Cisco Cisco Email Security Appliance C190 Guía Del Usuario
22-2
Cisco AsyncOS 9.1 for Email User Guide
Chapter 22 Validating Recipients Using an SMTP Server
SMTP Call-Ahead Recipient Validation Workflow
Figure 22-1
SMTP Call Ahead Server Conversation Workflow
1.
The sending MTA initiates an SMTP conversation.
2.
The Email Security appliance suspends the SMTP conversation while it sends a query to the SMTP
server to verify the recipient, validuser@recipient.com.
server to verify the recipient, validuser@recipient.com.
Note
If SMTP routes or LDAP routing queries are configured, these routes will be used to query
the SMTP server.
the SMTP server.
3.
The SMTP Server returns a query response to the Email Security appliance.
4.
The Email Security appliance resumes the SMTP conversation and sends a response to the sending
MTA, allowing the conversation to continue or dropping the connection based on the SMTP server
response (and settings you configure in the SMTP Call-Ahead profile).
MTA, allowing the conversation to continue or dropping the connection based on the SMTP server
response (and settings you configure in the SMTP Call-Ahead profile).
Due to the order of processes in the email pipeline, if the message for a given recipient is rejected by the
RAT, then the SMTP call-ahead recipient validation will not occur. For example, if you specified in the
RAT that only mail for example.com is accepted, then mail for recipient@domain2.com is rejected
before SMTP call-ahead recipient validation can occur.
RAT, then the SMTP call-ahead recipient validation will not occur. For example, if you specified in the
RAT that only mail for example.com is accepted, then mail for recipient@domain2.com is rejected
before SMTP call-ahead recipient validation can occur.
Note
If you have configured Directory Harvest Attack Prevention (DHAP) in the HAT, be aware that SMTP
call-ahead server rejections are part of the number of rejections included in the maximum invalid
recipients per hour that you specify. You may need to adjust this number to account for additional SMTP
server rejections. For more information about DHAP, see the “Configuring the Gateway to Receive
Email” chapter.
call-ahead server rejections are part of the number of rejections included in the maximum invalid
recipients per hour that you specify. You may need to adjust this number to account for additional SMTP
server rejections. For more information about DHAP, see the “Configuring the Gateway to Receive
Email” chapter.
MAIL FROM: user@sender.com
RCPT TO: validuser@recipient.com
RCPT TO: validuser@recipient.com
Sending MTA
SMTP Server
START HERE
1
2
3
4
Email Security
Conversation with sending MTA
Conversation with Call-Ahead
Server
Server