Cisco Cisco Email Security Appliance C160 Mode D'Emploi
4-6
Cisco AsyncOS 9.1 for Email User Guide
Chapter 4 Understanding the Email Pipeline
Incoming / Receiving
Domain Map
For each listener you configure, you can construct a domain map table which rewrites the envelope
recipient for each recipient in a message that matches a domain in the domain map table. For example,
joe@old.com -> joe@new.com
recipient for each recipient in a message that matches a domain in the domain map table. For example,
joe@old.com -> joe@new.com
For more information, see “The Domain Map Feature” in the “Configuring Routing and Delivery
Features” chapter.
Features” chapter.
Recipient Access Table (RAT)
For inbound email only, the RAT allows you to specify a list of all local domains for which the appliance
will accept mail.
will accept mail.
For more information, see
Alias Tables
Alias tables provide a mechanism to redirect messages to one or more recipients. Aliases are stored in a
mapping table. When the envelope recipient (also known as the Envelope To, or
mapping table. When the envelope recipient (also known as the Envelope To, or
RCPT TO
) of an email
matches an alias as defined in an alias table, the envelope recipient address of the email will be rewritten.
For more information about Alias Tables, see “Creating Alias Tables” in the “Configuring Routing and
Delivery Features” chapter.
Delivery Features” chapter.
LDAP Recipient Acceptance
You can use your existing LDAP infrastructure to define how the recipient email address of incoming
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. See “Accept Queries” in the “Customizing Listeners” chapter. This allows the appliance to
combat directory harvest attacks (DHAP) in a unique way: the system accepts the message and performs
the LDAP acceptance validation within the SMTP conversation or the work queue. If the recipient is not
found in the LDAP directory, you can configure the system to perform a delayed bounce or drop the
message entirely.
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. See “Accept Queries” in the “Customizing Listeners” chapter. This allows the appliance to
combat directory harvest attacks (DHAP) in a unique way: the system accepts the message and performs
the LDAP acceptance validation within the SMTP conversation or the work queue. If the recipient is not
found in the LDAP directory, you can configure the system to perform a delayed bounce or drop the
message entirely.
For more information, see the “LDAP Queries” chapter.
SMTP Call-Ahead Recipient Validation
When you configure your Email Security appliance for SMTP call-ahead recipient validation, the Email
Security appliance suspends the SMTP conversation with the sending MTA while it “calls ahead” to the
SMTP server to verify the recipient. When the appliance queries the SMTP server, it returns the SMTP
server’s response to the Email Security appliance. The Email Security appliance resumes the SMTP
conversation and sends a response to the sending MTA, allowing the conversation to continue or
dropping the connection based on the SMTP server response (and settings you configure in the SMTP
Call-Ahead profile).
Security appliance suspends the SMTP conversation with the sending MTA while it “calls ahead” to the
SMTP server to verify the recipient. When the appliance queries the SMTP server, it returns the SMTP
server’s response to the Email Security appliance. The Email Security appliance resumes the SMTP
conversation and sends a response to the sending MTA, allowing the conversation to continue or
dropping the connection based on the SMTP server response (and settings you configure in the SMTP
Call-Ahead profile).
For more information, see