I have a customer who has Exchange server, behind firewall ( cisco PIX ) in private network and ironport instaled before cisco Pix .He configure his mx record for domain X to go to ironport applience and ironport routes to his server.Everything is ok, BUT he continue to recieve spam, because spammers use the old MX record which go direct on Cisco Pix out interface.The solution is :
Create a rule on cisco pix which allow to accept smtp traffic only from ironport, BUT he has Outside users who connect to Exchange server remotely via SMTP and send/recieve mails.
He don't want to install Ironport in the private network.
Any solutions about this situation?
Thanks a lot :)