Cisco Cisco Email Security Appliance X1070 User Guide
23-56
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 23 Configuring Routing and Delivery Features
Configuring Mail Gateways for all Hosted Domains Using Virtual Gateway™ Technology
The Cisco Virtual Gateway technology allows you to configure enterprise mail gateways for all domains
you host — with distinct IP addresses, hostname and domains — and create separate corporate email
policy enforcement and anti-spam strategies for those domains, while hosted within the same physical
appliance.
you host — with distinct IP addresses, hostname and domains — and create separate corporate email
policy enforcement and anti-spam strategies for those domains, while hosted within the same physical
appliance.
Note
The number of Virtual Gateway addresses available to you depends on the model of your appliance.
Some appliance models can be upgraded to support more Virtual Gateway addressed via a feature key.
Contact your Cisco sales representative for more information about upgrading the number of Virtual
Gateway addresses on your appliance.
Some appliance models can be upgraded to support more Virtual Gateway addressed via a feature key.
Contact your Cisco sales representative for more information about upgrading the number of Virtual
Gateway addresses on your appliance.
Overview
Cisco has developed a unique Virtual Gateway technology designed to help ensure that corporations can
reliably communicate with their customers via email. Virtual Gateway technology enables users to
separate the appliance into multiple Virtual Gateway addresses from which to send and receive email.
Each Virtual Gateway address is given a distinct IP address, hostname and domain, and email queue.
reliably communicate with their customers via email. Virtual Gateway technology enables users to
separate the appliance into multiple Virtual Gateway addresses from which to send and receive email.
Each Virtual Gateway address is given a distinct IP address, hostname and domain, and email queue.
Assigning a distinct IP address and hostname to each Virtual Gateway address ensures that email
delivered through the gateway will be properly identified by the recipient host and prevents critical email
from being blocked as spam. The appliance has the intelligence to give the correct hostname in the
delivered through the gateway will be properly identified by the recipient host and prevents critical email
from being blocked as spam. The appliance has the intelligence to give the correct hostname in the
SMTP
HELO
command for each of the Virtual Gateway addresses. This ensures that if a receiving Internet
Service Provider (ISP) performs a reverse DNS look-up, the appliance will match the IP address of the
email sent through that Virtual Gateway address. This feature is extremely valuable, because many ISPs
use a reverse DNS lookup to detect unsolicited email. If the IP address in the reverse DNS look-up does
not match the IP address of the sending host, the ISP may assume the sender is illegitimate and will
frequently discard the email. The Cisco Virtual Gateway technology ensures that reverse DNS look-ups
will always match the sending IP address, preventing messages from being blocked accidentally.
email sent through that Virtual Gateway address. This feature is extremely valuable, because many ISPs
use a reverse DNS lookup to detect unsolicited email. If the IP address in the reverse DNS look-up does
not match the IP address of the sending host, the ISP may assume the sender is illegitimate and will
frequently discard the email. The Cisco Virtual Gateway technology ensures that reverse DNS look-ups
will always match the sending IP address, preventing messages from being blocked accidentally.
Messages in each Virtual Gateway address are also assigned to a separate message queue. If a certain
recipient host is blocking email from one Virtual Gateway address, messages intended for that host will
remain in the queue and eventually timeout. But messages intended for the same domain in a different
Virtual Gateway queue that is not being blocked will be delivered normally. While these queues are
treated separately for delivery purposes, the system administration, logging and reporting capability still
provide a holistic view into all Virtual Gateway queues as if they were one.
recipient host is blocking email from one Virtual Gateway address, messages intended for that host will
remain in the queue and eventually timeout. But messages intended for the same domain in a different
Virtual Gateway queue that is not being blocked will be delivered normally. While these queues are
treated separately for delivery purposes, the system administration, logging and reporting capability still
provide a holistic view into all Virtual Gateway queues as if they were one.
Setting Up Virtual Gateway Addresses
Before setting up the Cisco Virtual Gateway addresses, you must allocate a set of IP addresses that will
be used to send email from. (For more information, see the “Assigning Network and IP Addresses”
appendix.) You should also ensure proper configuration of your DNS servers so that the IP address
resolves to a valid hostname. Proper configuration of DNS servers ensures that if the recipient host
performs a reverse DNS lookup, it will resolve to valid IP/hostname pairs.
be used to send email from. (For more information, see the “Assigning Network and IP Addresses”
appendix.) You should also ensure proper configuration of your DNS servers so that the IP address
resolves to a valid hostname. Proper configuration of DNS servers ensures that if the recipient host
performs a reverse DNS lookup, it will resolve to valid IP/hostname pairs.
Creating New IP Interfaces for Use with Virtual Gateways
After the IP addresses and hostnames have been established, the first step in configuring the Virtual
Gateway addresses is to create new IP interfaces with the IP/hostname pairs using the Network > IP
Interfaces page in the GUI or the
Gateway addresses is to create new IP interfaces with the IP/hostname pairs using the Network > IP
Interfaces page in the GUI or the
interfaceconfig
command in the CLI.