Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2918
Views
1
Helpful
5
Replies

Cisco ESA for Internal Mail.

RohitDhiman5005
Level 1
Level 1

‎12-03-2019 09:42 AM

Hello Guys,

Is it possible that Cisco ESA will scan the Internal/Local mails as well?

For example, Alan and Jack both are working for the same company xyz and their Exchange server domain is xyz.com.

Suppose Alan sent an email from his mail-id (alan@xyz.com) to Jack's email-id (jack@xyz.com), Is it any possible deployment of Cisco ESA so that ESA will scan these types of mail exchange?

As far as Design or Document says Cisco ESA is just a mail gateway it will only come in the picture if mail will be sent from one domain to another domain.

 

Regards

Rohit Dhiman

2 people had this problem
Labels:
5 Replies 5

marc.luescherFRE
Spotlight
Spotlight

‎12-03-2019 09:51 AM

The current product line only allows for in- and/or outbound scanning in the most common use cases.

 

Some mail solutions allow you to define an out of bound gateway. Meaning that all outgoing SMTP traffic would always go to the mailgateway. In such a case this would work as the Ironport wold then again route the email to internal recipients.

 

Not a common use case.

 

-Marc

 

0 Helpful

RohitDhiman5005
Level 1
Level 1
In response to marc.luescherFRE

‎12-03-2019 10:02 AM

Hello Marc,

Thanks for your reply,

 

Which means we both are on the same page Cisco ESA will only scan mails if it will be sending from one domain to another different domain.

 

Regards

Rohit Dhiman

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee

‎12-16-2019 04:15 PM

Hey Rohit,

This can be done but not completely ideal.
As internal to internal emails should typically be trusted and on the exchange it will simply deliver directly into inbox.
However there are some instances of setups where ALL emails (regardless of internal to internal) has been sent into the ESA for filtering and sent back in (not ideal and not really necessary to be honest).

All of this is dependant on the Exchange / groupware server you're using.

Regards,
Mathew
0 Helpful

michal-miac
Level 1
Level 1

‎08-19-2025 04:11 AM - edited ‎08-19-2025 04:12 AM

I'm really surprised to hear that, as almost all the comments say, it's actually not even necessary. I've heard so many times about attacks where an internal user's account was compromised, which then led to an attack on other local users.

What I can suggest to the user who asked the question is that if the mail server forwards an internal email to the ESA instead of storing it directly locally, and the ESA sends this email back to the mail server, a loop is created because the mail server has been configured to send the local emails to the ESA.

0 Helpful

Ken Stieers
VIP
VIP
In response to michal-miac

‎08-19-2025 06:58 AM

So, on Exchange on-prem, its sort of possible but not easy.  Not sure its actually possible on Exchange On-line...   Which is part of why ETD exists.  It uses journaled mail and the cleans up after the fact. 

0 Helpful
Customers Also Viewed These Support Documents