AsyncOS Release Notes

Transcription

IronPort AsyncOS™ 5.5.1
RELEASE NOTES
for IronPort® Email Security Appliances
COPYRIGHT
Copyright © 2007 by IronPort Systems®, Inc. All rights reserved.
Part Number: 423-0039
Revision Date: November 6, 2007
The IronPort logo, IronPort Systems, Messaging Gateway, Virtual Gateway, SenderBase, Mail Flow Monitor, Virus
Outbreak Filters, Context Adaptive Scanning Engine (CASE), IronPort Anti-Spam, and AsyncOS are all trademarks
or registered trademarks of IronPort Systems, Inc. Brightmail, the Brightmail logo, BLOC, BrightSig, and Probe
Network are trademarks or registered trademarks of Symantec Incorporated. McAfee and VirusScan are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. Copyright 2007
McAfee, Inc. All rights reserved. Used with permission. All other trademarks, service marks, trade names, or
company names referenced herein are used for identification only and are the property of their respective owners.
This publication and the information contained herein is furnished “AS IS” and is subject to change without
notice. Publication of this document should not be construed as a commitment by IronPort Systems, Inc. IronPort
Systems, Inc., assumes no responsibility or liability for any errors or inaccuracies, makes no warranty of any kind
with respect to this publication, and expressly disclaims any and all warranties of merchantability, fitness for
particular purposes and non-infringement of third-party rights.
Some software included within IronPort AsyncOS is distributed under the terms, notices, and conditions of
software license agreements of FreeBSD, Inc., Stichting Mathematisch Centrum, Corporation for National
Research Initiatives, Inc., and other third party contributors, and all such terms and conditions are incorporated
in IronPort license agreements.
The full text of these agreements can be found here:
https://support.ironport.com/3rdparty/AsyncOS_User_Guide-1-1.html.
Portions of the software within IronPort AsyncOS is based upon the RRDtool with the express written consent of
Tobi Oetiker. Portions of this document are reproduced with permission of Dell Computer Corporation. Portions
of this document are reproduced with permission of McAfee, Inc. Portions of this document are reproduced with
permission of Symantec Incorporated.
Brightmail Anti-Spam is protected under U.S. Patent No. 6,052,709.
IRONPORT SYSTEMS® INC.
CONTACTING IRONPORT CUSTOMER SUPPORT
IronPort Systems, Inc.
950 Elm Avenue
San Bruno, CA 94066
If you have purchased support directly from IronPort Systems, you can request
our support by phone, email or online 24 hours a day, 7 days a week. During
our office hours (24 hours per day, Monday through Friday excluding US
holidays), one of our engineers will contact you within an hour of your request.
To report a critical issue that requires urgent assistance outside of our office
hours, please call us immediately at the numbers below.
U.S. Toll-free:1 (877) 641-IRON (4766)
International: www.ironport.com/support/
contact_support.html
Support Portal: www.ironport.com/support
If you have purchased support through a reseller or another entity,
please contact them for support of your IronPort products.
IronPort AsyncOS for Email Security
Appliances 5.5.1 Release Notes
These release notes contain information critical to upgrading and running the latest version of
AsyncOS for IronPort Email Security Appliances, including hardware-specific information and
known issues.
• “What’s New in AsyncOS for Email Security Appliances 5.5.1” on page 4
• “Enhanced: Content Scanning” on page 4
• “Enhanced: Message Header Logging for IPMM Headers” on page 7
• “Enhanced: IronPort Spam Quarantine Unicode Conversion” on page 8
• “Enhanced: DKIM Authentification-Results Header” on page 8
• “Fixed: Virtual Gateway Delivery Sometimes Disrupted” on page 8
• “What’s New in AsyncOS for Email Security Appliances 5.5.0” on page 9
• “New Feature: Safelists and Blocklists” on page 9
• “New Feature: IronPort Encryption” on page 10
• “New Feature: DKIM Authentication” on page 10
• “New and Enhanced: LDAP Queries” on page 10
• “New and Enhanced: Content Scanning” on page 12
• “New Feature: AsyncOS Reversion” on page 14
• “New: findevent CLI Command” on page 15
• “Enhanced: Reporting” on page 16
• “Enhanced: IronPort Spam Quarantine Alias Consolidation” on page 18
• “Enhanced: Text Resources” on page 18
• “Enhanced: Content Filters” on page 18
• “Enhanced: cleansmtp CLI Command” on page 19
• “Enhanced: Graphical User Interface” on page 19
• “Enhanced: Content Dictionaries” on page 20
• “Enhanced: CLI grep Command” on page 20
IRONPORT ASYNCOS FOR EMAIL SECURITY APPLIANCES 5.5.1 RELEASE NOTES 1
IRONPORT ASYNCOS 5.5.1 FOR EMAIL SECURITY APPLIANCES RELEASE NOTES
• “Enhanced: Bounce Delivery Status Notification” on page 21
• “Enhanced: Logging” on page 21
• “Modified: LDAP Server Connections” on page 21
• “Modified: SCP Port Configuration” on page 21
• “Fixed Issues” on page 22
• “Fixed Reporting Issues” on page 22
• “Fixed Alert Issues” on page 23
• “Fixed LDAP Issues” on page 24
• “Fixed IronPort Spam Quarantine Issues” on page 25
• “Fixed Message and Content Filter Issues” on page 26
• “Fixed Clustered Environment Issues” on page 28
• “Fixed Configuration File Issues” on page 28
• “Fixed Domain Keys Signing Issues” on page 29
• “Fixed Updater Issues” on page 30
• “Fixed Upgrade Issues” on page 30
• “Fixed: Antivirus Scanning Engines” on page 30
• “Other Fixed Issues” on page 30
• “Qualified Upgrade Paths” on page 34
• “Upgrade Instructions” on page 34
• “Pre-Upgrade Notes” on page 34
• “Configuring the Update Server on Version 5.1 or Later” on page 36
• “Replacing Mail Flow Monitor in AsyncOS Version 5.0 or Later” on page 37
• “Upgrading to the AsyncOS 5.5.1 Release” on page 37
• “Performance Advisory” on page 38
• “Known Issues” on page 39
• “Email Security Monitor and Reporting Issues” on page 40
• “Alert Issues” on page 41
• “LDAP Issues” on page 41
• “IronPort Spam Quarantine Issues” on page 42
• “Message and Content Filter Issues” on page 42
• “Clustered Environment Issues” on page 44
• “Online Help and Documentation Issues” on page 46
• “Configuration File Issues” on page 47
• “Upgrade Issues” on page 49
• “DKIM and Domainkeys Signing Issues” on page 49
2
• “Trace Feature Issues” on page 49
• “Localization Issues” on page 49
• “Email Encryption Issues” on page 49
• “Safelist/Blocklist Issues” on page 50
• “Other Known Issues” on page 50
• “Contacting IronPort Customer Support” on page 53
W H A T ’S N EW I N A S YN C OS F O R E M A IL S E CU R IT Y A P P L I A N CE S 5 .5 .1
This section describes new features and enhancements added to the AsyncOS for Email
Security Appliances 5.5.1 release.
Enhanced: Content Scanning
In version 5.5.1, AsyncOS includes new filter conditions and filter actions. These new
conditions and actions are available in the message filters and content filters. The examples
below include directions for adding conditions and actions from the GUI for content filters
and from the CLI for message filters. However, you can also create content filters via the CLI.
attachment-unprotected filter condition.
The attachment-unprotected filter condition returns true if the scanning engine detects
an attachment that is unprotected. A file is considered unprotected if the scanning engine was
able to read the attachment. A zip file is considered to be unprotected if any of its members is
unprotected.
To Add the attachment-unprotected Filter Condition in the GUI (Content Filters):
1. From the GUI, you can add this condition to new content filters by clicking Mail Policies
> Incoming Content Filters or Mail Policies > Outgoing Content Filters, and clicking Add
Filter.
2. Enter a name and description for the content filter.
3. Click Add Condition.
4. Select Attachment Protection. The rule builder for the content filter dynamically refreshes
with the list of available options.
5. Select One or More Attachments are NOT Protected.
6. Click OK.
The condition is now added to the content filter. You can save the filter or add other
conditions or actions.
To Add the attachment-unprotected Filter Condition in the CLI (Message Filters):
From the CLI, you can add the attachment-unprotected filter condition using the following
syntax:
Code Example 1-1 attachment-unprotected filter example
AsyncOS 5.5 for IronPort C100
Welcome to the IronPort C100 Messaging Gateway(tm) Appliance
example.com> filters
Choose the operation you want to perform:
- NEW - Create a new filter.
- IMPORT - Import a filter script from a file.
[]> new
Enter filter script. Enter '.' on its own line to end.
4
Code Example 1-1 attachment-unprotected filter example
attachment_protected_quarantine:
if attachment-unprotected
{
quarantine ('Policy');
}
.
1 filters added.
Note — The attachment-unprotected filter condition is not mutually exclusive of the
attachment-protected filter condition. It is possible for both filter conditions to return true
when scanning the same attachment. This can occur, for example, if a zip file contains both
protected and unprotected members.
body-dictionary-match filter condition.
This new filter condition returns true if the dictionary term matches content in the body of the
message only. The filter searches for terms within the MIME parts not considered to be an
attachment. and it returns true if the user-defined threshold is met (the default threshold value
is one).
To Add the body-dictionary-match Filter Condition in the GUI (Content Filters):
Filter.
3. Click Add Condition.
4. Select Message Body.
5. Select Contains Term in Content Dictionary.
6. Choose the content dictionary to use from the drop-down list.
7. Click OK.
The condition is now added to the content filter. You can save the filter or add other
conditions or actions.
To Add the body-dictionary-match Filter Condition in the CLI (Message Filters):
Use the following syntax to add the dictionary-match filter condition:
if (body-dictionary-match ('<dictionary_name>'))
The following example shows mail that is quarantined if terms in the email match the
specified dictionary:
Code Example 1-2 body-dictionary-match filter example
Code Example 1-2 body-dictionary-match filter example
[]> new
quarantine_secret_words:
if (body-dictionary-match ('example_dictionary')){
quarantine ('Policy');
}
.
1 filters added.
drop-attachments-where-dictionary-matches filter action.
This new filter action strips attachments based on matches to dictionary terms. If the terms in
the MIME parts considered to be an attachment match a dictionary term (and the user-defined
threshold is met), the attachment is strippped from the email.
To Add the drop-attachments-where-dictionary-matches Filter Action in the GUI (Content
Filters):
Filter.
3. Add any conditions that may apply.
4. Click Add Action.
5. Click Strip Attachment by Content.
6. Select Message Body.
7. Select Contains Term in Content Dictionary.
8. Choose the content dictionary to use from the drop-down list.
9. Click OK.
The action is now added to the content filter. You can save the filter or add other conditions or
actions.
6
To Add the drop-attachments-where-dictionary-matches Filter Action in the CLI (Message
Filters):
Code Example 1-3 drop-attachments
[]> new
testme:
if (true)
{
drop-attachments-where-dictionary-match('dictionary_example');
}
.
1 filters added.
Enhanced: Message Header Logging for IPMM Headers
In previous versions of AsyncOS for Email Security Appliances, it was not possible to log
message headers for IPMM messages. Now you can log IPMM message headers via the
logconfig -> logheaders CLI command.
To use this feature: from the logconfig CLI command, select LOGHEADERS, and choose to
scan IPMM messages for existing headers:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]>logheaders
Please enter the list of headers you wish to record in the log files.
Separate multiple headers with commas.
[]> Message-ID
Include IPMM variables with headers? [N]> Y
Should IPMM messages be scanned for existing headers? [N]Y
Note that the headers are extracted before the variables are substituted. Therefore, instead of
seeing the variable value in the logs, the variable displays in the logs. For instance, if you log
the subject header, you might see the following entry in your logs:
Subject: &usersubject;
Note — This feature only applies to IPM messages with a single XPRT body part.
Enhanced: IronPort Spam Quarantine Unicode Conversion
When the IronPort Spam Quarantine displays a message, it converts the message body to
Unicode. If errors occurred when converting the message body to Unicode, sometimes
messages were rendered unreadable. Now, instead of generating unreadable messages, the
IronPort Spam Quarantine skips displaying unreadable characters. [Defect ID: 35757, 36909]
Enhanced: DKIM Authentification-Results Header
For DKIM Authentication, IronPort currently supports version 8 of the Draft Specification of
“Authentication-Results:” header (draft-kucherawy-sender-auth-header). [Defect ID: 36848]
Fixed: Virtual Gateway Delivery Sometimes Disrupted
Fixed an issue in which Virtual gateway delivery to a host with invalid DNS entry sometimes
disrupted the mailflow. [Defect ID: 37687}
8
W H A T ’S N EW I N A S YN C OS F O R E M A IL S E CU R IT Y A P P L I A N CE S 5 .5 . 0
This section describes new features and enhancements added to the AsyncOS for Email
Security Appliances 5.5.0 release.
New Feature: Safelists and Blocklists
The 5.5 version of AsyncOS introduces end-user safelists and blocklists. You can enable end
users to create safelists and blocklists to better control which emails are scanned by anti-spam
scanning engines. Safelists allow a user to ensure that certain users or domains are never
scanned with anti-spam scanning engines, while blocklists ensure that certain users or
domains are rejected or quarantined. The safelists and blocklists settings are configured from
the IronPort Spam Quarantine, so you must enable and configure the IronPort Spam
