Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

As incoming messages are received by listeners on the system, each message 
recipient matches a policy in one of the tables, regardless of the number of 
listeners configured on the system. Matches are based on either the recipient’s 
address or the sender’s address:

Recipient address matches the Envelope Recipient address

When matching recipient addresses, the recipient addresses entered are the 
final addresses after processing by preceding parts of the email pipeline. For 
example, if enabled, the default domain, LDAP routing or masquerading, 
alias table, domain map, and message filters features can rewrite the Envelope 
Recipient address and may affect whether the message matches a policy in the 
Email Security Manager (Anti-Spam, Anti-Virus, Content Filters, and Virus 
Outbreak Filters).

Sender address matches:

Envelope Sender (RFC821 MAIL FROM address)

Address found in the RFC822 From: header 

Address found in the RFC822 Reply-To: header 

Addresses may be matched on either a full email address, user, domain, or partial 
domain, and addresses may also match LDAP group membership. 

Each recipient is evaluated for each policy in the appropriate table (incoming or 
outgoing) in a top-down fashion. 

For each recipient of a message, the first matching policy wins. If a recipient does 
not match any specific policy, the recipient will automatically match the default 
policy of the table. 

If a match is made based on a sender address (or on the special “Listener” rule 
created by an upgrade — see below), all remaining recipients of a message will 
match that policy. (This is because there can be only one sender or one listener per 
message.)