Add partner to whitelist or create new incoming mail policy for partners
Quick question in regards to a IconPort C150 Appliance with AsyncOS 7.5
When partner send on behalf of our company and we have added their email servers to our SPF record in DNS. do we need to do something on IronPort too?
To my knowledge we are doing default anti spam checking and use bounce verification. Because of the bounce verification i am concerned when a partner email out to our customers making it look like it came from us. this will probably flag up as the bounce verification would have been involved.
So i wondered. is it as simple as just adding a partner to the HAT Overview > Whitelist or should i create a new Incoming Mail Policy?
I understand you are conserned that Bounce Verification may affect your Partner's email. This will depend on how the Envelope Sender is built:
- If they send as email@example.com: The emails will bounce back to your ESA, but those bounces will come from a variety of IPs. The ESA will have no way of knowing they are related to your Partner.
There are workarounds using Filters & custom headers (example: http://tools.cisco.com/squish/Cd71E) , but you would need to know details about every mailing that your Partner was planning to send on your behalf so you could create those Filters in advance.
There is an exception to this situation: if the Partner sends all the messages to your ESA for delivery to the final Recipient. Bounce Verification will be tagged on these messages so your ESA can handle the bounces appropriately.
- If they send as firstname.lastname@example.org: The bounces will go back to thier sever and be processed there. This is considered 'best practice' as it allows the Partner to update their mailing lists; when bounces go to you, they get no feedback on thier mass mailings.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...