IronPort - commandes en vrac
Alasta 18 Juin 2015 cisco cisco ironport cli
Description : Quelques commandes CLI pour IronPort
Forcer l'envoie des mails en attente :
1 (Host_IronPort)> delivernow
2
3 Please choose an option for scheduling immediate delivery.
4 1. By recipient host
5 2. All messages
6 [1]> 2
7 Rescheduling all messages for immediate delivery.
Suspendre un listener
Si vous souhaitez temporairement ne plus recevoir ou émettre de message, vous devrez suspendre le listener adéquat.
1 (Host_IronPort)> suspendlistener
2
3 Choose the listener(s) you wish to suspend.
4 Separate multiple entries with commas.
5 1. All
6 2. IncomingMail
7 3. OutboundMail
8 [1]> 2
9
10 Enter the number of seconds to wait before abruptly closing connections.
11 [30]>
12
13 Waiting for listeners to exit...
14 Receiving suspended for IncomingMail.
Note : attention, cela survie au reboot !
Relancer un listener
Si vous avez arrêté un listener et que vous souhaitez le relancer.
1 (Host_IronPort)> resumelistener
2
3 Choose the listener(s) you wish to resume.
4 Separate multiple entries with commas.
5 1. All
6 2. IncomingMail
7 3. OutboundMail
8 [1]> 2
9
10 Receiving resumed for IncomingMail.
Status
1 (Host_IronPort)>status
2
3 Enter "status detail" for more information.
4
5 Status as of: Thu Jun 18 12:47:47 2015 CEST
6 Up since: Mon Jun 10 08:43:36 2015 CEST (8d 4h 4m 11s)
7 Last counter reset: Never
8 System status: Online
9 Oldest Message: 6 days 13 mins 3 secs
10 Feature - McAfee: 30 days
11 Feature - Sophos Anti-Virus: 30 days
12 Feature - Bounce Verification: Perpetual
13 Feature - Centralized Management: 215 days
14 Feature - IronPort Anti-Spam: 198 days
15 Feature - IronPort Email Encryption: 30 days
16 Feature - RSA Email Data Loss Prevention: 30 days
17 Feature - Incoming Mail Handling: Perpetual
18 Feature - Outbreak Filters: 30 days
19
20 Counters: Reset Uptime Lifetime
21 Receiving
22 Messages Received 54,491,021 264,615 54,491,021
23 Recipients Received 59,018,184 296,556 59,018,184
24 Rejection
25 Rejected Recipients 597,041 1,091 597,041
26 Dropped Messages 42,275 2,120 42,275
27 Queue
28 Soft Bounced Events 1,858,032 6,044 1,858,032
29 Completion
30 Completed Recipients 58,973,872 293,040 58,973,872
31 Current IDs
32 Message ID (MID) 55508420
33 Injection Conn. ID (ICID) 169346250
34 Delivery Conn. ID (DCID) 27473021
35
36 Gauges: Current
37 Connections
38 Current Inbound Conn. 5
39 Current Outbound Conn. 2
40 Queue
41 Active Recipients 1,387
42 Messages In Work Queue 0
43 Messages In Quarantine 0
44 Kilobytes Used 16,736
45 Kilobytes In Quarantine 0
46 Kilobytes Free 34,586,272
Note : Pour plus d'information (CPU par feature, ...), il est possible d'utiliser la commande status details
Version de l'appliance
1 (Host_IronPort)> version
2
3 Current Version
4 ===============
5 Product: Cisco IronPort C370 Messaging Gateway(tm) Appliance
6 Model: C370
7 Version: 7.6.1
8 Build Date: 2012-12-02
9 Install Date: 2013-01-22 15:49:22
10 Serial #: XXLLPPLLPPXHHYGTG
11 BIOS: 2.1.9C
12 RAID: 1.21.02-0528, 2.01.00, 1.02-014B
13 RAID Status: Optimal
14 RAID Type: 1
15 BMC: 1.85
Licenses
1 (Host_IronPort)> featurekey
2
3 Module Quantity Remaining Expiration Date
4 Centralized Management 2 215 days Tue Jan 19 12:10:50 2016
5 IronPort Email Encryption 1 30 days Dormant
6 IronPort Anti-Spam 25000 198 days Sat Jan 2 12:13:30 2016
7 Sophos Anti-Virus 1 30 days Dormant
8 Bounce Verification 1 Perpetual N/A
9 Incoming Mail Handling 1 Perpetual N/A
10 Outbreak Filters 1 30 days Dormant
11 RSA Email Data Loss Prevention 1 30 days Dormant
12 McAfee 1 30 days Dormant
13
14 Choose the operation you want to perform:
15 - ACTIVATE - Activate a (pending) key.
