Cisco Cisco Email Security Appliance C160 Mode D'Emploi
4-6
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 4 Understanding the Email Pipeline
Work Queue / Routing
Recipient Access Table (RAT)
For inbound email only, the RAT allows you to specify a list of all local domains for which the Cisco
appliance will accept mail.
appliance will accept mail.
For more information, see
Alias Tables
Alias tables provide a mechanism to redirect messages to one or more recipients. Aliases are stored in a
mapping table. When the envelope recipient (also known as the Envelope To, or
mapping table. When the envelope recipient (also known as the Envelope To, or
RCPT TO
) of an email
matches an alias as defined in an alias table, the envelope recipient address of the email will be rewritten.
For more information about Alias Tables, see “Creating Alias Tables” in the “Configuring Routing and
Delivery Features” chapter of the Cisco IronPort AsyncOS for Email Advanced Configuration Guide.
Delivery Features” chapter of the Cisco IronPort AsyncOS for Email Advanced Configuration Guide.
LDAP Recipient Acceptance
You can use your existing LDAP infrastructure to define how the recipient email address of incoming
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. See “Accept Queries” in the “Customizing Listeners” chapter of the Cisco IronPort AsyncOS
for Email Advanced Configuration Guide. This allows the Cisco appliance to combat directory harvest
attacks (DHAP) in a unique way: the system accepts the message and performs the LDAP acceptance
validation within the SMTP conversation or the work queue. If the recipient is not found in the LDAP
directory, you can configure the system to perform a delayed bounce or drop the message entirely.
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. See “Accept Queries” in the “Customizing Listeners” chapter of the Cisco IronPort AsyncOS
for Email Advanced Configuration Guide. This allows the Cisco appliance to combat directory harvest
attacks (DHAP) in a unique way: the system accepts the message and performs the LDAP acceptance
validation within the SMTP conversation or the work queue. If the recipient is not found in the LDAP
directory, you can configure the system to perform a delayed bounce or drop the message entirely.
For more information, see the “LDAP Queries” chapter in the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide.
Advanced Configuration Guide.
SMTP Call-Ahead Recipient Validation
When you configure your Email Security appliance for SMTP call-ahead recipient validation, the Email
Security appliance suspends the SMTP conversation with the sending MTA while it “calls ahead” to the
SMTP server to verify the recipient. When the Cisco appliance queries the SMTP server, it returns the
SMTP server’s response to the Email Security appliance. The Email Security appliance resumes the
SMTP conversation and sends a response to the sending MTA, allowing the conversation to continue or
dropping the connection based on the SMTP server response (and settings you configure in the SMTP
Call-Ahead profile).
Security appliance suspends the SMTP conversation with the sending MTA while it “calls ahead” to the
SMTP server to verify the recipient. When the Cisco appliance queries the SMTP server, it returns the
SMTP server’s response to the Email Security appliance. The Email Security appliance resumes the
SMTP conversation and sends a response to the sending MTA, allowing the conversation to continue or
dropping the connection based on the SMTP server response (and settings you configure in the SMTP
Call-Ahead profile).
For more information, see the “Validating Recipients Using an SMTP Server” chapter in the Cisco
IronPort AsyncOS for Email Advanced Configuration Guide.
IronPort AsyncOS for Email Advanced Configuration Guide.
Work Queue / Routing
The Work Queue is where the received message is processed before moving to the delivery phase.
Processing includes masquerading, routing, filtering, safelist/blocklist scanning, anti-spam and
anti-virus scanning, Outbreak Filters, and quarantining.
Processing includes masquerading, routing, filtering, safelist/blocklist scanning, anti-spam and
anti-virus scanning, Outbreak Filters, and quarantining.