Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
7-3
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Defining Remote Hosts into Sender Groups
Note
By rejecting all hosts other than the ones you specify, the
listenerconfig
and
systemsetup
commands
prevent you from unintentionally configuring your system as an “open relay.” An open relay (sometimes
called an “insecure relay” or a “third party” relay) is an SMTP email server that allows third-party relay
of email messages. By processing email that is neither for nor from a local user, an open relay makes it
possible for an unscrupulous sender to route large volumes of spam through your gateway.
called an “insecure relay” or a “third party” relay) is an SMTP email server that allows third-party relay
of email messages. By processing email that is neither for nor from a local user, an open relay makes it
possible for an unscrupulous sender to route large volumes of spam through your gateway.
Defining Remote Hosts into Sender Groups
You can define the way in which remote hosts attempt to connect to a listener. You group remote host
definitions into sender groups. A sender group is a list of remote hosts defined for the purpose of
handling email from those senders in the same way.
definitions into sender groups. A sender group is a list of remote hosts defined for the purpose of
handling email from those senders in the same way.
A sender group is a list of senders identified by:
•
IP address (IPv4 or IPv6)
•
IP range
•
Specific host or domain name
•
SenderBase Reputation Service “organization” classification
•
SenderBase Reputation Score (SBRS) range (or lack of score)
•
DNS List query response
For more information on the list of acceptable addresses in sender groups, see
.
When an SMTP server attempts an SMTP connection with the appliance, the listener evaluates the sender
groups in order and assigns the connection to a sender group when it matches any criterion in the sender
group, such as SenderBase reputation score, domain, or IP address.
groups in order and assigns the connection to a sender group when it matches any criterion in the sender
group, such as SenderBase reputation score, domain, or IP address.
Note
The system acquires and verifies the validity of the remote host’s IP address by performing a double
DNS lookup. This consists of a reverse DNS (PTR) lookup on the IP address of the connecting host,
followed by a forward DNS (A) lookup on the results of the PTR lookup. The system then checks that
the results of the A lookup match the results of the PTR lookup. If the results do not match, or if an A
record does not exist, the system only uses the IP address to match entries in the HAT.
DNS lookup. This consists of a reverse DNS (PTR) lookup on the IP address of the connecting host,
followed by a forward DNS (A) lookup on the results of the PTR lookup. The system then checks that
the results of the A lookup match the results of the PTR lookup. If the results do not match, or if an A
record does not exist, the system only uses the IP address to match entries in the HAT.
Define sender groups on the Mail Policies > HAT Overview page.
Related Topics
•
•
•
•