Quarantine to use this feature. When you enable the safelist/blocklist feature, each end-user
can maintain a safelist and blocklist for his or her email account.
Note — A safelist setting does not prevent the IronPort appliance from scanning an email for
viruses or determining if the message meets the criteria for a content-related mail policy. Even
if a message is part of a safelist, it may not be delivered to the end-user depending on other
scanning settings.
Note about Synchronizing Safelist/Blocklist Settings
When an end user creates a safelist or blocklist, the setting is saved to a database. If the
IronPort Spam Quarantine exists on an M-Series appliance, this database must be
synchronized with a database on the C-Series appliance before the safelist/blocklist settings
are applied to incoming mail. When the IronPort Spam Quarantine exists on a C-Series
appliance, the database must be synchronized with a read-only database that is used when
processing the mail queue. The amount of time it takes to automatically synchronize these
databases depends on the model of the machine. The following table shows the default
settings for updating safelists and blocklists:
Table 1-1 Synchronization of Safelist and Blocklist Settings
Appliance
Synchronization Time
C10/C100/C150
10 minutes
C30/C300/C350
15 minutes
C60/C600/C650
30 minutes
X1000/X1050
60 minutes
M10/M600/M650
120 minutes
M1000/M1050
240 minutes
For information about configuring safelists and blocklists, see “Working with Safelists and
Blocklists” in the “Quarantines” chapter of the IronPort AsyncOS User Guide.
New Feature: IronPort Encryption
The 5.5 version of AsyncOS includes integrated email encryption. To use this feature, first
create an Encryption Profile that specifies characteristics of the encrypted message and
connectivity information for the key server. The key server may either be the Cisco Registered
Envelope Service (managed service) or an IronPort Encryption Appliance (locally managed
server). Next, use content and/or message filters to determine which messages to encrypt.
When outgoing messages that meet the filter condition are processed, the message is
encrypted on the Email Security Appliance and the key used to encrypt the message is stored
into the key server specified in the Encryption Profile.
After you configure encryption, send a test message through to ensure it is encrypted. You can
tail the logs, or you can use the CLI findevent command to get a summary of the events
after they have occurred (using the MID).
For updates to the IronPort Encryption appliance and updates to the Cisco Registered
Envelope Service, please review the release notes for those products. Please note that
AsyncOS version 5.5 is compatible with version 6.2.7.4 of the IronPort Encryption appliance.
For information about configuring IronPort encryption, see “IronPort Email Encryption” in the
IronPort AsyncOS User Guide.
New Feature: DKIM Authentication
The 5.5 version of AsyncOS includes the ability to perform DKIM signing and verification.
DomainKeys Identified Mail is a method for E-mail authentication in which a DKIM-Signature
header is inserted in an email, and the verifying MTA validates the signature by retrieving a
sender's public key through the DNS. To use DKIM with the Email Security Appliance, you
create a domain key profile, a signing key, and enable DKIM signing or verification on the
mail flow policy.
Note — If you send a test email to a reflector site, the IETF specification may differ from the
one used by IronPort, and a failure may occur even when your configuration and settings are
correct. If your test fails, verify the failure by testing against several different reflector sites.
For more information about DKIM authentication, see “DomainKeys and DKIM
Authentication” in the IronPort AsyncOS User Guide.
New and Enhanced: LDAP Queries
AsyncOS version 5.5 includes the following enhancements to LDAP queries:
• Domain-based queries. Domain-based queries are LDAP queries grouped by type,
associated with a domain, and assigned to a particular listener. You might want to use
domain-based queries if you have different LDAP servers associated with different
domains but you want to run queries for all your LDAP servers on the same listener.
10
• Chain queries. A chain query is a series of LDAP queries that the IronPort appliance runs
in succession. The IronPort appliance runs each query in the “chain” until the LDAP server
returns a positive response (or the final query in the “chain” returns a negative response or
fails). Chain queries can be useful if entries in your LDAP directory use different attributes
to store similar (or the same) values. For example, you might have used the attributes
maillocaladdress and mail to store user email addresses. To ensure that your queries
run against both these attributes, you can use chain queries.
• Modified DHAP. In a previous release, DHAP counters were based solely on the
rejections detected during LDAP acceptance queries. Now, the DHAP counters include
both RAT rejections and LDAP acceptance query rejections. DHAP settings are now
configured in the Mail Flow Policy rather than in the Listener settings.
• LDAP Referrals. The 5.5 version of AsyncOS supports LDAP referrals. When you use
LDAP referrals, the original query gets referred to another LDAP server. For example, the
following log shows a query that is referred from server openLDAP1 to server
ldap_server2.com:
Tue Jun 26 13:19:54 2007 Debug: LDAP: (accept) Query
([email protected]) to server openLDAP1 (ldap_server1.com:389)
Tue Jun 26 13:19:54 2007: LDAP: Query ([email protected])
following continuation: ldap://ldap_server2.com/
ou=test,ou=people,dc=com??sub
Tue Jun 26 13:19:54 2007: LDAP: (accept) Query
([email protected]) lookup success, returned 1 results
IMPORTANT: When you use LDAP referrals, you must have configured an LDAP server
profile for each LDAP server you want to refer to. In the previous example, you would
need to configure an LDAP server profile for openLDAP1 and ldap_server2.com.
• LDAP caches. In previous releases, LDAP cache settings were configured for each LDAP
query. In AsyncOS 5.5, LDAP caches are now associated with the server profile, and
cache settings are the same for all LDAP queries. When you upgrade from previous
versions, the highest cache values from the previous configuration are used as the
upgraded cache value. For example, if you set the maximum retained cache entries to a
value of 1000 for the routing query, and a maximum retained cache entries to a value of
5000 for the Accept query, the upgraded value would be 5000 for all queries.
• Bypass LDAP Acceptance query. If you configure LDAP acceptance queries, you may
wish to bypass the acceptance query for certain recipients. This feature can be useful if
there are recipients for whom you receive email which you do not want to be delayed or
queued during LDAP queries, such as [email protected]. You can configure
bypassing LDAP acceptance via the GUI or from the CLI. To configure bypassing LDAP
acceptance via the GUI, select Bypass LDAP Accept Queries for this Recipient when you
add or edit the RAT entry. To configure bypassing LDAP acceptance queries via the CLI ,
I R O N P O R T A S Y N C O S F O R E M A I L S E C U R I T Y A P P L I A N C E S 5 . 5 . 1 R E L E A S E N O T E S 11
answer yes to the following question when you enter recipients using the listenerconfig ->
edit -> rcptaccess command:
Would you like to bypass LDAP ACCEPT for this entry? [Y]> y
Note — When you configure a RAT entry to bypass LDAP acceptance, be aware that the
order of RAT entries affects how recipient addresses are matched. The RAT matches the
recipient address with the first RAT entry that qualifies. For example, you have the
following RAT entries: [email protected] and ironport.com. You configure the
entry for [email protected] to bypass LDAP acceptance queries, and you
configure the entry for ironport.com for ACCEPT. When you receive mail for
[email protected], the LDAP acceptance bypass will occur only if the entry for
[email protected] is before the entry for ironport.com. If the entry for
ironport.com is before the [email protected] entry, the RAT matches the recipient
address to this entry and applies the ACCEPT action.
For information about configuring new LDAP settings, see “LDAP Queries” in the IronPort
AsyncOS Advanced User Guide.
New and Enhanced: Content Scanning
In version 5.5, AsyncOS includes the following enhancements to content scanning:
• Thresholds for Patterns in Content Scanning. When you add message or content filter
rules that search for patterns in the message body or attachments, you can specify the
minimum threshold for the number of times the pattern must be found in order to trigger
the filter action. When AsyncOS scans the message, it totals the “score” for the number of
matches it finds in the message and attachments. If the minimum threshold is not met, the
regular expression does not evaluate to true. You can specify this threshold for the
following filter rules:
• body-contains
• only-body-contains
• attachment-contains
•
•
every-attachment-contains
dictionary-match
• attachment-dictionary-match
You can also specify a threshold value for the drop-attachments-where-contains
action.
• Weighted content dictionaries. For each term in a content dictionary, you specify a
“weight,” so that certain terms can trigger filter conditions more easily. When AsyncOS
scans messages for the content dictionary terms, it “scores” the message by multiplying
the number of term instances by the weight of term. Two instances of a term with a weight
of three would result in a score of six. AsyncOS then compares this score with a threshold
12
value associated with the content or message filter to determine if the message should
trigger the filter action.
• Smart identifiers. When you use message rules that scan message content, you can use
smart identifiers to detect certain patterns in the data. Smart identifiers can detect the
following patterns in data:
• Credit card numbers
• U.S. Social Security numbers
• CUSIP (Committee on Uniform Security Identification Procedures) numbers
• ABA (American Banking Association) routing numbers
• Improved embedded object detection. In version 5.5, AsyncOS treats ordinary files as if
they were containers, similar to zip files. The embedded objects are extracted and
processed as independent files that are separately fingerprinted, sent to the Stellent
scanning engine, and scanned for content matches. This change allows for the following
improvement to embedded object detection:
• A zip file is now processed as if it were directly attached to the message; the
member files will themselves be scanned, and the names can be matched using an
attachment-filename filter rule.
• Scanning exclusion lists and depth limits are better supported.
• Detecting zip files in Word and Excel is supported.
• Detect password-protected attachments. A new message filter condition and content
filter condition is included in the 5.5 release to detect password-protected files. The new
message filter condition, attachment-protected, uses the following syntax:
if attachment-protected { quarantine("Policy"); }
• Matched Content Viewing. You can now view the content that triggered a message or
content filter action using the matched content action variable or by viewing a
quarantined message in the system quarantine. In the system quarantine, matched content
appears highlighted, so you can easily view the content that triggered the filter action.
For information about configuring new content scanning functionality, see the following
documentation:
• “Policy Enforcement” in the IronPort AsyncOS Advanced User Guide.
• “Content Dictionaries” in “Text Resources” in the IronPort AsyncOS User Guide.
• “Content Filters Overview” in “Email Security Manager” in the IronPort AsyncOS User
Guide.
New Feature: AsyncOS Reversion
The 5.5 version of AsyncOS includes the ability to revert the AsyncOS version to a previous
qualified build for emergency uses. The earliest AsyncOS version supported for this is
AsyncOS 5.5.0; prior versions of AsyncOS are not supported.
WARNING: Using the revert command on an IronPort appliance is a very destructive
action. This command destroys all configuration logs, databases and disrupts mail handling
until reconfigured. Because this command destroys all configuration, it is absolutely required
that you have physical local access to the IronPort appliance when you want to issue the
revert command. Once the revert action is complete, you must use the console CLI or a
network connection to the Management port on the default IP address of 192.168.42.42 to
reconfigure the appliance.
To run the revert command, complete the following steps:
1. Save the configuration of your appliance (with passwords unmasked) off the IronPort
appliance. To do this, you can email it to yourself or FTP the file. A simple way to do this
is the mailconfig CLI command.
2. If you use the Safelist/Blocklist feature, export the Safelist/Blocklist database to another
machine.
3. Wait for the mail queue to empty.
4. Log into the CLI of the appliance you want to revert.
When you run the revert command, several warning prompts are issued. Once these
warning prompts are accepted, the revert action takes place immediately.
5. From the CLI, Issue the revert command and pay heed to the prompts.
Note — The reversion process is time-consuming. It may take fifteen to twenty minutes
before reversion is complete and console access to the IronPort appliance is available
again.
The following example shows the revert command:
mail.mydomain.com> revert
This command will reset the device to a different AsyncOS version.
Resetting the device will destroy all configuration, logs,
databases, and generally disrupt mail handling until reconfigured.
This command will reset the device to a different AsyncOS version.
