We have a question regarding who can send mail through the appliance. Is there a way to allow anyone to send mail through the appliance (not defining a specific network or IP in the Relay mail flow policy)? After this is done we would only allow users to send mail who succesfully authenticate in our smtp server by employing SMTP auth profile.
this is quite possible, but a really bad idea. perhaps you can share some more details about your initial requirements, end goals, and existing setup.
to be honest though, you don't need too much extra configuration to 'open up' access from any IP address. try first to configure SMTP authentication with the following directions and then see if it suits your needs:
We have already configured SMTP auth with forwarding profile and tested it OK. We first had a HAT policy, a Relay one that only allowed certain networks (our corporate networks) to send mail through the IronPort and this policy worked fine until our scenarios changed. On the other hand, we provide email services to several custumers that get their IP in a dynamic way so it is very difficult to know wich IP they will be getting any given day. Because of this scenario, when upgrading our email infrastructure to employ IronPort we thoght of only allowing our users to send mail previosly by checking their identity, thus allowing us to accept multiple ranges of dynamic IPs.
Another item regarding our design is that VIP users within our organization like to access their mail from home (through their MUAs configured not through a webmail-kind-of-service). This also gave us an inconvenience of allowing only our corporate network to be able to send mail through the appliance.