Testing Delivery Routing Connectivity

Document created by user.oxriBaJeN4 Employee on Sep 21, 2015Last modified by user.oxriBaJeN4 Employee on Apr 19, 2016
Version 4Show Document
  • View in full screen mode

Mimecast provides the ability to test connectivity from your Mimecast account to your internal environment, without contacting Mimecast Support. Testing the connectivity ensures all necessary firewall and application changes have been made prior to swapping services over to Mimecast, or if changing IP addresses internally.

 

The connectivity tests includes testing:

  • Inbound SMTP delivery routes
  • POP3 for journaling
  • LDAP for Directory synchronization

 

The tests performed are:

  1. A ping test to see if contact can be made to the IP address using the PING protocol. This may fail depending on your firewall and security settings.
  2. Other checks depending on what service is being tested (see the relevant section below).

Inbound SMTP Delivery

 

  1. Select the Gateway | Policies menu item.
  2. Select the Delivery Routes menu item from the Definitions drop down

    definitions_dropdown.png
  3. Click on the Delivery Route to be tested.
  4. Either click on the:
    1. Test Connection - Strict TLS button.
    2. Test Connection - Relaxed TLS button.
  5. This will run through a series of tests, and generate a summary of the results as shown below:
    • Resolves the hostname to IP address.
    • Pings the connection.
    • Connects to the IP address on SMTP TCP port 25 (or the custom port you have entered).
    • Executes SMTP commands to send a test email to the delivery route IP address as follows:
      • The sender is always set as  smtptest@mimecast.com.
      • The recipient is always set to the user requesting the test: e.g. admin@customer.com.  The SMTP conversation is printed to the screen for reference.
    • Checks to see if TLS is supported. If STARTTLS appears in the list of applicable SMTP verbs, an attempt is made to initiate a TLS connection, and send a test email.
      • If TLS negotiation fails, the "An Error Occurred" error message is displayed.
      • If TLS is successful, the mail send test continues as above.
    • Checks to see if there is a certificate, and displays the results:
      • If the certificate is not supported, or the certificate is not present, certificate details will not be displayed.
      • If the certificate is supported, Mimecast extracts the CN of the certificate, as well as the expiration date. Details for all chained certificates are displayed.

blip.png

The SMTP connection test will work, even if the delivery route has not been saved. An Administrator can therefore create a new Delivery Route, enter the relevant details, and click test prior to saving the route.

LDAP Directory Connections

 

To test LDAP connectivity prior to enabling Directory Synchronization:

 

  1. Select the Services | Directory Sync menu item.
  2. Select the Directory Connection, and click the Test Connection button in the top toolbar to start testing
  3. This will now run through a series of tests, and generates a summary of the results as per below:
    1. Resolves the hostname to IP address (if hostname is entered)
    2. Pings the connection
    3. Connects to the IP address on LDAP TCP port 389 (or the custom port you have entered)
    4. Tests the retrieval of one email address in each of the domains you have registered with Mimecast as an Internal Domain. A result of "no results" can be considered a success and indicates that the connection was successful.
    5. Checks to see if there is a certificate and displays the results
      1. If the certificate is not supported, or the certificate is not present then certificate details will not be displayed.
      2. If the certificate is supported, Mimecast extracts the CN of the certificate as well as the expiration date.  Details for all chained certificates are displayed.
    6. Note that if an alternate IP address exists for the Directory Connection, the same tests above are conducted on the backup IP address.

 

Note: The LDAP Connection test will work even if the Directory Connector has not been saved.  An Administrator can, therefore, create a new connector, enter the relevant details, and click test prior to saving it.

 

POP 3 Journaling

 

Open the Journal definition, and click the Test Journal Extraction button to ensure that Mimecast will be able to successfully connect to and POP emails from the Journal mailbox.

Attachments

    Outcomes