Cisco Cisco Email Security Appliance C680 릴리즈 노트
7
Release Notes for AsyncOS 9.8 for Cisco Email Security Appliances
Changes in Behavior
Mail Policy Matching
Logic Changes
Logic Changes
Prior to this release, while matching a message to a mail policy, the
envelope sender (RFC821 MAIL FROM address) and the header sender
(address found in the RFC822 From and Reply-To) had the same priority.
As a result, if you had configured a mail policy to match a specific user,
the messages were classified into that mail policy based on the header
sender.
envelope sender (RFC821 MAIL FROM address) and the header sender
(address found in the RFC822 From and Reply-To) had the same priority.
As a result, if you had configured a mail policy to match a specific user,
the messages were classified into that mail policy based on the header
sender.
After upgrading to this release, while matching a message to a mail policy,
the envelope sender has higher priority over the header sender. If you have
configured a mail policy to match a specific user, the messages will be
classified into that mail policy based on the envelope sender.
the envelope sender has higher priority over the header sender. If you have
configured a mail policy to match a specific user, the messages will be
classified into that mail policy based on the envelope sender.
Changes in Outbreak
Filter Settings
Filter Settings
While enabling Outbreak Filter on mail policies, you can now configure
the appliance to modify the message subject even when the URL
Rewriting is disabled or the Threat Disclaimer is not set.
the appliance to modify the message subject even when the URL
Rewriting is disabled or the Threat Disclaimer is not set.
Representation of the CPU
utilization
utilization
For better representation of the CPU utilization, the parameter Total CPU
Utilization is now changed to Overall CPU Load Average (Monitor >
System Status > CPU Utilization on web interface or
Utilization is now changed to Overall CPU Load Average (Monitor >
System Status > CPU Utilization on web interface or
system status
command in CLI). Overall CPU Load Average is the average of the
appliance's CPU load in the last one minute.
appliance's CPU load in the last one minute.
Changes in
Authentication-Results
Header
Authentication-Results
Header
Authentication-Results header now includes authentication results for
SPF, DKIM, and DMARC verifications.
SPF, DKIM, and DMARC verifications.
Also, to be compliant to RFC5451, if DKIM verification is enabled and a
message is not DKIM signed, the appliance now adds “none” in the
Authentication-Result header.
message is not DKIM signed, the appliance now adds “none” in the
Authentication-Result header.
Changes in URL Filtering
URLs that were formerly labeled “Suspicious” are now labeled “Neutral.”
Only the labeling has changed; the underlying logic and processing have
not changed.
Only the labeling has changed; the underlying logic and processing have
not changed.
Receive and process
messages from domains
with malformed DMARC
records
messages from domains
with malformed DMARC
records
Cisco Email Security appliance will now be able to receive and process
messages from domains with malformed DMARC records. However, the
appliance will not perform DMARC verification of such messages.
messages from domains with malformed DMARC records. However, the
appliance will not perform DMARC verification of such messages.
Character limit for SMTP
Routes Destination
Hostnames removed
Routes Destination
Hostnames removed
While setting up SMTP Routes, you can now specify destination
hostnames of more than 45 characters.
hostnames of more than 45 characters.
Content Scanner Behavior For enhanced performance, if the Image Analysis Feature is not enabled,
content scanner will not extract images embedded in attachment files.
Change in SPF
Verification Content and
Message Filter Behavior
Verification Content and
Message Filter Behavior
If you have configured an SPF verification content or message filter rule
without an SPF identity and if a message contains different SPF identities
with different verdicts, the rule is triggered if one of the verdicts in the
message matches the rule.
without an SPF identity and if a message contains different SPF identities
with different verdicts, the rule is triggered if one of the verdicts in the
message matches the rule.
DKIM Signing of System
Generated Messages
Generated Messages
DKIM Signing of System Generated Messages option is now available
under Mail Policies > Signing Profiles > DKIM Global Settings.
under Mail Policies > Signing Profiles > DKIM Global Settings.
New Alert for Message
Filter Crashes
Filter Crashes
When a message filter crashes, the appliance sends a system alert with a
critical severity.
critical severity.