16 - CHECKNOW - Check now for new feature keys.
17 []>
Configuration des Listener
1 (Host_IronPort)> listenerconfig
2
3 NOTICE: This configuration command has not yet been configured for the current cluster mode (Machine IronPort-Cluster).
4
5 What would you like to do?
6 1. Switch modes to edit at mode "Cluster Cluster_IronPort".
7 2. Start a new, empty configuration at the current mode (Machine IronPort).
8 3. Copy settings from another cluster mode to the current mode (Machine IronPort).
9 [1]> 1
10
11
12 Currently configured listeners:
13 1. Adm (on ADM) SMTP TCP Port 25 Private
14 2. From_Priv (on Virt3_Data1) SMTP TCP Port 25 Private
15 3. Into_Soc1 (on Virt2_Data1) SMTP TCP Port 25 Public
16 4. Into_Soc2 (on Virt1_Data1) SMTP TCP Port 25 Public
17
18 Choose the operation you want to perform:
19 - NEW - Create a new listener.
20 - EDIT - Modify a listener.
21 - DELETE - Remove a listener.
22 - SETUP - Change global settings.
23 - CLUSTERSET - Set how listeners are configured in a cluster.
24 - CLUSTERSHOW - Display how listeners are configured in a cluster.
25 []>
Configuration d'interface
1 (Host_IronPort)> interfaceconfig
2
3
4 Currently configured interfaces:
5 1. ADM (192.168.1.1/24 on Management: IronPort-ADMIN)
6 2. Bounce (192.168.2.2/24 on Data 1: IronPort-BOUNCE)
7 3. Virt1_Data1 (192.168.3.3/24 on Data 1: priv.domain.com)
8 4. Virt2_Data1 (192.168.4.4/24 on Data 1: soc1.domain.com)
9 5. Virt3_Data1 (192.168.5.5/24 on Data 1: soc2.domain.com)
10
11 Choose the operation you want to perform:
12 - NEW - Create a new interface.
13 - EDIT - Modify an interface.
14 - GROUPS - Define interface groups.
15 - DELETE - Remove an interface.
16 []>
Routes SMTP
1 (Host_IronPort)> smtproutes
2
3 NOTICE: This configuration command has not yet been configured for the current cluster mode (Machine IronPort).
4
5 What would you like to do?
6 1. Switch modes to edit at mode "Cluster Cluster_IronPort".
7 2. Start a new, empty configuration at the current mode (Machine IronPort).
8 3. Copy settings from another cluster mode to the current mode (Machine IronPort).
9 [1]> 1
10
11
12 There are currently 20 routes configured.
13
14 Choose the operation you want to perform:
15 - NEW - Create a new route.
16 - EDIT - Edit destinations of an existing route.
17 - DELETE - Remove a route.
18 - PRINT - Display all routes.
19 - IMPORT - Import new routes from a file.
20 - EXPORT - Export all routes to a file.
21 - CLEAR - Remove all routes.
22 - CLUSTERSET - Set how SMTP routes are configured in a cluster.
23 - CLUSTERSHOW - Display how SMTP routes are configured in a cluster.
24 []> print
25
26 domain1.com: 10.1.1.1
27 domain2.com: 10.2.2.2
28 domain3.fr: 10.3.3.3
29 domain4.com: 10.4.4.4
30
31
32
33 There are currently 4 routes configured.
34
35 Choose the operation you want to perform:
36 - NEW - Create a new route.
37 - EDIT - Edit destinations of an existing route.
38 - DELETE - Remove a route.
39 - PRINT - Display all routes.
40 - IMPORT - Import new routes from a file.
41 - EXPORT - Export all routes to a file.
42 - CLEAR - Remove all routes.
43 - CLUSTERSET - Set how SMTP routes are configured in a cluster.
44 - CLUSTERSHOW - Display how SMTP routes are configured in a cluster.
45 []>
Backup par mail
1 (Host_IronPort)> mailconfig
2
3 Please enter the email address to which you want to send the configuration file.
4 Separate multiple addresses with commas.
5 []> adm@domain1.com
6
7 Do you want to mask the password? Files with masked passwords cannot be loaded using loadconfig command. [Y]>
8
9 The configuration file has been sent to adm@domain1.com.
Affichage des filtres
1 (Host_IronPort)> filters
2
3
4 Choose the operation you want to perform:
5 - NEW - Create a new filter.
