Here are a few reasons to do LDAP recipient acceptance validation first before SPAM checks.
1) When you do LDAP accept in the SMTP conversation it is done during the "RCPT TO" command and before the "DATA", so you can reject the message before you ever receive the message body. This terminates the unwanted message early in the SMTP connection, before any significant amount of data has been transmitted. Since this is before the "DATA" command and the message body has not been received you don't even have the option for spam analysis on the message at this point.
2) Due to the SMTP response of recipient rejection in the SMTP conversation as outlined above, you do not have to create an NDR message. The onus of creating the NDR is on the sending host. Moving LDAP recipient validation into the work queue after the message has been received, moves the onus of creating the NDRs for invalid recipients back to you and your systems.
3) LDAP validation is designed to be a high speed address validation and can be done quickly and with significantly less system load than fully spam analysis. Typically you always want to do the most efficient filtering processes first to limit the amount of messages which heavier load filtering is performed on later in the message flow. Remember the LDAP validation is based on a local LDAP record cache and does not have to query your LDAP host for every recipient.
Pat - I don't understand you question about a mail-loop?
You may want to look at the "Bounce Verification" also known as BATV (bounce address tag validation) technology on the IronPorts to prevent "backscatter".
No. Non-delivery notices are not sent in response to other non-delivery notices, for precisely this reason. Non-delivery notices have a null envelope return address, <>, to make it impossible to reply to them.
Technically in a scenario like that it would be considered a double bounce, not a mail-loop. Basically the system bounces for the internal invalid recipient and once it determines the domain does not exist then it call it a double bounce.
The reasoning for the ordering of the mail flow comes to efficiency and performance, however Erich has outlined all the proper reasons for the way that IronPort engineers implemented the mail flow for AsyncOS.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...