Resetting the device will destroy all configuration, logs,
databases, and generally disrupt mail handling until reconfigured.
Resetting the device will cause an immediate reboot to take place.
The device will then reboot, reinitialize itself, and finally reboot
again to the desired version.
14
Are you sure you want to continue? yes
Are you *really* sure you want to continue? yes
Available version
Install date
=================
============
Available version
Install date
1. 5.5.0-236
Tue Aug 28 11:03:44 PDT 2007
2. 5.5.0-330
Tue Aug 28 13:06:05 PDT 2007
3. 5.5.0-418
Wed Sep 5 11:17:08 PDT 2007
Please select an AsyncOS version: 2
You have selected "5.5.0-330".
The system will now reboot to perform the revert operation.
6. Once the machine comes back up, use the serial console to configure an interface with an
accessible IP address using the interfaceconfig command.
7. Enable FTP or HTTP on one of the configured interfaces.
8. Either FTP the XML configuration file you created, or paste it into the GUI interface.
9. If you use the Safelist/Blocklist feature, import and restore the Safelist/Blocklist database.
10. Commit your changes.
The reverted IronPort appliance should now run using the previous AsyncOS version.
New: findevent CLI Command
The findevent CLI command simplifies the process of tracking messages within the system
using the onbox mail log files. The findevent CLI command allows you to search through
the mail logs for a particular message by searching for a message ID or a regular expression
match against the subject header, envelope sender or envelope recipient. You can display
results for the current log file, all the log files, or display log files by date. When you view log
files by date, you can specify a date or a range of dates.
After you identify the message you want to view logs for, the findevent command displays
the log information for that message ID including splintering information (split log messages,
bounces and system generated messages). The following example shows the findevent CLI
command tracking the receiving and delivery a message with “confidential” in the subject
header:
example.com> findevent
Please choose which type of search you want to perform:
1. Search by envelope FROM
2. Search by Message ID
3. Search by Subject
4. Search by envelope TO
[1]> 3
Enter the regular expression to search for.
[]> confidential
Currently configured logs:
1. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
Enter the number of the log you wish to use for message tracking.
[]> 1
Please choose which set of logs to search:
1. All available log files
2. Select log files by date list
3. Current log file
[3]> 3
The following matching message IDs were found. Please choose one to
show additional log information:
1. MID 4 (Tue Jul 31 17:37:35 2007) sales: confidential
[1]> 1
Tue Jul 31 17:37:32 2007 Info: New SMTP ICID 2 interface Data 1
(172.19.1.86) address 10.251.20.180 reverse dns host unknown verified
no
Tue Jul 31 17:37:32 2007 Info: ICID 2 ACCEPT SG None match ALL SBRS
None
Tue Jul 31 17:37:35 2007 Info: Start MID 4 ICID 2
Tue Jul 31 17:37:35 2007 Info: MID 4 ICID 2 From: <[email protected]>
Tue Jul 31 17:37:35 2007 Info: MID 4 ICID 2 RID 0 To:
<[email protected]>
Tue Jul 31 17:37:35 2007 Info: MID 4 Subject 'sales: confidential'
Tue Jul 31 17:37:35 2007 Info: MID 4 ready 4086 bytes from
<[email protected]>
Tue Jul 31 17:37:35 2007 Info: MID 4 matched all recipients for perrecipient policy DEFAULT in the inbound table
Tue Jul 31 17:37:35 2007 Info: ICID 2 close
Tue Jul 31 17:37:37 2007 Info: MID 4 interim verdict using engine:
CASE spam negative
Tue Jul 31 17:37:37 2007 Info: MID 4 using engine: CASE spam negative
Tue Jul 31 17:37:37 2007 Info: MID 4 interim AV verdict using Sophos
CLEAN
Tue Jul 31 17:37:37 2007 Info: MID 4 antivirus negative
Tue Jul 31 17:37:37 2007 Info: MID 4 queued for delivery
Tue Jul 31 17:37:37 2007 Info: Delivery start DCID 0 MID 4 to RID [0]
Tue Jul 31 17:37:37 2007 Info: Message done DCID 0 MID 4 to RID [0]
Tue Jul 31 17:37:37 2007 Info: MID 4 RID [0] Response '/null'
Tue Jul 31 17:37:37 2007 Info: Message finished MID 4 done
Enhanced: Reporting
In version 5.5, AsyncOS includes the following enhancements to reporting:
16
• System Capacity Report. The system capacity report gives the administrator current and
historical information about resource usage on the IronPort appliance. The report shows
CPU usage broken down by feature or by total CPU usage. The system capacity report can
be used to accomplish the following tasks:
• Determine when an Email Security Appliance is exceeding recommended capacity
and additional boxes or system tuning are needed.
• Identify historical trends in system behavior which point to upcoming capacity
issues.
• Identify which part of the system is using the most resources to assist with
troubleshooting.
• Outgoing Destinations. The Outgoing Destinations page provides information about the
domains your company sends mail to. This report can be useful in completing the
following tasks:
• Determining which domains the IronPort appliance is sending mail to.
• Determining how much mail is sent to each domain.
• Determining how much of the sent mail is clean, spam, virus positive, or stopped
by a content filter.
• Determining how many messages are delivered or bounced by the destination
server.
• Outgoing Senders Report. The Outgoing Senders page provides information about the
quantity and type of mail being sent from IP addresses and domains in your network. You
can view the results by domain or IP address when you view this page. You might want to
view the results by domain if you want to see what volume of mail is being sent by each
domain; Or, you might want to view the results by IP address if you want see which IP
addresses are sending the most virus messages or triggering content filters. This report can
be useful for accomplishing the following tasks:
• Determining which IP addresses send the most virus or spam-positive email.
• Determining which domains send the most mail (for billing or planning purposes).
• Virus Types Report. This report tracks the viruses caught by the virus scanning engines
running on the IronPort appliance. This displays a summary verdict of all scanning
engines running on the IronPort appliance (if multiple virus scanning engines run on the
machine). In addition, multiple scanning engines may use different nomenclature to
describe the same virus. In this case, the same virus may appear in the report using both
virus names.
Note — The Virus Types page may not display the same number of total viruses as the
Overview page. This can occur when a message is both spam- and virus-positive. In this
case, the spam counting takes precedence over virus counting in our reporting system to
prevent double-counting.
For more information about new reporting functionality, see “Using the Email Security
Monitor” in the IronPort AsyncOS User Guide.
Enhanced: IronPort Spam Quarantine Alias Consolidation
In version 5.5, when the system is configured for LDAP authentication, you can now
consolidate the emails sent to different aliases. This means that end-users can now receive
consolidated spam notifications. This is useful if there are several email address aliases
configured for a single user. In previous releases, such users received multiple spam
notification for each alias email address.
Note — This feature does not apply to listserv entries.
For more information about configuring alias consolidation, see “Quarantines” in the IronPort
AsyncOS User Guide.
Enhanced: Text Resources
In version 5.5, custom notifications have been expanded to include the following new and
enhanced notifications:
• User-defined HTML Encryption Notification. You can create a custom HTML notification
to send to users who receive encrypted email.
• User-defined Text Encryption Notification. You can create a custom text notification to
send to users who receive encrypted email.
• User-defined Bounce Notification. You can create a custom bounce notification to send
to users who receive bounced email.
• User-defined Delay Notification. You can create a custom delay notification to send to
users whose email delivery is delayed.
• User-defined Anti-virus Container Notification. You can create a custom anti-virus
notification to send to users when the antivirus notification contains the original message
as an attachment.
• User-defined Anti-virus Text Notification. You can create a custom anti-virus notification
to send to users when the antivirus notification is sent in place of the original message.
This notification is used when it is unsafe or undesirable to send the original message.
For more information about creating custom notifications, see “Text Resources” in the
IronPort AsyncOS User Guide.
Enhanced: Content Filters
The 5.5 version of AsyncOS includes the following enhancements to content filters:
• Enhanced Rule Builder Interface. The content filters use a new rule builder interface that
simplifies and streamlines the creation of content filters.
18
• Logging and Archiving. You can now log and archive content filter actions. The log action
allows you to save a copy of the original message, including all message headers and
recipients into an mbox-format file on the appliance. The system creates a log
subscription with the specified filename for the action.
• New alt-src-host Action. The alt-src-host action changes the source host for the
message to the source specified. The source host is the IP interface or group of IP
interfaces that the messages should be delivered from.
• Support of Action Variables. The following content filter actions now support action
variables:
•
bcc()
• bcc-scan()
• notify()
•
notify-copy()
For more information about content filters, see “Email Security Manager” in the IronPort
AsyncOS User Guide.
Enhanced: cleansmtp CLI Command
Changes to the AsyncOS operating system have resulted in changes to the way SMTP traffic is
handled. This change affects the cleansmtp command. You access the cleansmtp command
via listenerconfig -> edit -> [listener#] -> setup -> cleansmtp -> 1
The cleansmtp CLI command now has the following options:
1. Clean data
2. Reject unclean data
3. Accept unclean data, but do not clean
By default, when you upgrade, the cleansmtp setting is configured to clean data (option 1).
To accept unclean data, you can select option 3; however, for best performance, IronPort
recommends you select option 1.
For more information about configuring listeners, see “Customizing Listeners” in the IronPort
AsyncOS Advanced User Guide.
Enhanced: Graphical User Interface
In version 5.5, the GUI has been updated to use a drop-down menu rather than a sidebar
menu, and the “Commit” button has been moved to the right-hand side of the screen and has
more visible icons. In a previous release, the Support Request and Remote Access pages were
located under the System Administration drop-down menu. These page can now be found
under the “Help” menu.
Beginning with AsyncOS 5.5, the web-based UI incorporates libraries from the Yahoo! User
Interface (YUI) Library, which is a set of utilities and controls, written in JavaScript, for
building richly interactive web applications.
The YUI library supports the vast majority of browsers that are in general use. The YUI library
also has a comprehensive, public approach to browser support and is committed to making
sure that components work well in all of what are designated as "A-Grade" browsers. For more
information on graded browser support, see:
http://developer.yahoo.com/yui/articles/gbs/
Enhanced: Content Dictionaries
Content dictionaries have been enhanced in the following ways:
• Smart identifiers. You can add smart identifiers to your content dictionaries. When you
use message rules that scan message content, you can use smart identifiers to detect
certain patterns in the data. Smart identifiers can detect the following patterns in data:
• Credit card numbers
• U.S. Social Security numbers
• CUSIP (Committee on Uniform Security Identification Procedures) numbers
• ABA (American Banking Association) routing numbers
• Weighted dictionary entries. For each term in a content dictionary, you specify a
“weight,” so that certain terms can trigger filter conditions more easily. When AsyncOS
scans messages for the content dictionary terms, it “scores” the message by multiplying
the number of term instances by the weight of term. Two instances of a term with a weight
of three would result in a score of six. AsyncOS then compares this score with a threshold
value associated with the content or message filter to determine if the message should
trigger the filter action.
• Expanded limits on number of entries. In previous releases, dictionary entries were
limited to 1000 entries per dictionary. Now, dictionaries can have up to 5000 entries.
[Defect ID: 32748]
IronPort recommends that you create separate entries for each dictionary term to improve
performance and simplify GUI maintenance of your content dictionaries. If you used groups
of regex entries, such as "(word1|word2|word3)", IronPort recommends you break these up
into separate entries for better performance. If you do group terms, IronPort recommends you
use non-capturing parentheses in the following format: “(?:term1|term2|term3)”.
For more information about content dictionaries, see “Text Resources” in the IronPort
AsyncOS User Guide.
Enhanced: CLI grep Command
The grep CLI command has been enhanced to support a “count” option. The count option
displays the number of lines matching the regular expression in the log file. Use the following
syntax:
grep -c <regular expression> <log name>
20
Enhanced: Bounce Delivery Status Notification
By default, messages generated by the system use the Delivery Status Notification (DSN)
format for both hard and soft bounces. In previous releases, if the message size was greater
than 10k, the delivery status notification included the message headers only. Now, you can
