Cisco Cisco Email Security Appliance C160 Guía Del Usuario
5-53
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 5 Configuring the Gateway to Receive Email
If you configure the recipient address to be rewritten in the work queue prior to the LDAP acceptance
query, (such as aliasing or using a domain map), the rewritten address will not bypass LDAP acceptance
queries. For example you use an alias table to map
query, (such as aliasing or using a domain map), the rewritten address will not bypass LDAP acceptance
queries. For example you use an alias table to map
customercare@example.com
to
bob@example.com
and
sue@example.com
. If you configure bypassing LDAP acceptance for
customercare@example.com
, an
LDAP acceptance query is still run for
bob@example.com
and
sue@example.com
after the aliasing takes
place.
To configure bypassing LDAP acceptance via the GUI, select Bypass LDAP Accept Queries for this
Recipient when you add or edit the RAT entry.
Recipient when you add or edit the RAT entry.
To configure bypassing LDAP acceptance queries via the CLI, answer yes to the following question
when you enter recipients using the
when you enter recipients using the
listenerconfig -> edit -> rcptaccess
command:
When you configure a RAT entry to bypass LDAP acceptance, be aware that the order of RAT entries
affects how recipient addresses are matched. The RAT matches the recipient address with the first RAT
entry that qualifies. For example, you have the following RAT entries: postmaster@ironport.com and
ironport.com. You configure the entry for postmaster@ironport.com to bypass LDAP acceptance
queries, and you configure the entry for ironport.com for ACCEPT. When you receive mail for
postmaster@ironport.com, the LDAP acceptance bypass will occur only if the entry for
postmaster@ironport.com is before the entry for ironport.com. If the entry for ironport.com is before the
postmaster@ironport.com entry, the RAT matches the recipient address to this entry and applies the
ACCEPT action.
affects how recipient addresses are matched. The RAT matches the recipient address with the first RAT
entry that qualifies. For example, you have the following RAT entries: postmaster@ironport.com and
ironport.com. You configure the entry for postmaster@ironport.com to bypass LDAP acceptance
queries, and you configure the entry for ironport.com for ACCEPT. When you receive mail for
postmaster@ironport.com, the LDAP acceptance bypass will occur only if the entry for
postmaster@ironport.com is before the entry for ironport.com. If the entry for ironport.com is before the
postmaster@ironport.com entry, the RAT matches the recipient address to this entry and applies the
ACCEPT action.
Default RAT Entries
For all public listeners you create, by default, the RAT is set to reject email from all recipients:
In the Recipient Access Table Overview listing, the default entry is named “All Other Recipients.”
Note
By default, the RAT rejects all recipients so that you do not accidentally create an open relay on the
Internet. An open relay (sometimes called an “insecure relay” or a “third-party” relay) is an SMTP email
server that allows third-party relay of email messages. By processing mail that is neither for — nor from
— a local user, an open relay makes it possible for an unscrupulous sender to route large volumes of
spam through your gateway. Use caution when changing the default values of Recipient Access Tables
for public listeners you create.
Internet. An open relay (sometimes called an “insecure relay” or a “third-party” relay) is an SMTP email
server that allows third-party relay of email messages. By processing mail that is neither for — nor from
— a local user, an open relay makes it possible for an unscrupulous sender to route large volumes of
spam through your gateway. Use caution when changing the default values of Recipient Access Tables
for public listeners you create.
You can not delete the default “ALL” entry from the RAT.
Importing and Exporting Text Resources as Text Files
You will need access to the configuration directory on the appliance. Imported text files must be present
in the configuration directory on the appliance. Exported text files are placed in the configuration
directory.
in the configuration directory on the appliance. Exported text files are placed in the configuration
directory.
See
for more information accessing on the configuration
directory.
Would you like to bypass LDAP ACCEPT for this entry? [Y]>
y
ALL
REJECT