Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
7-26
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Verifying Senders
Verifying Senders
Spam and unwanted mail is frequently sent by senders whose domains or IP addresses cannot be resolved
by DNS. DNS verification means that you can get reliable information about senders and process mail
accordingly. Sender verification prior to the SMTP conversation (connection filtering based on DNS
lookups of the sender’s IP address) also helps reduce the amount of junk email processed through the
mail pipeline on the appliance.
by DNS. DNS verification means that you can get reliable information about senders and process mail
accordingly. Sender verification prior to the SMTP conversation (connection filtering based on DNS
lookups of the sender’s IP address) also helps reduce the amount of junk email processed through the
mail pipeline on the appliance.
Mail from unverified senders is not automatically discarded. Instead, AsyncOS provides sender
verification settings that allow you to determine how the appliance handles mail from unverified senders:
you can configure your appliance to automatically block all mail from unverified senders prior to the
SMTP conversation or throttle unverified senders, for example.
verification settings that allow you to determine how the appliance handles mail from unverified senders:
you can configure your appliance to automatically block all mail from unverified senders prior to the
SMTP conversation or throttle unverified senders, for example.
The sender verification feature consists of the following components:
•
Verification of the connecting host. This occurs prior to the SMTP conversation. For more
information, see
information, see
.
•
Verification of the domain portion of the envelope sender. This occurs during the SMTP
conversation. For more information, see
conversation. For more information, see
.
Sender Verification: Host
Senders can be unverified for different reasons. For example, the DNS server could be “down” or not
responding, or the domain may not exist. Host DNS verification settings for sender groups allow you to
classify unverified senders prior to the SMTP conversation and include different types of unverified
senders in your various sender groups.
responding, or the domain may not exist. Host DNS verification settings for sender groups allow you to
classify unverified senders prior to the SMTP conversation and include different types of unverified
senders in your various sender groups.
The appliance attempts to verify the sending domain of the connecting host via DNS for incoming mail.
This verification is performed prior to the SMTP conversation. The system acquires and verifies the
validity of the remote host’s IP address (that is, the domain) by performing a double DNS lookup. A
double DNS lookup is defined as a reverse DNS (PTR) lookup on the IP address of the connecting host,
followed by a forward DNS (A) lookup on the results of the PTR lookup. The appliance then checks that
This verification is performed prior to the SMTP conversation. The system acquires and verifies the
validity of the remote host’s IP address (that is, the domain) by performing a double DNS lookup. A
double DNS lookup is defined as a reverse DNS (PTR) lookup on the IP address of the connecting host,
followed by a forward DNS (A) lookup on the results of the PTR lookup. The appliance then checks that
The system will always add a Message-ID header to outgoing messages that don't already
have one. Would you like to do the same for incoming messages? (Not recommended.) [N]>
By default connections with a HAT REJECT policy will be closed with a banner message at
the start of the SMTP conversation. Would you like to do the rejection at the message
recipient level instead for more detailed logging of rejected mail? [N]>
Currently configured listeners:
1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public
2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private
[]>