03-17-2014 01:14 AM
Hello, i need some help with configuring outgoing mail, i know how to configure IP Interface and Listeners, but after i would do it,
Would it works automatically that all outgoing mail would pass through Ironport OR i need somehow send mail to Ironport. Do i need to write record in DNS for outgoing mail?
Solved! Go to Solution.
03-17-2014 05:42 AM
You would need to have DNS correctly configured to allow mail to move to your ESA appliance, and then out to the world, or to internal mail, as needed:
A) MX records point to Firewall
Either the MX records point to the external (internet) interface of your firewall and your firewall has a redirect rule for all SMTP traffic to your relay server(s) on the DMZ – which typically has a private IP range in this case.
Then the action is simple, just change the SMTP redirect rule from the current relay servers to the IronPort.
B) MX records point directly to mailrelays
If you have a public DMZ, the MX-records are pointing directly to the hostname of your relay-servers. In that case you need to change the mx-records to point to the new hostnames (that you have registered in the public DNS of your ISP) of the IronPort.
Example Before:
MX @domain.com currentmail.domain.com [10]
A currentmail.domain.com 192.168.1.34
Example After IronPort
MX @domain.com IronPortincoming.domain.com [10]
A currentmail.domain.com 192.168.1.34
A IronPortincoming.domain.com 192.168.1.35
When changing MX-records, please take into account that DNS propagation on the internet can take as long as 48 hours. You can have the customer prepare this in advance by adding the A-record and a backup MX
MX @domain.com currentmail.domain.com [10]
MX @domain.com IronPortincoming.domain.com [10]
A currentmail.domain.com 192.168.1.34
A IronPortincoming.domain.com 192.168.1.35
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)
03-17-2014 05:42 AM
You would need to have DNS correctly configured to allow mail to move to your ESA appliance, and then out to the world, or to internal mail, as needed:
A) MX records point to Firewall
Either the MX records point to the external (internet) interface of your firewall and your firewall has a redirect rule for all SMTP traffic to your relay server(s) on the DMZ – which typically has a private IP range in this case.
Then the action is simple, just change the SMTP redirect rule from the current relay servers to the IronPort.
B) MX records point directly to mailrelays
If you have a public DMZ, the MX-records are pointing directly to the hostname of your relay-servers. In that case you need to change the mx-records to point to the new hostnames (that you have registered in the public DNS of your ISP) of the IronPort.
Example Before:
MX @domain.com currentmail.domain.com [10]
A currentmail.domain.com 192.168.1.34
Example After IronPort
MX @domain.com IronPortincoming.domain.com [10]
A currentmail.domain.com 192.168.1.34
A IronPortincoming.domain.com 192.168.1.35
When changing MX-records, please take into account that DNS propagation on the internet can take as long as 48 hours. You can have the customer prepare this in advance by adding the A-record and a backup MX
MX @domain.com currentmail.domain.com [10]
MX @domain.com IronPortincoming.domain.com [10]
A currentmail.domain.com 192.168.1.34
A IronPortincoming.domain.com 192.168.1.35
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide