Cisco Cisco Email Security Appliance C160 Mode D'Emploi
9-21
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 9 Anti-Spam
The Incoming Relays Feature: Overview
Occasionally, administrators need to run the Cisco IronPort appliance behind the mail exchange (MX)
or mail transfer agent (MTA) at the edge of the network instead of receiving mail directly from the
Internet. Unfortunately, when using this configuration the Cisco IronPort appliance is not receiving the
mail directly from the Internet and so it does not have access to the last connecting IP address from the
external network. Instead mail received is listed as being received from the local MX/MTA. It is critical
for successful operation of the Cisco IronPort appliance that the connecting IP address be known so that
SenderBase Reputation Service can be used in Cisco IronPort Intelligent Multi-Scan and Cisco IronPort
Anti-Spam scanning.
or mail transfer agent (MTA) at the edge of the network instead of receiving mail directly from the
Internet. Unfortunately, when using this configuration the Cisco IronPort appliance is not receiving the
mail directly from the Internet and so it does not have access to the last connecting IP address from the
external network. Instead mail received is listed as being received from the local MX/MTA. It is critical
for successful operation of the Cisco IronPort appliance that the connecting IP address be known so that
SenderBase Reputation Service can be used in Cisco IronPort Intelligent Multi-Scan and Cisco IronPort
Anti-Spam scanning.
The solution is to configure an incoming relay. When configuring an incoming relay, you specify the
names and IP addresses of all of the internal MX/MTAs connecting to the Cisco IronPort appliance, as
well as the header used to store the originating IP address. You can specify either an Internet Protocol
version 4 (IPv4) or version 6 (IPv6) address for the internal MX/MTA. You have two options for
specifying the header: a custom header or an existing received header.
names and IP addresses of all of the internal MX/MTAs connecting to the Cisco IronPort appliance, as
well as the header used to store the originating IP address. You can specify either an Internet Protocol
version 4 (IPv4) or version 6 (IPv6) address for the internal MX/MTA. You have two options for
specifying the header: a custom header or an existing received header.
Incoming Relays and Email Security Monitor
When using the Incoming Relay feature, data provided by the Email Security Monitor will contain data
for both the external IP and the MX/MTA. For example, if an external machine (IP 7.8.9.1) sent 5 emails
through the internal MX/MTA (IP 10.2.3.4), Mail Flow Summary will show 5 messages coming from IP
7.8.9.1 and 5 more coming from the internal relay MX/MTA (IP 10.2.3.5).
for both the external IP and the MX/MTA. For example, if an external machine (IP 7.8.9.1) sent 5 emails
through the internal MX/MTA (IP 10.2.3.4), Mail Flow Summary will show 5 messages coming from IP
7.8.9.1 and 5 more coming from the internal relay MX/MTA (IP 10.2.3.5).
Incoming Relays and Filters
The Incoming Relays feature provides the various SenderBase Reputation Service related filter rules
(
(
reputation, no-reputation
) with the correct SenderBase Reputation score.
Incoming Relays, HAT, SBRS, and Sender Groups
Please note that HAT policy groups do not currently use information from Incoming Relays. However,
because the Incoming Relays feature does supply the SenderBase Reputation score, you can simulate
HAT policy group functionality via message filters and the
because the Incoming Relays feature does supply the SenderBase Reputation score, you can simulate
HAT policy group functionality via message filters and the
$reputation
variable.
Incoming Relays and Reporting
When using Incoming Relays, the SenderBase Reputation score is not reported correctly in the Email
Security Monitor reports. Also, sender groups may not be resolved correctly.
Security Monitor reports. Also, sender groups may not be resolved correctly.
Incoming Relays and Message Tracking
When using Incoming Relays, the Message Tracking Details page displays the relay’s IP address and the
relay’s SenderBase Reputation Score for a message instead of the IP address and reputation score of the
sender.
relay’s SenderBase Reputation Score for a message instead of the IP address and reputation score of the
sender.
Incoming Relays and Trace
Trace returns the Incoming Relay’s SenderBase Reputation Score in its results instead of the reputation
score for the source IP address.
score for the source IP address.