Cisco Cisco Email Security Appliance C650 Guía Del Usuario
5-165
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Chapter 5 Configuring the Gateway to Receive Email
Partial Domains, Default Domains, and Malformed MAIL FROMs
If you enable envelope sender verification or disable allowing partial domains in
SMTP Address Parsing options for a listener (see the SMTP Address Parsing
Options section in “Customizing Listeners” in the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide), the default domain settings for that
listener will no longer be used.
SMTP Address Parsing options for a listener (see the SMTP Address Parsing
Options section in “Customizing Listeners” in the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide), the default domain settings for that
listener will no longer be used.
These features are mutually exclusive.
Custom SMTP Code and Response
You can specify the SMTP code and response message for messages with
malformed envelope senders, for envelope senders which do not exist in DNS, and
for envelope senders which do not resolve via DNS queries (DNS server might be
down, etc.).
malformed envelope senders, for envelope senders which do not exist in DNS, and
for envelope senders which do not resolve via DNS queries (DNS server might be
down, etc.).
In the SMTP response, you can include a variable,
$EnvelopeSender
, which is
expanded to the value of the envelope sender when the custom response is sent.
While typically a “Domain does not exist” result is permanent, it is possible for
this to be a transient condition. To handle such cases, “conservative” users may
wish to change the error code from the default 5XX to a 4XX code.
this to be a transient condition. To handle such cases, “conservative” users may
wish to change the error code from the default 5XX to a 4XX code.
Sender Verification Exception Table
The sender verification exception table is a list of domains or email addresses that
will either be automatically allowed or rejected during the SMTP conversation.
You can also specify an optional SMTP code and reject response for rejected
domains. There is only one sender verification exception table per IronPort
appliance and it is enabled per mail flow policy.
will either be automatically allowed or rejected during the SMTP conversation.
You can also specify an optional SMTP code and reject response for rejected
domains. There is only one sender verification exception table per IronPort
appliance and it is enabled per mail flow policy.
The sender verification exception table can be used to list obviously fake but
correctly formatted domains or email addresses from which you want to reject
mail. For example, the correctly formatted MAIL FROM:
correctly formatted domains or email addresses from which you want to reject
mail. For example, the correctly formatted MAIL FROM:
pres@whitehouse.gov
could be listed in the sender verification exception table and set to be
automatically rejected. You can also list domains that you want to automatically
allow, such as internal or test domains. This is similar to envelope recipient
(SMTP RCPT TO command) processing which occurs in the Recipient Access
Table (RAT).
automatically rejected. You can also list domains that you want to automatically
allow, such as internal or test domains. This is similar to envelope recipient
(SMTP RCPT TO command) processing which occurs in the Recipient Access
Table (RAT).