We are used already smarthost using QMAIL Program on linux in our environment. Now we are planing to replace a our smarthost to ironport.
We are previously incoming mail user validation using email address. If the email address not present in our valid recipient file the qmail program bounce the incoming mail.
Please advise us we can use the same validation future in ironport like qmail program.
Note : We are not planned the validation using LDAP.
Also please provide your suggestion for the incoming mail recipient validation possibles steps in ironport.
Thanks in advance..
Procedure Step 1:
Thanks for your reply nasir.
Current MTA(QMail) is not validate from LDAP or SMTP server it have one validation file if the user email address is available in the validation file it accept otherwise it wont accept the incoming mail.
The same we except, we thought the same options will achieve using the incoming mail policy in ironport but we checked the test environment using ironport it accept and forward to exchange server if the email address not present in the incoming policy.
Better understanding i will explain my testing environment.
1. I have created incoming policy name test.
2. Inside the test policy i have mentioned my testing email id.
3. This is my test policy. I am except the external mail will only receive the particular mail id. Other mail will bounce to the sender. But i am facing the issue the another user not in the validation but the user also recive the mail and i have track the message detail it will accept using Default_Policy
Kindly advice us to any other configuration i have to done for that my query.
Thanks in advance..
I am sorry, but on the ESA we have nothing like the validation file you have with the Qmail server.
There are different ways to implement a way how the Appliance only accept messages for incoming recipients.
One option is to use the SMTP Call-Ahead feature which checks the recipient with the internal SMTP Server and only accept the recipient email address if the internal smtp server would also accept them. If not, the recipient get rejected.
The second option is to use the Recipient Address Table (RAT) and insert each single email address instead of the complete domain. With this the Appliance also only accept incoming messages for the existing recipients. But with a higher number of internal email addresses, the list can get to long and performance issues could happen. Further this is not a good option as it is hard to support.
The third option is to use the Incoming Mail Policies in combination with Content Filters. Creating one Incoming Mail Policy for the existing Users and on the default Policy insert a Content Filter which bounce back the messages for all other recipients which are not within the relevant Incoming Mail Policy. This option are not preferred from my side, because this means the Appliance accept all messages and bounce back them afterwards during the mail processing in work queue. This could also cause that your Appliance bounce back the message to a different SMTP Server if a remote side has spoofed their sender email address.
The last option is to use LDAP for the recipient validation during the receiving of new messages.
If LDAP are not a option for you, you should take a look on the SMTP Call-Ahead option Nasir has explained as this will make sure that your Appliance only accept messages for existing internal email addresses and all other get bounced on the remote smtp server which connect to your Appliance.