Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

I thought all traffic was Inbound to IronPort?

I thought that weather we are sending email to the Internet from our company or receiving email from the Internet it is considered "inbound" as far as IronPort is concerned.

And I do see that to some extent when I look at my Incoming Mail Policy which blocks media attachments.  For example I will see stuff blocked that has the from address as someone@YAHOO.com or someone@GMAIL.com but I will also see in the same quarantine from addresses of someone@MyCompany.com

so what is my question, well for some reason I can't send an MP3 file in from the outside like from my YAHOO account, (so that works as expected) but I can send it out, the same exact music MP3 file goes out just fine, where I think it shouldn't if all email traffic is "inbound" to IronPort

I hope someone can follow what I am trying to say here, and better yet help, thank you

Everyone's tags (4)
3 REPLIES
New Member

Re: I thought all traffic was Inbound to IronPort?

Mail sent from an address which is in a HAT group with "Relay" behaviour specified will be treated as outgoing - so have the Outgoing mail policy applied.  You presumably don't have media attachements blocked on your outgoing policy.

Quarantines aren't necessarily exclusive to Inbound or Outbound - it depends upon the rules you've set up, so you could be putting both inbound and outbound mail into the same quarantine.  If you go into the quarantine and look at a message it will tell you the reason it's there.  As long as your inbound and outbound content filters have different names you should be able to see whether it was quarantined as inbound or outbound.  Of course some of those mesages which you see as having a "from address of someone@MyCompany.com" could be spoofed senders - try doing some message tracking on one of them and looking for the IP address it came from to check if it was really outgoing or not..

New Member

Re: I thought all traffic was Inbound to IronPort?

Gill Weeks wrote:

Mail sent from an address which is in a HAT group with "Relay" behaviour specified will be treated as outgoing - so have the Outgoing mail policy applied.  You presumably don't have media attachements blocked on your outgoing policy.

Thank you Gill that helped, took a little drilling down into the details but you helped me find what I was looking for.

Re: I thought all traffic was Inbound to IronPort?

In addition to Gill's explanation, there are basically three possible scenarious that make a connection to be considered "Outbound":

1. Any traffic received via a private listener

2. Any traffic received via a mail flow policy with "Relay" behavior (as described by Gill already)

3. Any traffic that was SMTP authenticated

Regards,

Andreas

766
Views
0
Helpful
3
Replies
CreatePlease to create content