Cisco Cisco Email Security Appliance C190 Technical References
261
Cisco AsyncOS 9.1 for Email CLI Reference Guide
Chapter 3 The Commands: Reference Examples
SMTP Services Configuration
Example - Configuring SPF and SIDF
When configuring the default settings for a listener’s Host Access Table, you can choose the listener’s
SPF/SIDF conformance level and the SMTP actions (ACCEPT or REJECT) that the appliance performs,
based on the SPF/SIDF verification results. You can also define the SMTP response that the appliance
sends when it rejects a message.
SPF/SIDF conformance level and the SMTP actions (ACCEPT or REJECT) that the appliance performs,
based on the SPF/SIDF verification results. You can also define the SMTP response that the appliance
sends when it rejects a message.
Depending on the conformance level, the appliance performs a check against the HELO identity, MAIL
FROM identity, or PRA identity. You can specify whether the appliance proceeds with the session
(ACCEPT) or terminates the session (REJECT) for each of the following SPF/SIDF verification results
for each identity check:
FROM identity, or PRA identity. You can specify whether the appliance proceeds with the session
(ACCEPT) or terminates the session (REJECT) for each of the following SPF/SIDF verification results
for each identity check:
•
None. No verification can be performed due to the lack of information.
•
Neutral. The domain owner does not assert whether the client is authorized to use the given identity.
•
SoftFail. The domain owner believes the host is not authorized to use the given identity but is not
willing to make a definitive statement.
willing to make a definitive statement.
•
Fail. The client is not authorized to send mail with the given identity.
•
TempError. A transient error occurred during verification.
•
PermError. A permanent error occurred during verification.
The appliance accepts the message for a Pass result unless you configure the SIDF Compatible
conformance level to downgrade a Pass result of the PRA identity to None if there are Resent-Sender:
or Resent-From: headers present in the message. The appliance then takes the SMTP action specified for
when the PRA check returns None.
conformance level to downgrade a Pass result of the PRA identity to None if there are Resent-Sender:
or Resent-From: headers present in the message. The appliance then takes the SMTP action specified for
when the PRA check returns None.
If you choose not to define the SMTP actions for an identity check, the appliance automatically accepts
all verification results, including Fail.
all verification results, including Fail.
The appliance terminates the session if the identity verification result matches a REJECT action for any
of the enabled identity checks. For example, an administrator configures a listener to accept messages
based on all HELO identity check results, including Fail, but also configures it to reject messages for a
Fail result from the MAIL FROM identity check. If a message fails the HELO identity check, the session
proceeds because the appliance accepts that result. If the message then fails the MAIL FROM identity
check, the listener terminates the session and then returns the STMP response for the REJECT action.
of the enabled identity checks. For example, an administrator configures a listener to accept messages
based on all HELO identity check results, including Fail, but also configures it to reject messages for a
Fail result from the MAIL FROM identity check. If a message fails the HELO identity check, the session
proceeds because the appliance accepts that result. If the message then fails the MAIL FROM identity
check, the listener terminates the session and then returns the STMP response for the REJECT action.
The SMTP response is a code number and message that the appliance returns when it rejects a message
based on the SPF/SIDF verification result. The TempError result returns a different SMTP response from
the other verification results. For TempError, the default response code is 451 and the default message
text is
based on the SPF/SIDF verification result. The TempError result returns a different SMTP response from
the other verification results. For TempError, the default response code is 451 and the default message
text is
#4.4.3 Temporary error occurred during SPF verification
. For all other verification results,
the default response code is 550 and the default message text is
#5.7.1 SPF unauthorized mail is
prohibited
. You can specify your own response code and message text for TempError and the other
verification results.
Define SenderBase
Reputation Score
Reputation Score
sbrs[value1:value2]
-10.0- 10.0
sbrs[-10:-7.5]
Directory Harvest Attack
Prevention: Maximum
Invalid Recipients Per
Hour
Prevention: Maximum
Invalid Recipients Per
Hour
dhap_limit
Number
150
Table 3-18
Advanced HAT Parameter Syntax
Parameter
Syntax
Values
Example Values