Cisco Cisco Email Security Appliance X1070 Manual Técnica

By default the Cisco Email Security Appliance (ESA) does not prevent the inbound delivery of
messages that are addressed “from” the same domain going to the same domain. This allows
messages to be “spoofed” by outside companies that do legitimate business with the customer.
Some companies rely on 3rd party organization to send email on behalf of the company such as
Health Care, Travel Agencies, etc.

From the GUI: Mail Policies > Mail Flow Policies > Add Policy...

1.

Create a new MFP using a name that is relevant like SPOOF_ALLOW 

2.

In the Sender Verification section, change the Use Sender Verification Exception
Table configuration from Use Default to OFF.

3.

In Mail Policies > Mail Flow Policies > Default Policy Parameters, set Use Sender
Verification Exception Table configuration to On.

4.

From the GUI: Mail Policies > HAT Overview > Add Sender Group...

1.

Set the name accordingly to the MFP created earlier, i.e. SPOOF_ALLOW.

2.

Set the order so it is above the WHITELIST and BLACKLIST sender groups.

3.

Assign the SPOOF_ALLOW policy to this Sender Group settings.

4.

Click Submit and Add Senders...

5.

Add IP(s) or domains for any external parties that you want to allow to spoof the internal
domain.

6.

From the GUI: Mail Policies > Exception Table > Add Sender Verification Exception...

1.

Add the local domain to the Sender Verification Exception Table

2.

Set the Behavior to Reject

3.

At this point, mail coming from your.domain to your.domain would be rejected unless the sender is