We have set up ironport C170 email appliance to a customer. Everything seems fine until morning. They called me and said a single e-mail account (gmail) have sent 60 mails to a client instantaneously and all of them passed through ironport. So how could we solve this problem ? Is there any restriction method to block the same mails if a client receives more than 1 or any number that we can assign?
You can set up a rate limit only by total number of recipients. You could set a rule that says *.google.com can only send to x number of recipients per hour but that impacts all recipients, not just one.
60 emails all at once could be accidental but without more information I would check to make sure that there was not some sort of routing or transport problem that caused a backlog and when it cleared up all the waiting email was delivered at once.
Thanks for the reply. I guess I understand the problem but don't know how to solve it. After some analysis in the message tracking ı found that source IP of the mails seems the default gateway of ironport. Actually, I was shocked. How can it be? ı think a special destination NAT could cause this problem. When I said this situation to the customer, they said that did not make any NAT config like this. Do you recommend me something to implement?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...