Cisco Cisco Email Security Appliance C160 Mode D'Emploi
5-43
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 5 Configuring the Gateway to Receive Email
Sender Verification Exception Table
The sender verification exception table is a list of domains or email addresses that will either be
automatically allowed or rejected during the SMTP conversation. You can also specify an optional
SMTP code and reject response for rejected domains. There is only one sender verification exception
table per Cisco IronPort appliance and it is enabled per mail flow policy.
automatically allowed or rejected during the SMTP conversation. You can also specify an optional
SMTP code and reject response for rejected domains. There is only one sender verification exception
table per Cisco IronPort appliance and it is enabled per mail flow policy.
The sender verification exception table can be used to list obviously fake but correctly formatted
domains or email addresses from which you want to reject mail. For example, the correctly formatted
MAIL FROM:
domains or email addresses from which you want to reject mail. For example, the correctly formatted
MAIL FROM:
pres@whitehouse.gov
could be listed in the sender verification exception table and set
to be automatically rejected. You can also list domains that you want to automatically allow, such as
internal or test domains. This is similar to envelope recipient (SMTP RCPT TO command) processing
which occurs in the Recipient Access Table (RAT).
internal or test domains. This is similar to envelope recipient (SMTP RCPT TO command) processing
which occurs in the Recipient Access Table (RAT).
The sender verification exception table is defined in the GUI via the Mail Policies > Exception Table
page (or the CLI, via the
page (or the CLI, via the
exceptionconfig
command) and then is enabled on a per-policy basis via the
GUI (see
) or the CLI
(see the Cisco IronPort AsyncOS CLI Reference Guide.
Entries in the sender verification exception table have the following syntax:
Figure 5-27
Exception Table Listing
for more information about
modifying the exception table.
Implementing Sender Verification — Example Settings
This section provides an example of a typical conservative implementation of host and envelope sender
verification.
verification.
For this example, when implementing host sender verification, mail from connecting hosts for which
reverse DNS lookup does not match is throttled via the existing SUSPECTLIST sender group and
THROTTLED mail flow policy.
reverse DNS lookup does not match is throttled via the existing SUSPECTLIST sender group and
THROTTLED mail flow policy.
A new sender group (UNVERIFIED) and a new mail flow policy (THROTTLEMORE) are created. Mail
from connecting hosts which are not verified will be throttled (using the UNVERIFIED sender group
and the more aggressive THROTTLEMORE mail flow policy) prior to the SMTP conversation.
from connecting hosts which are not verified will be throttled (using the UNVERIFIED sender group
and the more aggressive THROTTLEMORE mail flow policy) prior to the SMTP conversation.
Envelope sender verification is enabled for the ACCEPTED mail flow policy.