I am currently setting up a new IronPort to scan all incoming mail from the internet and then forward it to an exchange 2007 server for deliver. The question I have is related to spammers doing a dictionary attack against valid users to our domain.
Our current Anti-spam servers is based on MailScanner and all users and valid addresses are controlled by the mail aliases. The aliases just forward a valid recipient to the exchange server. Any attacks get shutdown on this server.
On the IronPort, we would like to get away from maintaining users with in the aliases file. This will reduce another step in creating or deleting user accounts. What would be the preferred method for setting this up?
So far I played with adding a smtp route for the domain. My concern with that is will the IronPort forward all messages regardless if the user is valid or not? I know that it does not know about the users. Should authentication take place on the IronPort with active Directory or is it better to let exchange deal with the user dictionary attacks.
Thanks in advance.