Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
7-29
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Verifying Senders
For this example, when implementing host sender verification, mail from connecting hosts for which
reverse DNS lookup does not match is throttled via the existing SUSPECTLIST sender group and
THROTTLED mail flow policy.
reverse DNS lookup does not match is throttled via the existing SUSPECTLIST sender group and
THROTTLED mail flow policy.
A new sender group (UNVERIFIED) and a new mail flow policy (THROTTLEMORE) are created. Mail
from connecting hosts which are not verified will be throttled (using the UNVERIFIED sender group
and the more aggressive THROTTLEMORE mail flow policy) prior to the SMTP conversation.
from connecting hosts which are not verified will be throttled (using the UNVERIFIED sender group
and the more aggressive THROTTLEMORE mail flow policy) prior to the SMTP conversation.
Envelope sender verification is enabled for the ACCEPTED mail flow policy.
Related Topics
•
•
•
•
•
Throttling Messages from Unverified Senders Using the SUSPECTLIST Sender Group
Procedure
Step 1
Select Mail Policies > HAT Overview.
Step 2
Click SUSPECTLIST in the list of sender groups.
Table 7-9
Sender Verification: Suggested Settings
Sender Group
Policy
Include
UNVERIFIED
SUSPECTLIST
THROTTLEMORE
THROTTLED
Prior to SMTP conversation:
Connecting host PTR record does not exist in the DNS.
Connecting host reverse DNS lookup (PTR) does not match
the forward DNS lookup (A).
the forward DNS lookup (A).
ACCEPTED
Envelope Sender Verification during SMTP conversation:
- Malformed MAIL FROM:
- Envelope sender does not exist in DNS.
- Envelope sender DNS does not resolve.