Cisco Cisco Email Security Appliance C170 Guía Del Usuario
21-49
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 21 Configuring Routing and Delivery Features
Cisco Bounce Verification
To combat these misdirected bounce attacks, AsyncOS includes Cisco Bounce Verification. When
enabled, Cisco Bounce Verification tags the Envelope Sender address for messages sent via your Cisco
appliance. The Envelope Recipient for any bounce message received by the Cisco appliance is then
checked for the presence of this tag. Legitimate bounces (which should contain this tag) are untagged
and delivered. Bounce messages that do not contain the tag can be handled separately.
enabled, Cisco Bounce Verification tags the Envelope Sender address for messages sent via your Cisco
appliance. The Envelope Recipient for any bounce message received by the Cisco appliance is then
checked for the presence of this tag. Legitimate bounces (which should contain this tag) are untagged
and delivered. Bounce messages that do not contain the tag can be handled separately.
Note that you can use Cisco Bounce Verification to manage incoming bounce messages based on your
outgoing mail. To control how your Cisco appliance generates outgoing bounces (based on incoming
mail), see
outgoing mail. To control how your Cisco appliance generates outgoing bounces (based on incoming
mail), see
Overview: Tagging and Cisco Bounce Verification
When sending email with bounce verification enabled, your Cisco appliance will rewrite the Envelope
Sender address in the message. For example, MAIL FROM:
Sender address in the message. For example, MAIL FROM:
joe@example.com
becomes MAIL FROM:
prvs=joe=123ABCDEFG@example.com
. The
123...
string in the example is the “bounce verification tag”
that gets added to the Envelope Sender as it is sent by your Cisco appliance. The tag is generated using
a key defined in the Bounce Verification settings (see
a key defined in the Bounce Verification settings (see
for more information about specifying a key). If this message bounces, the Envelope
Recipient address in the bounce will typically include this bounce verification tag.
You can enable or disable bounce verification tagging system-wide as a default. You can also enable or
disable bounce verification tagging for specific domains. In most situations, you would enable it by
default, and then list specific domains to exclude in the Destination Controls table (see
disable bounce verification tagging for specific domains. In most situations, you would enable it by
default, and then list specific domains to exclude in the Destination Controls table (see
If a message already contains a tagged address, AsyncOS does not add another tag (in the case of an
Cisco appliance delivering a bounce message to an Cisco appliance inside the DMZ).
Cisco appliance delivering a bounce message to an Cisco appliance inside the DMZ).
Handling Incoming Bounce Messages
Bounces that include a valid tag are delivered. The tag is removed and the Envelope Recipient is restored.
This occurs immediately after the Domain Map step in the email pipeline. You can define how your
Cisco appliances handle untagged or invalidly tagged bounces — reject them or add a custom header.
See
This occurs immediately after the Domain Map step in the email pipeline. You can define how your
Cisco appliances handle untagged or invalidly tagged bounces — reject them or add a custom header.
See
for more information.
If the bounce verification tag is not present, or if the key used to generate the tag has changed, or if the
message is more than seven days old, the message is treated as per the settings defined for Cisco Bounce
Verification.
message is more than seven days old, the message is treated as per the settings defined for Cisco Bounce
Verification.
For example, the following mail log shows a bounced message rejected by the Cisco appliance:
Fri Jul 21 16:02:19 2006 Info: Start MID 26603 ICID 125192
Fri Jul 21 16:02:19 2006 Info: MID 26603 ICID 125192 From: <>
Fri Jul 21 16:02:40 2006 Info: MID 26603 ICID 125192 invalid bounce, rcpt address
<bob@example.com> rejected by bounce verification.
Fri Jul 21 16:03:51 2006 Info: Message aborted MID 26603 Receiving aborted by sender
Fri Jul 21 16:03:51 2006 Info: Message finished MID 26603 aborted