Cisco Cisco Email Security Appliance C170 Betriebsanweisung
21-27
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 21 Email Authentication
Enabling SPF and SIDF
The appliance performs the HELO identity check and accepts the None and Neutral verification results
and rejects the others. The CLI prompts for the SMTP actions are the same for all identity types. The
user does not define the SMTP actions for the MAIL FROM identity. The appliance automatically
accepts all verification results for the identity. The appliance uses the default reject code and text for all
REJECT results.
and rejects the others. The CLI prompts for the SMTP actions are the same for all identity types. The
user does not define the SMTP actions for the MAIL FROM identity. The appliance automatically
accepts all verification results for the identity. The appliance uses the default reject code and text for all
REJECT results.
You can also configure this in the command-line interface using the
listenerconfig
command.
The Received-SPF Header
When you configure AsyncOS for SPF/SIDF verification, it places an SPF/SIDF verification header
(
(
Received-SPF
) in the email. The
Received-SPF
header contains the following information:
•
verification result - the SPF verification result (see
).
•
identity - the identity that SPF verification checked: HELO, MAIL FROM, or PRA.
•
receiver - the verifying host name (which performs the check).
•
client IP address - the IP address of the SMTP client.
•
ENVELOPE FROM - the envelope sender mailbox. (Note that this may be different from the MAIL
FROM identity, as the MAIL FROM identity cannot be empty.)
FROM identity, as the MAIL FROM identity cannot be empty.)
•
x-sender - the value of the HELO, MAIL FROM, or PRA identity.
•
x-conformance - the level of conformance (see
) and whether a downgrade of the PRA check was performed.
SIDF Compatible
•
whether to perform a HELO identity check
•
whether the verification downgrades a Pass result of the
PRA identity to None if the Resent-Sender: or
Resent-From: headers are present in the message
PRA identity to None if the Resent-Sender: or
Resent-From: headers are present in the message
•
SMTP actions taken based on the results of the
following identity checks:
following identity checks:
–
HELO identity (if enabled)
–
MAIL FROM Identity
–
PRA Identity
•
SMTP response code and text returned for the REJECT
action
action
•
verification timeout (in seconds)
SIDF Strict
•
SMTP actions taken based on the results of the
following identity checks:
following identity checks:
–
MAIL FROM Identity
–
PRA Identity
•
SMTP response code and text returned in case of SPF
REJECT action
REJECT action
•
verification timeout (in seconds)
Table 21-3
SPF Control Settings via the CLI
Conformance Level
Available SPF Control Settings