Introduction
This document describes how SMTP relaying (SMTPAUTH - SMTP authentication) can be introduce to Cisco Email Security Appliance (ESA).
Solution
Cisco Email Security Appliances can be configured to allow senders to authenticate via SMTPAUTH. SMTPAUTH does not affect Host Access Table (HAT) settings, senders are grouped into the appropriate "sender group" before the SMTPAUTH negotiation begins. When a remote mail host connects, the appliance will first determine which sender group applies and impose the Mail Policy for that sender group. For example, if a remote MTA "example.com" is in your SUSPECTLIST Sendergroup, the THROTTLE policy will be applied, irrespective of "example.com's" SMTPAUTH negotiation.
However, senders that do authenticate using SMTPAUTH are treated differently from "normal" senders. The connection behavior for successful SMTPAUTH sessions changes to "RELAY," effectively bypassing the "Recipient Access Table" (RAT) and LDAPACCEPT. This allows the Sender to relay messages through the Cisco Content Security Appliance appliance. As stated, any Rate Limiting or throttling that applies will remain in effect.