Disable Server Response Inspection for our SMTP server?

Reply
L0 Member

Disable Server Response Inspection for our SMTP server?

We are having horrible delays with email taking up to 30 minutes to be delivered. Our email servers send mail to a 3rd party email security provider. So, I disabled DSRI from our SMTP server to their SMTP server. Email speed was back to being delivered in seconds. I wanted to have someone else confirm that my thinking is correct on this that it was the right thing to disable?

L7 Applicator

Re: Disable Server Response Inspection for our SMTP server?

Hello,

Yes, it will not have any negative impact, but it will speed up the performancee. Typically DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall.


Thanks

L6 Presenter

Re: Disable Server Response Inspection for our SMTP server?

Hi Abrrymn,

Following document should be helpful.

Improving Performance of HTTP with DSRI

Regards,

Hardik Shah

L1 Bithead

Re: Disable Server Response Inspection for our SMTP server?

Can DSRI be enabled for any thing any rule or is this only helpful in case of HTTP requests.

Tags (1)
L4 Transporter

Re: Disable Server Response Inspection for our SMTP server?

The rule of thumb is DSRI should only be used for internal traffic, and not for Internet based traffic.

 

It is OK to have an Internet user check their mail (in your DMZ) and have DSRI on the DMZ (because DMZ is hardened OS, etc)

But is it really not permittable to have DSRI out to Internet (to speed up) because of potential malware, vuln, spyware, 0 day, etc.

 

Does this help answer your question?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!