Cisco Cisco Email Security Appliance C160 Mode D'Emploi
26-38
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 26 LDAP Queries
Configuring AsyncOS for SMTP Authentication
HAT Delayed Rejection
When HAT Delayed Rejection is configured, connections that would get dropped based on the HAT
Sender Group and Mail Flow Policy configuration can still authenticate successfully and get the RELAY
mail flow policy granted.
Sender Group and Mail Flow Policy configuration can still authenticate successfully and get the RELAY
mail flow policy granted.
Configure whether to perform HAT rejection at the message recipient level.By default, HAT rejected
connections will be closed with a banner message at the start of the SMTP conversation.
connections will be closed with a banner message at the start of the SMTP conversation.
When an email is rejected due to HAT “Reject” settings, AsyncOS can perform the rejection at the
message recipient level (RCPT TO), rather than at the start of the SMTP conversation. Rejecting
messages in this way delays the message rejection and bounces the message, allowing AsyncOS to retain
more detailed information about the rejected messages. For example, you can see the mail from address
and each recipient address of the message which is blocked. Delaying HAT rejections also makes it less
likely that the sending MTA will perform multiple retries.
message recipient level (RCPT TO), rather than at the start of the SMTP conversation. Rejecting
messages in this way delays the message rejection and bounces the message, allowing AsyncOS to retain
more detailed information about the rejected messages. For example, you can see the mail from address
and each recipient address of the message which is blocked. Delaying HAT rejections also makes it less
likely that the sending MTA will perform multiple retries.
When you enable HAT delayed rejection, the following behavior occurs:
•
The MAIL FROM command is accepted, but no message object is created.
•
All RCPT TO commands are rejected with text explaining that access to send e-mail is refused.
•
If the sending MTA authenticates with SMTP AUTH, they are granted a RELAY policy and are
allowed to deliver mail as normal.
allowed to deliver mail as normal.
You can configure delayed rejection using the
listenerconfig --> setup
CLI command. This behavior
is disabled by default.
The following table shows how to configure delayed rejection for HAT.
example.com> listenerconfig
Currently configured listeners:
1. listener1 (on main, 172.22.138.17) QMQP TCP Port 628 Private
2. listener2 (on main, 172.22.138.17) SMTP TCP Port 25 Private
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> setup
Enter the global limit for concurrent connections to be allowed across all listeners.