Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The AsyncOS command line interface (CLI) provides more control settings for SPF level than the web 
interface. Based on the SPF verdict, the appliance can accept or reject a message, in SMTP conversation, 
on a per listener basis. You can modify the SPF settings when editing the default settings for a listener’s 
Host Access Table using the 

listenerconfig

 command. See the 

 for more information on the settings.

To use SPF/SIDF, you must enable SPF/SIDF for a mail flow policy on an incoming listener. You can 
enable SPF/SIDF on the listener from the default mail flow policy, or you can enable it for particular 
incoming mail flow policies. 

Choose Mail Policies > Mail Flow Policy.

Click Default Policy Parameters.

In the default policy parameters, view the Security Features section.

In the SPF/SIDF Verification section, click On.

Set the level of conformance (the default is SIDF-compatible). This option allows you to determine 
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose 
SIDF-compatible, which combines SPF and SIDF.

SPF

The SPF/SIDF verification behaves according to RFC4408.

- No purported responsible address (PRA) identity verification takes 
place.

NOTE: Select this conformance option to test against the HELO 
identity.

SIDF

The SPF/SIDF verification behaves according to RFC4406.

-The PRA Identity is determined with full conformance to the standard.

- SPF v1.0 records are treated as spf2.0/mfrom,pra.

- For a nonexistent domain or a malformed identity, a verdict of Fail is 
returned.

SIDF Compatible

The SPF/SIDF verification behaves according to RFC4406 except for 
the following differences:

- SPF v1.0 records are treated as spf2.0/mfrom.

- For a nonexistent domain or a malformed identity, a verdict of None is 
returned.

NOTE: This conformance option was introduced at the request of the 
OpenSPF community (www.openspf.org).