IronPort - advanced configuration guide

More documents

Recommendations

Info

The Received-SPF Header 5-30 SoftFail, Fail, TempError, PermError: Reject For MAIL FROM Identity: Accept SMTP Response Settings: Reject code: 550 Reject text: #5.7.1 SPF unauthorized mail is prohibited. Get reject response text from publisher: Yes Defer code: 451 Defer text: #4.4.3 Temporary error occurred during SPF verification. Verification timeout: 40 Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide Chapter 5 Email Authentication See the Cisco IronPort AsyncOS CLI Reference Guide for more information on the listenerconfig command. When you configure AsyncOS for SPF/SIDF verification, it places an SPF/SIDF verification header (Received-SPF) in the email. The Received-SPF header contains the following information: verification result - the SPF verification result (see Verification Results, page 5-31). identity - the identity that SPF verification checked: HELO, MAIL FROM, or PRA. receiver - the verifying host name (which performs the check). client IP address - the IP address of the SMTP client. ENVELOPE FROM - the envelope sender mailbox. (Note that this may be different from the MAIL FROM identity, as the MAIL FROM identity cannot be empty.) x-sender - the value of the HELO, MAIL FROM, or PRA identity. x-conformance - the level of conformance (see Table 5-1SPF/SIDF Conformance Levels, page 5-24) and whether a downgrade of the PRA check was performed. The following example shows a header added for a message that passed the SPF/SIDF check: Received-SPF: Pass identity=pra; receiver=box.example.com; client-ip=1.2.3.4; envelope-from="alice@fooo.com"; x-sender="alice@company.com"; x-conformance=sidf_compatible Note The spf-status and spf-passed filter rules use the received-SPF header to determine the status of the SPF/SIDF verification. OL-25137-01
Chapter 5 Email Authentication Determining the Action to Take for SPF/SIDF Verified Mail Verification Results OL-25137-01 When you receive SPF/SIDF verified mail, you may want to take different actions depending on the results of the SPF/SIDF verification. You can use the following message and content filter rules to determine the status of SPF/SIDF verified mail and perform actions on the messages based on the verification results: spf-status. This filter rule determines actions based on the SPF/SIDF status. You can enter a different action for each valid SPF/SIDF return value. spf-passed. This filter rule generalizes the SPF/SIDF results as a Boolean value. Note The spf-passed filter rule is only available in message filters. You can use the spf-status rule when you want to address more granular results, and use the spf-passed rule when you want to create a simple Boolean. If you use the spf-status filter rule, you can check against the SPF/SIDF verification results using the following syntax: if (spf-status == "Pass") If you want a single condition to check against multiple status verdicts, you can use the following syntax: if (spf-status == "PermError, TempError") You can also check the verification results against the HELO, MAIL FROM, and PRA identities using the following syntax: if (spf-status("pra") == "Fail") Note You can only use the spf-status message filter rule to check results against HELO, MAIL FROM, and PRA identities. You cannot use the spf-status content filter rule to check against identities. You can receive any of the following verification results: None - no verification can be performed due to the lack of information. Pass - the client is authorized to send mail with the given identity. Neutral - the domain owner does not assert whether the client is authorized to use the given identity. SoftFail - the domain owner believes the host is not authorized to use the given identity but is not willing to make a definitive statement. Fail - the client is not authorized to send mail with the given identity. TempError - a transient error occurred during verification. Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide 5-31
Page 1 and 2:
Cisco IronPort AsyncOS 7.6 for Emai
Page 3 and 4:
OL-25137-01 Preface xvii Before you
Page 5 and 6:
OL-25137-01 Deleting Entries from t
Page 7 and 8:
OL-25137-01 Configuring Global Sett
Page 9 and 10:
OL-25137-01 DomainKeys and DKIM Sig
Page 11 and 12:
OL-25137-01 Valid Rule 6-20 Subject
Page 13 and 14:
OL-25137-01 Viewing Non-ASCII Chara
Page 15 and 16:
OL-25137-01 Administering a Cluster
Page 17 and 18:
OL-25137-01 Preface The Cisco IronP
Page 19 and 20:
Typographic Conventions Typeface or
Page 21 and 22:
OL-25137-01 Customizing Listeners C
Page 23 and 24:
Chapter 1 Customizing Listeners OL-
Page 25 and 26:
Page 27 and 28:
Chapter 1 Customizing Listeners Con
Page 29 and 30:
Chapter 1 Customizing Listeners Loo
Page 31 and 32:
Chapter 1 Customizing Listeners Par
Page 33 and 34:
Chapter 1 Customizing Listeners Rou
Page 35 and 36:
Chapter 1 Customizing Listeners Adv
Page 37 and 38:
Chapter 1 Customizing Listeners Tim
Page 39 and 40:
Chapter 1 Customizing Listeners Inj
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Chapter 1 Customizing Listeners Ena
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
OL-25137-01 CHAPTER 2 Configuring R
Page 61 and 62:
Chapter 2 Configuring Routing and D
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Overview OL-25137-01 LDAP Queries C
Page 137 and 138:
Chapter 3 LDAP Queries Understandin
Page 139 and 140:
Chapter 3 LDAP Queries OL-25137-01
Page 141 and 142:
Chapter 3 LDAP Queries Configuring
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Chapter 3 LDAP Queries LDAP Query S
Page 149 and 150:
Page 151 and 152:
Chapter 3 LDAP Queries Testing LDAP
Page 153 and 154:
Chapter 3 LDAP Queries Sample Accep
Page 155 and 156:
Chapter 3 LDAP Queries Sample Masqu
Page 157 and 158:
Page 159 and 160:
Chapter 3 LDAP Queries Example: Usi
Page 161 and 162:
Page 163 and 164:
Chapter 3 LDAP Queries Directory Ha
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172: Chapter 3 LDAP Queries OL-25137-01
Page 177 and 178: Chapter 3 LDAP Queries Spam Quarant
Page 179 and 180: Chapter 3 LDAP Queries Sample Activ
Page 183 and 184: OL-25137-01 CHAPTER 4 Validating Re
Page 185 and 186: Chapter 4 Validating Recipients Usi
Page 193 and 194: OL-25137-01 Email Authentication CH
Page 195 and 196: Chapter 5 Email Authentication Doma
Page 197 and 198: Chapter 5 Email Authentication Publ
Page 199 and 200: Chapter 5 Email Authentication OL-2
Page 211 and 212: Chapter 5 Email Authentication Expo
Page 213 and 214: Chapter 5 Email Authentication Conf
Page 215 and 216: Chapter 5 Email Authentication Test
Page 221: Chapter 5 Email Authentication OL-2
Page 227 and 228: Chapter 5 Email Authentication Grea
Page 229 and 230: Overview OL-25137-01 CHAPTER 6 Usin
Page 231 and 232: Chapter 6 Using Message Filters to
Page 273 and 274:
Chapter 6 Using Message Filters to
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
OL-25137-01 CHAPTER Advanced Networ
Page 335 and 336:
Chapter 7 Advanced Network Configur
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
OL-25137-01 Centralized Management
Page 355 and 356:
Chapter 8 Centralized Management Fi
Page 357 and 358:
Chapter 8 Centralized Management OL
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Chapter 8 Centralized Management Le
Page 367 and 368:
Chapter 8 Centralized Management Ne
Page 369 and 370:
Page 371 and 372:
Chapter 8 Centralized Management Cl
Page 373 and 374:
Chapter 8 Centralized Management Di
Page 375 and 376:
Page 377 and 378:
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
OL-25137-01 AsyncOS Quick Reference
Page 385 and 386:
Appendix A AsyncOS Quick Reference
Page 387 and 388:
FTP Access OL-25137-01 Accessing th
Page 389 and 390:
Appendix B Accessing the Appliance
Page 391 and 392:
Appendix B Accessing the Appliance
Page 393 and 394:
Symbols /dev/null, in alias tables
Page 395 and 396:
overview 2-28 domain profile deleti
Page 397 and 398:
loose SMTP address parsing 1-9 malf
Page 399 and 400:
scanning images 6-67 scp command B-
show all

IronPort - advanced configuration guide

Create successful ePaper yourself

Delete template?

Save as template?