Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Relay using SMTP Authentication

Gmail allows the ability to send using an alternate email address.  I have a user that likes using Gmail, but needs to send using our internal email domain address as their send from address.  Gmail will send this, but it will come from their Gmail account with the tag "From:, Sent on behalf of"

Gmail will allow using only the internal domain as the sent from address, but the email needs to relay through my SMTP server -- Ironport.  To accomplish this, Gmail requires a SMTP server responds to port 587 and have valid credentials.  I do not want to expose my internal Exchange server to this, and want Ironport to handle all of the responses.  I cannot seem to get an alternate listener configured on port 587 (currently we only use 25) that will answer and ask for credentials.  I want all of the authentication to occur locally on the Ironport box -- not passing back to Exchange.


Relay using SMTP Authentication


although a new Listener can be configured on the same IP Interface using port 587, the appliance cannot guess which SMTP Authentication credential is correct or which one is not. The appliance would need to either use LDAP or forward the SMTP AUTH credentials to another server using SMTP (this is called 'SMTP AUTH with forward server', as specified in the AsyncOS Advanced Configuration Guide).

I'm not sure how Gmail handles the feature you refer to, but 'asking for credentials' implies that SMTP Authentication needs to be in place here on the appliance. After configuring an SMTP Authentication profile on the appliance, you need to enable this profile on your Listener configuration. Also the Mail Flow Policy needs to have SMTP Authentication turned on, so that the '250 AUTH PLAIN LOGIN' banner advertisement is provided in the SMTP session when the Gmail server connects to the appliance.

Thanks and regards,


CreatePlease to create content