6 - DELETE - Remove a filter.
7 - IMPORT - Import a filter script from a file.
8 - EXPORT - Export filters to a file
9 - MOVE - Move a filter to a different position.
10 - SET - Set a filter attribute.
11 - LIST - List the filters.
12 - DETAIL - Get detailed information on the filters.
13 - LOGCONFIG - Configure log subscriptions used by filters.
14 - ROLLOVERNOW - Roll over a filter log file.
15 - CLUSTERSET - Set how filters are configured in a cluster.
16 - CLUSTERSHOW - Display how filters are configured in a cluster.
17 []> list
18
19 Num Active Valid Name
20 1 N Y AltSrcInt
21 2 Y Y Filter_Whitelist
22 3 Y Y Antispoofing_Enveloppe
23 4 Y Y Antispoofing_Header
24
25
26 Choose the operation you want to perform:
27 - NEW - Create a new filter.
28 - DELETE - Remove a filter.
29 - IMPORT - Import a filter script from a file.
30 - EXPORT - Export filters to a file
31 - MOVE - Move a filter to a different position.
32 - SET - Set a filter attribute.
33 - LIST - List the filters.
34 - DETAIL - Get detailed information on the filters.
35 - LOGCONFIG - Configure log subscriptions used by filters.
36 - ROLLOVERNOW - Roll over a filter log file.
37 - CLUSTERSET - Set how filters are configured in a cluster.
38 - CLUSTERSHOW - Display how filters are configured in a cluster.
39 []>
tail
1 (Host_IronPort)> tail
2
3 This command is restricted to run in machine mode of the machine you are logged in to. Do you want to switch to "Machine
4 IronPort" mode? [Y]>
5
6 Currently configured logs:
7 Log Name Log Type Retrieval Interval
8 ---------------------------------------------------------------------------------
9 1. antispam Anti-Spam Logs Manual Download None
10 2. antivirus Anti-Virus Logs Manual Download None
11 3. asarchive Anti-Spam Archive Manual Download None
12 4. authentication Authentication Logs Manual Download None
13 5. avarchive Anti-Virus Archive Manual Download None
14 6. bounces Bounce Logs Manual Download None
15 7. encryption Encryption Logs Manual Download None
16 8. error_logs IronPort Text Mail Logs Manual Download None
17 9. euq_logs Spam Quarantine Logs Manual Download None
18 10. euqgui_logs Spam Quarantine GUI Logs Manual Download None
19 11. ftpd_logs FTP Server Logs Manual Download None
20 12. gui_logs HTTP Logs Manual Download None
21 13. mail_logs IronPort Text Mail Logs Manual Download None
22 14. repeng Reputation Engine Logs Manual Download None
23 15. reportd_logs Reporting Logs Manual Download None
24 16. reportqueryd_logs Reporting Query Logs Manual Download None
25 17. scanning Scanning Logs Manual Download None
26 18. snmp_logs SNMP Logs FTP Push - Host 192.168.6.6None
27 19. sntpd_logs NTP logs Manual Download None
28 20. status Status Logs Manual Download None
29 21. system_logs System Logs Manual Download None
30 22. trackerd_logs Tracking Logs Manual Download None
31 23. updater_logs Updater Logs Manual Download None
32 Enter the number of the log you wish to tail.
33 []> 13
34
35 Press Ctrl-C to stop.
36 Thu Jun 18 12:51:42 2015 Info: MID 55508656 Message-ID '<7746D226-9967-4237-BB0A-D688888854CC@toto.com>'
37 Thu Jun 18 12:51:42 2015 Info: MID 55508656 Subject '=?iso-8859-1?Q?Retour
38 ...'