configure the size of the message to include in the DSN via the CLI bounceconfig
command. This parameter is only configurable in the default bounceconfig profile, and
applies to all bounce profiles once it is configured. To configure this value, enter the message
size (in bytes) to include in the bounced notification message. If the message exceeds this
size, the status notification includes the message headers only. [Defect ID: 399]
Enhanced: Logging
In previous releases, status information was written to the mail log every minute. Now, the
status_log entries are only recorded to the status_logs. [Defect ID: 33107]
Modified: LDAP Server Connections
In previous releases, if you configured an LDAP Server profile for load balancing, and you
configured a maximum number of simultaneous connections for all hosts, the number of
connections you configured was load-balanced over all your LDAP servers. For example, if
you configured the maximum number of simultaneous connections as 10, AsyncOS would
distribute 10 connections over your LDAP servers. Now, the maximum number of
simultaneous connections represents the number of simultaneous connections to a single
server. So, if you configure the maximum number of simultaneous connections as 10,
AsyncOS creates 10 connections to each LDAP server.
Modified: SCP Port Configuration
In previous releases, the SCP port number for SCP log push was not configurable. Now, you
can configure the SCP port. [Defect ID: 32419]
Modified: Brazilian Daylight Savings Time Settings
In 2007, Brazil Daylight Savings Time will start on Oct 14th and end on Feb 17th 2008.
AsyncOS has been updated to use these settings. [Defect ID: 37176].
F IX E D I SS UE S
The following issues have been fixed in the AsyncOS for Email Security Appliances 5.5
release.
Fixed Reporting Issues
Fixed: Errors When Running Long Report Queries
Fixed an issue in which errors occurred when running long reports. Delayed logouts that
occur during report processing now behave the same as other places in the GUI. "Info:
Session lookup error due to delayed logout action” and the non-existent session is redirected
to the login page. [Defect ID: 33199]
Fixed: IronPort Email Security Monitor Underreports Connection Rejections
Fixed an issue in which the IronPort Email Security Monitor underreported connection
rejections when multiple connections rejects occur within a single minute for a single IP.
[Defect ID: 32182]
Fixed: Anti-Virus Messages Not Included in Dropped Message Count
Fixed an issue in which the IronPort Email Security Monitor did not count messages dropped
by anti-virus engines in the “dropped message” totals. This issue has been resolved. [Defect
ID: 31989]
Fixed: Reports Output in PDF Format Generate an Application Error
When generating PDF output for a report, an application error occurred if special characters
were included in the text. This issue has been addressed. [Defect ID: 31025]
Fixed: C300D/350D Appliance Displays Virus Outbreak Filters Report
In a previous release, C300D/350D appliances erroneously displayed a Virus Outbreak Filters
report. The IronPort Appliance generated an application error if you attempted to open the
report. [Defect ID: 29609]
Fixed: Virus Outbreak Reports
In a previous release, when you sorted the results of a Virus Outbreak report, the report sorted
by string rather than by number, so the sort order appeared erroneous. For example, the report
sorted as 100, 1000, 200 instead of 100, 200, 1000. [Defect ID: 29452]
Fixed: Generating Reports Using “Generate Now”
Fixed an issue in which if you selected “Generate Now” and the custom date range, the
available data field only showed the available data from the login host. [Defect ID: 29329]
Fixed: Scheduled Report Messages
In a previous release, when the IronPort appliance generated scheduled reports, the report
descriptions in the message did not contain detailed information about the reports. Because
the messages contained minimal text, they were sometimes interpreted by scanning engines
as spam. This issue has been resolved. [Defect ID: 29164]
22
Fixed: Queue Space Utilization Underreported
In a previous release, the IronPort appliance underreported the space utilized from Monitor >
System Status > Gauges. If the message queues filled completely, an application error was
generated because the IronPort appliance used the queue space gauge to determine when to
start resource conservation. This issue has been resolved. [Defect ID: 28211]
Fixed: Scheduled Reports and System Time Changes
In a previous release, scheduled reports were not generated when the clock was moved
forward in observation of daylight savings changes, and were generated twice when the clock
went back to standard time if the report was scheduled to run during the hour that was
skipped or added. This issue has been resolved. [Defect ID: 27757]
Fixed: Email Security Monitor Reporting and Outbound Mail
Fixed an issue in which Email Security Monitor did not record outbound threat messages
separately. Spam-positive outbound mail was counted as clean, but virus-positive mail was
not. [Defect ID: 27447]
Fixed Alert Issues
Fixed: Frequent SSL Alerts
Fixed an issue in which frequent SSL alerts were sent due to a problem handling an sslip.Error.
AsyncOS sent errors similar to the following:
An application fault occurred: ('coroutine/coro_ssl.py
_non_blocking_retry|98',
'sslip.Error', "(336151576, 'error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1
alert unknown ca')", '[imh/smtp_server.py main|561] [imh/smtp_server.py
cmd_starttls|865]
[coroutine/coro_ssl.py ssl_accept|143] [coroutine/coro_ssl.py
_non_blocking_retry|98]')
MID: 0
[Defect ID: 33779]
Fixed: M-Series System Alerts Not Routed as Expected
Fixed an issue in which system alert messages were not routed via the IP addresses entered.
Instead, the alerts followed DNS or smtproutes. [Defect ID: 32574]
Fixed: Erroneous Alerts Sent When Reporting Disabled
Fixed an issue in which the AsyncOS appliance sent out the following erroneous alert when
reporting was disabled and users attempted to view report pages:
Mon Nov 20 13:29:51 2006 Warning: Report Query Failed query_id:
mga_overview_outgoing_message_deliverydata_source: SimpleTotalRDS
error: <type 'classobj'> ('command_manager/command_client.py
call|242','exceptions.TypeError', 'unsubscriptable object',
'[database/ReportCatalog.py
run_report_queries|224] [reportdatasource/CounterReportDataSource.py
query|113][reportdatasource/CounterReportDataSource.py
_run_api_query|188] [query/client.py time_merge_query|356] [query/
client.py _call|212] [command_manager/command_client.py call|242]')
[Defect ID: 29605]
Fixed: Alerts and SMTP Routes
In a previous release, alerts sent from the appliance to addresses specified in the System
Administration -> Alert page (or the alertconfig command) used an A-record lookup to route
the alert instead of following SMTP routes. By contrast, SMTP routing performed an MX
lookup on the SMTP target, and then performed an A-record lookup on the host. This issue
has been resolved. [Defect IDs: 29132, 7969]
Fixed LDAP Issues
Fixed: Duplicate LDAP Query String
In previous release, if the same query string was used in different LDAP queries (for example,
you used a (mail={a}) query for acceptance and routing), the queries returned incorrect
results due to caching. This issue has been addressed. [Defect ID: 37249].
Fixed: Attribute with Duplicate Values Unsupported
In a previous release, if your LDAP database contained an attribute with duplicate values and
these values had prefix such as SMTP and SIP, AsyncOS failed to add them to the IronPort
Spam Quarantine safelist/blocklist. This issue has been resolved. [Defect ID: 37076]
Fixed: Invalid Recipients in LDAP Query Results in Erroneous 501 Error Code
In a previous release, invalid recipients in an LDAP query resulted in an erroneous 501 SMTP
error (indicating syntax issues). This error code has been replaced with a 550 SMTP error for
better accuracy. [Defect ID: 32969]
Fixed: LDAP Sievechar does not Handle empty User Gracefully
Fixed an issue in which the LDAP sievechar caused the LDAP query to fail with syntax error.
[Defect ID: 32409]
Fixed: LDAP Accept Erroneously Displayed in Trace
Fixed an issue in which the trace command erroneously showed an LDAP accept query
running on a relayed connection. [Defect ID: 31287]
Fixed: LDAP Connections Fail After Changing LDAP Settings
Fixed an issue in which changing LDAP settings, LDAP connections failed because the
IronPort appliance retained some LDAP connections that use expired connection information.
[Defect ID: 29935]
24
Fixed: Listeners Configured for Conversational LDAP Acceptance
In a previous release, a public listener configured for LDAP Accept dropped non-spam
messages released from the IronPort Spam Quarantine. The LDAP acceptance query failed
and the message was dropped. This issue has been resolved. [Defect ID: 29294]
Fixed: Policy Entries Not Matched When LDAP Routing Configured
Fixed an issue in which policy entries were not matched when LDAP routing was configured
using mailRoutingAddress and mailhost in the LDAP query. [Defect ID: 12847]
Fixed: LDAP Group Query Failures
Fixed an issue in which an LDAP Group query failure was treated as a negative response. If an
LDAP group query encountered a problem getting a response from the LDAP server, after a
short delay it gave up and assumed the query response would have been negative. This means
that a filter action could have been performed (or not performed) in error if the LDAP server
experienced a delay in responding to a query. [Defect ID: 4343]
Fixed IronPort Spam Quarantine Issues
Fixed: IronPort Spam Quarantine GUI Shuts Down Unexpectedly When Using LDAP Authentication
In a previous release, the GUI for the IronPort Spam Quarantine sometimes shut down
unexpectedly and returned an EOFError when the quarantine was configured for LDAP
authentication. This issue has been addressed. [Defect ID: 37046]
Fixed: IronPort Spam Quarantine May Display Unreadable Characters
When the IronPort Spam Quarantine displays a message, it converts the message body to
Unicode. If errors occured when converting the message body to Unicode, sometimes
characters were rendered unreadable. This issue has been addressed. [Defect ID: 35757,
36909]
Fixed: Emails Over 500k Become Unreadable When Released from Spam Quarantine
Fixed an issue in which, when a message in the IronPort Spam Quarantine is over 500k, the
top portion of the email was deleted, which removed formatting and headers. This caused the
message to be unreadable after it is released from the quarantine. [Defect ID: 32991]
Fixed: Application Fault Occurs When Viewing Poorly Formatted HTML Messages
Fixed an issue in which, when attempting to open an email from the IronPort Spam
Quarantine, application errors occurred when viewing HTML messages that were poorly
formatted. [Defect ID: 32497]
Fixed: SGML Parse Error Application Error in the IronPort Spam Quarantine GUI
Fixed an issue in which an SGML parse application errors occurred in the IronPort Spam
Quarantine GUI.
[Defect ID: 32277]
Fixed: Application Fault Occurs When Viewing Emails With High Bit Characters in Attachment
Filenames
Fixed an issue in which when attempting to open an email with high bit characters in the
attachment filename from the IronPort Spam Quarantine, the appliance displayed an
application fault instead of the message body. [Defect ID: 32201]
Fixed: Message Body Display for Multi-part MIME Messages
In a previous release, when you opened a multi-part MIME message from the IronPort Spam
quarantine, the message text may not always have displayed. [Defect ID: 31693]
Fixed: URL encoding for (+) Character Breaks URL Link in the IronPort Spam Quarantine Notification
Fixed an issue in which email addresses using the (+) character caused the URL link in the
IronPort Spam Quarantine heading to break. [ Defect ID: 31305]
Fixed: IronPort Spam Quarantine Notifications Rendered Poorly in Outlook 2007
Fixed an issue in which IronPort Spam Quarantine notifications were rendered poorly in
Outlook 2007. [Defect ID: 30638]
Fixed Width Table in the IronPort Spam Quarantine
The IronPort Spam Quarantine table was in a fixed-width format instead of being relative to
the size of the browser window. When reducing the browser to a width smaller than the table,
the table did not resize and line wrapping did not occur. [Defect ID: 30580]
Fixed: Text Attachments in the IronPort Spam Quarantine
In a previous release, if the message had an HTML main body and a text attachment, the text
attachment was displayed as the main body in the IronPort Spam Quarantine. This issue has
been resolved. [Defect ID: 29484]
Fixed: Message Display in IronPort Spam Quarantine
Fixed an issue with the message display in the IronPort Spam Quarantine. Plain text messages
were not permitted to wrap in the table cell designated for the message. The message and
headers were displayed in a font and size that were difficult to read. [Defect ID: 28713]
Fixed Message and Content Filter Issues
Fixed: Stellent Scanning Engine Does Not Scan Corrupted PDF Files
In a previous release, the Stellent scanning engine did not support scanning corrupted PDF
files. Now, the Stellent scanning engine can scan certain types of corrupted PDF files. [Defect
ID: 35513]
Fixed: Filters Incorrectly Identify Microsoft Project File Type
Fixed an issue in which filters configured to identify Microsoft Project Files (mpp files) were
unable to identify the Microsoft Project file type. This issue has been addressed. [Defect ID:
33451]
26
Fixed: Message and Content Filters Not Working Under Trace
Fixed an issue in which message and content filters that test header values did not always not
work correctly under trace. [Defect ID: 32972]
Fixed: Invalid Content Filters are Impossible to Detect
Fixed an issue in which content filters were not validated. [Defect ID: 32552]
Fixed: Word Boundaries in Content Dictionaries
