If you want or need to filter your outbound mail through Email Gateway Defense, Barracuda Networks recommends setting up your outbound mail server to use the outbound smarthost that is shown on the Domains Settings page in Email Gateway Defense.
There are two problems that can occur when pointing all your outbound mail to our service:
- If you send to a large group of users, it may take longer for Barracuda Networks to verify all the users, causing your mail servers to time out (default timeout is 5 minutes). This will result in a sender timeout and the mail will not be delivered. One way to resolve this is to increase your outbound connector timeout.
- Some mail servers (Exchange in particular), when sending mass mailings (one email to multiple addresses in multiple domains), will see a failure to one address as a failure to all addresses. Exchange incorrectly reports the failure to one recipient as a failure of the entire message.
Full Instructions
Refer to How to Set Up DNS Routing in Exchange 2013 or later for detailed instructions for this configuration.
DNS Routing
You can force your mail server to break this outbound mail into per domain packets which will limit the delays/failures in mail delivery. This is called DNS Routing.
You can configure DNS routing using one of these two methods:
- DNS server on your network – Deliver mail directly to the domain's mail server.
- Barracuda Networks DNS server – Deliver mail for all domains to Email Gateway Defense.
When using DNS routing, your mail server will break the mass mailing into per domain groups but still deliver the mail to Email Gateway Defense. The Email Gateway Defense DNS routing servers are configured to return the Barracuda Networks inbound hostname for your region as the MX record for all domains.
Configuring DNS Routing
Local DNS Routing Server
Configure your local DNS Routing Server to return the same hostname (see below) as the MX record for all domains.
Email Gateway Defense DNS Routing Server
Configure your mail server to use the Email Gateway Defense DNS Server based on your region.
IP Addresses
Enter both IP addresses into your DNS configuration to provide better redundancy.
- AU (Australia) IP Addresses – 3.24.133.130 and 3.24.133.131
- CA (Canada) IP Addresses – 15.222.16.130 and 15.222.16.131
- DE (Germany) IP Addresses – 35.156.14.87 and 35.159.7.191
- IN (India) IP Addresses – 13.200.136.130 and 13.200.136.131
- UK (United Kingdom) IP Addresses – 35.176.171.28 and 35.177.145.32
- US (United States) IP Addresses – 209.222.82.2 and 209.222.82.3
DNS Server for MX Lookups
This DNS server is for MX lookups only and returns for all MX queries.
This allows your mail server to break up outbound mail into per domain packets, but still send all the mail through Email Gateway Defense.
- AU – dout.ess.au.barracudanetworks.com
- CA – dout.ess.ca.barracudanetworks.com
- DE – dout.ess.de.barracudanetworks.com
- IN – dout.ess.in.barracudanetworks.com
- UK – dout.ess.uk.barracudanetworks.com
- US – dout.ess.barracudanetworks.com
Important to Note
Consider the following points before configuring DNS routing.
Loss of Redundancy
If you use DNS routing for your outbound mail, you will lose the redundancy the normal smarthost provides. Barracuda Networks does not foresee any outage with these servers, but it is something anyone using DNS routing must consider.
Exchange Users
Another solution would be to NOT filter your mail through Email Gateway Defense when your mail server is Exchange. This will allow you to deliver mail normally using DNS routing directly to the destination mail servers.
Too Many Recipients
If you are only seeing connection timeouts due to too many recipients, then you must dramatically increase the SMTP timeout of the sending server. The default is 5 minutes, which is often not long enough when using Email Gateway Defense as your relay.
Additional Information
For more information, see these Microsoft articles: