Cisco Cisco Email Security Appliance C170 Betriebsanweisung
5-8
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 5 Configuring the Gateway to Receive Email
Extending the basic syntax, HATs in AsyncOS support the ability to create named sets of remote host
definitions; these are called sender groups. Named sets of access rules combined with parameter sets are
called mail flow policies. This extended syntax is illustrated in
definitions; these are called sender groups. Named sets of access rules combined with parameter sets are
called mail flow policies. This extended syntax is illustrated in
The order that rules appear in the HAT is important. The HAT is read from top to bottom for each host
that attempts to connect to the listener. If a rule matches a connecting host, the action is taken for that
connection immediately.
that attempts to connect to the listener. If a rule matches a connecting host, the action is taken for that
connection immediately.
Predefined and custom entries you place in the HAT are entered above the final “ALL” host entry.
Default HAT Entries
For all public listeners you create, by default, the HAT is set to accept email from all hosts. For all private
listeners you create, by default, the HAT is set up to relay email from the host(s) you specify, and reject
all other hosts.
listeners you create, by default, the HAT is set up to relay email from the host(s) you specify, and reject
all other hosts.
Note
By rejecting all hosts other than the ones you specify, the
listenerconfig
and
systemsetup
commands
prevent you from unintentionally configuring your system as an “open relay.” An open relay (sometimes
called an “insecure relay” or a “third party” relay) is an SMTP email server that allows third-party relay
of email messages. By processing email that is neither for nor from a local user, an open relay makes it
possible for an unscrupulous sender to route large volumes of spam through your gateway.
called an “insecure relay” or a “third party” relay) is an SMTP email server that allows third-party relay
of email messages. By processing email that is neither for nor from a local user, an open relay makes it
possible for an unscrupulous sender to route large volumes of spam through your gateway.
Mail Flow Policies: Access Rules and Parameters
Mail Flow Policies of the HAT allow you to control or limit the rates at which the listener will receive
mail from remote hosts. You can also modify the SMTP codes and responses communicated during the
SMTP conversation.
mail from remote hosts. You can also modify the SMTP codes and responses communicated during the
SMTP conversation.
The HAT has four basic access rules for acting on connections from remote hosts:
Step 1
ACCEPT
Connection is accepted, and email acceptance is then further restricted by listener settings, including
the Recipient Access Table (for public listeners).
the Recipient Access Table (for public listeners).
Step 2
REJECT
Connection is initially accepted, but the client attempting to connect gets a 4XX or 5XX greeting.
No email is accepted.
No email is accepted.
Table 5-2
Advanced HAT Syntax
Sender Group:
Remote Host
Remote Host
Remote Host
...
Mail Flow Policy:
Access Rule + Parameters