Cisco Cisco Email Security Appliance C160 用户指南
13-22
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 13 Anti-Spam
Determining Sender IP Address In Deployments with Incoming Relays
Figure 13-7
A Configured Incoming Relay with Received Header
Related Topics
•
How Incoming Relays Affect Functionality
•
•
•
•
•
•
•
Incoming Relays and Filters
The Incoming Relays feature provides the various SenderBase Reputation Service related filter rules
(
(
reputation, no-reputation
) with the correct SenderBase Reputation score.
Incoming Relays, HAT, SBRS, and Sender Groups
HAT policy groups do not currently use information from Incoming Relays. However, because the
Incoming Relays feature does supply the SenderBase Reputation score, you can simulate HAT policy
group functionality via message filters and the
Incoming Relays feature does supply the SenderBase Reputation score, you can simulate HAT policy
group functionality via message filters and the
$reputation
variable.
Incoming Relays and Directory Harvest Attack Prevention
If a remote host attempts a directory harvest attack by sending messages to the MX or MTA serving as
an incoming relay on your network, the appliance drops the connection from the incoming relay if the
relay is assigned to a sender group with a mail flow policy with Directory Harvest Attack Prevention
(DHAP) enabled. This prevents all messages from the relay, including legitimate messages, from
reaching the Email Security appliance. The appliance does not have the opportunity to recognize the
remote host as the attacker and the MX or MTA that’s acting as the incoming relay continues to receive
an incoming relay on your network, the appliance drops the connection from the incoming relay if the
relay is assigned to a sender group with a mail flow policy with Directory Harvest Attack Prevention
(DHAP) enabled. This prevents all messages from the relay, including legitimate messages, from
reaching the Email Security appliance. The appliance does not have the opportunity to recognize the
remote host as the attacker and the MX or MTA that’s acting as the incoming relay continues to receive