No surprises here, but we are starting to find that large amounts of spam is being sent using our legitimate email addresses which results in our users receiving a large number of bounce messages when the spam isn't delivered.
We are unable (at this point) to implement outbound sending via our C350s so we're looking for alternative solutions.
I found this post:
and the second last entry suggests a filter to handle a large proportion of the bounce messages. This is the text from the post:
"The problem with the bounce verification feature, is that your outbound e-mail needs to go over an Ironport device as well. I don't know about you guys, but in my environment, this is not the case.
So basically I can't really use the feature in the near future.
However, I've managed to write a small content filter that is quite effective for bounces that come in, as a reaction on spoofed e-mails:
Prerequisite is that you have an entry in the HAT, with "Connecting host PTR record does not exist in DNS." enabled (say you call it "NoPTR"). Then you add a mail filter, that adds the HAT to the e-mail through an X-header (let's say we take X-HAT-SG).
mail-from == "^$"
header("X-HAT-SG") == "^NoPTR$"
quarantine or drop"
Has anyone used this or have any other suggestions?