Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
7-28
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Verifying Senders
These features are mutually exclusive.
Custom SMTP Code and Response
You can specify the SMTP code and response message for messages with malformed envelope senders,
for envelope senders which do not exist in DNS, and for envelope senders which do not resolve via DNS
queries (DNS server might be down, etc.).
for envelope senders which do not exist in DNS, and for envelope senders which do not resolve via DNS
queries (DNS server might be down, etc.).
In the SMTP response, you can include a variable,
$EnvelopeSender
, which is expanded to the value of
the envelope sender when the custom response is sent.
While typically a “Domain does not exist” result is permanent, it is possible for this to be a transient
condition. To handle such cases, “conservative” users may wish to change the error code from the default
5XX to a 4XX code.
condition. To handle such cases, “conservative” users may wish to change the error code from the default
5XX to a 4XX code.
Sender Verification Exception Table
The sender verification exception table is a list of domains or email addresses that will either be
automatically allowed or rejected during the SMTP conversation. You can also specify an optional
SMTP code and reject response for rejected domains. There is only one sender verification exception
table per appliance and it is enabled per mail flow policy.
automatically allowed or rejected during the SMTP conversation. You can also specify an optional
SMTP code and reject response for rejected domains. There is only one sender verification exception
table per appliance and it is enabled per mail flow policy.
The sender verification exception table can be used to list obviously fake but correctly formatted
domains or email addresses from which you want to reject mail. For example, the correctly formatted
MAIL FROM:
domains or email addresses from which you want to reject mail. For example, the correctly formatted
MAIL FROM:
pres@whitehouse.gov
could be listed in the sender verification exception table and set
to be automatically rejected. You can also list domains that you want to automatically allow, such as
internal or test domains. This is similar to envelope recipient (SMTP RCPT TO command) processing
which occurs in the Recipient Access Table (RAT).
internal or test domains. This is similar to envelope recipient (SMTP RCPT TO command) processing
which occurs in the Recipient Access Table (RAT).
The sender verification exception table is defined in the GUI via the Mail Policies > Exception Table
page (or the CLI, via the
page (or the CLI, via the
exceptionconfig
command) and then is enabled on a per-policy basis via the
GUI (see
) or the CLI (see the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances.
Entries in the sender verification exception table have the following syntax:
Figure 7-4
Exception Table Listing
See
for more information about modifying the exception table.
Implementing Sender Verification — Example Settings
This section provides an example of a typical conservative implementation of host and envelope sender
verification.
verification.