Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2539
Views
0
Helpful
2
Replies

Best practices using IronPort

csprosts_ironport
Level 1
Level 1

‎02-25-2005 10:25 PM

This section is to share real-world stories about how folks have configured their IronPorts. What really works (or doesn't) out there in the IronPort Nation?

Labels:
0 Helpful
2 Replies 2

ian_ironport
Level 1
Level 1

‎04-05-2005 05:59 PM

To block some virus generated mails we reject mail from the Internet side which claims to be from an internal mail address. We use a message filter for this e.g.

if ((mail-from == "@my-domain\\.com$") AND (recv-int != "IntraNet")) AND (sendergroup != "TRUSTEDSOURCE") { drop(); }

internal Interface is called "IntraNet". We've set up a new HAT sender group "TrustedSource" which is a list of IP's that ARE allowed to submit mail that claims to be from our systems (e.g. partner companies sending mail on our behalf). This group is linked to a mail flow policy that lets them use us as a relay. OK - relaying is not ideal and anything they send us (regardless of from address) is treated in reports as "Outgoing" mail.

This seems to be blocking ~1% of incoming mail.

0 Helpful

tminchin_ironport
Level 1
Level 1

‎04-07-2005 12:50 AM

We tried this but we found there are enough very simple distribution lists (eg a unix /etc/aliases list) which meant that we had to accept our own email domains from the internet.

0 Helpful
Customers Also Viewed These Support Documents