Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1530
Views
0
Helpful
3
Replies

Current outbound rate limiting capabilities

bmette-ck
Level 1
Level 1

‎10-03-2010 09:20 PM

Hello All,

I have recently reviewed this thread from back in January-March: https://supportforums.cisco.com/thread/2002325?tstart=60 .  I have been facing the same predcament decrsibed be people in this thread.  That being end user machines get compromised and then send out large volumes of spam via legitimate accounts on our servers.  In our cases, the outbound from addresses have all been the actual user address.  The end user environment is ActiveDirectory & Exchange.

If I cannot rate limit based on a sender address, then I am wondering if the 370D model would allow me to somehow define virtual gateways which would correspond to users found within a specific portion of my Active Directory environment.  For example, if all sales dept. staff were within a single AD OU, could I create a virtual gateway that corresponds to just these people and have that gateway set with different rate limits than another gateway which corresponds to a different group of users?

Lastly, is it possible with any of the appliance models to define specific outbound rate limits for recipient domains?  For example, messages destined for hotmail.com would have a different rate limit than messages destined for gmail.com.  Would this functionality work with mixed recipient domains in the To: field?

Thanks,

Labels:
0 Helpful
3 Replies 3

Tze Tai Mak
Level 1
Level 1

‎10-03-2010 10:49 PM

Yes, you can define outgoing mail policy or outgoing content filter  based on sender's LDAP group (e.g. CN=West,OU=Sales,....) and then use a  filter action "Deliver from IP interface" to choose to deliver the  emails from selected IP interface.

You can define delivery rate limit based on destination domain under 'Mail Policies'-'Destination Controls'.

I recommend to enable antispam scanning for outgoing emails. You can add custom header if the message is a positively-identified spam.  Then you can use an outgoing content filter action to redirect spams to  be delivered from another IP interface or another mail host if outgoing  message contains the custom header. This can allow good and bad emails to be delivered from different IP interfaces.

0 Helpful

bmette-ck
Level 1
Level 1
In response to Tze Tai Mak

‎10-04-2010 07:15 AM

Thank you for the prompt reply.  Am I correct in assuming that the capabilities you mention are only available in the 370D model?

0 Helpful

Tze Tai Mak
Level 1
Level 1
In response to bmette-ck

‎10-04-2010 08:20 PM

The LDAP group lookup, outgoing mail policy, content filter and destination control are available on all C-series models including C3x0D.

For C3x0 and higher models, we support up to 32 virtual gateways. For C1x0 model, we support up to 4 virtual gateways.

C3x0D is the only model that supports IronPort Mail Merge (IPMM) feature and up to 256 virtual gateways.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents