Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
7-2
Cisco AsyncOS 8.5 for Email User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Overview of Defining Which Hosts Are Allowed to Connect
Define which hosts are allowed to connect to the listener on the Mail Policies > HAT Overview page.
shows the HAT Overview with the sender groups and mail flow policies defined by default
for a public listener.
Figure 7-1
Mail Policies > HAT Overview Page — Public Listener
When a listener receives a TCP connection, it compares the source IP address against the configured
sender groups. It evaluates the sender groups in the order listed on the HAT Overview page. When it finds
a match, it applies the configured mail flow policy to the connection.
sender groups. It evaluates the sender groups in the order listed on the HAT Overview page. When it finds
a match, it applies the configured mail flow policy to the connection.
When you create a listener, AsyncOS creates predefined sender groups and mail flow polices for the
listener. You can edit the predefined sender groups and mail flow policies, and create new sender groups
and mail flow policies. For more information, see
listener. You can edit the predefined sender groups and mail flow policies, and create new sender groups
and mail flow policies. For more information, see
You can export all information stored in a Host Access Table to a file, and you can import Host Access
Table information stored in a file into the appliance for a listener, overriding all configured Host Access
Table information. For more information, see
Table information stored in a file into the appliance for a listener, overriding all configured Host Access
Table information. For more information, see
.
Default HAT Entries
By default, the HAT is defined to take different actions depending on the listener type:
•
Public listeners. The HAT is set to accept email from all hosts.
•
Private listeners. The HAT is set up to relay email from the host(s) you specify, and reject all other
hosts.
hosts.
In the HAT Overview, the default entry is named “ALL.” You can edit the default entry by clicking the
mail flow policy for the ALL sender group on the Mail Policies > HAT Overview page.
mail flow policy for the ALL sender group on the Mail Policies > HAT Overview page.
Note
By rejecting all hosts other than the ones you specify, the
listenerconfig
and
systemsetup
commands
prevent you from unintentionally configuring your system as an “open relay.” An open relay (sometimes
called an “insecure relay” or a “third party” relay) is an SMTP email server that allows third-party relay
of email messages. By processing email that is neither for nor from a local user, an open relay makes it
possible for an unscrupulous sender to route large volumes of spam through your gateway.
called an “insecure relay” or a “third party” relay) is an SMTP email server that allows third-party relay
of email messages. By processing email that is neither for nor from a local user, an open relay makes it
possible for an unscrupulous sender to route large volumes of spam through your gateway.