Cisco Cisco Email Security Appliance C160 Mode D'Emploi

By rejecting all hosts other than the ones you specify, the 

listenerconfig

 and 

systemsetup

 commands prevent you from unintentionally configuring your 

system as an “open relay.” An open relay (sometimes called an “insecure relay” 
or a “third party” relay) is an SMTP email server that allows third-party relay of 
email messages. By processing email that is neither for nor from a local user, an 
open relay makes it possible for an unscrupulous sender to route large volumes of 
spam through your gateway.

Mail Flow Policies of the HAT allow you to control or limit the rates at which the 
listener will receive mail from remote hosts. You can also modify the SMTP codes 
and responses communicated during the SMTP conversation. 

The HAT has four basic access rules for acting on connections from remote hosts:

ACCEPT

Connection is accepted, and email acceptance is then further restricted by 
listener settings, including the Recipient Access Table (for public listeners).

REJECT

Connection is initially accepted, but the client attempting to connect gets a 
4XX or 5XX greeting. No email is accepted.

You can also configure AsyncOS to perform this rejection at the message 
recipient level (RCPT TO), rather than at the start of the SMTP 
conversation. Rejecting messages in this way delays the message 
rejection and bounces the message, allowing AsyncOS to retain more 
detailed information about the rejected messages. This setting is 
configured from the CLI 

listenerconfig --> setup 

command. For 

more information, see “Customizing Listeners” in the Cisco IronPort 
AsyncOS for Email Advanced Configuration Guide.

TCPREFUSE

Connection is refused at the TCP level.