Fixed an issue in which using the “Whole Word” (word boundary) setting in content
dictionaries did not work as expected when dictionary entries started or ended with a nonword character. This issue has been addressed. [Defect ID: 32414]
Fixed: attachment-filetype == "mov" does not Detect All Formats of QuickTimeFile
Fixed an issue in which the attachment-filetype did not detect all formats of QuickTime files.
[Defect ID: 32394]
Fixed: Notify Filter Action Generates UnicodeEncodeError and "Invalid Filter" Warning
Fixed an issue in which the notify filter action generated UnicodeEncodeError and invalid
filter warnings. [Defect ID: 31400]
Fixed: Application Error Occurs While Specifying Incorrect Value for Remote IP Rule
Fixed an issue in which the IronPort appliance returned an application fault when specifying
an incorrect value for the Remote-IP rule in a content filter. [Defect ID: 30972]
Fixed: Filetype Media Fails to Match on mp3 with Type MPEG ADTS, layer III
Fixed an issue in which mp3 with type MPEG ADTS, layer was not detected by content
scanning. A new mp3 attachment file type was added to conditions in content filters. [Defect
ID: 29801]
Fixed: Content Filter Conditions for Envelope Sender and Envelope Recipient Require All Test
Conditions
Fixed an issue in which the following conditions were missing for Envelope Sender and
Envelope Recipients:
• Contains
• Does not contain
• Equals
• Does not equal
• Begins with
• Does not begin with
• Ends with
• Does not end with
• Matches term in dictionary
[Defect ID: 23737]
Fixed: Circle '1' Character Not Matched by Content Dictionary or Filters
Fixed an issue in which circle '1' character was not matched by content dictionary or filters.
[Defect ID: 12986]
Fixed: Inability to Reorder Content Filter Rules in GUI
Fixed an issue in which it was not possible to reorder content filter conditions in the GUI.
[Defect ID: 8644]
Fixed Clustered Environment Issues
Fixed: Clustered Appliances Running AsyncOS 5.0 or Higher Lock Up
On clustered appliances running AsyncOS version 5.0 or higher, the appliance sometimes
locked up. This occurred because the network stack got stuck waiting on a gateway route lock
for which the gateway route was gone. This issue has been addressed. [Defect ID: 36666]
Fixed: Application Errors Occur When Configuring Reporting in a Cluster
When configuring reporting settings for a clustered environment, the IronPort Appliance
sometimes generated an application error. Using the reportingconfig command to
modify the counters level may also have caused and application error. To configure reporting
settings, it may have been necessary to specify in reportingconfig to use the machine
setting for all machines. [Defect IDs: 32242, 32264]
Fixed: “Last” CLI Command Fails in Cluster Mode
Fixed an issue in which the “last” command fails in cluster mode. [Defect ID: 4301]
Fixed Configuration File Issues
Fixed: Loadconfig Returns Error if SNMPconfig System Contact String Contains Angle Brackets
When running the SNMPconfig CLI command, entering angle brackets in the “System Contact
string" setting, causes the loadconfig to fail. For example, the loadconfig CLI command will
fail if you use the following syntax for the “System Contact string” setting:
John Smith, <[email protected]> 408-123-1234
Workaround: Remove the angle brackets from the entry.
Note — In addition, '&' is not allowed in the “System Contact string” setting.
[Defect ID: 33833]
Fixed: Loadconfig Fails When Destination Configuration Entry Starts with . (dot)
Fixed an error in which when a destination configuration entry started with a . (dot), the
loadconfig command failed. [Defect ID: 33002]
28
Fixed: Content Filter Containing a Notify Action Become Invalid After Loading Configuration File
Fixed an issue that occurred when you load a configuration file containing a content filter
with a notify action that does not use a notification template, the content filter (using the
notify action) became invalid. [Defect ID: 32549]
Fixed: Loadconfig Fails When IronPort Anti-Spam is Enabled
Fixed an issue that occurred if you enabled IronPort Anti-Spam and ran the loadconfig
command from the CLI, the IronPort appliance returned the following error:
Parse Error on element "case_region" line number 748 column 20: That
value is not valid. Parsing failed. Aborting. <case_region></
case_region>
[Defect ID: 32426]
Fixed: Unable to Load Configuration File After Adding Reporting Configuration
Fixed an issue in which the IronPort AsyncOS appliance displayed the following error after
attempting to load a configuration file with reporting settings saved to it:
Configuration File was not loaded. Parse Error on element
"periodic_report_rows" line number 1375 column 33: The value must be an
integer.
[Defect ID: 32235]
Fixed: BCC Content Filters Do Not Accept Action Variables for To: or From: Headers
Fixed an issue in which the bcc: content filters did not accept action variables for To: and
From: headers. [Defect ID: 20908]
Fixed Domain Keys Signing Issues
Fixed: Processing DKIM-signed Messages Optimized
In a previous build, when DKIM signing was enabled, some emails were very expensive to
evaluate. The process for DKIM signing has been optimized to address this issue. [Defect ID:
37107]
Fixed: Application Error Occurs When Evaluating Message Filters or Antispam Rules
In a previous build, when Domain Key signing was enabled, the AsyncOS operating system
sometimes returned application errors when evaluating message filters or antispam rules.
[Defect IDs: 36809]
Fixed: Trace Command Not Working for Domainkey Signing
Fixed an issue in which the trace command sometimes does not correctly trace domainkey
signing. [Defect ID: 33096]
Fixed Updater Issues
Fixed: Static Downloads Unavailable on M-Series
Fixed an issue in which, on the M-Series appliance, you could not reconfigure the device to
use the static download service when checking for feature keys. [Defect ID: 31454]
Fixed: Updater Needs to Use HTTPS Proxy
Fixed an issue in which the updater used the http proxy instead of the https proxy. [Defect ID:
30928]
Fixed Upgrade Issues
Fixed: Traceback Error After Performing saveconfig or mailconfig After Upgrade
When you upgrade an IronPort appliance in which the log retrieval method is configured for
SCP push, you may get a traceback error when performing saveconfig or mailconfig. This
occurs because a port parameter is missing from the configuration file.
[Defect ID: 35043]
Fixed: Transient Network Errors During Upgrade May Result in Disconnection
When performing an upgrade, transient network errors may cause the IronPort Appliance to
disconnect users from the CLI. If you are disconnected from the CLI during an upgrade, wait a
short time, and attempt to run the upgrade again. [Defect ID: 32687]
Fixed: Antivirus Scanning Engines
Fixed: Sophos Header Files Need Updating
Fixed an issue in which new error code in the Sophos engine was not recognized by
AsyncOS, which caused an excessive number of alerts. Now, this error code does not
generate alerts. [Defect ID: 36518]
Fixed: McAfee Antivirus Scanning Engine Hangs
Fixed an issue in which the McAfee antivirus scanning engine was hanging. This caused the
workqueue to pause on antivirus scanning and back up. This issue is now resolved. [Defect
ID: 31718]
Other Fixed Issues
Fixed: Incoming Relays Cause Incorrect IP and Host in the Received Header
In a previous release, with the incoming relay feature enabled, when AsyncOS received a
connection, the first email on that connection had the correct received header added; however, the
second and any additional emails on the same ICID logged the IP and hostname of the previously
injected email. As a result, all email other than the first one received on a relay connection
displayed random IPs and hostnames in the received header, instead of the correct IP and
30
hostname. This issue has been addressed. [Defect ID: Fixed: Incoming Relays Cause Incorrect IP
and Host in the Received Header
In a previous release, with the incoming relay feature enabled, when AsyncOS received a
connection, the first email on that connection had the correct received header added;
however, the second and any additional emails on the same ICID logged the IP and hostname
of the previously injected email. As a result, all email other than the first one received on a
relay connection displayed random IPs and hostnames in the received header, instead of the
correct IP and hostname. This issue has been addressed. [Defect ID: 35215]
Fixed: Messages Truncated in the Work Queue if Headers Exceed the Header Line LImit
If a message that is close to the header line limit (default is 1000) is accepted, filters applied to
the message may add headers, causing the header line limit to be exceeded. This results in
messages in the work queue that may be truncated in the middle of a header, such as the
following:
Header-1: value1<CRLF>
Header-2: value2<CRLF>
Heade
This can result in problems when processing the mail with the truncated header. This issue
has been addressed. [Defect ID: 37207]
Fixed: AsyncOS Stamps One Received Header Per Recipient
In a previous release, when AsyncOS was configured to stamp the hostname of the Virtual
Gateway used for delivering the message on the email, that email got one received header
stamped on it for every recipient with a different domain. The extra received headers
sometimes resulted in emails being discarded. This issue has been addressed. [Defect ID:
37197 ]
Fixed: Mail Handling Process Stops with Malformed Message
IronPort has become aware of a malformed message that can stop the mail handling process
on an Email Security Appliances when a BCC() action is configured in a message or content
filter. [Defect ID: 36212]
Fixed: DSN Bounce Messages are not RFC Compliant
Fixed an issue in which the "Reporting-MTA" field was not in the "per-message-fields" as
specified in RFC 1894. The DSN bounce message is now RFC compliant. [Defect ID: 36231]
Fixed: SGML Parse Error Application Error in the IronPort Spam Quarantine GUI
Fixed an issue in which an SGML parse application errors occurred in the IronPort Spam
Quarantine GUI. [Defect ID: 32277]
Fixed: TLS Certificate Verification Fails
Fixed an issue in which TLS certificate verification failed due to changes in the verification
process. TLS certificate verification now checks the hostname of the receiving machine.
[Defect ID: 36095]
Fixed: SNMP Hardware Monitoring Erroneously Displays CPU Temperature for C150 Appliances
In a previous release, the SNMP monitoring traps returned data for CPU temperature on C150
appliances although the C150 appliance did not provide temperature data. As a result, CPU
temperature data for C150 appliances returned via the SNMP trap was inaccurate. This issue
has been addressed. [Defect ID: 35398]
Fixed: New Zealand Daylight Savings Times Updated
The AsyncOS time zone data has been updated to address the newly implemented daylight
savings time for New Zealand. New daylight saving will commence on Sunday 30 September
2007, and end on 6 April 2008. [Defect ID: 34977]
Fixed: Kernel Panic When Rebooting
On the 2950 platform, a kernel panic occurred sometimes after rebooting (or after rebooting
on upgrades). This issue has been addressed. [Defect ID: 33165]
Fixed: IncomingRelay not Working for Messages Received on RELAY policy
Fixed an issue in which incoming relay only works for incoming mail (mail not on a RELAY
policy). [Defect ID: 32786]
Fixed: Changing SBRS Setting with listenerconfig CLI Command Not Displayed in GUI
Fixed an issue in which SBRS settings changed through the listenerconfig CLI command
were not reflected in the GUI. [Defect ID: 32727]
Fixed: Partitions Filling Up
Fixed an issue in which the /var/log/godspeed partition was filling up when certain logs did
not get deleted. These logs now get deleted on startup. [Defect ID: 32382]
Fixed: Administrator Access to tcpdump CLI Command
Fixed an issue in which the CLI tcpdump command was accessible to users other than
Administrators. [Defect ID: 31703]
Fixed: Foreign Character Footer Stamping Causes Messages to Be Unreadable
Fixed an issue in which foreign characters caused footer stamping to render messages
unreadable. This issue has been addressed. [Defect ID: 30822]
Fixed: Raid Events Not Detected or Reported Via SNMP on C30/60 Appliances
Fixed an issue in which hard disk failures and raid events were not detected or reported when
attempting to query disk removal, disk rebuild, and rebuild complete via SNMP on the C30/
C60 appliance. This issue has been addressed. [Defect ID: 30606].
Fixed: Serial Console Unresponsive on C350/650 and M350/650 Login Screen
Fixed an issue in which logging onto the serial console on the C350/650 and M350/650
IronPort appliances might not have displayed a login prompt and might not have accepted
keystrokes. This issue has been addressed. [Defect ID: 30590]
32
Fixed: SNMP raidTable Not Found After Upgrading a C350/650 or M350/650 Appliance
After upgrading a C350/650 or M350/650 appliance to AsyncOS version 5.0 or later,
attempting to query the SNMP attributes for raidTable sometimes returned the following error:
SNMPv2-SMI::enterprises.15497.1.1.1.18 = No Such Object available on
this agent at this OID
[Defect ID: 30476]
Fixed: MTU Settings Not Configurable
Fixed an issue in which MTU settings were not configurable.
Now, you can configure MTU settings from the CLI command etherconfig -> MTU View and configure MTU
[Defect ID: 28306]
Fixed: MIME Parsing Too Rigid
Fixed an issue in which strict MIME parsing resulted in excessive bounces. [Defect ID: 12989]
Fixed: AsyncOS Locks Up When 3GB of Memory Allocated
Fixed an issue in which the AsyncOS appliance locked up when 3GB of memory was
allocated and resident. [Defect ID: 19593]
Fixed: Failed Attempts to Connect to Remote Destinations Not Logged
In a previous release, failure to connect when attempting delivery to a remote destination was
not logged. This was caused by a firewall or other network change or failure. This issue has
