Cisco Cisco Email Security Appliance C650 Guía Del Usuario
2-54
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 2 Configuring Routing and Delivery Features
You can enable or disable bounce verification tagging system-wide as a default. You can also enable or
disable bounce verification tagging for specific domains. In most situations, you would enable it by
default, and then list specific domains to exclude in the Destination Controls table (see
disable bounce verification tagging for specific domains. In most situations, you would enable it by
default, and then list specific domains to exclude in the Destination Controls table (see
).
If a message already contains a tagged address, AsyncOS does not add another tag (in the case of an
Cisco IronPort appliance delivering a bounce message to an Cisco IronPort appliance inside the DMZ).
Cisco IronPort appliance delivering a bounce message to an Cisco IronPort appliance inside the DMZ).
Handling Incoming Bounce Messages
Bounces that include a valid tag are delivered. The tag is removed and the Envelope Recipient is restored.
This occurs immediately after the Domain Map step in the email pipeline. You can define how your
Cisco IronPort appliances handle untagged or invalidly tagged bounces — reject them or add a custom
header. See
This occurs immediately after the Domain Map step in the email pipeline. You can define how your
Cisco IronPort appliances handle untagged or invalidly tagged bounces — reject them or add a custom
header. See
for more information.
If the bounce verification tag is not present, or if the key used to generate the tag has changed, or if the
message is more than seven days old, the message is treated as per the settings defined for Cisco IronPort
Bounce Verification.
message is more than seven days old, the message is treated as per the settings defined for Cisco IronPort
Bounce Verification.
For example, the following mail log shows a bounced message rejected by the Cisco IronPort appliance:
Note
When delivering non-bounce mail to your own internal mail server (Exchange, etc.), you should disable
Cisco IronPort Bounce Verification tagging for that internal domain.
Cisco IronPort Bounce Verification tagging for that internal domain.
AsyncOS considers bounces as mail with a null Mail From address (<>). For non-bounce messages that
might contain a tagged Envelope Recipient, AsyncOS applies a more lenient policy. In such cases,
AsyncOS ignores the seven-day key expiration and tries to find a match with older keys as well.
might contain a tagged Envelope Recipient, AsyncOS applies a more lenient policy. In such cases,
AsyncOS ignores the seven-day key expiration and tries to find a match with older keys as well.
Cisco IronPort
Bounce Verification Address Tagging Keys
The tagging key is a text string your Cisco IronPort appliance uses when generating the bounce
verification tag. Ideally, you would use the same key across all of your Cisco IronPort appliances so that
all mail leaving your domain is tagged consistently. That way, if one Cisco IronPort appliance tags the
Envelope Sender on an outgoing message an incoming bounce will be verified and delivered even if the
bounce is received by a different Cisco IronPort appliance.
verification tag. Ideally, you would use the same key across all of your Cisco IronPort appliances so that
all mail leaving your domain is tagged consistently. That way, if one Cisco IronPort appliance tags the
Envelope Sender on an outgoing message an incoming bounce will be verified and delivered even if the
bounce is received by a different Cisco IronPort appliance.
There is a seven day grace period for tags. For example, you may choose to change your tagging key
multiple times within a seven-day period. In such a case, your Cisco IronPort appliance will try to verify
tagged messages using all previous keys that are less than seven days old.
multiple times within a seven-day period. In such a case, your Cisco IronPort appliance will try to verify
tagged messages using all previous keys that are less than seven days old.
Fri Jul 21 16:02:19 2006 Info: Start MID 26603 ICID 125192
Fri Jul 21 16:02:19 2006 Info: MID 26603 ICID 125192 From: <>
Fri Jul 21 16:02:40 2006 Info: MID 26603 ICID 125192 invalid bounce, rcpt address
<bob@example.com> rejected by bounce verification.
Fri Jul 21 16:03:51 2006 Info: Message aborted MID 26603 Receiving aborted by sender
Fri Jul 21 16:03:51 2006 Info: Message finished MID 26603 aborted