Cisco Cisco Email Security Appliance C170 사용자 가이드
7-18
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Handling Messages from a Group of Senders in the Same Manner
Directory Harvest Attack
Prevention: Drop Connection
if DHAP threshold is
Reached within an SMTP
Conversation
Prevention: Drop Connection
if DHAP threshold is
Reached within an SMTP
Conversation
The appliance will drop a connection to a host if the threshold of invalid
recipients is reached.
recipients is reached.
Max. Invalid Recipients Per
Hour Code:
Hour Code:
Specify the code to use when dropping connections. The default code is
550.
550.
Max. Invalid Recipients Per
Hour Text:
Hour Text:
Specify the text to use for dropped connections. The default text is “Too
many invalid recipients.”
many invalid recipients.”
Drop Connection if DHAP
threshold is reached within
an SMTP Conversation
threshold is reached within
an SMTP Conversation
Enable to drop connections if the DHAP threshold is reached within an
SMTP conversation.
SMTP conversation.
Max. Invalid Recipients Per
Hour Code
Hour Code
Specify the code to use when dropping connections due to DHAP
within an SMTP conversation. The default code is 550.
within an SMTP conversation. The default code is 550.
Max. Invalid Recipients Per
Hour Text:
Hour Text:
Specify the text to use when dropping connections due to DHAP within
an SMTP conversation.
an SMTP conversation.
Spam Detection
Anti-spam scanning
Enable anti-spam scanning on this listener.
Virus Detection
Anti-virus scanning
Enable the anti-virus scanning on this listener.
Encryption and Authentication
TLS
Deny, Prefer, or Require Transport Layer Security (TLS) in SMTP
conversations for this listener.
conversations for this listener.
If you select Preferred, you can make TLS mandatory for envelope
senders from a specific domain or with a specific email address by
selecting an Address List that specifies those domains and email
addresses. When an envelope sender matching a domain or address in
this list tries to send a message over a connection that does not use TLS,
the appliance rejects the connection and the sender will have to try
again using TLS.
senders from a specific domain or with a specific email address by
selecting an Address List that specifies those domains and email
addresses. When an envelope sender matching a domain or address in
this list tries to send a message over a connection that does not use TLS,
the appliance rejects the connection and the sender will have to try
again using TLS.
The Verify Client Certificate option directs the Email Security
appliance to establish a TLS connection to the user’s mail application
if the client certificate is valid. If you select this option for the TLS
Preferred setting, the appliance still allows a non-TLS connection if the
user doesn’t have a certificate, but rejects a connection if the user has
an invalid certificate. For the TLS Required setting, selecting this
option requires the user to have a valid certificate in order for the
appliance to allow the connection.
appliance to establish a TLS connection to the user’s mail application
if the client certificate is valid. If you select this option for the TLS
Preferred setting, the appliance still allows a non-TLS connection if the
user doesn’t have a certificate, but rejects a connection if the user has
an invalid certificate. For the TLS Required setting, selecting this
option requires the user to have a valid certificate in order for the
appliance to allow the connection.
For information on creating an address list, see
.
For information on using client certificates for TLS connections, see
Table 7-8
Mail Flow Policy Parameters (continued)
Parameter
Description