Cisco Cisco Email Security Appliance C160 Guía Del Usuario
13-23
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 13 Anti-Spam
Determining Sender IP Address In Deployments with Incoming Relays
Figure 13-6
Mail Relayed by MX/MTA — Variable Number of Hops
Related Topics
•
Received Header
If configuring the MX/MTAs to include a custom header containing the sending IP address is not an
option, you can configure the incoming relays feature to attempt to determine the sending IP address by
examining the “Received:” headers in the message. Using the “Received:” header will only work if the
number of network “hops” will always be constant for an IP address. In other words, the machine at the
first hop (10.2.3.5 in
option, you can configure the incoming relays feature to attempt to determine the sending IP address by
examining the “Received:” headers in the message. Using the “Received:” header will only work if the
number of network “hops” will always be constant for an IP address. In other words, the machine at the
first hop (10.2.3.5 in
) should always be the same number of hops away from the edge of your
network. If incoming mail can take different paths (resulting in a different number of hops, as described
in
in
) to the machine connecting to your Cisco appliance, you must use a custom header (see
Specify a parsing character or string and the number of network hops (or Received: headers) back to
look. A hop is basically the message traveling from one machine to another (being received by the Cisco
appliance does not count as a hop. See
look. A hop is basically the message traveling from one machine to another (being received by the Cisco
appliance does not count as a hop. See
for more information). AsyncOS looks for the first IP address following the first occurrence
of the parsing character or string in the Received: header corresponding to the number of specified hops.
For example, if you specify two hops, the second Received: header, working backward from the Cisco
appliance is parsed. If neither the parsing character nor a valid IP address is found, the Cisco appliance
uses the real IP address of the connecting machine.
For example, if you specify two hops, the second Received: header, working backward from the Cisco
appliance is parsed. If neither the parsing character nor a valid IP address is found, the Cisco appliance
uses the real IP address of the connecting machine.
For the following example mail headers, if you specify an opening square bracket (
[
) and two hops, the
IP address of the external machine is 7.8.9.1. However, if you specify an closing parenthesis (
)
) as the
parsing character, a valid IP address will not be found. In this case, the Incoming Relays feature is treated
as disabled, and the IP of the connecting machine is used (10.2.3.5).
as disabled, and the IP of the connecting machine is used (10.2.3.5).
In the example in