Cisco Cisco Email Security Appliance C190 Guía Del Usuario
8-4
Cisco AsyncOS 8.5 for Email User Guide
Chapter 8 Accepting or Rejecting Connections Based on Domain Name or Recipient Address
Domains and Users
Note
When you add a domain to the Recipient Access Table in step 4 of the System Setup Wizard in the GUI
(see
(see
), you might want to consider adding a second entry to specify
subdomains. For example, if you type the domain
example.net
, you might also want to enter
.example.net
. The second entry ensures that mail destined for any subdomain of
example.net
will
match in the Recipient Access Table. Note that only specifying
.example.com
in the RAT will accept for
all subdomains of
.example.com
but will not accept mail for complete email address recipients without
a subdomain (for example joe@example.com).
Bypassing LDAP Accept for Special Recipients
If you configure LDAP acceptance queries, you may wish to bypass the acceptance query for certain
recipients. This feature can be useful if there are recipients for whom you receive email which you do
not want to be delayed or queued during LDAP queries, such as
recipients. This feature can be useful if there are recipients for whom you receive email which you do
not want to be delayed or queued during LDAP queries, such as
customercare@example.com
.
If you configure the recipient address to be rewritten in the work queue prior to the LDAP acceptance
query, (such as aliasing or using a domain map), the rewritten address will not bypass LDAP acceptance
queries. For example you use an alias table to map
query, (such as aliasing or using a domain map), the rewritten address will not bypass LDAP acceptance
queries. For example you use an alias table to map
customercare@example.com
to
bob@example.com
and
sue@example.com
. If you configure bypassing LDAP acceptance for
customercare@example.com
, an
LDAP acceptance query is still run for
bob@example.com
and
sue@example.com
after the aliasing takes
place.
To configure bypassing LDAP acceptance via the GUI, select Bypass LDAP Accept Queries for this
Recipient when you add or edit the RAT entry.
Recipient when you add or edit the RAT entry.
To configure bypassing LDAP acceptance queries via the CLI, answer yes to the following question
when you enter recipients using the
when you enter recipients using the
listenerconfig -> edit -> rcptaccess
command:
When you configure a RAT entry to bypass LDAP acceptance, be aware that the order of RAT entries
affects how recipient addresses are matched. The RAT matches the recipient address with the first RAT
entry that qualifies. For example, you have the following RAT entries: postmaster@ironport.com and
ironport.com. You configure the entry for postmaster@ironport.com to bypass LDAP acceptance
queries, and you configure the entry for ironport.com for ACCEPT. When you receive mail for
postmaster@ironport.com, the LDAP acceptance bypass will occur only if the entry for
postmaster@ironport.com is before the entry for ironport.com. If the entry for ironport.com is before the
postmaster@ironport.com entry, the RAT matches the recipient address to this entry and applies the
ACCEPT action.
affects how recipient addresses are matched. The RAT matches the recipient address with the first RAT
entry that qualifies. For example, you have the following RAT entries: postmaster@ironport.com and
ironport.com. You configure the entry for postmaster@ironport.com to bypass LDAP acceptance
queries, and you configure the entry for ironport.com for ACCEPT. When you receive mail for
postmaster@ironport.com, the LDAP acceptance bypass will occur only if the entry for
postmaster@ironport.com is before the entry for ironport.com. If the entry for ironport.com is before the
postmaster@ironport.com entry, the RAT matches the recipient address to this entry and applies the
ACCEPT action.
user@
Anything with the given username.
user@[IP_address]
Username at a specific IPv4 or IPv6 address. Note that the IP
address must be between the “
address must be between the “
[]
” characters.
Note that “
user@
IP_address” (without the bracket characters) is
not a valid address. The system will append the brackets when it
receives the message to create a valid address, which could affect
whether a recipient is matched in the RAT.
receives the message to create a valid address, which could affect
whether a recipient is matched in the RAT.
Would you like to bypass LDAP ACCEPT for this entry? [Y]> y