grep
1 (Host_IronPort)> grep
2
3 Currently configured logs:
4 Log Name Log Type Retrieval Interval
5 ---------------------------------------------------------------------------------
6 1. antispam Anti-Spam Logs Manual Download None
7 2. antivirus Anti-Virus Logs Manual Download None
8 3. asarchive Anti-Spam Archive Manual Download None
9 4. authentication Authentication Logs Manual Download None
10 5. avarchive Anti-Virus Archive Manual Download None
11 6. bounces Bounce Logs Manual Download None
12 7. encryption Encryption Logs Manual Download None
13 8. error_logs IronPort Text Mail Logs Manual Download None
14 9. euq_logs Spam Quarantine Logs Manual Download None
15 10. euqgui_logs Spam Quarantine GUI Logs Manual Download None
16 11. ftpd_logs FTP Server Logs Manual Download None
17 12. gui_logs HTTP Logs Manual Download None
18 13. mail_logs IronPort Text Mail Logs Manual Download None
19 14. repeng Reputation Engine Logs Manual Download None
20 15. reportd_logs Reporting Logs Manual Download None
21 16. reportqueryd_logs Reporting Query Logs Manual Download None
22 17. scanning Scanning Logs Manual Download None
23 18. snmp_logs SNMP Logs FTP Push - Host 192.168.6.6None
24 19. sntpd_logs NTP logs Manual Download None
25 20. status Status Logs Manual Download None
26 21. system_logs System Logs Manual Download None
27 22. trackerd_logs Tracking Logs Manual Download None
28 23. updater_logs Updater Logs Manual Download None
29 Enter the number of the log you wish to grep.
30 []> 13
31
32 Enter the regular expression to grep.
33 []> domain12.fr
34
35 Do you want this search to be case insensitive? [Y]>
36
37 Do you want to tail the logs? [N]>
38
39 Do you want to paginate the output? [N]>
40
41 Define file selection pattern.
42 []>
43
44 Wed May 20 03:41:46 2015 Info: MID 53722598 ICID 161154185 RID 0 To: <titi@domain12.fr>
45 Wed May 20 03:41:56 2015 Info: MID 53722599 ICID 161154212 RID 0 To: <toto@domain12.fr>
46 ....
trace
1 (Host_IronPort)> trace
2
3 Enter the source IP:
4 []> 8.8.8.8
5
6 Enter the fully qualified domain name of the source IP (If left blank, a reverse DNS lookup will be performed on the source
7 IP. To clear the existing value, enter 'NONE'.):
8 []>
9
10 Select the listener to trace behavior on:
11 1. Adm
12 2. Soc1
13 3. Soc2
14 4. Soc3
15 [1]> 3
16
17 Enter the domain name that has to be passed to HELO/EHLO.
18 []> gmail.com
19
20 Fetching default SenderBase values...
21 Enter the SenderBase Network Owner ID of the source IP. The actual ID is N/A.
22 [N/A]> 2
23
24 Enter the SenderBase Reputation Score of the source IP. The actual score is N/A.
25 [N/A]> 2
26
27 Enter the Envelope Sender address:
28 []> toto@gmail.com
29
30 Enter the Envelope Recipient addresses. Separate multiple addresses by commas.
31 []> test@domain1.com
32
33 Load message from disk? [Y]> n
34
35 Enter or paste the message body here. Enter '.' on a blank line to end.
36 test
37 .
38
39
40
41 Processing HAT (Listener: Soc1)
42 - Fully Qualified Domain Name: google-public-dns-a.google.com
43 - Matched On: CLEAN_REPUTATION Sender Group (host sbrs[-1.0:10.0])
44 - Applying $ACCEPTED policy (ACCEPT behavior).
45
46 Policy Parameters:
47 - Maximum Message Size: 20M (Default)
48 - Maximum Number Of Connections From A Single IP: 10 (Default)
49 - Maximum Number Of Messages Per Connection: 10 (Default)
50 - Maximum Number Of Recipients Per Message: 50 (Default)
51 - Maximum Recipients Per Hour: Disabled (Default)
52 - Use SenderBase For Flow Control: Yes (Default)
53 - Virus Detection Enabled: Yes (Default)
54 - Allow TLS Connections: No (Default)
