Cisco Cisco Email Security Appliance C170 Betriebsanweisung
4-7
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 4 Understanding the Email Pipeline
Work Queue / Routing
Note
Data loss prevention (DLP) scanning is only available for outgoing messages. For information on where
DLP message scanning occurs in the Work Queue, see
DLP message scanning occurs in the Work Queue, see
Email Pipeline and Security Services
Note, as a general rule, changes to security services (anti-spam scanning, anti-virus scanning, and
Outbreak Filters) do not affect messages already in the work queue. As an example:
Outbreak Filters) do not affect messages already in the work queue. As an example:
If a message bypasses anti-virus scanning when it first enters the pipeline because of any of these
reasons:
reasons:
•
anti-virus scanning was not enabled globally for the appliance, or
•
the HAT policy was to skip anti-virus scanning, or
•
there was a message filter that caused the message to bypass anti-virus scanning,
then the message will not be anti-virus scanned upon release from the quarantine, regardless of whether
anti-virus scanning has been re-enabled. However, messages that bypass anti-virus scanning due to mail
policies may be anti-virus scanned upon release from a quarantine, as the mail policy's settings may have
changed while the message was in the quarantine. For example, if a message bypasses anti-virus
scanning due to a mail policy and is quarantined, then, prior to release from the quarantine, the mail
policy is updated to include anti-virus scanning, the message will be anti-virus scanned upon release
from the quarantine.
anti-virus scanning has been re-enabled. However, messages that bypass anti-virus scanning due to mail
policies may be anti-virus scanned upon release from a quarantine, as the mail policy's settings may have
changed while the message was in the quarantine. For example, if a message bypasses anti-virus
scanning due to a mail policy and is quarantined, then, prior to release from the quarantine, the mail
policy is updated to include anti-virus scanning, the message will be anti-virus scanned upon release
from the quarantine.
Similarly, suppose you had inadvertently disabled anti-spam scanning globally (or within the HAT), and
you notice this after mail is in the work queue. Enabling anti-spam at that point will not cause the
messages in the work queue to be anti-spam scanned.
you notice this after mail is in the work queue. Enabling anti-spam at that point will not cause the
messages in the work queue to be anti-spam scanned.
LDAP Recipient Acceptance
You can use your existing LDAP infrastructure to define how the recipient email address of incoming
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. See “Accept Queries” in the “Customizing Listeners” chapter of the Cisco IronPort AsyncOS
for Email Advanced Configuration Guide. This allows the Cisco appliance to combat directory harvest
attacks (DHAP) in a unique way: the system accepts the message and performs the LDAP acceptance
validation within the SMTP conversation or the work queue. If the recipient is not found in the LDAP
directory, you can configure the system to perform a delayed bounce or drop the message entirely.
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. See “Accept Queries” in the “Customizing Listeners” chapter of the Cisco IronPort AsyncOS
for Email Advanced Configuration Guide. This allows the Cisco appliance to combat directory harvest
attacks (DHAP) in a unique way: the system accepts the message and performs the LDAP acceptance
validation within the SMTP conversation or the work queue. If the recipient is not found in the LDAP
directory, you can configure the system to perform a delayed bounce or drop the message entirely.
For more information, see the “LDAP Queries” chapter in the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide.
Advanced Configuration Guide.
Masquerading or LDAP Masquerading
Masquerading is a feature that rewrites the envelope sender (also known as the sender, or
MAIL FROM
)
and the To:, From:, and/or CC: headers on email processed by a private or public listener according to a
table you construct. You can specify different masquerading parameters for each listener you create in
one of two ways: via a static mapping table, or via an LDAP query.
table you construct. You can specify different masquerading parameters for each listener you create in
one of two ways: via a static mapping table, or via an LDAP query.
For more information about masquerading via a static mapping table, see “Configuring Masquerading”
in the “Configuring Routing and Delivery Features” chapter of the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide.
in the “Configuring Routing and Delivery Features” chapter of the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide.