Allow external host to relay through Ironport?

CaperioJonasN · ‎06-01-2011

What is the "safest" way to allow an external host to relay e-mail through our Ironport? I know it's not "recommended", but I don't have any choice.

I guess I could set up the external IP that's allowed to relay in

Mail Policies --> Hat Overview - Relaylist. But that would allow anyone from that IP to relay, and I don't really feel that it's secure enough.

Is it anyway to "tighten" the security and also require a username/password in combination with coming for the correct IP-address to make it atleast a little bit more safe?

Rehan Latif · ‎06-01-2011

Hi Jonas,

The safest way to achieve the required is to configure SMTP Authentication feature on Cisco IronPort Appliance.

SMTP Auth is a mechanism for authenticating clients connected to an SMTP server. You can use this functionality to enable users at your organization to send mail using your mail servers even if they are connecting remotely (e.g. from home or while traveling).

Cisco IronPort supports two methods to authenticate user credentials:

1. You can use an LDAP directory.

2. You can use a different SMTP server (SMTP Auth forwarding and SMTP Auth outgoing).

Once authenticated, the user will be allowed to relay mail through Cisco IronPort Appliance. To find out step by step instructions on configuring this feature, I would recommend you to go through "Configuring AsyncOS for SMTP Authentication" section in the Advanced Configuration Guide of AsyncOS.

Hope this will help.

Regards,

Rehan Latif

viahmed · ‎07-06-2011

Hi Jonas,

Please check following knowledge base article below for more detail information about SMTP Auth.

External users using LDAP SMTPAUTH to authenticate and relay mail

http://tinyurl.com/2dfeef

Also, you can refer online manual within your IronPort box, GUI->Help and Support->Online Help and search for 'SMTP Authentication'.

Cheers,

Viquar

Customer Support Engineer