Cisco Cisco Email Security Appliance C160 Mode D'Emploi
4-257
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
Chapter 4 Email Authentication
Working with SPF on an IronPort Email Security
Appliance
Appliance
To use SPF/SIDF on an IronPort appliance, complete the following steps:
Step 1
Enable SPF/SIDF. You enable SPF/SIDF on an incoming listener from the
default mail flow policy, or you can enable it for different incoming mail flow
policies. For more information, see
default mail flow policy, or you can enable it for different incoming mail flow
policies. For more information, see
.
Step 2
Configure actions to take on SPF/SIDF-verified mail. You can use message or
content filters to determine actions to take for SPF-verified mail. For more
information, see
content filters to determine actions to take for SPF-verified mail. For more
information, see
Step 3
Test the SPF/SIDF results. Because organizations use different email
authorization methods, and each organization may use SPF/SIDF differently (for
example, the SPF or SIDF policy may conform to different standards), you need
to test the SPF/SIDF results to ensure that you do not bounce or drop emails from
authorized senders. You can test the SPF/SIDF results by using a combination of
content filters, message filters, and the Content Filters report. For more
information about testing the SPF/SIDF results, see
authorization methods, and each organization may use SPF/SIDF differently (for
example, the SPF or SIDF policy may conform to different standards), you need
to test the SPF/SIDF results to ensure that you do not bounce or drop emails from
authorized senders. You can test the SPF/SIDF results by using a combination of
content filters, message filters, and the Content Filters report. For more
information about testing the SPF/SIDF results, see
.
Warning
Although IronPort strongly endorses email authentication globally, at this point
in the industry's adoption, IronPort suggests a cautious disposition for SPF/SIDF
authentication failures. Until more organizations gain greater control of their
authorized mail sending infrastructure, IronPort urges customers to avoid
bouncing emails and instead quarantine emails that fail SPF/SIDF verification.
in the industry's adoption, IronPort suggests a cautious disposition for SPF/SIDF
authentication failures. Until more organizations gain greater control of their
authorized mail sending infrastructure, IronPort urges customers to avoid
bouncing emails and instead quarantine emails that fail SPF/SIDF verification.
The AysncOS command line interface (CLI) provides more control settings for
SPF level than the web interface. Based on the SPF verdict, the appliance can
accept or reject a message, in SMTP conversation, on a per listener basis. You can
modify the SPF settings when editing the default settings for a listener’s Host
Access Table using the
SPF level than the web interface. Based on the SPF verdict, the appliance can
accept or reject a message, in SMTP conversation, on a per listener basis. You can
modify the SPF settings when editing the default settings for a listener’s Host
Access Table using the
listenerconfig
command. See the
for more information on the settings.