

Kind of a big deal

Re: Monitoring Inbound SMTP

If the traffic is NAT'd to your SMTP server couldn't you do the monitoring on that server? Alternatively you could mirror the port going to/from your mail server to whatever monitoring platform you wanted to use.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Here to help

Re: Monitoring Inbound SMTP

I don't think so because the firewall rule takes precedence. The NAT publishing rule associates the inbound SMTP traffic with our Barracuda Email Security Gateway appliance, which then forwards accepted emails to our Exchange server. If the MX100 blocks an inbound SMTP connection attempt from 1.2.3.4 the Barracuda isn't going to show that traffic at all. So I think the monitoring has to be done at the firewall where the rule is in place to block SMTP traffic that does not emanate from Barracuda's public IP ranges. Is my thinking incorrect? Very well could be.

Kind of a big deal

Re: Monitoring Inbound SMTP

It is a real ping.  Basically you have to log to a Syslog server.

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over...

 

You are better to allow the traffic through to an internal server and check its logs.  Then deny it again once you are happy.

Here to help

Re: Monitoring Inbound SMTP

Pretty sure we already do employ syslog with this MX100 so I'll look into that.

 

An even better option might be to go on about my life and wait until our salespeople and supply chain employees complain that they're not receiving emails they are expecting  Smiley Happy

Kind of a big deal

Re: Monitoring Inbound SMTP

Go with plan-b. Go on with your life.

Here to help

Re: Monitoring Inbound SMTP

I really wanted to accept that as the solution but I'm afraid future humans will think we are lazy.  lol

Community Manager

Re: Monitoring Inbound SMTP


@threeonesix wrote:

I think I entered "Monitoring Inbound SMTP" or something like that. That would be more appropriate as I'm not using Nagios Smiley Wink

Thanks!


Done! Cheers.

Caroline S | Community Manager, Cisco Meraki | @merakicaroline
New to the community? Get started here
Here to help

Re: Monitoring Inbound SMTP

Thank you!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Points Contest
Join us for a month-long contest with heaps of swag to win!

Learn More ›