Solved: ESA : rewrite domain destination for certain users

seteci · ‎05-02-2018

Hi all,

I need to find a solution (I suppose Content Filter on specific listener) , to change domain destination for some email when a following conditions mets:

1) if email has been sent from a specific domain (example @salesforce.com) AND
2) email has been sent to a specific internal account (example user@xyz.mydomain.com) THEN

destination mail (I suppose "rcpt-to" field) has to change into user@mydomain.com

In general:

When mail Form : advisor@salesforce.com and original destination is john.smith@xyz.mydomain.com ==> filter change destination in john.smith@mydomain.com

We know we can alter the RCPT TO for a specific user using a content filter but we'd like to implement this for all users in one shot.”

Thanks for your support.

Fabrizio

philippe.boeij · ‎05-02-2018

Hi,

I've done similar tasks before with company merges where mailboxes would migrate and selective rewriting was needed.

Domain mapping is bound to listeners so

- create a new private listener on some port like 2525 (hat = the ip(s) of the ironport)

- add a smtproute 'dummy-route.local' with destination the ip of the listener on port 2525

- create a incoming content fitler: alt-dst-host = dummy-route.local

- create an incoming policy with the required recipients (old domain) as destination (or even and maybe better: a LDAP group) and activate the content filter for this policy

That should be it, I think.

Mailflow:

- mail enters system

- matches the special policy for certain recipients

- mail gets redirected to special listener

- listener rewrites recipient domain

- mail gets delivered to new domain

A bit rough but you get the idea.

regards,

Philippe

View solution in original post

philippe.boeij · ‎05-02-2018

Hi,

I've done similar tasks before with company merges where mailboxes would migrate and selective rewriting was needed.

Domain mapping is bound to listeners so

- create a new private listener on some port like 2525 (hat = the ip(s) of the ironport)

- add a smtproute 'dummy-route.local' with destination the ip of the listener on port 2525

- create a incoming content fitler: alt-dst-host = dummy-route.local

- create an incoming policy with the required recipients (old domain) as destination (or even and maybe better: a LDAP group) and activate the content filter for this policy

That should be it, I think.

Mailflow:

- mail enters system

- matches the special policy for certain recipients

- mail gets redirected to special listener

- listener rewrites recipient domain

- mail gets delivered to new domain

A bit rough but you get the idea.

regards,

Philippe

Sepehr Zare · ‎11-26-2022

Hi,
Thanks for your Solution.
I want to give a outside company a credentials that they can send email from our domain to another domains (like gmail) and I don't want to give them our domain credentials.
We have Exchange server 2016 and ESA (currently is not connect to LDAP)
My solution is to create a new DC with another domain name and connect it to the ESA, so i give them the new domain credentials to authorize them as relay and then by ESA policies change the sender domain to my domain and forward to destination, is it possible?
Any other Idea for this Problem?

Ken Stieers · ‎11-28-2022

That should work...
You don't necessarily have to set up a domain, you could also do it on ADLDS...
I was already using AD, and just created a user, and a NoRightstoAnything group, then changed the primary group of that user to the dummy group, so the user isn't even in Domain Users

Sepehr Zare · ‎11-28-2022

My big problem is Can i change sender's domain ?

shane.dollery · ‎11-28-2022

You can use a couple of different methods to re-write a senders domain, although from the original post you said destination domain. Hence the suggestions so-far.

The User Guide states: AsyncOS provides several methods for rewriting Envelope Sender and Recipient addresses in the email pipeline. Rewriting addresses can be used, for example, to redirect mail sent to a partner domain or to hide (“mask”) your internal infrastructure.

To re-write a sender address you can use a Masquerade Query, Domain Mapping and Alias Tables. See the section of the User Guide under Rewriting Addresses.

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_011010.html?bookSearch=true#con_1289135

Regards,

SD

Sepehr Zare · ‎11-29-2022

Thanks a lot Shane
Masquerade Query is suitable for my problem because it rewrites the sender and recipient but Domain Mapping and Alias Tables are just for changing recipients.