Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The sending MTA initiates an SMTP conversation.

The Email Security appliance suspends the SMTP conversation while it sends a query to the SMTP 
server to verify the recipient, validuser@recipient.com.

If SMTP routes or LDAP routing queries are configured, these routes will be used to query 
the SMTP server. 

The SMTP Server returns a query response to the Email Security appliance.

The Email Security appliance resumes the SMTP conversation and sends a response to the sending 
MTA, allowing the conversation to continue or dropping the connection based on the SMTP server 
response (and settings you configure in the SMTP Call-Ahead profile).

Due to the order of processes in the email pipeline, if the message for a given recipient is rejected by the 
RAT, then the SMTP call-ahead recipient validation will not occur. For example, if you specified in the 
RAT that only mail for example.com is accepted, then mail for recipient@domain2.com is rejected 
before SMTP call-ahead recipient validation can occur.

If you have configured Directory Harvest Attack Prevention (DHAP) in the HAT, be aware that SMTP 
call-ahead server rejections are part of the number of rejections included in the maximum invalid 
recipients per hour that you specify. You may need to adjust this number to account for additional SMTP 
server rejections. For more information about DHAP, see “Configuring the Gateway to Receive Email” 
in the Cisco IronPort AsyncOS for Email Configuration Guide.

MAIL FROM: user@sender.com
RCPT TO: validuser@recipient.com

Sending MTA

SMTP Server

Email Security 

Conversation with sending MTA

Conversation with Call-Ahead 
Server