We are having horrible delays with email taking up to 30 minutes to be delivered. Our email servers send mail to a 3rd party email security provider. So, I disabled DSRI from our SMTP server to their SMTP server. Email speed was back to being delivered in seconds. I wanted to have someone else confirm that my thinking is correct on this that it was the right thing to disable?
Solved! Go to Solution.
Yes, it will not have any negative impact, but it will speed up the performancee. Typically DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall.
The rule of thumb is DSRI should only be used for internal traffic, and not for Internet based traffic.
It is OK to have an Internet user check their mail (in your DMZ) and have DSRI on the DMZ (because DMZ is hardened OS, etc)
But is it really not permittable to have DSRI out to Internet (to speed up) because of potential malware, vuln, spyware, 0 day, etc.
Does this help answer your question?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!