Cisco Cisco Email Security Appliance C160 Mode D'Emploi
9-23
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 9 Anti-Spam
Figure 9-14
Mail Relayed by MX/MTA — Variable Number of Hops
Received Header
If configuring the MX/MTAs to include a custom header containing the sending IP address is not an
option, you can configure the incoming relays feature to attempt to determine the sending IP address by
examining the “Received:” headers in the message. Using the “Received:” header will only work if the
number of network “hops” will always be constant for an IP address. In other words, the machine at the
first hop (10.2.3.5 in
option, you can configure the incoming relays feature to attempt to determine the sending IP address by
examining the “Received:” headers in the message. Using the “Received:” header will only work if the
number of network “hops” will always be constant for an IP address. In other words, the machine at the
first hop (10.2.3.5 in
) should always be the same number of hops away from the edge of your
network. If incoming mail can take different paths (resulting in a different number of hops, as described
in
in
) to the machine connecting to your Cisco IronPort appliance, you must use a custom
Specify a parsing character or string and the number of network hops (or Received: headers) back to
look. A hop is basically the message travelling from one machine to another (being received by the Cisco
IronPort appliance does not count as a hop. See
look. A hop is basically the message travelling from one machine to another (being received by the Cisco
IronPort appliance does not count as a hop. See
for
more information). AsyncOS looks for the first IP address following the first occurrence of the parsing
character or string in the Received: header corresponding to the number of specified hops. For example,
if you specify two hops, the second Received: header, working backward from the Cisco IronPort
appliance is parsed. If the parsing character is not found, or if there is not a valid IP address found, the
Cisco IronPort appliance uses the real IP address of the connecting machine.
character or string in the Received: header corresponding to the number of specified hops. For example,
if you specify two hops, the second Received: header, working backward from the Cisco IronPort
appliance is parsed. If the parsing character is not found, or if there is not a valid IP address found, the
Cisco IronPort appliance uses the real IP address of the connecting machine.
If you specify an opening square bracket (
[
) and two hops for the following example mail headers, the
IP address of the external machine is 7.8.9.1. However, if you specify an closing parenthesis (
)
) as the
parsing character, a valid IP address will not be found. In this case, the Incoming Relays feature is treated
as disabled, and the IP of the connecting machine is used (10.2.3.5).
as disabled, and the IP of the connecting machine is used (10.2.3.5).
In the example in
•
Path A — 10.2.3.5 (with 2 hops when using received headers) and
•
Path B — 10.2.6.1 (with 2 hops when using received headers)
IronPort Email Security appliance
Firewall
MX
Sending
Machine
Machine
IP: 7.8.9.1
IP: 10.2.3.4
IP: 10.2.3.6
MTA
IP: 10.2.3.5
Hop 2
Hop 1
C
D