5 Replies Latest reply on Oct 29, 2010 8:33 AM by bwemailsupport1

    Domain-based routing - usage of wildcard

    mcafee-com-user

      We are using MEG 6.7.2 HF3.

       

      We have a direct connection to another company where we can reach their smtp-server.

       

      So we want to define domain-based routing for domain "parter-company.tld" and all sub domains like "sub1.partner-company.tld", "sub1.partner-company.tld"... to send email for them directly to their smtp-server. They have about 1000 subdomains in the company.

       

      Problem is that we are not able to use a wildcard in domain-based routing, we tried "*.partner-company.tld" and ".partner-company.tld" both are not accepted when trying to save.

       

      We know the option "Enable sub-domain routing" in "Intrusion Defender / Configure Mail Services / Global". But when activating this option we have the problem to become a non-delivery-notification (ndn) spammer. I try to explain what happens.

       

      We are using the domain "our-company.tld". For email addresses in this domain we are using ldap check to verify if the recipient address is valid.

       

      When activating "Enable sub-domain routing" we can be used as ndn-spammer coz we accept email for any sub domain of our-company.tld and do not check if the address is valid.

       

      Any idea how to solve this problem?

       

      We could get a list of all sub domains of the "partner-company.tld" to import them in MEG, but we don’t know if this will be a good idea to import about 1000 domains...

       

       

      on 22.09.10 12:16:06 MESZ
        • 1. Re: Domain-based routing - usage of wildcard
          mcafee-com-user

          Hello,

           

          is here no one understanding the problem?

           

          Especially the people from McAfee Support cannot give an answer?

           

          If the answer is that this configuration is not possible it should be implemented in product update.

          • 2. Re: Domain-based routing - usage of wildcard

            I agree.  Sometimes it feels like no one is listening.  Not enough communication for this product after McAfee took over.

            • 3. Re: Domain-based routing - usage of wildcard
              ijahnke

              Importing 1000 domains should be fine.

               

              Another option would be to put all of the users on a single domain controller that the ironmail can do ldap querries against to validate the email addresses. This is assuming that the reason you dont do subdomain routing is because user email addresses are spread across several domain controllers.

               

              you can also create several ldap profiles that can be used on a per domain or per domain group basis that will querry specfic servers.

              • 4. Re: Domain-based routing - usage of wildcard
                mcafee-com-user

                Problem is that the external partner sometimes has changes and creates new subdomains, so he must inform us to import them too.

                 

                We already use several ldap profiles coz we have mutliple email systems in our own company (Echange and several Lotus Domino systems) and also offer Email-Gateway-Security for another company.

                 

                But also here i am not able to use wildcards, so for example when suddomain routing is enabled a spam sender may send email to the domains:

                 

                dom1.mycompany.tld

                dom2.mycompany.tld

                dom3.mycompany.tld

                 

                and i am not able to check if these adresses are valid coz in the LDAP configuration i can only use "mycompany.tld" as domain entry and not "*.mycompany.tld".

                 

                There is no chance to build one LDAP-Directory which contains all valid email adresses.

                 

                Hope someone understands the problem and can give some further help!

                • 5. Re: Domain-based routing - usage of wildcard
                  bwemailsupport1


                  If you decide that the best approach is to validate all e-mail addresses via LDAP, you should check the concept of the LDAP Virtual Directory, also called an LDAP Proxy.

                   

                  I do not have any specific experience with this.  But as I understand, this is a server that responds to LDAP queries and is able to "cache" entries from Multiple LDAP servers.   This LDAP Proxy serves as a "master" LDAP server for multiple domains.   It does not "do" anything on its own -- it just takes entries from other LDAP servers.