Cisco Cisco Email Security Appliance C160 Guía Del Usuario
21-50
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 21 Configuring Routing and Delivery Features
Cisco Bounce Verification
Note
When delivering non-bounce mail to your own internal mail server (Exchange, etc.), you should disable
Cisco Bounce Verification tagging for that internal domain.
Cisco Bounce Verification tagging for that internal domain.
AsyncOS considers bounces as mail with a null Mail From address (<>). For non-bounce messages that
might contain a tagged Envelope Recipient, AsyncOS applies a more lenient policy. In such cases,
AsyncOS ignores the seven-day key expiration and tries to find a match with older keys as well.
might contain a tagged Envelope Recipient, AsyncOS applies a more lenient policy. In such cases,
AsyncOS ignores the seven-day key expiration and tries to find a match with older keys as well.
Cisco
Bounce Verification Address Tagging Keys
The tagging key is a text string your Cisco appliance uses when generating the bounce verification tag.
Ideally, you would use the same key across all of your Cisco appliances so that all mail leaving your
domain is tagged consistently. That way, if one Cisco appliance tags the Envelope Sender on an outgoing
message an incoming bounce will be verified and delivered even if the bounce is received by a different
Cisco appliance.
Ideally, you would use the same key across all of your Cisco appliances so that all mail leaving your
domain is tagged consistently. That way, if one Cisco appliance tags the Envelope Sender on an outgoing
message an incoming bounce will be verified and delivered even if the bounce is received by a different
Cisco appliance.
There is a seven day grace period for tags. For example, you may choose to change your tagging key
multiple times within a seven-day period. In such a case, your Cisco appliance will try to verify tagged
messages using all previous keys that are less than seven days old.
multiple times within a seven-day period. In such a case, your Cisco appliance will try to verify tagged
messages using all previous keys that are less than seven days old.
Accepting Legitimate Untagged Bounced Messages
AsyncOS also includes a HAT setting related to Cisco Bounce Verification for considering whether
untagged bounces are valid. The default setting is “No,” which means that untagged bounces are
considered invalid and the appliance either rejects the message or applies a customer header, depending
on the action selected on the Mail Policies > Bounce Verification page. If you select “Yes,” the appliance
considers untagged bounces to be valid and accepts them. This may be used in the following scenario:
untagged bounces are valid. The default setting is “No,” which means that untagged bounces are
considered invalid and the appliance either rejects the message or applies a customer header, depending
on the action selected on the Mail Policies > Bounce Verification page. If you select “Yes,” the appliance
considers untagged bounces to be valid and accepts them. This may be used in the following scenario:
Suppose you have a user that wants to send email to a mailing list. However, the mailing list accepts
messages only from a fixed set of Envelope Senders. In such a case, tagged messages from your user will
not be accepted (as the tag changes regularly).
messages only from a fixed set of Envelope Senders. In such a case, tagged messages from your user will
not be accepted (as the tag changes regularly).
Procedure
Step 1
Add the domain to which the user is trying to send mail to the Destination Controls table and disable
tagging for that domain. At this point, the user can send mail without problems.
tagging for that domain. At this point, the user can send mail without problems.
Step 2
However, to properly support receiving bounces from that domain (since they will not be tagged) you
can create a sender group for that domain and enable the Consider Untagged Bounces to be Valid
parameter in an “Accept” mail flow policy.
can create a sender group for that domain and enable the Consider Untagged Bounces to be Valid
parameter in an “Accept” mail flow policy.