Cisco Cisco Email Security Appliance C160 Mode D'Emploi
25-49
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 25 Configuring Routing and Delivery Features
Bounce Verification
Use the Import Table button on the Destination Controls page or the
destconfig -> import
command
to import a configuration file.You can also export your Destination Control entries to an INI file using
the Export Table button on the Destination Controls page or the
the Export Table button on the Destination Controls page or the
destconfig -> export
command.
AsyncOS includes the
[Default]
domain control entry in the exported INI file.
Destination Controls and the CLI
You can use the
destconfig
command in the CLI to configure Destination Control entries. This
command is discussed in the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances.
Bounce Verification
A “bounce” message is a new message that is sent by a receiving MTA, using the Envelope Sender of
the original email as the new Envelope Recipient. This bounce is sent back to the Envelope Recipient
(usually) with a blank Envelope Sender (MAIL FROM: < >) when the original message is undeliverable
(typically due to a non-existent recipient address).
the original email as the new Envelope Recipient. This bounce is sent back to the Envelope Recipient
(usually) with a blank Envelope Sender (MAIL FROM: < >) when the original message is undeliverable
(typically due to a non-existent recipient address).
Increasingly, spammers are attacking email infrastructure via misdirected bounce attacks. These attacks
consist of a flood of bounce messages, sent by unknowing, legitimate mail servers. Basically, the process
spammers use is to send email via open relays and “zombie” networks to multiple, potentially invalid
addresses (Envelope Recipients) at various domains. In these messages, the Envelope Sender is forged
so that the spam appears to be coming from a legitimate domain (this is known as a “Joe job”).
consist of a flood of bounce messages, sent by unknowing, legitimate mail servers. Basically, the process
spammers use is to send email via open relays and “zombie” networks to multiple, potentially invalid
addresses (Envelope Recipients) at various domains. In these messages, the Envelope Sender is forged
so that the spam appears to be coming from a legitimate domain (this is known as a “Joe job”).
In turn, for each incoming email with an invalid Envelope Recipient, the receiving mail servers generate
a new email — a bounce message — and send it along to the Envelope Sender at the innocent domain
(the one whose Envelope Sender address was forged). As a result, this target domain receives a flood of
“misdirected” bounces — potentially millions of messages. This type of distributed denial of service
attack can bring down email infrastructure and render it impossible for the target to send or receive
legitimate email.
a new email — a bounce message — and send it along to the Envelope Sender at the innocent domain
(the one whose Envelope Sender address was forged). As a result, this target domain receives a flood of
“misdirected” bounces — potentially millions of messages. This type of distributed denial of service
attack can bring down email infrastructure and render it impossible for the target to send or receive
legitimate email.
To combat these misdirected bounce attacks, AsyncOS includes Bounce Verification. When enabled,
Bounce Verification tags the Envelope Sender address for messages sent via your appliance. The
Envelope Recipient for any bounce message received by the appliance is then checked for the presence
of this tag. Legitimate bounces (which should contain this tag) are untagged and delivered. Bounce
messages that do not contain the tag can be handled separately.
Bounce Verification tags the Envelope Sender address for messages sent via your appliance. The
Envelope Recipient for any bounce message received by the appliance is then checked for the presence
of this tag. Legitimate bounces (which should contain this tag) are untagged and delivered. Bounce
messages that do not contain the tag can be handled separately.
TLS: Required (Verify)
Bounce Profile: tls_failed
example2.com
IP Address Preference: IPv6 Preferred
Maximum messages per connection: Default
Rate Limiting: Default
TLS: Preferred
Bounce Profile: tls_failed