We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How can I filter mail for sub (child) domains with the Email Security Gateway?

  • Type: Knowledgebase
  • Date changed: 10 months ago
Solution #00006304

 The easiest way is to add the child domain to the Email Security Gateway (BS&VF) just like any other domain and then manage it as you would any other domain. There are, however, times when you want the BS&VF to automatically filter mail for new child domains without having to add them. If this is required, the following will explain the process involved to accomplish this.

By default the Email Security Gateway will accept mail for the domain name you add as well as any sub (child) domain of that primary domain. It is not required that you add the child domain to the Barracuda. There is, however, some setup that needs to happen.

Before we get into the setup, here is how different firmware version of the BS&VF handle mail for child domains.

In firmware v4.x and above:  the mail will be delivered to the MX record (or A record if the MX record does not exist) for the sub (child) domain.

In v4.x the BS&VF will verify the destination address. If it is not a valid address at the destination server the message will be rejected.

In v5.x the BS&VF will NOT verify the destination address. It will accept and process the mail and then try to deliver it. If the address is invalid the mail will bounce during the delivery attempt.

In v6.x the BS&VF again will verify the destination address. If it is not a valid address at the destination server, the message will be rejected.

As you can see based on the above you will need to have a DNS server that has an MX or A record for each of your child domains.

A simple way to manage the child domains is to use a dedicated INTERNAL DNS server for the BS&VF. Add an MX record to this DNS server for every child domain you want to accept mail for. Then set up the BS&VF to use ONLY this DNS server (see the DNS settings on the Basic>IP Configuration page; set "Enable Direct DNS Queries" to YES)

Your Barracuda will now use your dedicated INTERNAL DNS server to locate where to deliver mail for your child domains.

You can now filter mail for child domains without having to add each one to your Email Security Gateway (BS&VF).

If you need to have special filtering or rules for a child domain then you would need to add that child domain to the BS&VF. You can then use the Per Domain administration to manage the domain.