Current outbound rate limiting capabilities

Unanswered Question
Oct 3rd, 2010

Hello All,

I have recently reviewed this thread from back in January-March: .  I have been facing the same predcament decrsibed be people in this thread.  That being end user machines get compromised and then send out large volumes of spam via legitimate accounts on our servers.  In our cases, the outbound from addresses have all been the actual user address.  The end user environment is ActiveDirectory & Exchange.

If I cannot rate limit based on a sender address, then I am wondering if the 370D model would allow me to somehow define virtual gateways which would correspond to users found within a specific portion of my Active Directory environment.  For example, if all sales dept. staff were within a single AD OU, could I create a virtual gateway that corresponds to just these people and have that gateway set with different rate limits than another gateway which corresponds to a different group of users?

Lastly, is it possible with any of the appliance models to define specific outbound rate limits for recipient domains?  For example, messages destined for would have a different rate limit than messages destined for  Would this functionality work with mixed recipient domains in the To: field?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Tze Tai Mak Sun, 10/03/2010 - 22:49

Yes, you can define outgoing mail policy or outgoing content filter  based on sender's LDAP group (e.g. CN=West,OU=Sales,....) and then use a  filter action "Deliver from IP interface" to choose to deliver the  emails from selected IP interface.

You can define delivery rate limit based on destination domain under 'Mail Policies'-'Destination Controls'.

I recommend to enable antispam scanning for outgoing emails. You can add custom header if the message is a positively-identified spam.  Then you can use an outgoing content filter action to redirect spams to  be delivered from another IP interface or another mail host if outgoing  message contains the custom header. This can allow good and bad emails to be delivered from different IP interfaces.

bmette-ck Mon, 10/04/2010 - 07:15

Thank you for the prompt reply.  Am I correct in assuming that the capabilities you mention are only available in the 370D model?

Tze Tai Mak Mon, 10/04/2010 - 20:20

The LDAP group lookup, outgoing mail policy, content filter and destination control are available on all C-series models including C3x0D.

For C3x0 and higher models, we support up to 32 virtual gateways. For C1x0 model, we support up to 4 virtual gateways.

C3x0D is the only model that supports IronPort Mail Merge (IPMM) feature and up to 256 virtual gateways.


This Discussion