Cisco Cisco Email Security Appliance X1070 トラブルシューティングガイド
If a sender negotiates SMTPAUTH, what HAT
policy settings are applied to the session?
policy settings are applied to the session?
Document ID: 118249
Contributed by Stephan Fiebrandt and Chris Haag, Cisco TAC
Engineers.
Engineers.
Aug 12, 2014
Contents
Introduction
Solution
Solution
Introduction
This document describes how SMTP relaying (SMTPAUTH − SMTP authentication) can be introduce to
Cisco Email Security Appliance (ESA).
Cisco Email Security Appliance (ESA).
Solution
Cisco Email Security Appliances can be configured to allow senders to authenticate via SMTPAUTH.
SMTPAUTH does not affect Host Access Table (HAT) settings, senders are grouped into the appropriate
"sender group" before the SMTPAUTH negotiation begins. When a remote mail host connects, the appliance
will first determine which sender group applies and impose the Mail Policy for that sender group. For
example, if a remote MTA "example.com" is in your SUSPECTLIST Sendergroup, the THROTTLE policy
will be applied, irrespective of "example.com's" SMTPAUTH negotiation.
SMTPAUTH does not affect Host Access Table (HAT) settings, senders are grouped into the appropriate
"sender group" before the SMTPAUTH negotiation begins. When a remote mail host connects, the appliance
will first determine which sender group applies and impose the Mail Policy for that sender group. For
example, if a remote MTA "example.com" is in your SUSPECTLIST Sendergroup, the THROTTLE policy
will be applied, irrespective of "example.com's" SMTPAUTH negotiation.
However, senders that do authenticate using SMTPAUTH are treated differently from "normal" senders. The
connection behavior for successful SMTPAUTH sessions changes to "RELAY," effectively bypassing the
"Recipient Access Table" (RAT) and LDAPACCEPT. This allows the Sender to relay messages through the
Cisco Content Security Appliance appliance. As stated, any Rate Limiting or throttling that applies will
remain in effect.
connection behavior for successful SMTPAUTH sessions changes to "RELAY," effectively bypassing the
"Recipient Access Table" (RAT) and LDAPACCEPT. This allows the Sender to relay messages through the
Cisco Content Security Appliance appliance. As stated, any Rate Limiting or throttling that applies will
remain in effect.
Updated: Aug 12, 2014
Document ID: 118249