During the network traffic analyze Security team report multiple MX queries were sent to DNS server and ask for explanation.

SMG 10.8 10.9

Symantec Messaging Gateway (SMG) can perform MX queries to the configured DNS server in the following scenarios:

1. Outbound Email:

   • SMG accepts messages from the downstream MTA as configured under:
     Administration > Configuration > Edit Host > SMTP > Outbound tab > Outbound Mail Acceptance.
   • Upon receiving the message, SMG performs MX queries to resolve the recipient domain and obtain the mail server's IP address for delivery.

2. Inbound Email:

   • If DNS Validation is enabled under:
     Protocols > Settings > SMTP tab >DNS Validation,
     and the following options are checked:
     • "Reject connections where the domain provided at HELO and EHLO has neither an 'A', nor an 'AAAA', nor an 'MX' record in DNS".
     • "Reject messages where the domain provided in the MAIL FROM address has neither an 'A', nor an 'AAAA', nor an 'MX' record in DNS".
   • SMG will perform MX queries for the information provided by the sender to validate the domains used in HELO/EHLO or MAIL FROM commands.

These are the only scenarios where SMG would send MX DNS queries to the configured DNS servers.

Symantec Messaging Gateway (SMG) perform MX queries to the DNS server for the mail processing and delivery.