55 - Accept Untagged bounces: No
56
57 Processing MAIL FROM:
58 - Default Domain Processing: No Change
59
60 Processing Recipient List:
61 Processing test@domain1.com
62 - Default Domain Processing: No Change
63 - Domain Map: No Change
64 - RAT matched on test@domain1.Com, behavior = REJECT
65
66 Run through another debug session? [N]>
Dernière connexion admin
1 (Host_IronPort)> last
2
3 Username Remote Host Login Time Logout Time Total Time
4 ======== ============= ================ ================ ==========
5 admin1 192.168.8.8 Thu Jun 18 12:20 still logged in 33m
6 admin2 192.168.9.9 Thu Jun 18 12:52 Thu Jun 18 12:53 0m
Reporting
1 (Host_IronPort)> tophosts
2
3 Sort results by:
4
5 1. Active Recipients
6 2. Connections Out
7 3. Delivered Recipients
8 4. Hard Bounced Recipients
9 5. Soft Bounced Events
10 [1]> 1
11
12 Status as of: Thu Jun 18 12:54:50 2015 CEST
13 Hosts marked with '' were down as of the last delivery attempt.
14
15 Active Conn. Deliv. Soft Hard
16 # Recipient Host Recip. Out Recip. Bounced Bounced
17
18 1 toto.fr 145 0 0 0 0
19 2 aaa.id 114 0 0 0 0
20 3 dddddddd.in 110 0 0 0 0
21 4 eeeee.net 43 0 0 0 0
22 5 zzzzz.vn 36 0 0 0 0
23
24
25 6 deutschland.de 34 0 0 0 0
26 7 zdzddzdzd.fr 25 0 0 0 2
27 8 zdzdz.com 23 0 0 0 0
28 9 static.com 23 0 0 0 0
29 ...
Status d'un domaine
1 (Host_IronPort)> hoststatus
2
3 Recipient host:
4 []> gmail.com
5
6 Host mail status for: 'gmail.com'
7 Status as of: Thu Jun 18 12:55:17 2015 CEST
8 Host up/down: up
9
10 Counters:
11 Queue
12 Soft Bounced Events 12
13 Completion
14 Completed Recipients 1,503
15 Hard Bounced Recipients 64
16 DNS Hard Bounces 0
17 5XX Hard Bounces 64
18 Filter Hard Bounces 0
19 Expired Hard Bounces 0
20 Other Hard Bounces 0
21 Delivered Recipients 1,439
22 Deleted Recipients 0
23
24 Gauges:
25 Queue
26 Active Recipients 0
27 Unattempted Recipients 0
28 Attempted Recipients 0
29 Connections
30 Current Outbound Connections 0
31 Pending Outbound Connections 0
32
33 Oldest Message No Messages
34 Last Activity Thu Jun 18 12:55:02 2015 CEST
35 Ordered IP addresses: (expiring at Thu Jun 18 13:07:15 2015 CEST)
36 Preference IPs
37 5 173.194.67.27
38
39 10 64.233.162.27
40
41 20 74.125.200.27
42
43 30 74.125.23.27
44
45 40 173.194.72.27
46
47 MX Records:
48 Preference TTL Hostname
49 5 11m57s gmail-smtp-in.l.google.com
50 10 11m57s alt1.gmail-smtp-in.l.google.com
51 20 11m57s alt2.gmail-smtp-in.l.google.com
52 30 11m57s alt3.gmail-smtp-in.l.google.com
53 40 11m57s alt4.gmail-smtp-in.l.google.com
54
55 Last 5XX Error:
56 ----------
57 550 5.1.1 The email account that you tried to reach does not exist. Please try
58 ----------
SMTPPING
1 (Host_IronPort)> diagnostic
2
3
4 Choose the operation you want to perform:
5 - RAID - Disk Verify Utility.
6 - DISK_USAGE - Check Disk Usage.
7 - NETWORK - Network Utilities.
8 - REPORTING - Reporting Utilities.
9 - TRACKING - Tracking Utilities.
10 - RELOAD - Reset configuration to the initial manufacturer values.
11 []> network
12
13 Choose the operation you want to perform:
14 - FLUSH - Flush all network related caches.
15 - ARPSHOW - Show system ARP cache.
16 - NDPSHOW - Show system NDP cache.
17 - SMTPPING - Test a remote SMTP server.
18 - TCPDUMP - Dump ethernet packets.
19 []> smtpping
20
21 []> 22.22.22.22
22
23 Select a network interface to use for the test.
24 1. ADM
25 2. Virt1_Data1
26 3. Virt2_Data1
27 4. auto
28 [6]> 2
29
30 Do you want to type in a test message to send? If not, the connection will be tested but no email will be sent. [N]>
31
32 Starting SMTP test of host 22.22.22.22.
33 Connection to 22.22.22.22 succeeded.
34 Command HELO succeeded
35 Command MAIL FROM succeeded.
36 Test complete. Total time elapsed 5.01 seconds
37
38 Choose the operation you want to perform:
39 - FLUSH - Flush all network related caches.
40 - ARPSHOW - Show system ARP cache.
41 - NDPSHOW - Show system NDP cache.
