06-01-2011 12:44 AM
What is the "safest" way to allow an external host to relay e-mail through our Ironport? I know it's not "recommended", but I don't have any choice.
I guess I could set up the external IP that's allowed to relay in
Mail Policies --> Hat Overview - Relaylist. But that would allow anyone from that IP to relay, and I don't really feel that it's secure enough.
Is it anyway to "tighten" the security and also require a username/password in combination with coming for the correct IP-address to make it atleast a little bit more safe?
06-01-2011 06:04 PM
Hi Jonas,
The safest way to achieve the required is to configure SMTP Authentication feature on Cisco IronPort Appliance.
SMTP Auth is a mechanism for authenticating clients connected to an SMTP server. You can use this functionality to enable users at your organization to send mail using your mail servers even if they are connecting remotely (e.g. from home or while traveling).
Cisco IronPort supports two methods to authenticate user credentials:
1. You can use an LDAP directory.
2. You can use a different SMTP server (SMTP Auth forwarding and SMTP Auth outgoing).
Once authenticated, the user will be allowed to relay mail through Cisco IronPort Appliance. To find out step by step instructions on configuring this feature, I would recommend you to go through "Configuring AsyncOS for SMTP Authentication" section in the Advanced Configuration Guide of AsyncOS.
Hope this will help.
Regards,
Rehan Latif
07-06-2011 12:23 AM
Hi Jonas,
Please check following knowledge base article below for more detail information about SMTP Auth.
External users using LDAP SMTPAUTH to authenticate and relay mail
Also, you can refer online manual within your IronPort box, GUI->Help and Support->Online Help and search for 'SMTP Authentication'.
Cheers,
Viquar
Customer Support Engineer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide