Cisco Cisco Email Security Appliance C160 Mode D'Emploi
25-37
Cisco AsyncOS 9.0 for Email User Guide
Chapter 25 LDAP Queries
Configuring AsyncOS for SMTP Authentication
Figure 25-13
Selecting an SMTP Authentication Profile via the Edit Listener page
Once a listener is configured to use the profile, the Host Access Table default settings can be changed
so that the listener allows, disallows, or requires SMTP Authentication:
so that the listener allows, disallows, or requires SMTP Authentication:
Figure 25-14
Enabling SMTP Authentication on a Mail Flow Policy
Related Topics
•
•
SMTP Authentication and HAT Policy Settings
Because senders are grouped into the appropriate sender group before the SMTP Authentication
negotiation begins, Host Access Table (HAT) settings, are not affected. When a remote mail host
connects, the appliance first determines which sender group applies and imposes the Mail Policy for that
sender group. For example, if a remote MTA “suspicious.com” is in your SUSPECTLIST sender group,
the THROTTLE policy will be applied, regardless of the results of “suspicious.com’s” SMTPAUTH
negotiation.
negotiation begins, Host Access Table (HAT) settings, are not affected. When a remote mail host
connects, the appliance first determines which sender group applies and imposes the Mail Policy for that
sender group. For example, if a remote MTA “suspicious.com” is in your SUSPECTLIST sender group,
the THROTTLE policy will be applied, regardless of the results of “suspicious.com’s” SMTPAUTH
negotiation.
However, senders that do authenticate using SMTPAUTH are treated differently than “normal” senders.
The connection behavior for successful SMTPAUTH sessions changes to “RELAY,” effectively
bypassing the Recipient Access Table (RAT) and LDAPACCEPT. This allows the sender to relay
messages through the appliance. As stated, any Rate Limiting or throttling that applies will remain in
effect.
The connection behavior for successful SMTPAUTH sessions changes to “RELAY,” effectively
bypassing the Recipient Access Table (RAT) and LDAPACCEPT. This allows the sender to relay
messages through the appliance. As stated, any Rate Limiting or throttling that applies will remain in
effect.
2
1
Number
Description
1.
The SMTP Authentication field provides listener-level control for SMTP
authentication. If you select “No,” authentication will not be enabled on the listener,
regardless of any other SMTP authentication settings you configure.
authentication. If you select “No,” authentication will not be enabled on the listener,
regardless of any other SMTP authentication settings you configure.
2.
If “Required” is selected in the second prompt (SMTP Authentication:), no AUTH
keyword will be issued until TLS is negotiated (after the client issues a second EHLO
command).
keyword will be issued until TLS is negotiated (after the client issues a second EHLO
command).