Disable bounce verification for certain INCOMING domains
I'm using an Ironport C150 with OS v6.4.0-273.
This Ironport handles mail for 2 domains, say domain1.com and domain2.com.
At the moment I have bounce verification on globally and have set the Ironport to reject bounces with invalid tags. domain1.com sends outgoing mail through my Ironport and thus always has valid tags. domain2.com sends outgoing email through another server and thus never has valid tags. domain2.com only receives mail through the Ironport.
Therefore if any user on domain2.com sends a message which bounces, they don't get the DSN as Ironport rejects it.
I would like to know if it is possible to set up the Ironport so that for incoming email to domain2.com it never does bounce verification but for domain1.com it always does it.
In the manual it says that it can be done via sender groups but then this means I need to define all the possible sender IP address of the outgoing MTAs for domain2.com. However, I just want it to accept any email for domain2.com from anybody without checking for a valid bounce tag.
Re: Disable bounce verification for certain INCOMING domains
Instead of rejecting the bounces, you could configure bounce verification to insert a special header, something like "X-Valid-Bounce: False" and then create a content filter to take different actions depending on the recipient domain.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...