Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The sending MTA initiates an SMTP conversation.

The Email Security appliance suspends the SMTP conversation while it sends a query to the SMTP 
server to verify the recipient, validuser@recipient.com.

If SMTP routes or LDAP routing queries are configured, these routes will be used to query 
the SMTP server. 

The SMTP Server returns a query response to the Email Security appliance.

The Email Security appliance resumes the SMTP conversation and sends a response to the sending 
MTA, allowing the conversation to continue or dropping the connection based on the SMTP server 
response (and settings you configure in the SMTP Call-Ahead profile).

Due to the order of processes in the email pipeline, if the message for a given recipient is rejected by the 
RAT, then the SMTP call-ahead recipient validation will not occur. For example, if you specified in the 
RAT that only mail for example.com is accepted, then mail for recipient@domain2.com is rejected 
before SMTP call-ahead recipient validation can occur.

If you have configured Directory Harvest Attack Prevention (DHAP) in the HAT, be aware that SMTP 
call-ahead server rejections are part of the number of rejections included in the maximum invalid 
recipients per hour that you specify. You may need to adjust this number to account for additional SMTP 
server rejections. For more information about DHAP, see the “Configuring the Gateway to Receive 
Email” chapter.