cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.0.0-418
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1927
Views
0
Helpful
3
Replies
clgroupsysop
Beginner

relay mail to external host if not an internal mail address, possible to setup?

hello,

we have a C160 Ironport cluster and we want to know if we can implement the following scenario for special domains.                 

On incoming mail we would like to check if recipient is existing in AD (mail address in exchange) and if yes rounting the mail to our exchange server if mail address is not found in AD(exchange) we want to route the mail to an external host (IP address or domain name)

Does anyone know if such a setup is possible with our Ironport appliance?

3 REPLIES 3
Ken Stieers
Advocate

So, its unclear to me what you mean by "special domains".  I assume they are domains that you know of? eg. you're not acting as an open relay.

On the listener for inbound mail, add the domains the box should accept mail for to the Recipient Access Table.  As you add each domain, you can tell it to "bypass ldap accept queries for this recipient".

(eg, don't check if aaa@specialdomain1.com exists... just accept it...)

Then in Network>SMTP routes, add a route for the domain to send it to the host for that domain...

ravi saini
Beginner

i think i got your question.....

you can't do the both together because RAT Table or AD they can either accept the mail or reject them.

the better solution is if you know the paticular domain(if you can trust on them ) you can add them in your inbound HAT table on the top and create a policy with Connection Behavior:RELAY and apply this mail flow policy to your sender group.

(it will automatically relay your mail to the particular mail server (that is situated outside) )

Andreas Mueller
Enthusiast

Another possible scenario would be a group query on an incoming mail policy. If you can write a query that returns a positive match for an existing account (i.e. because the address is part of the user group), the message enters this mail policy, where you have a content filter that redirects the message to your Exchange Server. Otherwise, the message will go to the default mail policy, where you can have another filter redirecting the message to a different server. This solution also works with multiple recipients, where a part exists in AD, and a part does not.

Hope that helps,

Andreas