How can you redirect mail from one Cisco Email Security Appliance (ESA) to another ESA for delivery?
There are certain times when an ESA might need to be shutdown/rebooted, or, there is a need to transfer NDRs, delayed messages, or messages in queue from one ESA to another ESA in order to attempt delivery.
For this example, when issuing the tophosts active_rcpts command on the CLI, we can see that ESA #1 is has 104 messages in queue for Cisco.com:
To force the queued messages waiting for delivery off the current ESA and to send those messages over to another ESA to attempt delivery, please follow these steps:
First, to prevent ESA #1 from receiving any new messages, from the CLI on ESA #1, run suspendlistener and select the inbound listener.
Log-in to the ESA #2 and add the IP address of the ESA #1 to a Relay Sender Group (Mail Policies > HAT Overview > choose the relay Sender Group > Add Sender...). This will allow ESA #2 to treat the IP of ESA #1 as an outgoing sender.
Next, to redirect the queued messages, from the CLI on ESA #1, run redirectrecipients. The appliance will prompt you to enter in the hostname or IP address of the of the machine you want to send all mail to. This is the hostname or IP address of ESA #2:
(Machine myesa.local.1)> redirectrecipients
Please enter the hostname or IP address of the machine you want to send all mail to. > XXX.YYY.254.158
WARNING: redirecting recipients to a host or IP address that is not prepared to accept large volumes of SMTP mail from this host will cause messages to bounce and possibly result in the loss of mail.
Are you sure you want to redirect all mail in the queue to "[XXX.YYY.254.158]"? [N]> y
To verify there are no more messages waiting to get delivered, rerun the tophosts active_rcpts command. You will now see that the [IP ADDRESS] is listed in the recipient host column to which you have redirected the messages to:
You see that the 104 messages have been moved from queued to delivered.
Note: The redirectrecipients command is a one-time only redirect.
As noted, redirectrecipients is a one-time only redirect. Once the batch of messages from ESA #1 has been redirected to ESA #2 (or other appliance), the processing of ESA #1 resumes to its original values. You can confirm this with a re-issue of tophosts active_rcpts and notice the requeue of messages on ESA #1. Continuning with the original example, we can see that there are now 17 new messages in queue for cisco.com: