Split Delivery

JViensKCK · ‎01-15-2014

We have a C360 and a C370 (both running 7.3.5). We are needing to test a DLP solution and would like to be able to send live mail separately to the DLP appliance and the Exchange environment. Is there a configuration for the Ironport that will allow split delivery to two destinations for the same domain?

Ken Stieers · ‎01-15-2014

You can configure a message filter. They are configured from the command line, there's a fair amount of documentation in the online help on your box about message filters. Open the help, Contents tab, Advanced Configuration Guide/Using Message Filters to enforce Email policy.

Or here:

http://www.cisco.com/en/US/docs/security/esa/esa7.3/ESA_7.3_Advanced_Configuration_Guide.pdf

Starting on page 6-297 (PDF page 323)...

You probably just need to "bcc" the messges to the DLP box....

Tom Foucha · ‎01-16-2014

Here is an example of a message filter to do what you want

duplicate_copy:

if (true)

{

bcc ("$EnvelopeRecipients", "$Subject", "$EnvelopeFrom", "reroute.mail.route");

}

the "reroute.mail.route" is an smtp route that points to the duplicate receiving server. So you could use this to copy all incoming mail from one ESA to another for lab testing purposes if you defined the second ESA as reroute.mail.route.

Tom