Cisco Cisco Email Security Appliance C160 Mode D'Emploi
7-33
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Verifying Senders
Step 5
Check the “Connecting host reverse DNS lookup (PTR) does not match the forward DNS lookup (A)”
checkbox under Connecting Host DNS Verification.
checkbox under Connecting Host DNS Verification.
Step 6
Submit and commit your changes.
Now, senders for which reverse DNS lookups fail will match the SUSPECTLIST sender group and will
receive the default action from the THROTTLED mail flow policy.
receive the default action from the THROTTLED mail flow policy.
Note
You can also configure host DNS verification via the CLI. See
for more information.
Implementing More Stringent Throttling Settings for Unverified Senders
Procedure
Step 1
Create a new mail flow policy (for this example, it is named THROTTLEMORE) and configure it with
more stringent throttling settings.
more stringent throttling settings.
a.
On the Mail Flow Policies page, click Add Policy
b.
Enter a name for the mail flow policy, and select Accept as the Connection Behavior.
c.
Configure the policy to throttle mail.
d.
Submit and commit your changes.
Step 2
Create a new sender group (for this example, it is named UNVERIFIED) and configure it to use the
THROTTLEMORE policy:
THROTTLEMORE policy:
a.
On the HAT Overview page, click Add Sender Group
Figure 7-7
Add Sender Group: THROTTLEMORE
b.
Select the THROTTLEMORE policy from the list.
c.
Check the “Connecting host PTR record does not exist in DNS” checkbox under Connecting Host
DNS Verification.
DNS Verification.