Cisco Cisco Email Security Appliance X1070 User Guide
4-7
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 4 Understanding the Email Pipeline
Work Queue / Routing
Email Pipeline and Security Services
Note, as a general rule, changes to security services (anti-spam scanning, anti-virus scanning, and
Outbreak Filters) do not affect messages already in the work queue. As an example:
Outbreak Filters) do not affect messages already in the work queue. As an example:
If a message bypasses anti-virus scanning when it first enters the pipeline because of any of these
reasons:
reasons:
•
anti-virus scanning was not enabled globally for the appliance, or
•
the HAT policy was to skip anti-virus scanning, or
•
there was a message filter that caused the message to bypass anti-virus scanning,
then the message will not be anti-virus scanned upon release from the quarantine, regardless of whether
anti-virus scanning has been re-enabled. However, messages that bypass anti-virus scanning due to mail
policies may be anti-virus scanned upon release from a quarantine, as the mail policy's settings may have
changed while the message was in the quarantine. For example, if a message bypasses anti-virus
scanning due to a mail policy and is quarantined, then, prior to release from the quarantine, the mail
policy is updated to include anti-virus scanning, the message will be anti-virus scanned upon release
from the quarantine.
anti-virus scanning has been re-enabled. However, messages that bypass anti-virus scanning due to mail
policies may be anti-virus scanned upon release from a quarantine, as the mail policy's settings may have
changed while the message was in the quarantine. For example, if a message bypasses anti-virus
scanning due to a mail policy and is quarantined, then, prior to release from the quarantine, the mail
policy is updated to include anti-virus scanning, the message will be anti-virus scanned upon release
from the quarantine.
Similarly, suppose you had inadvertently disabled anti-spam scanning globally (or within the HAT), and
you notice this after mail is in the work queue. Enabling anti-spam at that point will not cause the
messages in the work queue to be anti-spam scanned.
you notice this after mail is in the work queue. Enabling anti-spam at that point will not cause the
messages in the work queue to be anti-spam scanned.
LDAP Recipient Acceptance
You can use your existing LDAP infrastructure to define how the recipient email address of incoming
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. See “Accept Queries” in the “Customizing Listeners” chapter. This allows the appliance to
combat directory harvest attacks (DHAP) in a unique way: the system accepts the message and performs
the LDAP acceptance validation within the SMTP conversation or the work queue. If the recipient is not
found in the LDAP directory, you can configure the system to perform a delayed bounce or drop the
message entirely.
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. See “Accept Queries” in the “Customizing Listeners” chapter. This allows the appliance to
combat directory harvest attacks (DHAP) in a unique way: the system accepts the message and performs
the LDAP acceptance validation within the SMTP conversation or the work queue. If the recipient is not
found in the LDAP directory, you can configure the system to perform a delayed bounce or drop the
message entirely.
For more information, see the “LDAP Queries” chapter.
Masquerading or LDAP Masquerading
Masquerading is a feature that rewrites the envelope sender (also known as the sender, or
MAIL FROM
)
and the To:, From:, and/or CC: headers on email processed by a private or public listener according to a
table you construct. You can specify different masquerading parameters for each listener you create in
one of two ways: via a static mapping table, or via an LDAP query.
table you construct. You can specify different masquerading parameters for each listener you create in
one of two ways: via a static mapping table, or via an LDAP query.
For more information about masquerading via a static mapping table, see “Configuring Masquerading”
in the “Configuring Routing and Delivery Features” chapter.
in the “Configuring Routing and Delivery Features” chapter.
For more information about masquerading via an LDAP query, see the “LDAP Queries” chapter.
LDAP Routing
You can configure your appliance to route messages to the appropriate address and/or mail host based
upon the information available in LDAP directories on your network.
upon the information available in LDAP directories on your network.