Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 8 Anti-Spam
8-32
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
this configuration the Cisco IronPort appliance is not receiving the mail directly
from the Internet and so it does not have access to the last connecting IP address
from the external network. Instead mail received is listed as being received from
the local MX/MTA. It is critical for successful operation of the Cisco IronPort
appliance that the connecting IP address be known so that SenderBase Reputation
Service can be used in IronPort Intelligent Multi-Scan and IronPort Anti-Spam
scanning.
from the Internet and so it does not have access to the last connecting IP address
from the external network. Instead mail received is listed as being received from
the local MX/MTA. It is critical for successful operation of the Cisco IronPort
appliance that the connecting IP address be known so that SenderBase Reputation
Service can be used in IronPort Intelligent Multi-Scan and IronPort Anti-Spam
scanning.
The solution is to configure an incoming relay. When configuring an incoming
relay, you specify the names and IP addresses of all of the internal MX/MTAs
connecting to the Cisco IronPort appliance, as well as the header used to store the
originating IP address. You have two options for specifying the header: a custom
header or an existing received header.
relay, you specify the names and IP addresses of all of the internal MX/MTAs
connecting to the Cisco IronPort appliance, as well as the header used to store the
originating IP address. You have two options for specifying the header: a custom
header or an existing received header.
Incoming Relays and Email Security Monitor
When using the Incoming Relay feature, data provided by the Email Security
Monitor will contain data for both the external IP and the MX/MTA. For example,
if an external machine (IP 7.8.9.1) sent 5 emails through the internal MX/MTA
(IP 10.2.3.4), Mail Flow Summary will show 5 messages coming from IP 7.8.9.1
and 5 more coming from the internal relay MX/MTA (IP 10.2.3.5).
Monitor will contain data for both the external IP and the MX/MTA. For example,
if an external machine (IP 7.8.9.1) sent 5 emails through the internal MX/MTA
(IP 10.2.3.4), Mail Flow Summary will show 5 messages coming from IP 7.8.9.1
and 5 more coming from the internal relay MX/MTA (IP 10.2.3.5).
Incoming Relays and Filters
The Incoming Relays feature provides the various SenderBase Reputation Service
related filter rules (
related filter rules (
reputation, no-reputation
) with the correct SenderBase
Reputation score.
Incoming Relays, HAT, SBRS, and Sender Groups
Please note that HAT policy groups do not currently use information from
Incoming Relays. However, because the Incoming Relays feature does supply the
SenderBase Reputation score, you can simulate HAT policy group functionality
via message filters and the
Incoming Relays. However, because the Incoming Relays feature does supply the
SenderBase Reputation score, you can simulate HAT policy group functionality
via message filters and the
$reputation
variable.