42 - SMTPPING - Test a remote SMTP server.
43 - TCPDUMP - Dump ethernet packets.
44 []>
netstat
1 (Host_IronPort)> netstat
2
3 Choose the information you want to display:
4 1. List of active sockets.
5 2. State of network interfaces.
6 3. Contents of routing tables.
7 4. Size of the listen queues.
8 5. Packet traffic information.
9 [1]> 1
10
11 1. IPv4 only.
12 2. IPv6 only.
13 [1]> 1
14
15 Show network addresses as numbers? [N]> y
16
17 Avoid truncating addresses? [N]>
18
19 nternet connections (including servers)
20 Proto Recv-Q Send-Q Local Address Foreign Address (state)
21 tcp4 0 0 192.168.2.2.25 62.210.13.31.50360 ESTABLISHED
22 tcp4 0 0 192.168.3.3.25 22.22.22.22.48835 ESTABLISHED
Utilisation disque
1 (Host_IronPort)> diagnostic
2
3 Choose the operation you want to perform:
4 - RAID - Disk Verify Utility.
5 - DISK_USAGE - Check Disk Usage.
6 - NETWORK - Network Utilities.
7 - REPORTING - Reporting Utilities.
8 - TRACKING - Tracking Utilities.
9 - RELOAD - Reset configuration to the initial manufacturer values.
10 []> disk_usage
11
12
13 Services Disk Usage (GB) Quota(GB)
14 ----------------------------------------------------------
15 Spam Quarantine 0.0 2.5
16 Reporting 4.1 17.0
17 Tracking 0.1 20.0
18 Total 4.2 39.5
19
20 Choose the operation you want to perform:
21 - RAID - Disk Verify Utility.
22 - DISK_USAGE - Check Disk Usage.
23 - NETWORK - Network Utilities.
24 - REPORTING - Reporting Utilities.
25 - TRACKING - Tracking Utilities.
26 - RELOAD - Reset configuration to the initial manufacturer values.
27 []>
nslookup
1 (Host_IronPort)> nslookup
2
3 Please enter the host or IP address to resolve.
4 []> www.free.fr
5
6 Choose the query type:
7 1. A the host's IP address
8 2. AAAA the host's IPv6 address
9 3. CNAME the canonical name for an alias
10 4. MX the mail exchanger
11 5. NS the name server for the named zone
12 6. PTR the hostname if the query is an Internet address,
13
14 otherwise the pointer to other information
15 7. SOA the domain's "start-of-authority" information
16 8. TXT the text information
17 [1]> 1
18
19 A=212.27.48.10 TTL=4h 1m 1s
Stats en cours pour un domaine
1 (Host_IronPort)> hostrate
2
3 Recipient host:
4 []> free.fr
5
6 Enter the number of seconds between displays.
7 [10]> 3
8
9 Type Ctrl-C to return to the main prompt.
10
11 Time Host CrtCncOut ActvRcp ActvRcp DlvRcp HrdBncRcp SftBncEvt
12 Status Delta Delta Delta Delta
13 08:51:07 up 3 41 0 0 0 0
14 08:51:10 up 3 44 3 0 0 0
15 08:51:13 up 3 45 1 0 0 0
16 08:51:16 up 3 47 2 1 0 0
17 08:51:19 up 3 47 0 0 0 0
18 ^C
Mails en file d'attente
1 (Host_IronPort)> workqueue status
2
3 Status as of: Fri Jun 19 08:52:42 2015 CEST
4 Status: Operational
5 Messages: 0
Status et information de la SenderBase
1 (Host_IronPort)> sbstatus
2
3 SenderBase Host Status
4 Status as of: Fri Jun 19 08:52:27 2015 CEST
5 Host success/fail: success
6
7 SBRS Status
8 Status as of: Fri Jun 19 08:52:27 2015 CEST
9 Host success/fail: success
10
11 SenderBase Network Participation Status
12 Time of last SenderBase upload: never
Stats en cours sur la file d'attente
1 (Host_IronPort)> workqueue rate
2
3 Type Ctrl-C to return to the main prompt.
4
5 Time Pending In Out
6 08:53:28 0 0 0
7 08:53:38 0 11 11
8 08:53:48 0 10 10
Stats DNS
1 (Host_IronPort)> dnsstatus
2
3 Status as of: Fri Jun 19 08:54:42 2015 CEST
4
5 Counters: Reset Uptime Lifetime
6 DNS Requests 467,385,596 467,182,112 467,385,596
7 Network Requests 93,374,333 93,345,897 93,374,333
8 Cache Hits 472,032,963 471,815,454 472,032,963
9 Cache Misses 72,603,929 72,599,109 72,603,929
10 Cache Exceptions 209,096,293 208,897,940 209,096,293
11 Cache Expired 15,835,352 15,835,266 15,835,352
Afficher les messages dans la file d'attente
1 (Host_IronPort)> showrecipients
2
3 Please select how you would like to show messages:
4 1. By recipient host.