been resolved. [Defect ID: 12113]
Fixed: Findevent CLI Command Does Not Track Some Message Rewrites
Fixed an issue in which the findevent CLI command did not track a new message ID for a
message that was rewritten (for example, when you use the drop-attachments-by-size
message filter) This issue has been addressed. [Defect ID: 35977]
Q U A L I F I E D U P G R A D E PA T H S
Version 5-5-1-008 is the AsyncOS for Email Security Appliances 5.5.1 release of the IronPort
AsyncOS operating system.
The qualified upgrade paths to this release are:
From: Version 5-1-0-320 To: Version 5-5-1-008
UPG R A DE IN ST R UC T IO NS
Pre-Upgrade Notes
Important Notes
As a best practice, IronPort recommends preparing for an upgrade by taking the following
steps:
1. Save the XML configuration file off box.
2. If you are using the Safelist/Blocklist feature, export the list off box.
3. Suspend the listeners.
4. Drain the mail queue and the delivery queue.
Please be aware of the following upgrade impacts:
• Upgrading to AsyncOS 5.0 or later from a previous release will erase your existing Mail
Flow Monitor data. For information about how you can export and save your data before
you upgrade, see “Replacing Mail Flow Monitor in AsyncOS Version 5.0 or Later” on
page 37.
• Upgrading to AsyncOS 5.0 or later from a previous release will erase all scheduled and
archived reports from your system.
34
Upgrading and the Mail Flow Central Product
1. AsyncOS 4.5.0 and later mail logs are not compatible with Mail Flow Central version 1.2.
If you are interested in upgrading but use Mail Flow Central version 1.2, please contact
Customer Support. You will need to upgrade your Mail Flow Central 1.2 installation prior
to upgrading your IronPort appliance.
2. Mail Flow Central 1.3 does not currently support the new features available in the 4.6.0
release. Users who upgrade to AsyncOS 4.6 or newer may see the following:
• Messages sent to a quarantine may appear to be pending messages.
[Defect ID: 21866]
• Messages release from IronPort Spam Quarantines are counted as outbound
messages. In domain reports, the message appears as outbound in the total email
volume section and in the outbound email by sending host section.
[Defect ID: 21887]
3. When pre-4.6.0 data is included in a time range, an approximate value is calculated and
displayed in the Attempted Messages column. This value is calculated based on
pre-upgrade data. However, when the column is sorted, the sort order favors senders
observed after the upgrade to 4.6. This issue does not appear when all data in the selected
time range is collected after the upgrade to 4.6.
Configuration Files
IronPort does not generally support the backward compatibility of configuration files with
previous major releases. Minor release support is provided. Configuration files from previous
versions may work with later releases; however, they may require modification to load. Check
with IronPort Customer Support if you have any questions about configuration file support.
Custom Notification Templates
If you previously used a custom notification template, headers were included by default.
When you upgrade to AsyncOS version 5.0 or later, notification templates do not include
headers by default. To include headers, you can add the $allheaders message filter action
variable. [Defect ID: 27710]
Message Filter Syntax
In a previous release, you may have used a message filter similar to the following to search for
empty or non-existent subject headers:
blankSpam:
if ((subject == "^$") AND (header("To") == "^$")) AND (body-size <
3072)
{
insert-header("X-Spam", "$FilterName"); quarantine("Policy");
}
In a previous release, this filter treated a non-existent header as if it was an empty header. In
version 5.0 and later, the condition (header("To") == "^$")) only returns true if the
header exists and is empty.
For more information, see the IronPort AsyncOS Advanced User Guide.
[Defect ID: 29225]
Received Headers
When you configure the IronPort appliance to use received headers, you can specify that the
header reflects one of the following hostnames:
• The hostname of the Virtual Gateway used for delivering the message
• The hostname of the interface the message is received on
You specify the hostname from the CLI command listenerconfig-> setup. You cannot
configure the hostname from the GUI.
In AsyncOS version 5.0 and later, if you configure the received header to display the
hostname of the interface the message is received on, a strip-header filter action
configured to strip received headers will strip the received header inserted by the IronPort
appliance. [Defect IDs: 16254, 25816]
Feature Keys
In AsyncOS version 5.0 and later, the AsyncOS appliance checks for and applies feature keys
at one minute intervals. Therefore, when you add a feature key, it may take up to a minute to
view the changes. [Defect ID: 29160]
Virus Logs
In previous releases, virus-positive messages were logged as information:
Mon Jul 31 17:53:29 2006 Info: sophos antivirus - MID 10143657 Result 'VIRAL'('ENCRYPTED',)
In AsyncOS version 5.0 and later, virus logs are logged as warnings:
Thu Sep 28 16:32:46 2006 Warning: sophos antivirus - MID 3 - Result
'VIRAL'('UNSCANNABLE',)
[Defect ID: 26317]
Encryption
Please note that AsyncOS version 5.5.1 is compatible with version 6.2.7.4 of the IronPort
Encryption appliance.
Configuring the Update Server on Version 5.1 or Later
In AsyncOS version 5.1 or later, you can use McAfee anti-virus scanning as well as Sophos
anti-virus scanning.
36
The McAfee engine retrieve update information from a different server than the other
scanning blades. You may need to create firewall rules to allow update traffic for this service.
To configure the firewall, allow updates from update-manifests.ironport.com on port
443.
Replacing Mail Flow Monitor in AsyncOS Version 5.0 or Later
When upgrading to AsyncOS version 5.0 or later, IronPort Mail Flow Monitor is replaced with
IronPort Email Security Monitor. As a result, existing Mail Flow Monitor data is erased and the
incoming and outgoing mail data is reset from the time the upgrade completes.
To save existing data, you can use the CLI exportmailflow command to export the data to
a CSV file.
Note — You can save and archive the exported data, but you cannot reimport it into the Email
Security Monitor.
The following example shows the exportmailflow command:
example.com> exportmailflow
Please enter report type (minute, hour, day).
[hour]> minute
Please enter start time ([mm/dd[/yyyy]] HH:MM):
[15:00]> 01/01/1950 12:00
Please enter end time ([mm/dd[/yyyy]] HH:MM):
[17:00]> 01/01/2007 12:00
Do you want to specify an IP address range? [N]> n
Please enter output file name.
[mailflow.csv]> mailflow.csv
If you specify an IP address range, AsyncOS can retrieve the specific IP address range of the
remote machine you want to save data from. This allows you to skip downloading the entire
mailflow database.
When you run the CLI command, AsyncOS saves the CSV file to the root directory under the
default name mailflow.csv.
To access this directory, FTP to the AsyncOS appliance and use the FTP get command to
transfer the CSV files from the remote machine to your local machine.
Upgrading to the AsyncOS 5.5.1 Release
Use the following instructions to upgrade your AsyncOS appliance.
1. Save the XML configuration file on another machine.
2. If you use the Safelist/Blocklist feature, export the Safelist/Blocklist database to another
machine.
3. Suspend all listeners.
4. Drain the mail queue and the delivery queue.
5. Initiate the upgrade.
6. Reboot.
7. Resume all listeners.
8. From the System Administration tab, select the System Upgrade page.
9. Click the Available Upgrades... button. The page refreshes with a list of available AsyncOS
upgrade versions.
10. Click the Begin Upgrade... button and your upgrade will begin. Answer the questions as
they appear.
11. When the upgrade is complete, click the Reboot Now button to reboot your IronPort
appliance.
Performance Advisory
DomainKeys and DKIM Signing- DomainKeys and DKIM signing outgoing email can cause a
decrease in the message throughput capacity. Using smaller signing keys (512 byte or 768
byte) can mitigate this.
SBNP - SenderBase Network Participation now uses the Context Adaptive Scanning Engine
(CASE) to collect data to power IronPort Information Services. In some configurations
customers may experience a moderate performance decline.
Virus Outbreak Filters - Virus Outbreak Filters now uses the Context Adaptive Scanning
Engine to determine the threat level of a message and scores messages based on a
combination of Adaptive Rules and Outbreak Rules. In some configurations, you may
experience a moderate performance decline.
IronPort Spam Quarantine - Enabling the IronPort Spam Quarantine on-box for a C-Series or
X-Series appliance causes a minimal reduction in system throughput for nominally loaded
appliances. For appliances that are running near or at peak throughput, the additional load
from an active quarantine may cause a throughput reduction of 10-20%. If your system is at or
near capacity, and you desire to use the IronPort Spam Quarantine, consider migrating to a
larger C-Series appliance or an M-Series appliance.
If you change your anti-spam policy from dropping spam to quarantining it (either on-box or
off-box), then your system load will increase due to the need to scan additional spam
messages for virus and content security. For assistance in properly sizing your installation
please contact your authorized IronPort support provider.
38
Upgrading and the AsyncOS Reporting Feature
On AsyncOS version 5.0.0-241, IronPort disabled the following counters associated with a
performance impact on the C10/100/30/300 appliances:
• On the Domain Details page > IP Addresses Table > “Stopped by Reputation Filtering”
column.
• On the Network Owner Details page > Domains table > "Rejected Connections,"
“Stopped by Reputation Filtering,” and “Stopped by Recipient Throttling Connections
Rejected” columns.
If you upgrade from version 5.0.0-241, these counters are no longer disabled. Now, when the
appliance is under heavy load, an exact count of rejected connections is not maintained on a
per-sender basis. Instead, rejected connection counts are maintained only for the most
significant senders in each time interval. For more information, see “Using the Email Security
Monitor” in the IronPort AsyncOS User Guide.
In addition, the following granularity has been removed from reporting:
• “Custom number of months” from Scheduled Reports > Add/Edit.
• “Custom time range (months)” from Archived Reports > Generate Report Now.
These metric were added in the AsyncOS 5.0 release, so you do not lose any functionality if
you are upgrading from AsyncOS 4.7.x or earlier. If you used these reporting metrics in the
AsyncOS 5.0 release, you will need to modify your reports.
If you upgrade from AsyncOS 4.7.x or earlier, and you configured a log called “reporting,”
this conflicts with the default “reporting” log created by the 5.x AsyncOS appliance. This
conflict generates an application error similar to the following:
Thu Apr 19 17:24:21 2007 ('godlib/dict_utils.py handle_duplicate|35',
'exceptions.ValueError', "Key 'reporting' is already registered.",
'[hermes/hermes.py
run|110] [hermes/hermes.py _run1|350] [client/config.py init|105]
[client/config.py
enable|123] [qlog/config_glue.py add_internal_subscription|324] [qlog/
register.py
add_subscription|537] [godlib/dict_utils.py handle_duplicate|35]
To avoid this application error use the Log Subscriptions page on the System Administration
tab (or the logconfig command in the CLI) to remove or rename the “reporting” log file.
[Defect ID: 32958]
KNOWN ISSUES
The following list describes known issues in this release of AsyncOS:
Email Security Monitor and Reporting Issues
Report Titles Display Incorrectly When Using Multibyte Characters
Entering multibyte character in report title results in unreadable characters. Report titles are
converted to character entity references. [Defect ID: 33729]
Reports Exported in CSV Format Display Entries for Metrics with No Data
When you export a report in CSV format, it displays an entry with a value of 0 for metrics with
no data, instead of skipping the metric in the report. This line can be ignored. [Defect ID:
33223]
Reporting Graphs and PDFs Do Not Support Double Byte Characters
When you generate reports or PDFs of reports using double byte characters, the characters do
no display properly. This issues manifests itself only in cases where you create a system
resource and name it with double-byte characters. For example, if you have a content filter
named "déjà-vu" and it was one of the top 10 content filters referenced in the report, the PDF
version would have the "é" and the "à" characters rendered incorrectly. [Defect ID: 27275]
Localization for PDF Reports
When you generate a PDF report from an AsyncOS appliance configured for localization, the
PDF report does not display localized text. Localized text will be available for report PDFs in
a later release. [Defect IDs: 27275, 31830, 31787]
Virus Outbreak Reports
Adaptive rules do not count towards protection time, and the protection time number does
not increment. [Defect ID: 29451]
Global Outbreak Reporting Counter Errors
When virus outbreaks occur outside of the specified time range, the Global Outbreak Filters
report may include global outbreak statistics for outbreaks that do not occur within the
specified time range. This occurs because the report is not accounting for its offset from GMT
which is the timezone used for global data. [Defect ID: 29608, 29612]
Application Errors
When you generate a report, you may sometimes get blank pages or application faults. This is
due to an internal error. [Defect ID: 33489]
Tables on the Monitors Tab Truncate Rows with Zero Values
When you sort values in tables on the Monitor tab, only rows with values greater than zero for
