Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
2-53
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 2 Configuring Routing and Delivery Features
Use the Import Table button on the Destination Controls page or the
destconfig -> import
command
to import a configuration file.You can also export your Destination Control entries to an INI file using
the Export Table button on the Destination Controls page or the
the Export Table button on the Destination Controls page or the
destconfig -> export
command.
AsyncOS includes the
[Default]
domain control entry in the exported INI file.
Destination Controls and the CLI
You can use the
destconfig
command in the CLI to configure Destination Control entries. This
command is discussed in the Cisco IronPort AsyncOS CLI Reference Guide.
Cisco IronPort Bounce Verification
A “bounce” message is a new message that is sent by a receiving MTA, using the Envelope Sender of
the original email as the new Envelope Recipient. This bounce is sent back to the Envelope Recipient
(usually) with a blank Envelope Sender (MAIL FROM: < >) when the original message is undeliverable
(typically due to a non-existent recipient address).
the original email as the new Envelope Recipient. This bounce is sent back to the Envelope Recipient
(usually) with a blank Envelope Sender (MAIL FROM: < >) when the original message is undeliverable
(typically due to a non-existent recipient address).
Increasingly, spammers are attacking email infrastructure via misdirected bounce attacks. These attacks
consist of a flood of bounce messages, sent by unknowing, legitimate mail servers. Basically, the process
spammers use is to send email via open relays and “zombie” networks to multiple, potentially invalid
addresses (Envelope Recipients) at various domains. In these messages, the Envelope Sender is forged
so that the spam appears to be coming from a legitimate domain (this is known as a “Joe job”).
consist of a flood of bounce messages, sent by unknowing, legitimate mail servers. Basically, the process
spammers use is to send email via open relays and “zombie” networks to multiple, potentially invalid
addresses (Envelope Recipients) at various domains. In these messages, the Envelope Sender is forged
so that the spam appears to be coming from a legitimate domain (this is known as a “Joe job”).
In turn, for each incoming email with an invalid Envelope Recipient, the receiving mail servers generate
a new email — a bounce message — and send it along to the Envelope Sender at the innocent domain
(the one whose Envelope Sender address was forged). As a result, this target domain receives a flood of
“misdirected” bounces — potentially millions of messages. This type of distributed denial of service
attack can bring down email infrastructure and render it impossible for the target to send or receive
legitimate email.
a new email — a bounce message — and send it along to the Envelope Sender at the innocent domain
(the one whose Envelope Sender address was forged). As a result, this target domain receives a flood of
“misdirected” bounces — potentially millions of messages. This type of distributed denial of service
attack can bring down email infrastructure and render it impossible for the target to send or receive
legitimate email.
To combat these misdirected bounce attacks, AsyncOS includes Cisco IronPort Bounce Verification.
When enabled, Cisco IronPort Bounce Verification tags the Envelope Sender address for messages sent
via your Cisco IronPort appliance. The Envelope Recipient for any bounce message received by the
Cisco IronPort appliance is then checked for the presence of this tag. Legitimate bounces (which should
contain this tag) are untagged and delivered. Bounce messages that do not contain the tag can be handled
separately.
When enabled, Cisco IronPort Bounce Verification tags the Envelope Sender address for messages sent
via your Cisco IronPort appliance. The Envelope Recipient for any bounce message received by the
Cisco IronPort appliance is then checked for the presence of this tag. Legitimate bounces (which should
contain this tag) are untagged and delivered. Bounce messages that do not contain the tag can be handled
separately.
Note that you can use Cisco IronPort Bounce Verification to manage incoming bounce messages based
on your outgoing mail. To control how your Cisco IronPort appliance generates outgoing bounces (based
on incoming mail), see
on your outgoing mail. To control how your Cisco IronPort appliance generates outgoing bounces (based
on incoming mail), see
Overview: Tagging and Cisco IronPort Bounce Verification
When sending email with bounce verification enabled, your Cisco IronPort appliance will rewrite the
Envelope Sender address in the message. For example, MAIL FROM:
Envelope Sender address in the message. For example, MAIL FROM:
joe@example.com
becomes MAIL
FROM:
prvs=joe=123ABCDEFG@example.com
. The
123...
string in the example is the “bounce
verification tag” that gets added to the Envelope Sender as it is sent by your Cisco IronPort appliance.
The tag is generated using a key defined in the Bounce Verification settings (see
The tag is generated using a key defined in the Bounce Verification settings (see
for more information about specifying a key). If this
message bounces, the Envelope Recipient address in the bounce will typically include this bounce
verification tag.
verification tag.