5 2. By Envelope From address.
6 3. All.
7 [1]> 3
8
9 Showing messages, please wait..
10
11 MID/ Bytes/ Sender/ Subject
12 [RID] [Atmps] Recipient
13 56155715 1848 Delivery Status Notification (Failure)
14 [0] [49] zezezezezez@doma1.com
15
16 56164658 1850 (Failure)
17 [0] [48] zezsdfsdgdfg@sdqsd.com
Affiche un message via son MID
1 (Host_IronPort)> showmessage
2
3 Enter the MID to show.
4 []> 56345400
5
6 MID 56345400: 39 secs old
7
8
9 From unknown Fri Jun 19 14:57:25 2015
10 Received: from localhost by ;
11 ...
Recherche d'un mail
1 (Host_IronPort)> findevent
2
3 Please choose which type of search you want to perform:
4 1. Search by envelope FROM
5 2. Search by Message ID
6 3. Search by Subject
7 4. Search by envelope TO
8 [1]> 2
9
10 Enter the Message ID (MID) to search for.
11 []> 56345398
12
13 Currently configured logs:
14 Log Name Log Type Retrieval Interval
15 ---------------------------------------------------------------------------------
16 1. mail_logs IronPort Text Mail Logs Manual Download None
17 Enter the number of the log you wish to use for message tracking.
18 [1]>
19
20 Please choose which set of logs to search:
21 1. All available log files
22 2. Select log files by date list
23 3. Current log file
24 [3]> 3
25
26 Fri Jun 19 14:57:17 2015 Info: New SMTP ICID 171520023 interface Virt1_Data1 (192.168.18.9) address 189.2.98.232 reverse dns host mail.domain.net verified yes
27 Fri Jun 19 14:57:17 2015 Info: ICID 171520023 ACCEPT SG SUSPECT_and_UNKNOWN_LIST match sbrs[none] SBRS unable to retrieve
28 Fri Jun 19 14:57:22 2015 Info: Start MID 56345398 ICID 171520023
29 Fri Jun 19 14:57:22 2015 Info: MID 56345398 ICID 171520023 From: <user1@titi.fr>
30 Fri Jun 19 14:57:22 2015 Info: MID 56345398 ICID 171520023 RID 0 To: <user2@soc1.fr>
31 Fri Jun 19 14:57:22 2015 Info: MID 56345398 Message-ID '<kLko0Nzg0MzA4NQA@domain88.com>'
32 Fri Jun 19 14:57:22 2015 Info: MID 56345398 Subject "Coucou IronPort"
33 Fri Jun 19 14:57:22 2015 Info: MID 56345398 ready 3165 bytes from <user1@titi.fr>
34 Fri Jun 19 14:57:22 2015 Info: MID 56345398 matched all recipients for per-recipient policy DEFAULT in the inbound table
35 Fri Jun 19 14:57:22 2015 Info: MID 56345398 queued for delivery
36 Fri Jun 19 14:57:22 2015 Info: ICID 171520023 close
37 Fri Jun 19 14:57:10 2015 Info: New SMTP DCID 27801964 interface 192.168.180.2 address 10.10.10.10 port 25
38 Fri Jun 19 14:57:25 2015 Info: Delivery start DCID 27801964 MID 56345398 to RID [0]
39 Fri Jun 19 14:57:25 2015 Info: Message done DCID 27801964 MID 56345398 to RID [0]
40 Fri Jun 19 14:57:25 2015 Info: MID 56345398 RID [0] Response '2.6.0 <kLko0Nzg0MzA4NQA@domain88.com> Queued mail for delivery'
41 Fri Jun 19 14:57:25 2015 Info: Message finished MID 56345398 done
42 Fri Jun 19 14:57:31 2015 Info: DCID 27801964 close
