Cisco Cisco Email Security Appliance C650 Guía Del Usuario
4-99
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Chapter 4 Understanding the Email Pipeline
–
the HAT policy was to skip anti-virus scanning, or
–
there was a message filter that caused the message to bypass anti-virus
scanning,
scanning,
then the message will not be anti-virus scanned upon release from the quarantine,
regardless of whether anti-virus scanning has been re-enabled. However,
messages that bypass anti-virus scanning due to mail policies may be anti-virus
scanned upon release from a quarantine, as the mail policy's settings may have
changed while the message was in the quarantine. For example, if a message
bypasses anti-virus scanning due to a mail policy and is quarantined, then, prior
to release from the quarantine, the mail policy is updated to include anti-virus
scanning, the message will be anti-virus scanned upon release from the
quarantine.
regardless of whether anti-virus scanning has been re-enabled. However,
messages that bypass anti-virus scanning due to mail policies may be anti-virus
scanned upon release from a quarantine, as the mail policy's settings may have
changed while the message was in the quarantine. For example, if a message
bypasses anti-virus scanning due to a mail policy and is quarantined, then, prior
to release from the quarantine, the mail policy is updated to include anti-virus
scanning, the message will be anti-virus scanned upon release from the
quarantine.
Similarly, suppose you had inadvertently disabled anti-spam scanning globally
(or within the HAT), and you notice this after mail is in the work queue. Enabling
anti-spam at that point will not cause the messages in the work queue to be
anti-spam scanned.
(or within the HAT), and you notice this after mail is in the work queue. Enabling
anti-spam at that point will not cause the messages in the work queue to be
anti-spam scanned.
LDAP Recipient Acceptance
You can use your existing LDAP infrastructure to define how the recipient email
address of incoming messages (on a public listener) should be handled during the
SMTP conversation or within the workqueue. See “Accept Queries” in the
“Customizing Listeners” chapter of the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide. This allows the IronPort appliance to combat
directory harvest attacks (DHAP) in a unique way: the system accepts the
message and performs the LDAP acceptance validation within the SMTP
conversation or the work queue. If the recipient is not found in the LDAP
directory, you can configure the system to perform a delayed bounce or drop the
message entirely.
address of incoming messages (on a public listener) should be handled during the
SMTP conversation or within the workqueue. See “Accept Queries” in the
“Customizing Listeners” chapter of the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide. This allows the IronPort appliance to combat
directory harvest attacks (DHAP) in a unique way: the system accepts the
message and performs the LDAP acceptance validation within the SMTP
conversation or the work queue. If the recipient is not found in the LDAP
directory, you can configure the system to perform a delayed bounce or drop the
message entirely.
For more information, see the “LDAP Queries” chapter in the Cisco IronPort
AsyncOS for Email Advanced Configuration Guide.
AsyncOS for Email Advanced Configuration Guide.