Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
22-49
Cisco AsyncOS 8.5 for Email User Guide
Chapter 22 Configuring Routing and Delivery Features
Bounce Verification
To combat these misdirected bounce attacks, AsyncOS includes Bounce Verification. When enabled,
Bounce Verification tags the Envelope Sender address for messages sent via your appliance. The
Envelope Recipient for any bounce message received by the appliance is then checked for the presence
of this tag. Legitimate bounces (which should contain this tag) are untagged and delivered. Bounce
messages that do not contain the tag can be handled separately.
Bounce Verification tags the Envelope Sender address for messages sent via your appliance. The
Envelope Recipient for any bounce message received by the appliance is then checked for the presence
of this tag. Legitimate bounces (which should contain this tag) are untagged and delivered. Bounce
messages that do not contain the tag can be handled separately.
Note that you can use Bounce Verification to manage incoming bounce messages based on your outgoing
mail. To control how your appliance generates outgoing bounces (based on incoming mail), see
mail. To control how your appliance generates outgoing bounces (based on incoming mail), see
.
Overview: Tagging and Bounce Verification
When sending email with bounce verification enabled, your appliance will rewrite the Envelope Sender
address in the message. For example, MAIL FROM:
address in the message. For example, MAIL FROM:
joe@example.com
becomes MAIL FROM:
prvs=joe=123ABCDEFG@example.com
. The
123...
string in the example is the “bounce verification tag”
that gets added to the Envelope Sender as it is sent by your appliance. The tag is generated using a key
defined in the Bounce Verification settings (see
defined in the Bounce Verification settings (see
for more information about specifying a key). If this message bounces, the Envelope Recipient address
in the bounce will typically include this bounce verification tag.
in the bounce will typically include this bounce verification tag.
You can enable or disable bounce verification tagging system-wide as a default. You can also enable or
disable bounce verification tagging for specific domains. In most situations, you would enable it by
default, and then list specific domains to exclude in the Destination Controls table (see
disable bounce verification tagging for specific domains. In most situations, you would enable it by
default, and then list specific domains to exclude in the Destination Controls table (see
If a message already contains a tagged address, AsyncOS does not add another tag (in the case of an
appliance delivering a bounce message to an appliance inside the DMZ).
appliance delivering a bounce message to an appliance inside the DMZ).
Handling Incoming Bounce Messages
Bounces that include a valid tag are delivered. The tag is removed and the Envelope Recipient is restored.
This occurs immediately after the Domain Map step in the email pipeline. You can define how your
appliances handle untagged or invalidly tagged bounces — reject them or add a custom header. See
This occurs immediately after the Domain Map step in the email pipeline. You can define how your
appliances handle untagged or invalidly tagged bounces — reject them or add a custom header. See
for more information.
If the bounce verification tag is not present, or if the key used to generate the tag has changed, or if the
message is more than seven days old, the message is treated as per the settings defined for Bounce
Verification.
message is more than seven days old, the message is treated as per the settings defined for Bounce
Verification.
For example, the following mail log shows a bounced message rejected by the appliance:
Fri Jul 21 16:02:19 2006 Info: Start MID 26603 ICID 125192
Fri Jul 21 16:02:19 2006 Info: MID 26603 ICID 125192 From: <>
Fri Jul 21 16:02:40 2006 Info: MID 26603 ICID 125192 invalid bounce, rcpt address
<bob@example.com> rejected by bounce verification.
Fri Jul 21 16:03:51 2006 Info: Message aborted MID 26603 Receiving aborted by sender
Fri Jul 21 16:03:51 2006 Info: Message finished MID 26603 aborted