Cisco Cisco Email Security Appliance C650 Guía Del Usuario
Chapter 2 Configuring Routing and Delivery Features
2-128
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
checked for the presence of this tag. Legitimate bounces (which should contain
this tag) are untagged and delivered. Bounce messages that do not contain the tag
can be handled separately.
this tag) are untagged and delivered. Bounce messages that do not contain the tag
can be handled separately.
Note that you can use IronPort Bounce Verification to manage incoming bounce
messages based on your outgoing mail. To control how your IronPort appliance
generates outgoing bounces (based on incoming mail), see
messages based on your outgoing mail. To control how your IronPort appliance
generates outgoing bounces (based on incoming mail), see
Overview: Tagging and IronPort Bounce Verification
When sending email with bounce verification enabled, your IronPort appliance
will rewrite the Envelope Sender address in the message. For example, MAIL
FROM:
will rewrite the Envelope Sender address in the message. For example, MAIL
FROM:
joe@example.com
becomes MAIL FROM:
prvs=joe=123ABCDEFG@example.com
. The
123...
string in the example is the
“bounce verification tag” that gets added to the Envelope Sender as it is sent by
your IronPort appliance. The tag is generated using a key defined in the Bounce
Verification settings (see
your IronPort appliance. The tag is generated using a key defined in the Bounce
Verification settings (see
for more information about specifying a key). If this message
bounces, the Envelope Recipient address in the bounce will typically include this
bounce verification tag.
bounce verification tag.
You can enable or disable bounce verification tagging system-wide as a default.
You can also enable or disable bounce verification tagging for specific domains.
In most situations, you would enable it by default, and then list specific domains
to exclude in the Destination Controls table (see
You can also enable or disable bounce verification tagging for specific domains.
In most situations, you would enable it by default, and then list specific domains
to exclude in the Destination Controls table (see
If a message already contains a tagged address, AsyncOS does not add another tag
(in the case of an IronPort appliance delivering a bounce message to an IronPort
appliance inside the DMZ).
(in the case of an IronPort appliance delivering a bounce message to an IronPort
appliance inside the DMZ).
Handling Incoming Bounce Messages
Bounces that include a valid tag are delivered. The tag is removed and the
Envelope Recipient is restored. This occurs immediately after the Domain Map
step in the email pipeline. You can define how your IronPort appliances handle
untagged or invalidly tagged bounces — reject them or add a custom header. See
Envelope Recipient is restored. This occurs immediately after the Domain Map
step in the email pipeline. You can define how your IronPort appliances handle
untagged or invalidly tagged bounces — reject them or add a custom header. See
for more
information.