10-30-2009 12:55 PM
Hi,
this is the case:
I have multiple domains configured to ironport and now only one of these domains needs to use TLS when sending email:
mails from test.dom to example.dom is needed to use TLS but mails from other domains e.g. test1.dom should send mails to example.dom without TLS.
Has anybody configured something like this?
10-30-2009 09:25 PM
thanks for the question.
1) find out what IP or host addresses the remote domain uses to source their mail deliveries
2) create a new sender group in your HAT to hold these addresses
3) assign this new sender group a new mail flow policy that has TLS set to 'required' or 'preferred' depending on your needs
best of luck
thanks!
andrew
10-31-2009 10:15 AM
thanks for the question.
1) find out what IP or host addresses the remote domain uses to source their mail deliveries
2) create a new sender group in your HAT to hold these addresses
3) assign this new sender group a new mail flow policy that has TLS set to 'required' or 'preferred' depending on your needs
best of luck
thanks!
andrew
11-02-2009 03:32 PM
i believe we are not understanding each other correctly.
your destination controls table (mail policies > destination controls) work for outbound deliveries and host access table / mail flow policies (mail policies > HAT overview) work with inbound injections separately.
each one has a table with more specific entries at the top, and less specific or default characteristics applied at the bottom. things are always evaluated in a top-down manner, so if there is one destination that should use TLS, then add a specific entry in each table for that domain and set the TLS options accordingly. these are typically used for ALL of your internal (locally-administered) domains.
yes, you can use virtual gateways to separate out internal domains for higher levels of delivery control. this involves using the 'altsrchost' command and multiple IP interfaces. read about that feature here:
http://tinyurl.com/23vuj5
and refer to the AsyncOS advanced user guide section "Using Virtual Gateway™ Technology" to understand it's flow and configuration.
take care,
andrew
11-03-2009 06:33 AM
i believe we are not understanding each other correctly.
your destination controls table (mail policies > destination controls) work for outbound deliveries and host access table / mail flow policies (mail policies > HAT overview) work with inbound injections separately.
each one has a table with more specific entries at the top, and less specific or default characteristics applied at the bottom. things are always evaluated in a top-down manner, so if there is one destination that should use TLS, then add a specific entry in each table for that domain and set the TLS options accordingly. these are typically used for ALL of your internal (locally-administered) domains.
yes, you can use virtual gateways to separate out internal domains for higher levels of delivery control. this involves using the 'altsrchost' command and multiple IP interfaces. read about that feature here:
http://tinyurl.com/23vuj5
and refer to the AsyncOS advanced user guide section "Using Virtual Gateway™ Technology" to understand it's flow and configuration.
take care,
andrew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide