Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
571572573574575576577578579580
CHAPTER
22-1
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
22
Validating Recipients Using an SMTP Server
Overview of SMTP Call-Ahead Recipient Validation, page 22-1
SMTP Call-Ahead Recipient Validation Workflow, page 22-1
How to Validate Recipients Using an External SMTP Server, page 22-3
Enabling a Listener to Validate Incoming Mail Via the SMTP Server, page 22-6
Configuring LDAP Routing Query Settings, page 22-6
SMTP Call-Ahead Query Routing, page 22-7
Bypassing SMTP Call-Ahead Validation for Certain Users or Groups, page 22-8
Overview of SMTP Call-Ahead Recipient Validation
The SMTP call-ahead recipient validation feature queries an external SMTP server before accepting
incoming mail for a recipient. Use this feature to validate recipients when you cannot use LDAP Accept
or the Recipient Access Table (RAT). For example, suppose you host mail for many mailboxes, each
using a separate domain, and your LDAP infrastructure does not allow you to query the LDAP server to
validate each recipient. In this case, the Email Security appliance can query the SMTP server and
validate the recipient before continuing the SMTP conversation.
You can use SMTP call-ahead recipient validation in order to reduce processing on messages for invalid
recipients. Typically, a message for an invalid recipient progresses through the work queue before it can
be dropped. Instead, an invalid message can be dropped or bounced during the incoming/receiving part
of the email pipeline without requiring additional processing.
SMTP Call-Ahead Recipient Validation Workflow
When you configure your Email Security appliance for SMTP call-ahead recipient validation, the Email
Security appliance suspends the SMTP conversation with the sending MTA while it “calls ahead” to the
SMTP server to verify the recipient. When the appliance queries the SMTP server, it returns the SMTP
server’s response to the Email Security appliance, and depending on the settings you have configured,
you can accept the mail or drop the connection with a code and custom response.
Figure 22-1 shows the basic workflow of the SMTP call-head validation conversation.