Cisco Cisco Email Security Appliance C680 User Guide
4-4
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 4 Understanding the Email Pipeline
* These features can send messages to special queues called Quarantines.
** Can send messages to the Cisco IronPort Spam Quarantine.
Incoming / Receiving
The receiving phase of the Email Pipeline involves the initial connection from the sender’s host. Each
message’s domains can be set, the recipient is checked, and the message is handed off to the work queue.
message’s domains can be set, the recipient is checked, and the message is handed off to the work queue.
Host Access Table (HAT), Sender Groups, and Mail Flow Policies
The HAT allows you to specify hosts that are allowed to connect to a listener (that is, which hosts you
will allow to send email).
will allow to send email).
Sender Groups are used to associate one or more senders into groups, upon which you can apply message
filters, and other Mail Flow Policies. Mail Flow Policies are a way of expressing a group of HAT
parameters (access rule, followed by rate limit parameters and custom SMTP codes and responses).
filters, and other Mail Flow Policies. Mail Flow Policies are a way of expressing a group of HAT
parameters (access rule, followed by rate limit parameters and custom SMTP codes and responses).
Together, sender groups and mail flow policies are defined in a listener’s HAT.
Host DNS verification settings for sender groups allow you to classify unverified senders prior to the
SMTP conversation and include different types of unverified senders in your various sender groups.
SMTP conversation and include different types of unverified senders in your various sender groups.
While the connecting host was subject to Host DNS verification in sender groups — prior to the SMTP
conversation — the domain portion of the envelope sender is DNS verified in mail flow policies, and the
verification takes place during the SMTP conversation. Messages with malformed envelope senders can
be ignored. You can add entries to the Sender Verification Exception Table — a list of domains and email
addresses from which to accept or reject mail despite envelope sender DNS verification settings.
conversation — the domain portion of the envelope sender is DNS verified in mail flow policies, and the
verification takes place during the SMTP conversation. Messages with malformed envelope senders can
be ignored. You can add entries to the Sender Verification Exception Table — a list of domains and email
addresses from which to accept or reject mail despite envelope sender DNS verification settings.
Reputation Filtering allows you to classify email senders and restrict access to your email infrastructure
based on sender’s trustworthiness as determined by the Cisco IronPort SenderBase Reputation Service.
based on sender’s trustworthiness as determined by the Cisco IronPort SenderBase Reputation Service.
For more information, see
.
Delivery limits
1. Sets the default delivery interface.
2. Sets the total maximum number of
outbound connections.
outbound connections.
Domain-based Limits
Defines, per-domain: maximum outbound
connections for each virtual gateway and for
the entire system; the bounce profile to use;
the TLS preference for delivery:
no/preferred/required
connections for each virtual gateway and for
the entire system; the bounce profile to use;
the TLS preference for delivery:
no/preferred/required
Domain-based routing
Routes mail based on domain without
rewriting Envelope Recipient.
rewriting Envelope Recipient.
Global unsubscribe
Drops recipients according to specific list
(configured system-wide).
(configured system-wide).
Bounce profiles
Undeliverable message handling.
Configurable per listener, per Destination
Controls entry, and via message filters.
Configurable per listener, per Destination
Controls entry, and via message filters.
Table 4-2
Email Pipeline for the Cisco IronPort Appliance: Routing and Delivery Features