Cisco Cisco Email Security Appliance X1070 User Guide
Chapter 4 Validating Recipients Using an SMTP Server
4-4
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
4.
The Email Security appliance resumes the SMTP conversation and sends a
response to the sending MTA, allowing the conversation to continue or
dropping the connection based on the SMTP server response (and settings
you configure in the SMTP Call-Ahead profile).
response to the sending MTA, allowing the conversation to continue or
dropping the connection based on the SMTP server response (and settings
you configure in the SMTP Call-Ahead profile).
Due to the order of processes in the email pipeline, if the message for a given
recipient is rejected by the RAT, then the SMTP call-ahead recipient validation
will not occur. For example, if you specified in the RAT that only mail for
example.com is accepted, then mail for recipient@domain2.com is rejected before
SMTP call-ahead recipient validation can occur.
recipient is rejected by the RAT, then the SMTP call-ahead recipient validation
will not occur. For example, if you specified in the RAT that only mail for
example.com is accepted, then mail for recipient@domain2.com is rejected before
SMTP call-ahead recipient validation can occur.
Note
If you have configured Directory Harvest Attack Prevention (DHAP) in the HAT,
be aware that SMTP call-ahead server rejections are part of the number of
rejections included in the maximum invalid recipients per hour that you specify.
You may need to adjust this number to account for additional SMTP server
rejections. For more information about DHAP, see “Configuring the Gateway to
Receive Email” in the Cisco IronPort AsyncOS for Email Configuration Guide.
be aware that SMTP call-ahead server rejections are part of the number of
rejections included in the maximum invalid recipients per hour that you specify.
You may need to adjust this number to account for additional SMTP server
rejections. For more information about DHAP, see “Configuring the Gateway to
Receive Email” in the Cisco IronPort AsyncOS for Email Configuration Guide.
Configuring SMTP Call-Ahead Recipient Validation
You configure SMTP call-ahead recipient validation by creating an STMP
call-ahead profile and enabling that profile on a public listener. The profile defines
the behavior of the SMTP call-ahead recipient validation feature — how you
connect to the SMTP server, and what actions to take based on the responses of
the SMTP server. You assign this profile to a public listener to enable messages
received by the specified listener to be processed using SMTP call-ahead recipient
validation.
call-ahead profile and enabling that profile on a public listener. The profile defines
the behavior of the SMTP call-ahead recipient validation feature — how you
connect to the SMTP server, and what actions to take based on the responses of
the SMTP server. You assign this profile to a public listener to enable messages
received by the specified listener to be processed using SMTP call-ahead recipient
validation.
To configure SMTP call-ahead recipient validation, complete the following steps:
1.
Configure a Call-Ahead Server Profile. The Call-Ahead Server Profile
specifies how to connect to the call-ahead server and how to handle the
call-ahead server responses. For more information, see
specifies how to connect to the call-ahead server and how to handle the
call-ahead server responses. For more information, see
.
2.
Enable the Call-Ahead Server Profile on a Public Listener. Enabling the
Call-Ahead Server Profile on a public listener allows the Email Security
appliance to process incoming mail on that listener using SMTP call-ahead
recipient validation. For more information, see
Call-Ahead Server Profile on a public listener allows the Email Security
appliance to process incoming mail on that listener using SMTP call-ahead
recipient validation. For more information, see
.