Guest

Cisco Email Security Appliance

HAT Delayed Rejection FAQ

Document ID: 117960

Updated: Jul 16, 2014

Contributed by Viquar Ahmed, Cisco TAC Engineer.

   Print

Introduction

This document covers some frequently asked questions about Host Access Table (HAT) Delayed Rejection.

Prerequisites

The information in this document is based on AsyncOS Version 6.1.5 or later for ESA devices.

What is HAT Delayed Rejection?

HAT Delayed Rejection allows AsyncOS to perform connection rejection at the message recipient level instead of at the start of the Simple Mail Transfer Protocol (SMTP) conversation. This method of message rejection allows SMTP dialog until the RCPT TO command, and thus provides more detailed information about the rejected messages.

What are the benefits of HAT Delayed Rejection?

It has several benefits:

  • It enables AsyncOS to retain information for the blocked sender and recipient addresses of each message.
  • It prevents the sending Message Transfer Agent (MTA) from injecting the same message several times once it has been rejected.
  • It sends the bounce immediately to the sending MTA without any delays.

What are the differences in the mail log entries for a Delayed HAT rejected message and a message with the Delayed HAT feature disabled?

These mail log entries show the message is rejected by HAT Delayed Rejection:

Info: New SMTP ICID 4160 interface Management (x.x.x.x) address y.y.y.y reverse
dns host unknown verified no
Fri Jul 17 23:39:36 2009 Info: ICID 4160 REJECT SG BLACKLIST match y.y.y.y SBRS None
Fri Jul 17 23:39:36 2009 Info: ICID 4160 Delayed HAT REJECT continuing session for
recipient logging (y.y.y.y)
Fri Jul 17 23:39:37 2009 Info: ICID 4160 Delayed HAT REJECT Message from: user1@example.com
(y.y.y.y)
Fri Jul 17 23:39:37 2009 Info: ICID 4160 Delayed HAT REJECT Message recipient: 
<xyz@example.org> (y.y.y.y)
Fri Jul 17 23:40:04 2009 Info: ICID 4160 Close

Mail log entries show this pattern when the HAT Delayed Rejection feature is not enabled:

Fri Jul 17 23:31:30 2009 Info: New SMTP ICID 4155 interface Management (x.x.x.x)
address y.y.y.y reverse dns host unknown verified no
Fri Jul 17 23:31:30 2009 Info: ICID 4155 REJECT SG BLACKLIST match y.y.y.y SBRS None
Fri Jul 17 23:31:30 2009 Info: ICID 4155 close

How do you configure HAT Delayed Rejection on the ESA?

HAT Delayed Rejection is not enabled by default on the ESA. It is only configurable from the CLI. Here is the configuration:

> listenerconfig
[. . .]
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> setup
[. . . ]
By default connections with a HAT REJECT policy will be closed with a banner
message at the start of the SMTP conversation.
Would you like to do the rejection at the message recipient level instead for
more detailed logging of rejected mail? [N]> Yes
Do you want to modify the SMTP RCPT TO reject response in this case? [N]> N

After this, press Enter until you get back to the main prompt, then enter the commit command in order to enable the change.

Updated: Jul 16, 2014
Document ID: 117960