Cisco Cisco Email Security Appliance X1070 Mode D'Emploi
3-31
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
For example, you are prompted with these questions when creating or editing a mail flow policy in a
public listener’s HAT in the CLI — the
public listener’s HAT in the CLI — the
listenerconfig -> edit -> hostaccess -> default | new
commands:
This feature is also displayed when editing any mail flow policy in the GUI, providing that LDAP queries
have been configured on the corresponding listener:
have been configured on the corresponding listener:
Figure 3-15
DHAP Prevention Feature in GUI
Entering a number of invalid recipients per hour enables DHAP for that mail flow policy. By default, 25
invalid recipients per hour are allowed for public listeners. For private listeners, the maximum invalid
recipients per hour is unlimited by default. Setting it to “Unlimited” means that DHAP is not enabled for
that mail flow policy.
invalid recipients per hour are allowed for public listeners. For private listeners, the maximum invalid
recipients per hour is unlimited by default. Setting it to “Unlimited” means that DHAP is not enabled for
that mail flow policy.
Configuring AsyncOS for SMTP Authentication
AsyncOS provides support for SMTP authentication. SMTP Auth is a mechanism for authenticating
clients connected to an SMTP server.
clients connected to an SMTP server.
The practical use of this mechanism is that users at a given organization are able to send mail using that
entity’s mail servers even if they are connecting remotely (e.g. from home or while traveling). Mail User
Agents (MUAs) can issue an authentication request (challenge/response) when attempting to send a
piece of mail.
entity’s mail servers even if they are connecting remotely (e.g. from home or while traveling). Mail User
Agents (MUAs) can issue an authentication request (challenge/response) when attempting to send a
piece of mail.
Users can also use SMTP authentication for outgoing mail relays. This allows the Cisco IronPort
appliance to make a secure connection to a relay server in configurations where the appliance is not at
the edge of the network.
appliance to make a secure connection to a relay server in configurations where the appliance is not at
the edge of the network.
AsyncOS complies with RFC 2554 which defines how an authentication command may be given in an
SMTP conversation, the responses to the negotiation, and any error codes that may need to be generated.
SMTP conversation, the responses to the negotiation, and any error codes that may need to be generated.
AsyncOS supports two methods to authenticate user credentials:
•
You can use an LDAP directory.
•
You can use a different SMTP server (SMTP Auth forwarding and SMTP Auth outgoing).
Do you want to enable Directory Harvest Attack Prevention per host? [Y]> y
Enter the maximum number of invalid recipients per hour from a remote host.
[25]>