the sorted column are displayed. Although accurate, when there only a few rows with values
greater than zero, the table may appear truncated. [Defect ID: 28900]
Outbreak Viruses Not Counted in Email Security Monitor Overview
From the Monitor > Overview page, viruses found after a message is released from the Virus
Outbreak Filters quarantine are not counted towards the number of viruses detected. [Defect
ID: 29449]
40
Active Recipient Virtual Gateway Counter Incorrect
When you run the hoststatus command, the active recipient virtual gateway counters may be
incorrect if you deliver emails that are queued up in the retry queue with a delivernow
command, change the smtproute, or perform deleterecipients. These issues only occur when
you use virtual gateways. [Defect IDs: 32417, 32141]
Global Unsubscribed Recipients and Message Counting
Global unsubscribed recipients are handled as clean recipients in reports. [Defect ID: 27047]
Email Security Monitor Report for 300D/350D Appliance Displays Extraneous Counters
The totals shown in the Email Security Monitor Overview report for C300D/350D appliances
erroneously include spam and suspect spam counts. [Defect ID: 34562]
Alert Issues
Power Supply Failure and Alerting
Currently, an alert is not sent if a power supply fails in an IronPort appliance. You can,
however, monitor power supply status via SNMP (see the IronPort AsyncOS Advanced User
Guide for more information). [Defect ID: 25901]
No Alerts Sent for CMOS Battery Failure
If the CMOS battery fails, the IronPort appliance does not send an alert. Instead, the system
front panel LCD may display an error condition. [Defect ID: 29262]
LDAP Issues
LDAP Group Query Field Truncates Group Query
When you create a new LDAP profile that includes a long group query, the query string is
truncated when you add the LDAP group query to an incoming mail policy. You can work
around this by saving the mail policy and returning to the policy to edit it. When you return to
the policy, the field expands to display the full query text. [Defect ID: 27607]
LDAP Routing Query Issue
LDAP routing queries that resolve to an attribute in a routing address such as:
mailAlternateAddress: “Joe User” <[email protected]>
will perform DNS lookups on the string “example.com>” (note the ending angle bracket).
The system is unable to parse the angle brackets in the attribute. The DNS lookup will then
fail. [Defect ID: 8074]
IronPort Systems recommends constructing queries and issuing the test subcommand to
ensure that all configured LDAP queries will resolve with expected results.
LDAP Group Queries are not Supported for Lotus Notes
Due to the way that Lotus Notes handles group membership, LDAP group queries are not
supported for Lotus Notes in this release. [Defect ID: 18102]
IronPort Spam Quarantine Issues
Notifications
If the “Enable End-User Quarantine Access” checkbox is selected and the “Enable Spam
Notification” checkbox is also selected, then all users will receive notifications. If the “Enable
Spam Notification” checkbox is selected and the “Enable End-User Quarantine Access”
checkbox is not selected, then only the administrator configured in the “Deliver Bounced
Messages To” field is notified of new spam in the quarantine. There is no way to control or
limit recipients of notifications at this time, other than setting different quarantine options for
groups of users in the Email Security Manager. [Defect ID: 20470]
M-Series Appliance Sending Mail
For mail reinjected into a C- or X-Series appliance from an M-Series appliance, the C-Series
appliance will skip the RAT, work queue, aliasing, masquerading, and other message
processing that was already done on the first pass before being quarantined on the M-Series
appliance.
However, the C-Series appliance must be configured in the HAT to accept mail from the
M-Series host, or this mail will be rejected, and the bounce may be rejected as well. [Defect
ID: 23759]
IronPort Spam Quarantine and Available Disk Space
Disk space on your IronPort appliance is shared between the IronPort Spam Quarantine, log
files, and other data. If the shared space becomes nearly full with logs or other items, the
IronPort Spam Quarantine will begin purging old data even if the quarantine has not yet
reached its configured maximum capacity. [Defect ID: 22185]
tophosts and the IronPort Spam Quarantine
On upgrade or installation, the CLI command tophosts will immediately display an entry for
the IronPort Spam Quarantine, even if the quarantine has handled no messages. [Defect ID:
21161]
Message and Content Filter Issues
attachment-protected Filter Condition Does Not Detect All Password-protected Files
The filter condition, attachment-protected, may not detect all password-protected files. It
detects password-protected Word, Excel, PowerPoint, PDF, and Zip files. [Defect ID: 37453]
Content Filter Features Not Available from CLI
The following content filter conditions available in the GUI are not available in the CLI:
• Attachment Filename
• Attachment File Type
• Attachment MIME Type
• Subject Header
42
• Other Header
• Envelope Sender
• Envelope Recipient
• DKIM Verification
The following content filter functionality available in the GUI are not available in the CLI:
• You cannot delete conditions or actions
• You cannot reorder conditions and actions
[Defect ID: 35711]
Non-ASCII Characters in Content Filters Do Not Display Correctly
When you attempt to edit non-ASCII characters in a content filter action or condition, the
form that the GUI displays is not filled in correctly. If you click ‘Cancel’, there should be no
change to the text. However, if you modify the text, you will need to reenter the non-ASCII
characters. [Defect ID: 36525]
Log files Created via the Archive Filter Action not Stored in Configuration File
When you create a log file via the archive filter action, the log file is not stored to the XML
configuration file in the way that other log files are. Therefore, saving the configuration file
does not store this log file. [Defect ID: 34560]
“Message Body Matches Term in Dictionary” Condition Not Available
The 'contains term in content dictionary' rule cannot be used with the 'Message Body'
condition. [Defect ID: 33768]
Unable to Detect .exe files Embedded in Microsoft Office 2007 Documents
When .exe files are embedded in Microsoft Office 2007 documents, the scanning engine is
unable to detect the .exe attachment using the attachment-filetype == "Executable"
filter condition. [Defect ID: 33350]
Embedded Uuencoded Data Treated as Message "Content"
When using message filters to scan messages, the scanning engine associates a uuencoded
attachment with the MIME part in which the attachment was found. As a result, the scanning
engine sometimes skips performing some message filter actions on uuencoded data. For
example, if the uuencoded attachment is embedded in a message body, the attachmentfiletype skips the uuencoded attachment because it is associated with the content MIME part.
[Defect ID: 29703]
Content Scanning Does Not Support Scanning .mdb File
The content scanning engine does not support scanning .mdb files. [Defect ID: 25849]
Application Error with Message Filters and the archive() Action
If, while processing a message, a message filter references a log subscription that has been
removed, an application error may be generated. This happens when the change is made
while the filter is processing the message, typically due to loading a new configuration file.
[Defect ID: 27764]
Filters Issues
•
The Body Scanning feature is not intended to be a first-line attack against potential spam.
A workaround is to enable Brightmail Anti-Spam on the appliance, as Brightmail rules are
updated every few minutes.
• If a filter uses any kind of variable substitution that involves a message header, the
substituted value is always the original value, ignoring any changes made. [Defect ID:
11321]
Content Dictionary Entries
Content dictionary entries with the regular expression: “.*” at the beginning or end will
cause the system to lock if a match for the “word” MIME part is found. [Defect ID: 11843]
IronPort Systems recommends you do not use “.*” at the beginning or end of a content
dictionary entry.
Header Insertion of International Character Sets
Using the insert-header message filter or content filter action to insert headers that
contain international character sets can impact system performance. [Defect ID: 9392]
Using Alt-Mailhost to Redirect to IronPort Spam Quarantine Corrupts Files
Using the Alt-Mailhost message filter or content filter action to redirect messages to the
IronPort Spam Quarantine results in corrupted messages. [Defect ID: 29442]
Clustered Environment Issues
Application Fault Occurs During Cluster Initialization
In a clustered environment, sometimes a configuration notification was sent from a cluster to
an IronPort appliance while the AsyncOS operating system for that machine was starting. This
desynchronization caused an application fault similar to the following:
Tue Aug 7 15:00:21 2007 Critical: An application fault occurred:
"('imh/imh.py
start_server|477', 'exceptions.TypeError', 'unsubscriptable object',
'[coroutine/coro.py
wrap|736] [imh/imh.py imh_manager|893] [imh/imh.py
injector_update|1114]
[imh/imh.py start_server|477]')"
28:
Tue Aug 7 15:00:07 2007 Need to retrieve: (cluster )
hermes.imh.injectors
44
28:
Tue Aug
7 15:00:07 2007 Setting on remote side:
28:
Tue Aug
7 15:00:07 2007 sync_update
28:
Tue Aug
7 15:00:07 2007 sync_retrieve
Tue Aug 7 15:00:07 2007 High latency (1.450s) for <coro <function
_in_parallel_wrap
at 0x85ad534> #
28 [5] (frame 0x86a1c0c wait) at 0x89bd140>
28:
Tue Aug 7 15:00:17 2007 Setting data to self: (cluster )
hermes.imh.injectors
= (2279, 1186
511694413514L, '0019B9B0CE9C-30NWLC1', 'benecja')
28:
Tue Aug
7 15:00:21 2007 _sync_config done
Workaround: If you receive this application fault, reboot your IronPort appliance. [Defect ID:
36605]
In Clustered Environment, Original Bounced Message Is Cut Off at 10K
Bounce messages generated by the system, by default, use the Delivery Status Notification
(DSN) format for both hard and soft bounces. In a clustered environment, if the message size
is greater than 10k, the delivery status notification includes the message headers only. This
defect is originally logged as defect ID 399, but the issue now exists in clustered
environments only. [Defect ID: 36236]
Orphaned Connections in Clustered Environment
In a clustered environment, connections may be orphaned. Normally this does not cause
problems, but occasionally it may cause CPU usage to max out. Rebooting your IronPort
appliance resolves this issue. [Defect ID: 34441]
Clusterconfig Setgroup May Assign Node to Wrong Group
If one of the groups name starts with a numeric character, attempting to assign systems to the
non-default cluster group may fail. Systems may be assigned to the wrong group. [Defect ID:
30516]
Centralized Management C300D/350D with Non-C300D/350D Appliances Unsupported
In a clustered environment, you cannot combine C300D/C350D appliances with AsyncOS
appliances that are not configured with the delivery performance package. [Defect ID:
26565]
Cannot Edit policyconfig Settings for a Group without a Machine
In a clustered environment, if a group does not contain a machine, you cannot edit the
policyconfig settings from the CLI. However, as a workaround, you can edit the settings from
the GUI interface. [Defect ID: 30386]
Clusterconfig Assigns Node to the Wrong Group
In a clustered environment, performing setgroup assigns nodes to the wrong group if the
group name is numeric or uses special characters. As a workaround, use a group name that is
non-numeric and contains no special characters. [Defect ID: 30516]
Clusterconfig Subcommands Use Inconsistent Case-Sensitivity
The clusterconfig -> addgroup subcommand is case-sensitive, whereas other
subcommands are case-insensitive. This can create issues if you use case-sensitivity to
distinguish groups. For example, if you use the addgroup command to add the groups,
“USERS” and “users,”, the other clusterconfig subcommands treat the groups
interchangeably. [Defect ID: 30571]
Clusters Disconnected
When you experience a break in a cluster connection, the cluster may become disconnected
and stay disconnected. This problem is triggered by time adjusts (common when using
multiple NTP servers). Also, when the cluster is in this state, cluster commands return
incorrect values, as it is in an inconsistent state. When this occurs, you must reboot the
IronPort appliance to reconnect the cluster. [Defect ID: 29418]
Accessing a Rebooting Appliance While in a Cluster Generates an Application Error
When a clustered appliance is rebooting, attempting to access that appliance via another
appliance in the same cluster will cause an application error. [Defect ID: 24404]
Transient DNS Errors Reported When Joining a Cluster
Occasionally, when joining a cluster, DNS errors may be reported. These errors may be
transient and do not indicate that a problem exists. To confirm, wait several minutes and run
clusterconfig connstatus. If that command reports that the connection status is good,
the errors may be ignored. If not, the problem may be due to an actual misconfiguration
(wrong hostnames, firewall permissions, or misconfigured interfaces). [Defect ID: 19964]
Safari Web Browser Issue
In clustered environments, the Preview Inherited Settings information is not displayed when
using the Safari web browser. [Defect ID: 18112]
Centralized Management: Disconnecting and Reconnecting Via the GUI
The ability to disconnect a machine from (or reconnect to) a cluster via the GUI has been
removed. [Defect ID: 20014]
Online Help and Documentation Issues
Port Numbering Reversed in C600 and X1000 Rear Panel Graphic
The IronPort Quickstart Guides displays reversed numbering for the fiber optic interface in the
C600 and X1000 rear panel graphic. In Section 3, “Connect,” the order of the fiber optic
