Ironport C300 notes
Backing up the Ironport configuration
ironport> saveconfig Do you want to include passwords? Please be aware that a configuration without passwords will fail when reloaded with loadconfig. [N]> Y The file C300-00137256E778-49P4W91-20071010T120747.xml has been saved in the configuration directory on machine "ironport.example.com". $ scp admin@ironport:/configuration/C300-00137256E778-49P4W91-20071010T120747.xml .
Disabling Ironport alerts
One of the 5 disks in our Ironport email appliance began experiencing S.M.A.R.T. failures (i.e., values monitored by S.M.A.R.T. exceeded a threshold), causing us to receive email alerts every 5 minutes. We were configured to receive messages for "all" severities for the "hardware" alert class.
Until we receive and swap out the failing disk, we want to prevent these warning emails. In this procedure, I modify alerting so that we only receive alerts of "critical" severity for the hardware alert class.
ironport> alertconfig Sending alerts to: firstname.lastname@example.org Class: All - Severities: All Initial number of seconds to wait before sending a duplicate alert: 3600 Maximum number of seconds to wait before sending a duplicate alert: 3600 Alerts will be sent using the system-default From Address. IronPort AutoSupport: Enabled You will receive a copy of the weekly AutoSupport reports. Choose the operation you want to perform: - NEW - Add a new email address to send alerts. - EDIT - Modify alert subscription for an email address. - DELETE - Remove an email address. - CLEAR - Remove all email addresses (disable alerts). - SETUP - Configure alert settings. - FROM - Configure the From Address of alert emails. > EDIT Please select the email address to edit. 1. email@example.com (all) > 1 Choose the Alert Class to modify for "firstname.lastname@example.org". Press Enter to return to alertconfig. 1. All - Severities: All 2. System - Severities: All 3. Hardware - Severities: All 4. Virus Outbreak Filters - Severities: All 5. Anti-Virus - Severities: All 6. Anti-Spam - Severities: All 7. Directory Harvest Attack Prevention - Severities: All > 3 Choose the severities for Hardware. Separate multiple choices with commas. 1. All 2. Critical 3. Warning 4. Information 5. None > 2 Choose the Alert Class to modify for "email@example.com". Press Enter to return to alertconfig. 1. All - Severities: None 2. System - Severities: All 3. Hardware - Severities: Critical 4. Virus Outbreak Filters - Severities: All 5. Anti-Virus - Severities: All 6. Anti-Spam - Severities: All 7. Directory Harvest Attack Prevention - Severities: All > <ENTER> ironport> commit
Replacing an Ironport C300
- Back up the Ironport configuration.
- Replace the Ironport.
- Connect a laptop NIC to the Ironport C300's Management port using a crossover cable.
- Configure the laptop's NIC to be on the 192.168.42.0/24 subnet (e.g., ifconfig eth0 192.168.42.43 netmask 255.255.255.0).
- Copy the backed up configuration to the new Ironport.
$ scp ironport_config.xml firstname.lastname@example.org:/configuration email@example.com's password: ironport
- Login to the new Ironport and load the configuration.
$ ssh firstname.lastname@example.org email@example.com's password: ironport Last login: Tue Nov 13 04:15:32 2007 from 192.168.42.43 Copyright (c) 2001-2006, IronPort Systems, Inc. AsyncOS 4.7 for IronPort C300 Welcome to the IronPort C300 Messaging Gateway(tm) Appliance Please run "systemsetup" or "sethostname" then "commit" before sending mail. ironport.example.com> loadconfig 1. Paste via CLI 2. Load from file How would you like to load a configuration file? > 2 Enter the name of the file on machine "ironport.example.com" to import: > ironport_config.xml Values have been loaded. Be sure to run "commit" to make these settings active. Please run "systemsetup" or "sethostname" then "commit" before sending mail. ironport.example.com> commit Please enter some comments describing your changes: > Loading previous configuration file
"ERROR: Element 'brightmail_usedfa' not allowed here"
When replacing the Ironport C300, I had to remove the following line from our old configuration
as it caused the following error when loading the configuration:
ERROR: Element 'brightmail_usedfa' not allowed here at Unknown:927:26 Text: 0</brightm Parsing failed. Aborting.