Cisco Cisco Email Security Appliance X1070 Fehlerbehebungsanleitung
2. Policy
Name policies after who gets them, not what they do. Name any content filters after what they do, and
use abbreviations like Q_basic_attachments, D_spoofers, Strip_Multi−Media, where Q means
quarantine and D means drop.
use abbreviations like Q_basic_attachments, D_spoofers, Strip_Multi−Media, where Q means
quarantine and D means drop.
•
Non−default policies should "Use Default Settings" for Anti−Spam, Anit−Virus, Content Filters and
Outbreak Filters except where you really need special settings. Do not recreate those settings in each
policy if it is not necessary.
Outbreak Filters except where you really need special settings. Do not recreate those settings in each
policy if it is not necessary.
•
Untick "Drop infected attachments" or else you will pass on many blank emails where the virus has
been stripped.
been stripped.
•
Anti−Virus settings for outbound should notify the sender, not the recipient
•
Outbreak Filters and Anti−Spam should be disabled on outbound
•
3. Incoming relays
If "Monitor > Overview" shows connections from your own servers and domains, you need to add them to
the Incoming Relays setup. A very common mistake, when using the GUI, is to think that you have enabled
the Incoming Relay feature when all you have done is add the entries to the table. In addition:
the Incoming Relays setup. A very common mistake, when using the GUI, is to think that you have enabled
the Incoming Relay feature when all you have done is add the entries to the table. In addition:
Add a special HAT Sender Group for them, above WHITELIST, for reporting purposes. Choose no
rate limiting or DHAP, but spam and virus detection are OK.
rate limiting or DHAP, but spam and virus detection are OK.
•
Add a message filter to match your BLACKLIST policy action. For example:
Drop_Low_Reputation_Relayed_Mail:
if reputation <= −2.0
{ drop();}
•
In rare cases where you are re−injecting E−Mail (for example, re−processing inter−subscriber mail through
the inbound mail policy), your filter will also need to exempt the reinjection interface. Normally this is not
necessary.
the inbound mail policy), your filter will also need to exempt the reinjection interface. Normally this is not
necessary.
4. DNS
Many customers force the ESA to query their internal DNS servers out of habit. In most installations, 100% of
the DNS records we need are on the Internet, not in the internal DNS. It makes more sense to query the
Internet root servers, reducing the forwarding load on the internal DNS.
the DNS records we need are on the Internet, not in the internal DNS. It makes more sense to query the
Internet root servers, reducing the forwarding load on the internal DNS.
5. Message and Content Filters
The most common error is to put matching conditions in Content Filters where they are not required. Most
filters should list some actions, but the condition should be left blank. The filter will be true always, and will
always run. You control which users/policies receive these actions by creating new Incoming or Outgoing
mail policies as needed, and applying this filter to the policy. Here are incorrect and correct examples:
filters should list some actions, but the condition should be left blank. The filter will be true always, and will
always run. You control which users/policies receive these actions by creating new Incoming or Outgoing
mail policies as needed, and applying this filter to the policy. Here are incorrect and correct examples:
It is almost always an error to use the rcpt−to condition in a message filter. The correct procedure is to
•