Cisco Cisco Email Security Appliance C170 Betriebsanweisung
5-12
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 5 Configuring the Gateway to Receive Email
Allow TLS Connections
Deny, Prefer, or Require Transport Layer Security (TLS) in SMTP
conversations for this listener.
conversations for this listener.
If you select Preferred, you can make TLS mandatory for envelope
senders from a specific domain or with a specific email address by
selecting an Address List that specifies those domains and email
addresses. When an envelope sender matching a domain or address in
this list tries to send a message over a connection that does not use TLS,
the appliance rejects the connection and the sender will have to try
again using TLS.
senders from a specific domain or with a specific email address by
selecting an Address List that specifies those domains and email
addresses. When an envelope sender matching a domain or address in
this list tries to send a message over a connection that does not use TLS,
the appliance rejects the connection and the sender will have to try
again using TLS.
For information on creating an address list, see
.
SMTP Authentication
Allows, disallow, or requires SMTP Authentication from remote hosts
connecting to the listener. SMTP Authentication is described in detail
in the “LDAP Queries” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
connecting to the listener. SMTP Authentication is described in detail
in the “LDAP Queries” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
If Both TLS and SMTP
Authentication are enabled:
Authentication are enabled:
Require TLS to offer SMTP Authentication.
Domain Key Signing
Domain Key/ DKIM Signing Enable Domain Keys or DKIM signing on this listener (ACCEPT and
RELAY only).
DKIM Verification
Enable DKIM verification.
SPF/SIDF Verification
Enable SPF/SIDF
Verification
Verification
Enable SPF/SIDF signing on this listener. For more information, see the
“Email Authentication” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
“Email Authentication” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
Conformance Level
Set the SPF/SIDF conformance level. You can choose from SPF, SIDF
or SIDF Compatible. For details, see the “Email Authentication”
chapter of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
or SIDF Compatible. For details, see the “Email Authentication”
chapter of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
Downgrade PRA
verification result if
'Resent-Sender:' or
'Resent-From:' were used:
verification result if
'Resent-Sender:' or
'Resent-From:' were used:
If you choose a conformance level of SIDF compatible, configure
whether you want to downgrade Pass result of the PRA Identity
verification to None if there are Resent-Sender: or Resent-From:
headers present in the message. You may choose this option for security
purposes.
whether you want to downgrade Pass result of the PRA Identity
verification to None if there are Resent-Sender: or Resent-From:
headers present in the message. You may choose this option for security
purposes.
HELO Test
Configure whether you want to perform a test against the HELO
identity (Use this for SPF and SIDF Compatible conformance levels).
identity (Use this for SPF and SIDF Compatible conformance levels).
Untagged Bounces
Consider Untagged Bounces
to be Valid
to be Valid
Applies only if bounce verification tagging (discussed in the
“Configuring Routing and Delivery Features” chapter of the Cisco
IronPort AsyncOS for Email Advanced Configuration Guide) is
enabled. By default, the appliance considers untagged bounces invalid
and either rejects the bounce or adds a custom header, depending on the
Bounce Verification settings. If you choose to consider untagged
bounces to be valid, the appliance accepts the bounce message.
“Configuring Routing and Delivery Features” chapter of the Cisco
IronPort AsyncOS for Email Advanced Configuration Guide) is
enabled. By default, the appliance considers untagged bounces invalid
and either rejects the bounce or adds a custom header, depending on the
Bounce Verification settings. If you choose to consider untagged
bounces to be valid, the appliance accepts the bounce message.
Table 5-3
HAT Mail Flow Policy Parameters (Continued)
Parameter
Description