User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

141

142

143

144

145

146

147

148

149

150

7-19

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)

Handling Messages from a Group of Senders in the Same Manner

SMTP Authentication Allows, disallow, or requires SMTP Authentication from remote hosts

connecting to the listener. SMTP Authentication is described in detail

in the “LDAP Queries” chapter.

If Both TLS and SMTP

Authentication are enabled:

Require TLS to offer SMTP Authentication.

Domain Key Signing

Domain Key/ DKIM Signing Enable Domain Keys or DKIM signing on this listener (ACCEPT and

RELAY only).

DKIM Verification Enable DKIM verification.

S/MIME Decryption and Verification

S/MIME

Decryption/Verification

• Enable S/MIME decryption or verification.

• Choose whether to retain or remove the digital signature from the

messages after S/MIME verification. For triple wrapped messages,

only the inner signature is retained or removed.

S/MIME Public Key Harvesting

S/MIME Public Key

Harvesting

Enable S/MIME public key harvesting.

Harvest Certificates on

Verification Failure

Choose whether to harvest public keys if the verification of the

incoming signed messages fail.

Store Updated Certificate Choose whether to harvest updated public keys.

SPF/SIDF Verification

Enable SPF/SIDF

Veri fica t i o n

Enable SPF/SIDF signing on this listener. For more information, see the

“Email Authentication” chapter.

Conformance Level Set the SPF/SIDF conformance level. You can choose from SPF, SIDF

or SIDF Compatible. For details, see the “Email Authentication”

chapter.

Downgrade PRA

verification result if

'Resent-Sender:' or

'Resent-From:' were used:

If you choose a conformance level of SIDF compatible, configure

whether you want to downgrade Pass result of the PRA Identity

verification to None if there are Resent-Sender: or Resent-From:

headers present in the message. You may choose this option for security

purposes.

HELO Test Configure whether you want to perform a test against the HELO

identity (Use this for SPF and SIDF Compatible conformance levels).

DMARC Verification

Enable DMARC Verification Enable DMARC verification on this listener. For more information, see

DMARC Verification, page 20-35.

Use DMARC Verification

Profile

Select the DMARC verification profile that you want to use on this

listener.

Table 7-8 Mail Flow Policy Parameters (continued)

Parameter Description