We are configuring an appliance and came across a doubt that we would like to share to see if anyone can help us.
We first configured the appliance by setting up a RELAY policy wich included the networks that were allowed to send mail through our IronPort. Before we applied that configuration, there was no way of sending mail, perhaps there are other more efficient ways but we fail to see another one.
After this path was OK, we then configured the IronPort to use SMTP auth in a forwarding fashion to verify that clients we know are the only ones allowed to send mail. To do this we authenticate against our internal SMTP server, which contains the mailboxes of our users.
This configuration tested OK, without issues at all.
Now that we have this architecture working we would like to allow multiple IPs, not just the ones we defined to use our IronPort to send mail. In our scenario, we provide email services to serveral cilents that have dynamic IP. So we cannot guaranty that a given time, they will be able to send mails through our IronPort if their IP falls out of the range we defined.
So, within HAT policies, is there a way to allow "anyone" or "any IP" to access the IronPort to send mail? The security will be enforced though our SMTP auth policy which only allows authorized personnel to send mail.
Thank you in advanced for your thoughts and comments!!!