PDF(6.1 KB) View with Adobe Reader on a variety of devices
Updated:August 12, 2014
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how SMTP relaying (SMTPAUTH - SMTP authentication) can be introduce to Cisco Email Security Appliance (ESA).
Cisco Email Security Appliances can be configured to allow senders to authenticate via SMTPAUTH. SMTPAUTH does not affect Host Access Table (HAT) settings, senders are grouped into the appropriate "sender group" before the SMTPAUTH negotiation begins. When a remote mail host connects, the appliance will first determine which sender group applies and impose the Mail Policy for that sender group. For example, if a remote MTA "example.com" is in your SUSPECTLIST Sendergroup, the THROTTLE policy will be applied, irrespective of "example.com's" SMTPAUTH negotiation.
However, senders that do authenticate using SMTPAUTH are treated differently from "normal" senders. The connection behavior for successful SMTPAUTH sessions changes to "RELAY," effectively bypassing the "Recipient Access Table" (RAT) and LDAPACCEPT. This allows the Sender to relay messages through the Cisco Content Security Appliance appliance. As stated, any Rate Limiting or throttling that applies will remain in effect.