Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
281282283284285286287288289290
10-3
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 10 Mail Policies
Handling Incoming and Outgoing Messages Differently
Handling Incoming and Outgoing Messages Differently
The Email Security appliances uses two different sets of mail policies for message content security:
Incoming mail policies for messages are messages received from connections that match an
ACCEPT HAT policy in any listener.
Outgoing mail policies for messages are messages from connections that match a RELAY HAT
policy in any listener. This includes any connection that was authenticated with SMTP AUTH.
Having separate sets of policies allow you to define different security rules for messages sent to your
users and messages sent from your users. You manage these policies using the Mail Policies > Incoming
Mail Policies or Outgoing Mail Policies pages in the GUI, or the
policyconfig command in the CLI.
Note Some features can be applied only to incoming or to outgoing mail policies. For example, Data Loss
Prevention scanning can only be performed on outgoing messages. Advanced Malware Protection (File
Reputation scanning and File Analysis) is available only in Incoming Mail Policies.
Note In certain installations, “internal” mail being routed through the Cisco appliance may be considered
outgoing, even if all the recipients are addressed to internal addresses. For example, by default for C170
and C190 appliances, the system setup wizard will configure only one physical Ethernet port with one
listener for receiving inbound email and relaying outbound email.
Matching Users to a Mail Policy
As messages are received by the appliance, the Email Security appliance attempts to match each message
recipient and sender to a mail policy in the Incoming or Outgoing Mail Policies table, depending on
whether it is an incoming or outgoing message.
Matches are based on the recipient’s address, the sender’s address, or both:
Recipient address matches the Envelope Recipient address
When matching recipient addresses, the recipient addresses entered are the final addresses after
processing by preceding parts of the email pipeline. For example, if enabled, the default domain,
LDAP routing or masquerading, alias table, domain map, and message filters features can rewrite
the Envelope Recipient address and may affect whether the message matches a mail policy.
Sender address matches:
Envelope Sender (RFC821 MAIL FROM address)
Address found in the RFC822 From: header
Address found in the RFC822 Reply-To: header
Addresses may be matched on either a full email address, user, domain, or partial domain, and addresses
may also match LDAP group membership.
Related Topics
First Match Wins, page 10-4
Examples of Policy Matching, page 10-4