Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
1
Replies

vaild recepit without ldap

mariappans
Level 1
Level 1

‎04-25-2015 05:59 AM

Hi all,

We are in progress to replace our MTA (qmail) with ironport c380.

In qmail for receipt validation we use vaild rcpt file, if the reception available in that valid rcpt file the qmail accept the mail. If not then the qmail will reject the mail and send the bounce / NDR report to the sender.

We try the same method (without ldap) in cisco ironport through mail policy as mentioned below

In this method we facing problem was for invalid recipient the cisco ironport not send the NDR / bounce message to sender, even we enabled bounce profile on the incoming listener same problem accorded.

Please help us

Labels:
0 Helpful
1 Reply 1

Mark Vegh
Cisco Employee
Cisco Employee

‎05-05-2015 02:27 AM

Hello,

The ESA do not have a email validation file like you have on a Qmail server.

You have different options with the Appliance to validate the recipients without the need to use LDAP.

You can for example use the SMTP Call-Ahead feature which will check the recipient email address for new incoming messages with your backend SMTP Server and if the internal SMTP Server accept them, the Appliance will do the same.

Further you can also use the Recipient Address Table (RAT) and insert each single recipient email address instead of your complete domain. With this the Appliance will only allow the recipient email address which are part of the RAT. But a long list of email addresses within the RAT are not a good option as this will need more performance from the Appliance to check each recipient email address against the Recipient Address Table.

Accepting a message first and then rejecting them using the Mail Policies / Content Filters are not a good option, as this could cause that messages send with a fake sender email address get bounced back to a different remote smtp server and so it could happen that your IP addresses get on Blacklists.

 

The best is if you take a look on the SMTP Call-Ahead feature of the ESA. This feature can be used to do a recipient validation with the internal smtp server without the need to use LDAP and so the Appliance only accept valid recipients and reject all others.

 

Best regards,
Mark.

 

0 Helpful
Customers Also Viewed These Support Documents