interface should be 4 - 3. [Defect ID: 30608]
46
Opening Online Help in a Separate Browser Window
Attempting to open the online help (via the Help link in the GUI) in a separate browser
window in Internet Explorer 6 results in an error. [Defect ID: 15762]
The online help opens in a separate browser window by default.
Configuration File Issues
Errors When Performing Operations on Removed Configuration Directory
If you remove or delete the Configuration directory, AsyncOS returns application errors or
traceback errors when you attempt to perform operations on that directory (such as exporting
the dictionary or saving the configuration file). [Defect IDs: 34333, 34336]
M-Series loadconfig action Allows Duplicate Items in the 'Quarantine Spam From' List
On an M-Series appliance, the loadconfig action accepts xml configuration file with
duplicated items in the 'Quarantine Spam From' list. Duplicated hosts in the “Quarantine
Spam From” list can impact system performance. [Defect ID: 33690]
Loadconfig Erroneously Allows Multiple Content Filters with Identical Names
When you edit a loadconfig file, it erroneously allows you to add multiple content filters with
identical names. Because you cannot use the same name for content filters in the IronPort
appliance, it only displays one of the content filters of the same name you added in the
loadconfig file. To work around this issue, ensure that you do not enter multiple content filters
of the same name in the loadconfig file. [Defect ID: 31381]
Parse Error When Loading 4.7.0 or 4.7.1 Configuration Files
After upgrading to AsyncOS 5.0 or later, you may get a parse error if you attempt to load a
4.7.0 or 4.7.1 configuration file.
To work around this issue, remove the following sections from the configuration file:
1. Remove the following text from the configuration file:
<mailFlowMonitorDiskLimit>40</mailFlowMonitorDiskLimit>
<mailFlowMonitorWebServer>off</mailFlowMonitorWebServer>
<mailFlowMonitorHoursLimit>192</mailFlowMonitorHoursLimit>
<mailFlowMonitorDaysLimit>32</mailFlowMonitorDaysLimit>
<mailFlowMonitorWeeksLimit>0</mailFlowMonitorWeeksLimit>
<mailFlowMonitorMonthsLimit>0</mailFlowMonitorMonthsLimit>
<mailFlowMonitorDomainMapCacheMode>in<mailFlowMonitorDomainMapCache
Mode>
2. Remove the following sections (everything from <periodic_reports> to </periodic
reports>):
<periodic_reports>
<periodic_report_dir_token>0</periodic_report_dir_token>
</periodic_reports>
3. Remove the following log entries:
<log_case>
<name>case</name>
<retrieval>
<ftp_poll>
<filename>case</filename>
<rolloversize>10485760</rolloversize>
<rollover_max_files>10</rollover_max_files>
</ftp_poll>
</retrieval>
<log_level>3</log_level>
</log_case>
<log_brightmail>
<name>brightmail</name>
<retrieval>
<ftp_poll>
<filename>brightmail</filename>
<rolloversize>10485760</rolloversize>
<rollover_max_files>10</rollover_max_files>
</ftp_poll>
</retrieval>
<log_level>3</log_level>
</log_brightmail>
[Defect ID: 31198]
Configuration File Filenames Containing Special Characters
Configuration filenames that include special characters such as “[“ “]” and “,” are not
allowed. If you have a configuration file that includes those characters, you will have to
rename the file to remove the characters before loading the configuration. [Defect ID: 25989]
48
Upgrade Issues
Pressing Ctrl-C does not Abort Upgrade Process
When performing an upgrade, if you press Ctrl-C, the upgrade process does not immediately
abort, and it may take some time before you can restart the upgrade. [Defect ID: 32689]
GUI Display Incorrect After Upgrade to Version 5.5.1
After you upgrade to version 5.5 or later, the GUI may not display correctly.
As a workaround, clear the browser cache and force the page to reload. [Defect ID: 33851]
DKIM and Domainkeys Signing Issues
DKIM Verification of Multiple Signatures
Current DKIM verification stops at the first valid signature. It is not possible to verify using the
last signature encountered. This functionality may be available in a later release. [Defect ID:
34075]
Trace Feature Issues
Malformed MIME Messages Not Detected as “Unscannable”
If malformed MIME messages are entered in the trace feature, the command will not note that
a message is considered “unscannable” because of the scanconfig settings. [Defect ID:
5802]
No Use of Tab Character in the Trace CLI
The trace command will not allow tab characters to be typed in the command line interface.
[Defect ID: 5799]
Localization Issues
Currently, the safelist/blocklist notifications are not localized. [Defect ID: 36194]
The IronPort Spam Quarantine page currently has a poorly-localized plural strings. [Defect
ID: 30576]
Time ranges in reports are not localized. [Defect ID: 30705].
Creating localized IronPort Spam notifications sometimes only displays part of the localized
text. [Defect ID: 36194]
Email Encryption Issues
Envelope Fails to Open in OWA 2007
Envelope fails to open in OWA 2007. OWA 2007 modifies the wrapper in such a way that it
cannot be opened. A workaround is to forward to [email protected] which provides a
temporary link to view the message. [Defect ID : 36694]
Double Byte Characters in Attachment Filenames
Double byte characters in attachment filenames don’t display in Save As . [Defect ID: 35803]
Double Byte Character Display
Double byte characters don’t display properly in read receipts and subject of the email when
seen on the "Search Sent Messages" screen. [Defect ID: 36090]
Safelist/Blocklist Issues
Email Attributes in Safelist/Blocklist Database Are Not Validated
The safelist/blocklist database attempts to consolidate email addresses using LDAP
authentication. However if the email attribute in the LDAP directory contains invalid emails
addresses, these invalid email addresses are added to the safelist/blocklist database. This can
result in the following problems:
• You may not be able to restore an exported safelist/blocklist database.
• The system can display error messages to end users when he or she logs into the IronPort
Spam Quarantine.
[Defect ID: 36967]
Other Known Issues
Performing Trace on Encrypted Messages Does Not Display Message Body
When you perform the Trace CLI command or use the Trace page to test the flow of an
encrypted message, the message body does not display in the trace results. [Defect ID:
34085]
“To” Headers Stripped When Performing Masquerading or Copy
When you perform masquerading or copy functions, all “To” headers but the masqueraded or
copied headers may be erroneously stripped from the message. [Defect ID: 32422]
Matched Content Displays Incorrectly in the Local Quarantine
When you view messages in the local quarantine that have triggered message or content filter
rules, the GUI may display content that did not actually trigger the filter action (along with
content that triggered the filter action). The GUI display should be used as a guideline for
locating content matches, but does not necessarily reflect an exact list of content matches.
This occurs because the GUI uses less strict content matching logic than is used in the filters.
This issue applies only to the highlighting in the message body. The table that lists the
matched strings in each part of the message along with the associated filter rule is correct.
[Defect ID: 34687]
RAID and Hard Disk Events Not Reported on C350 Appliances Using SNMP Monitoring
On the C350 appliances, changes to the hard disk and to the RAID table are not generating
traps when using SNMP monitoring. [Defect ID: 29045]
50
IronPort Anti-Spam Regional Scanning Option Available Prior to CASE Updates
You can view this option in the GUI before it is possible to enable it. This can occur when you
view this option prior to CASE updates because there are not yet any available regional rules.
[Defect ID: 32542]
CLI Version Command Does Not Reflect RAID Rebuild Status
When running the CLI version command on the 2950 platform when the RAID is being
rebuilt, the CLI displays a status of ‘degraded.” It does not indicate that the rebuild is in
progress. [Defect ID: 31896]
Erroneous Commit Required from Mail Policies > Anti-Spam Page
The AsyncOS appliance may unexpectedly activate the 'Commit' button when you make
changes from the 'Mail Policies> Anti-Spam' page settings after you configure Cloudmark or
IronPort Anti-Spam message scanning via the CLI. [Defect ID: 30688]
Brightmail DFA Enabled by Default
In the AsyncOS appliance builds 5.0.0-221 through 5.0.0-229, Brightmail DFA is enabled by
default. In all other builds, Brightmail DFA is disabled by default, however. If your IronPort
appliance has DFA enabled, it can cause the appliance to run out of memory. To disable DFA,
enter the following command from the CLI:
antispamconfig -> disable usedfa
[Defect ID: 30753].
New Listeners Do Not Use Default SBRS Scores
When you create a new listener via the System Setup Wizard, the IronPort appliance creates
the listener with default values. However, when you create a listener manually, the IronPort
appliance does not use these default SBRS values. [Defect ID: 29315]
Hard Disk Failure
Hard disks on a C350, C650, M650 appliance may fail. This issue is related to Defect ID
27605 in which the C350, C650, and M650 appliances do not start a raid rebuild on power
up. To rebuild the raid, you must hot swap the drive. If the problem still occurs, replace with a
new drive. [Defect ID: 27493]
Alternate Mailhost and Default SMTP Route
If you have configured a default SMTP route, and then specify an alternate mailhost for a
message, the alternate mailhost will not work. You can work around this by setting an SMTP
route specifically for the alternate mail host. [Defect ID: 27293]
SenderBase Reputation Service Score Sorting
When SenderBase Reputation Service scores are sorted ascending, as on the Sender
Information tab of a Domain Profile report, some scores of “0” will be present above the
negative numbers in the list. [Defect ID: 27265]
Resetconfig Resets Counters Back to Unlimited on C300/350D Appliances
If you run resetconfig on a C300/350D appliance, the counters are erroneously reset to
unlimited. Because counters impact performance, they should be limited on a C300/350D
appliance. To reset the counters again, you must reboot the appliance. [Defect ID: 29564]
Leading Period Character Stripped from Notification Templates
AsyncOS strips leading periods (.) from notification templates that have text that begins with a
period. A simple workaround is to add an extra period at the beginning of lines that should
begin with a period. [Defect ID: 24865]
Messages with Non-RFC-Compliant Received Headers
Messages with non-RFC-compliant received headers (including hex values, for example) are
currently accepted by AsyncOS. [Defect ID: 26091]
Unable to Add RAT Entries After Clearing All Entries in the RAT
When clearing all entries in the RAT via the GUI, you must commit your changes prior to
adding new entries. You can use the CLI to work around this problem. [Defect ID: 23223]
Cannot Specify Multiple Ports on a Single IP Address in SMTP Routes
Configuring SMTP Routes to point to multiple port numbers on a single IP address is not
supported. [Defect ID: 17806]
Masquerading Fails with Specific Formatting of the “To:” Header
This particular issue only occurs with the following header example:
To: Joe Worker <[email protected]>,
'[email protected]' <[email protected]>
If you remove the single quotes around the name, ‘[email protected]’ or change the email
address in the single quotes to just a name (so that it is not an email address), masquerading
will occur as expected. [Defect ID: 12087]
Perpetual Messaging Keys on New IronPort C-Series Appliances
Perpetual messaging keys will not work on an IronPort C-Series appliance if the appliance has
not already processed at least one message. [Defect ID: 12005] Send a test message before
applying perpetual messaging keys.
Delivering Mail to Multiple Ports on a Single Listener
Mail delivery policies cannot be configured so that mail is delivered to multiple ports on a
single IP address (for example, port 25 for normal delivery and port 41025 for BrightMail
quarantine). [Defect ID: 10926] IronPort Systems recommends running each delivery option
on a separate IP address or host.
Further, it is not possible to use the same hostname for regular email delivery and quarantine
delivery. [Defect ID: 11381]
52
Incorrect Brightmail Expiration Log Entry
If you initially set an invalid “Filter Update URL” in the Security Settings -> Anti-Spam page or
using the antispamconfig command, the brightmail.current log file will erroneously log an
entry indicating that the Brightmail evaluation period has ended. This error is transient, and
printed only upon initialization of the engine after enabling Symantec Brightmail. [Defect ID:
8458]
CO N TA CT IN G I R ON POR T C U ST OM E R S UP P O R T
You can request our support by phone, email, or online 24 hours a day, 7 days a week.
During customer support hours (24 hours per day, Monday through Friday excluding U.S.
holidays), an engineer will contact you within an hour of your request.
To report a critical issue that requires urgent assistance outside of our office hours, please
contact IronPort using one of the following methods:
U.S. Toll-free:1 (877) 641-IRON (4766)
International: www.ironport.com/support/contact_support.html
Support Portal: www.ironport.com/support
If you have purchased support through a reseller or another entity, please contact them for
support of your IronPort products.

AsyncOS Release Notes

Transcription

Documents pareils

customs declaration cn 23

Installation de Berkelley DB

Technical Data sheet

Home Cleaning System Vacuum Cleaner Owner`s Guide

Technical Data sheet - BONNET International

Discontinued* Care/Operation Instructions

GE Monogram® Use and Care Guide Wine Chiller

Home Cleaning System Vacuum Cleaner Owner`s Guide

Room Air Conditioners 2007/08

RORE-2006-02-17-EN-M..

Combating Web Spam with TrustRank

Executive summary - Internet Mark 2 Project