Cisco Cisco Email Security Appliance C190 Guía Del Usuario
13-18
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 13 Anti-Spam
Determining Sender IP Address In Deployments with Incoming Relays
Specify a parsing character or string and the number of network hops (or Received: headers) back to
look. A hop is basically the message travelling from one machine to another (being received by the Cisco
appliance does not count as a hop. See
look. A hop is basically the message travelling from one machine to another (being received by the Cisco
appliance does not count as a hop. See
for more information). AsyncOS looks for the first IP address following the first occurrence
of the parsing character or string in the Received: header corresponding to the number of specified hops.
For example, if you specify two hops, the second Received: header, working backward from the Cisco
appliance is parsed. If neither the parsing character nor a valid IP address is found, the Cisco appliance
uses the real IP address of the connecting machine.
For example, if you specify two hops, the second Received: header, working backward from the Cisco
appliance is parsed. If neither the parsing character nor a valid IP address is found, the Cisco appliance
uses the real IP address of the connecting machine.
For the following example mail headers, if you specify an opening square bracket (
[
) and two hops, the
IP address of the external machine is 7.8.9.1. However, if you specify an closing parenthesis (
)
) as the
parsing character, a valid IP address will not be found. In this case, the Incoming Relays feature is treated
as disabled, and the IP of the connecting machine is used (10.2.3.5).
as disabled, and the IP of the connecting machine is used (10.2.3.5).
In the example in
the incoming relays are:
•
Path A — 10.2.3.5 (with 2 hops when using received headers) and
•
Path B — 10.2.6.1 (with 2 hops when using received headers)
shows example email headers for a message as it moves through several hops on its way to
the Cisco appliance as in
. This example shows extraneous headers (ignored by your Cisco
appliance) which are present once the message has arrived in the recipient’s inbox. The number of hops
to specify would be two.
to specify would be two.
shows the headers for the same email message, without the
extraneous headers
Notes for
:
•
The Cisco appliance ignores these headers.
•
The Cisco appliance receives the message (not counted as a hop).
•
First hop (and incoming relay).
Table 13-1
A Series of Received: Headers (Path A Example 1)
1
Microsoft Mail Internet Headers Version 2.0
Received: from smemail.rand.org ([10.2.2.7]) by smmail5.customerdoamin.org with
Microsoft SMTPSVC(5.0.2195.6713);
Received: from ironport.customerdomain.org ([10.2.3.6]) by
smemail.customerdoamin.org with Microsoft SMTPSVC(5.0.2195.6713);
2
Received: from mta.customerdomain.org ([10.2.3.5]) by ironport.customerdomain.org
with ESMTP; 21 Sep 2005 13:46:07 -0700
3
Received: from mx.customerdomain.org (mx.customerdomain.org) [10.2.3.4]) by
mta.customerdomain.org (8.12.11/8.12.11) with ESMTP id j8LKkWu1008155 for
<joefoo@customerdomain.org>
4
Received: from sending-machine.spamham.com (sending-machine.spamham.com [
7.8.9.1
])
by mx.customerdomain.org (Postfix) with ESMTP id 4F3DA15AC22 for
<joefoo@customerdomain.org>
5
Received: from linux1.thespammer.com (HELO linux1.thespammer.com) ([10.1.1.89])
by sending-machine.spamham.com with ESMTP;
Received: from exchange1.thespammer.com ([10.1.1.111]) by linux1.thespammer.com
with Microsoft SMTPSVC(6.0.3790.1830);
Subject: Would like a bigger paycheck?
Date: Wed, 21 Sep 2005 13:46:07 -0700
From: "A. Sender" <asend@otherdomain.com>
To: <joefoo@customerdomain.org>