02-07-2011 10:52 AM
Hi,
We are currently in the process of configuring IronPort C160 system. The email appliance is going to be set up in the DMZ. We already have a listener for Incoming Mail and has the IP address in the DMZ network. We have also configured SMTP routes fto accept mails for our domains(Receiving domains) and forward it. However, I am not sure do we need a listerner for the outbound mail. Also we have routes for incoming mail that specify the destination host. Do we need to have something for emails going outbound ?
can somebody please help?
02-07-2011 03:51 PM
Hi,
So I am not sure if I am following all of your throught process here as there are several questions.
As far as do you need an outbound listener? Multiple listeners (inbound and outbound) are not required but in some cases they make sense. WIth a DMZ configuration it may make sense to do this depending on your network layout. Based on some of the other statements and comments in your post I would think you probably would want a seperate listener for inbound and outbound.
I may need some clarification on your network configuation to give you an accurate answer on the remaining questions. For outbound you can utilize smtproutes if you want to force traffic to a speicifc host or IP ( bypass DNS). Typically outbound traffic is routed through the relaylist sendergroup in the HAT from there the appliance simply looks up the recipient domain via DNS to get the MX record for recipient domain. If you need to relay to another host prior to sending the messages out to the rest of the world then you would probably want to set up an smtproute to point to that host.
It may be easier to not think of the appliance as having inbound or outbound. In reality the appliance does not really know or care about inbound or outbound it simply processes the messages and routes them based on DNS or specified routes through something like smtproutes.
Not sure I fully answered your question , but hopefully that helped a bit. If you can provide a bit more detail I think I can help clarify things for you.
Christopher C Smith
CSE
Cisco IronPort Customer Support
02-07-2011 11:18 PM
Hello Abhishek,
You dont need to have a seperate listerner for outbound. You can use existing listener for outbound traffic. This procedure involves mainly two steps.
A. Adding a new mail flow policy with 'relay' bahviour.
To do this:
B. Adding a new sender group which uses this mail flow policy.
At this stage, IronPort will be ready to relay your traffic outbound.
For outbound traffic, you dont need any smtp routes since DNS servers will route all external traffic based on destination domain MX record unless you have any special requirements.
Cheers,
Viquar Ahmed
Customer Support Engineer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide