Руководство Пользователя для Cisco Cisco Email Security Appliance X1070
7-19
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Handling Messages from a Group of Senders in the Same Manner
SMTP Authentication
Allows, disallow, or requires SMTP Authentication from remote hosts
connecting to the listener. SMTP Authentication is described in detail
in the “LDAP Queries” chapter.
connecting to the listener. SMTP Authentication is described in detail
in the “LDAP Queries” chapter.
If Both TLS and SMTP
Authentication are enabled:
Authentication are enabled:
Require TLS to offer SMTP Authentication.
Domain Key Signing
Domain Key/ DKIM Signing Enable Domain Keys or DKIM signing on this listener (ACCEPT and
RELAY only).
DKIM Verification
Enable DKIM verification.
S/MIME Decryption and Verification
S/MIME
Decryption/Verification
Decryption/Verification
•
Enable S/MIME decryption or verification.
•
Choose whether to retain or remove the digital signature from the
messages after S/MIME verification. For triple wrapped messages,
only the inner signature is retained or removed.
messages after S/MIME verification. For triple wrapped messages,
only the inner signature is retained or removed.
S/MIME Public Key Harvesting
S/MIME Public Key
Harvesting
Harvesting
Enable S/MIME public key harvesting.
Harvest Certificates on
Verification Failure
Verification Failure
Choose whether to harvest public keys if the verification of the
incoming signed messages fail.
incoming signed messages fail.
Store Updated Certificate
Choose whether to harvest updated public keys.
SPF/SIDF Verification
Enable SPF/SIDF
Verification
Verification
Enable SPF/SIDF signing on this listener. For more information, see the
“Email Authentication” chapter.
“Email Authentication” chapter.
Conformance Level
Set the SPF/SIDF conformance level. You can choose from SPF, SIDF
or SIDF Compatible. For details, see the “Email Authentication”
chapter.
or SIDF Compatible. For details, see the “Email Authentication”
chapter.
Downgrade PRA
verification result if
'Resent-Sender:' or
'Resent-From:' were used:
verification result if
'Resent-Sender:' or
'Resent-From:' were used:
If you choose a conformance level of SIDF compatible, configure
whether you want to downgrade Pass result of the PRA Identity
verification to None if there are Resent-Sender: or Resent-From:
headers present in the message. You may choose this option for security
purposes.
whether you want to downgrade Pass result of the PRA Identity
verification to None if there are Resent-Sender: or Resent-From:
headers present in the message. You may choose this option for security
purposes.
HELO Test
Configure whether you want to perform a test against the HELO
identity (Use this for SPF and SIDF Compatible conformance levels).
identity (Use this for SPF and SIDF Compatible conformance levels).
DMARC Verification
Enable DMARC Verification Enable DMARC verification on this listener. For more information, see
.
Use DMARC Verification
Profile
Profile
Select the DMARC verification profile that you want to use on this
listener.
listener.
Table 7-8
Mail Flow Policy Parameters (continued)
Parameter
Description