Cisco Cisco Email Security Appliance C160 Mode D'Emploi
10-3
Cisco AsyncOS 8.5.6 for Email User Guide
Chapter 10 Mail Policies
Handling Incoming and Outgoing Messages Differently
Handling Incoming and Outgoing Messages Differently
The Email Security appliances uses two different sets of mail policies for message content security:
•
Incoming mail policies for messages are messages received from connections that match an
ACCEPT HAT policy in any listener.
ACCEPT HAT policy in any listener.
•
Outgoing mail policies for messages are messages from connections that match a RELAY HAT
policy in any listener. This includes any connection that was authenticated with SMTP AUTH.
policy in any listener. This includes any connection that was authenticated with SMTP AUTH.
Having separate sets of policies allow you to define different security rules for messages sent to your
users and messages sent from your users. You manage these policies using the Mail Policies > Incoming
Mail Policies or Outgoing Mail Policies pages in the GUI, or the
users and messages sent from your users. You manage these policies using the Mail Policies > Incoming
Mail Policies or Outgoing Mail Policies pages in the GUI, or the
policyconfig
command in the CLI.
Note
Some features can be applied only to incoming or to outgoing mail policies. For example, Data Loss
Prevention scanning can only be performed on outgoing messages. Advanced Malware Protection (File
Reputation scanning and File Analysis) is available only in Incoming Mail Policies.
Prevention scanning can only be performed on outgoing messages. Advanced Malware Protection (File
Reputation scanning and File Analysis) is available only in Incoming Mail Policies.
Note
In certain installations, “internal” mail being routed through the Cisco appliance may be considered
outgoing, even if all the recipients are addressed to internal addresses. For example, by default for Cisco
C170 customers, the system setup wizard will configure only one physical Ethernet port with one listener
for receiving inbound email and relaying outbound email.
outgoing, even if all the recipients are addressed to internal addresses. For example, by default for Cisco
C170 customers, the system setup wizard will configure only one physical Ethernet port with one listener
for receiving inbound email and relaying outbound email.
Matching Users to a Mail Policy
As messages are received by the appliance, the Email Security appliance attempts to match each message
recipient and sender to a mail policy in the Incoming or Outgoing Mail Policies table, depending on
whether it is an incoming or outgoing message.
recipient and sender to a mail policy in the Incoming or Outgoing Mail Policies table, depending on
whether it is an incoming or outgoing message.
Matches are based on either the recipient’s address or the sender’s address:
•
Recipient address matches the Envelope Recipient address
When matching recipient addresses, the recipient addresses entered are the final addresses after
processing by preceding parts of the email pipeline. For example, if enabled, the default domain,
LDAP routing or masquerading, alias table, domain map, and message filters features can rewrite
the Envelope Recipient address and may affect whether the message matches a mail policy.
processing by preceding parts of the email pipeline. For example, if enabled, the default domain,
LDAP routing or masquerading, alias table, domain map, and message filters features can rewrite
the Envelope Recipient address and may affect whether the message matches a mail policy.
•
Sender address matches:
–
Envelope Sender (RFC821 MAIL FROM address)
–
Address found in the RFC822 From: header
–
Address found in the RFC822 Reply-To: header
Addresses may be matched on either a full email address, user, domain, or partial domain, and addresses
may also match LDAP group membership.
may also match LDAP group membership.
Related Topics
•
•