Informations hardware
1 > ipcheck
2
3 Ipcheck Rev 1
4 Date Thu Jul 14 10:00:03 2015
5 Model C370
6 Platform R710 (80AE)
7 LCD Setting custom
8 LCD Text Cisco IronPort C370
9 MGA Version Version: 7.5.1-111
10 Build Date 2012-11-02
11 Install Date 2012-11-22 15:49:22
12 Burn-in Date Unknown
13 Serial No. 76A43456B789-G78917Y
14 BIOS Version 2.2.17C
15 RAID Version 1.21.02-0528, 2.01.03, 1.02-012B
16 RAID Status Optimal
17 RAID Type 1
18 RAID Chunk Unknown
19 BMC Version 1.85
20
21 Disk 0 278GB SEAGATE ST3300657SS ES656DE6339K
22 Disk 1 278GB SEAGATE ST3300657SS ES656DE33BQC
23 Disk 2
24 Disk 3
25 Disk 4
26 Disk 5
27 Disk 6
28 Disk 7
29 Disk Total 556GB
30
31 Root 400MB 45%
32 Nextroot 400MB 44%
33 Var 400MB 1%
34 Log 222GB 6%
35 DB 12GB 0%
36 Swap 8GB
37 Mail Queue 35GB
38
39 RAM 1 A Empty
40 RAM 1 B Empty
41 RAM 2 A 2048M ECC 1333MHz
42 RAM 2 B Empty
43 RAM 3 A 2048M ECC 1333MHz
44 RAM 3 B Empty
45 RAM 4 A Empty
46 RAM 4 B Empty
47 RAM 5 A 2048M ECC 1333MHz
48 RAM 5 B Empty
49 RAM 6 A 2048M ECC 1333MHz
50 RAM 6 B Empty
51 RAM 7 A Empty
52 RAM 7 B Empty
53 RAM 8 A Empty
54 RAM 8 B Empty
55 RAM 9 A Empty
56 RAM 9 B Empty
57 RAM Total 8G
58
59 CPU 1 Xeon 2G 4800FSB 1M Cache
60 CPU 2 Empty
61
62 PCI 1 PCI-e g2 x8, 4x Empty
63 PCI 2 PCI-e g2 x8, 4x Empty
64 PCI 3 PCI-e g2 8x Empty
65 PCI 4 PCI-e g2 8x Empty
66
67 NIC Management 84:2b:2b:89:ab:22, NetXtreme II Gigabit Ethernet (BCM5709)
68 NIC Data 1 84:2b:2b:89:ab:24, NetXtreme II Gigabit Ethernet (BCM5709)
69 NIC Data 2 84:2b:2b:89:ab:26, NetXtreme II Gigabit Ethernet (BCM5709)
70 NIC Data 3 84:2b:2b:89:ab:28, NetXtreme II Gigabit Ethernet (BCM5709)
71
72 PS1 Unknown
73 PS2 Unknown
74
75 Key 999day, IronPort Anti-Spam
76 Key 999day, Central Mgmt
77 Key 999day, IronPort Email Encryption
78 Key 999day, McAfee
79 Key 999day, Outbreak Filters
80 Key 999day, RSA Email Data Loss Prevention
81 Key 999day, Sophos
82 Key Perpetua, Bounce Verification
83 Key Perpetua, Receiving
les credits
1 # credits
2 CREDITS
3 ===========================
4 This product proudly hand crafted by...
5 Lou "Has a kid" Zechtzer
6 Rich "Lord of Evil" Fielder
7 David Veach
8 Ben "Tamino" Cottrell
9 Martin "kemokid" Baker
10 Jeremy "FIPS" Felix
11 Drue Loewenstern
12 Krishna "Saint" Srinivasan
13 Sam "Edgar the Bug" Rushing
14 Bennett "You have a call" Ting
15 Eric "ListBot" Huss
16 James "Nightfall" Moore
17 Jesse Montrose
18 Andrew "Judge and Jury" Flury
19 Larry Rosenstein
20 Jan "chemosabe" Lindner
21 Lonhyn Jasinskyj
22 Katy "dakini" Burns
23 Michael "Pryankster" Cuddy
24 Naseem "Crystal Meth Chef" Choudhury
25 Brian "q" Harrison
26 Charlie Slater
27 Scott "S." Hutton
28 Nachiket "Peppersteak" Bahekar
29 Brennan Evans
30 Bernie "Milkshake" Hackett
31 Ben "Tsutomu" Hartwell
32 Gabe "DJ Malloc" Mahoney
33 ...Paul
34 Mark Peek