Cisco Cisco Email Security Appliance C650 Guía Del Usuario
7-31
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Verifying Senders
The sender verification exception table is defined in the GUI via the Mail Policies > Exception Table
page (or the CLI, via the
page (or the CLI, via the
exceptionconfig
command) and then is enabled on a per-policy basis via the
GUI (see
) or the CLI (see the Cisco AsyncOS CLI Reference Guide.
Entries in the sender verification exception table have the following syntax:
Figure 7-4
Exception Table Listing
See
for more information about modifying the exception table.
Implementing Sender Verification — Example Settings
This section provides an example of a typical conservative implementation of host and envelope sender
verification.
verification.
For this example, when implementing host sender verification, mail from connecting hosts for which
reverse DNS lookup does not match is throttled via the existing SUSPECTLIST sender group and
THROTTLED mail flow policy.
reverse DNS lookup does not match is throttled via the existing SUSPECTLIST sender group and
THROTTLED mail flow policy.
A new sender group (UNVERIFIED) and a new mail flow policy (THROTTLEMORE) are created. Mail
from connecting hosts which are not verified will be throttled (using the UNVERIFIED sender group
and the more aggressive THROTTLEMORE mail flow policy) prior to the SMTP conversation.
from connecting hosts which are not verified will be throttled (using the UNVERIFIED sender group
and the more aggressive THROTTLEMORE mail flow policy) prior to the SMTP conversation.
Envelope sender verification is enabled for the ACCEPTED mail flow policy.
Table 7-9
Sender Verification: Suggested Settings
Sender Group
Policy
Include
UNVERIFIED
SUSPECTLIST
THROTTLEMORE
THROTTLED
Prior to SMTP conversation:
Connecting host PTR record does not exist in the DNS.
Connecting host reverse DNS lookup (PTR) does not match
the forward DNS lookup (A).
the forward DNS lookup (A).
ACCEPTED
Envelope Sender Verification during SMTP conversation:
- Malformed MAIL FROM:
- Envelope sender does not exist in DNS.
- Envelope sender DNS does not resolve.