Deploying Cisco ESA without Internal Mail_Server

Imran Ahmad · ‎11-21-2013

Hello Experts,

We have hosted our company email server into an External Company (Mail Hosting Company), and our internal Users are all connecting directly to that external company mail-server for accessing thier emails. we donot have anyother internal Mail_Relay Server inside our company.

My Question is can we put any Cisco Ironport Email_Security in this environment so that we have security for our emails ? without having any internal email-relay server ?

David Miller · ‎11-22-2013

I think the answer is yes but it depends. If the mail hosting includes the Internet mail gateway (your MX records point to the hosting company) then there's not much you can do about inbound protection. If it is just hosting groupware and your MX records can point to your inhouse IronPort then you can do all the normal inbound protection (anti-spam, anti-virus, content checking, etc) and then pass it to the hosted groupware using SMTP as normal. You would want to use TLS as you are likely going over the Internet to the hosting company. Similarly for outbound protection, TLS from the hosted groupware to your inhouse IronPort which can do the normal anti-virus, content checking, encryption, etc. You would have to factor in the extra bandwidth as all your mail will be flowing to and from the hosted environment. Basically it is just lke any other installation with IronPort talking to groupware e.g. Exchange over SMTP but in your case that connection would be remote not local so you need to take appropriate steps (such as TLS) to protect the traffic. But as I said at the start it depends on the hosted environment, what is being hosted and how much control you have over the configuration. Hope this helps.