Cisco Cisco Email Security Appliance X1050 Fehlerbehebungsanleitung

Contributed by Stephan Fiebrandt, Tomki Camp, and Enrico Werner,
Cisco TAC Engineers.

Mar 11, 2015

This document describes common tactics to mitigate work queue backups on Cisco Email Security Appliance
(ESA).

The most typical cause of work queue backup is that the system is overburdened. You can reduce the load on
your servers if you performance tune the configurations and/or add more appliances. In many cases,
performance tuning is sufficient to improve overall performance.

Here is a list of tactics that might help mitigate work queue backups.

Reduce the Listener Maximum Global Concurrency to less than 300. Increase only as absolutely
necessary and monitor the resultant system performance.

• 

When there is a volume spike, reduce this value by 80% or more in order to help drain the work queue
and improve the overall system performance.

• 

Review all Host Access Table (HAT) settings and reduce settings in all policies and defaults to the
maximum numbers required by your organization. For instance, the ESA ships with a default
maximum message size accepted of 100 MB. Email is a poor choice of medium to transmit files this
large, and most organizations and many ISPs forbid it. You might wish to reduce this to something
closer to 10MB. If you must accept messages greater than 10MB in size, use a message filter to direct
these messages to an ESA that is specially configured with a very low (10−20) Max Global
Concurrency.

• 

In nearly all environments, the use of the ROOT Domain Name Server (DNS) often results in better
DNS lookup performance.

• 

Use SenderBase Reputation Score (SBRS) settings in the HAT in order to reduce Spam traffic before
it burdens the Anti−Spam engine on the ESA.

• 

Use conversational Lightweight Directory Access Protocol (LDAP) recipient validation to
short−circuit processing of any messages that would be bounced anyway.

•