cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1178
Views
1
Helpful
7
Replies

Outgoing policy

The-Messenger
Beginner
Beginner

I'm thinking of creating a second outlgoing mailflow policy for development servers that send e

mail.  Currently we do this through Exchange Hub Transport server but it seems to me that I could

control and secure this activity with the ironport - plus remove and pull on resources from the exchange server.  My plan was to create a new outgoing policy, a new sender group, start with default settings, then lock it down some.

I created the new sender group no problem here.  Then I created a new outbound mail policy under the mailflow policies menu.   I saved the policy, but I can't find it to select it for the sender group.  I know the policy is there because I tried to create it again, thinking maybe I didn't confirm the changes, but I couldn't create it again as the policy already existed.  Where is this policy now?  Shouldn't it be in the list below with other outbound policies?

Thanks for the help!!

outbound.JPG

7 Replies 7

jgandla
Cisco Employee
Cisco Employee

Greetings,

Did you create the new mail flow policy under the outbound listener? You can select the mail flow policy in a sendergroup only if it is created in the appropriate listener settings. From the screenshot you sent, it appears that there are only two mail flow policies under Outbound Listener which are "BLOCKED" and "RELAYED".

Regards,

Jyothi Gandla

Customer Support Engineer

Sorry, I'm a newby with this system...

I'm not sure what I did now, when I went through the process to document my steps then the policy is displayed on the screen that I pasted.

So, if "relay" is the default setting, when would "Accept" be appropriate?

HI,

The Relay policy behavior should relayed. This is the one policy you do not typically change the behavior for.

Christopher C Smith
CSE

Cisco IronPort Customer Support 

I realize I'm jumping all over here with a single discussion...  looking at the outgoing policy, what are some

good settings to consider when trying lock things a little.

HI,

You may want to clarify what you mean by locking. Typically the only hosts allowed to relay outbound would be those that are specified in the relaylist sendergroup. One thing you may find helpful if this is an early or initial set up is the online documentation. If you click on help in the upper right hand corner of the GUI then select online help, it will give you help for the screen your on. It will also allow you to search the users guide and advanced users guide.  In addition there are a great number of knowledge base articles available online that cover best practices as well as many other topics.

http://www.ironport.com/support/vod1.html

http://www.cisco.com/web/ironport/index.html

Christopher C Smith

CSE

Cisco IronPort Customer Support

Thank you. This isn't an initial setup, just one that I've inherited. For normal operations the Ironport is working great. I am interested in using the Ironport to manage relays from our development group and with that I would like to tighten the security a little bit. This is why I wanted to create new policies, Exchange company email would work as currently configured but I would relay the dev servers through a different policy.

So, I'm learning the system as I go and wondering if I can do more with it.

Thanks for the help

Hi,

I think I understand what your looking for now.  The systems that are allowed to relay outbound would be specified in the relaylist sender group as we mentioned before. That would ensure that only those systems can relay traffic out through the appliance. As for specific users you could use policies. In this case we would be talking about outgoing mail polices. By default there is a default policy however you can add additional polices.  The policies allow you to specify what users are a member of the policy. They also allow you to select specific filters that be turned on or off for the policy. Depending on what type of restriction you want to put in place it may be as simple as creating a policy and adding specific senders to that policy which has specific filters defined that determine your restrictions.  For example you could have a policy that users Joe, Frank and John are members of. This policy could have a filter assigned to it that does not allow message outbound to gmail.   There are of course other things you can do with filters and policies, however if your looking to do something like rate limiting that is typically handled by the Mail Flow Polices and those are typically limited to applying actions to a host and not a user. If I knew a bit more about what type of restrictions you wanted to put in place for additional security I think I could probably give you more verbose answer. Just let me know I will be glad to help.

Christopher C Smith

CSE

Cisco IronPort Customer Support

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers