We have a setup in which users smtp auth to a MTA, this then relays the messages onto ironport to be sent.
All messages have headers added with the originating IP address of the sender. Some of these messages come from a webmail portal, but again are marked with the originating IP address of the user.
Unfortunately compromised credentials are a daily problem, which causes a flood of email from the offending senders.
Is there any way to limit or throttle senders based on the originating IP header instead of the MTA’s IP address ?
Many thanks in advance,
Configure the MTA as an Incoming Relay on the Ironport - that should allow you to achieve what you're looking for.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: