I have recently reviewed this thread from back in January-March: https://supportforums.cisco.com/thread/2002325?tstart=60 . I have been facing the same predcament decrsibed be people in this thread. That being end user machines get compromised and then send out large volumes of spam via legitimate accounts on our servers. In our cases, the outbound from addresses have all been the actual user address. The end user environment is ActiveDirectory & Exchange.
If I cannot rate limit based on a sender address, then I am wondering if the 370D model would allow me to somehow define virtual gateways which would correspond to users found within a specific portion of my Active Directory environment. For example, if all sales dept. staff were within a single AD OU, could I create a virtual gateway that corresponds to just these people and have that gateway set with different rate limits than another gateway which corresponds to a different group of users?
Lastly, is it possible with any of the appliance models to define specific outbound rate limits for recipient domains? For example, messages destined for hotmail.com would have a different rate limit than messages destined for gmail.com. Would this functionality work with mixed recipient domains in the To: field?
Yes, you can define outgoing mail policy or outgoing content filter based on sender's LDAP group (e.g. CN=West,OU=Sales,....) and then use a filter action "Deliver from IP interface" to choose to deliver the emails from selected IP interface.
You can define delivery rate limit based on destination domain under 'Mail Policies'-'Destination Controls'.
I recommend to enable antispam scanning for outgoing emails. You can add custom header if the message is a positively-identified spam. Then you can use an outgoing content filter action to redirect spams to be delivered from another IP interface or another mail host if outgoing message contains the custom header. This can allow good and bad emails to be delivered from different IP interfaces.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...