Cisco Cisco Email Security Appliance C650 Guía Del Usuario
Chapter 4 Understanding the Email Pipeline
4-8
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
For more information about Alias Tables, see “Creating Alias Tables” in the
“Configuring Routing and Delivery Features” chapter of the Cisco IronPort
AsyncOS for Email Advanced Configuration Guide.
“Configuring Routing and Delivery Features” chapter of the Cisco IronPort
AsyncOS for Email Advanced Configuration Guide.
LDAP Recipient Acceptance
You can use your existing LDAP infrastructure to define how the recipient email
address of incoming messages (on a public listener) should be handled during the
SMTP conversation or within the workqueue. See “Accept Queries” in the
“Customizing Listeners” chapter of the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide. This allows the Cisco IronPort appliance to
combat directory harvest attacks (DHAP) in a unique way: the system accepts the
message and performs the LDAP acceptance validation within the SMTP
conversation or the work queue. If the recipient is not found in the LDAP
directory, you can configure the system to perform a delayed bounce or drop the
message entirely.
address of incoming messages (on a public listener) should be handled during the
SMTP conversation or within the workqueue. See “Accept Queries” in the
“Customizing Listeners” chapter of the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide. This allows the Cisco IronPort appliance to
combat directory harvest attacks (DHAP) in a unique way: the system accepts the
message and performs the LDAP acceptance validation within the SMTP
conversation or the work queue. If the recipient is not found in the LDAP
directory, you can configure the system to perform a delayed bounce or drop the
message entirely.
For more information, see the “LDAP Queries” chapter in the Cisco IronPort
AsyncOS for Email Advanced Configuration Guide.
AsyncOS for Email Advanced Configuration Guide.
SMTP Call-Ahead Recipient Validation
When you configure your Email Security appliance for SMTP call-ahead recipient
validation, the Email Security appliance suspends the SMTP conversation with
the sending MTA while it “calls ahead” to the SMTP server to verify the recipient.
When the Cisco IronPort appliance queries the SMTP server, it returns the SMTP
server’s response to the Email Security appliance. The Email Security appliance
resumes the SMTP conversation and sends a response to the sending MTA,
allowing the conversation to continue or dropping the connection based on the
SMTP server response (and settings you configure in the SMTP Call-Ahead
profile).
validation, the Email Security appliance suspends the SMTP conversation with
the sending MTA while it “calls ahead” to the SMTP server to verify the recipient.
When the Cisco IronPort appliance queries the SMTP server, it returns the SMTP
server’s response to the Email Security appliance. The Email Security appliance
resumes the SMTP conversation and sends a response to the sending MTA,
allowing the conversation to continue or dropping the connection based on the
SMTP server response (and settings you configure in the SMTP Call-Ahead
profile).
For more information, see the “Validating Recipients Using an SMTP Server”
chapter in the Cisco IronPort AsyncOS for Email Advanced Configuration Guide.
chapter in the Cisco IronPort AsyncOS for Email Advanced Configuration Guide.