Cisco Cisco Email Security Appliance X1070 Guide De Dépannage
ESA FAQ: What is a mail flow policy?
Document ID: 118179
Contributed by Nasir Shakour and Robert Sherwin, Cisco TAC
Engineers.
Aug 07, 2014
Engineers.
Aug 07, 2014
Contents
Introduction
What is a mail flow policy?
Related Information
What is a mail flow policy?
Related Information
Introduction
This document describes what a mail flow policy is on the Email Security Appliance (ESA), and the actions
that are associated to a mail flow policy.
that are associated to a mail flow policy.
What is a mail flow policy?
A mail flow policy allows you to control or limit the flow of email messages from a sender to the listener
during the SMTP conversation. You control SMTP conversations by defining the following types of
parameters in the mail flow policy:
during the SMTP conversation. You control SMTP conversations by defining the following types of
parameters in the mail flow policy:
Connection parameters, such as maximum number of messages per connection.
•
Rate limiting parameters, such as maximum number of recipients per hour.
•
Modify custom SMTP codes and responses communicated during the SMTP conversation.
•
Enable spam detection.
•
Enable virus protection.
•
Encryption, such as using TLS to encrypt the SMTP connection.
•
Authentication parameters, such as using DKIM to verify incoming mail.
•
Mail flow policies perform one of the following actions on connections from remote hosts:
ACCEPT. Connection is accepted, and email acceptance is then further restricted by listener settings,
including the Recipient Access Table (RAT)(for public listeners).
including the Recipient Access Table (RAT)(for public listeners).
•
REJECT. Connection is initially accepted, but the client attempting to connect gets a 4XX or 5XX
SMTP status code. No email is accepted.
SMTP status code. No email is accepted.
•
Note: You can also configure AsyncOS to perform this rejection at the message recipient level (RCPT TO),
rather than at the start of the SMTP conversation. Rejecting messages in this way delays the message rejection
and bounces the message, allowing AsyncOS to retain more detailed information about the rejected messages.
This setting is configured from the CLI listenerconfig > setup command.
rather than at the start of the SMTP conversation. Rejecting messages in this way delays the message rejection
and bounces the message, allowing AsyncOS to retain more detailed information about the rejected messages.
This setting is configured from the CLI listenerconfig > setup command.
TCPREFUSE. Connection is refused at the TCP level.
•
RELAY. Connection is accepted. Receiving for any recipient is allowed and is not constrained by the
RAT.
RAT.
•
CONTINUE. The mapping in the Host Access Table (HAT) is ignored, and processing of the HAT
continues. If the incoming connection matches a later entry that is not CONTINUE, that entry is used
instead. The CONTINUE rule is used to facilitate the editing of the HAT in the GUI.
continues. If the incoming connection matches a later entry that is not CONTINUE, that entry is used
instead. The CONTINUE rule is used to facilitate the editing of the HAT in the GUI.
•