Cisco Cisco Email Security Appliance X1070 Betriebsanweisung
9-17
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 9 Anti-Spam
In addition, using the Email Security Manager feature, you can define an additional custom header to be
added to all messages for a given policy that are positively identified as spam, suspected to be spam, or
identified as unwanted marketing mail. (See
added to all messages for a given policy that are positively identified as spam, suspected to be spam, or
identified as unwanted marketing mail. (See
You can also create message filters that use the
skip-spamcheck
action so that certain messages skip
Cisco IronPort Anti-Spam scanning. For more information, refer to “Bypass Anti-Spam System Action”
in “Using Message Filters to Enforce Email Policies,” of the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide.
in “Using Message Filters to Enforce Email Policies,” of the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide.
Reporting Incorrectly Classified Messages to Cisco IronPort Systems
Messages that appear to be incorrectly classified may be reported to Cisco IronPort for analysis. Each
message is reviewed by a team of human analysts and used to enhance the accuracy and effectiveness of
the product. Each message should be forwarded as an RFC 822 attachment to the following addresses:
message is reviewed by a team of human analysts and used to enhance the accuracy and effectiveness of
the product. Each message should be forwarded as an RFC 822 attachment to the following addresses:
•
spam@access.ironport.com - for reporting missed spam
•
ham@access.ironport.com - for reporting false-positives
Due to the volume of submissions, Cisco IronPort cannot provide individual feedback or results to
customers.
customers.
For more information about reporting incorrectly classified messages, please see the Cisco IronPort
Knowledge base or contact your Cisco IronPort Support provider.
Knowledge base or contact your Cisco IronPort Support provider.
Testing Cisco IronPort Anti-Spam
Step 1
Enable Cisco IronPort Anti-Spam on a mail policy (as above).
Step 2
Send a test email that includes the following header to a user in that mail policy:
X-Advertisement:
spam
For testing purposes, Cisco IronPort Anti-Spam considers any message with an X-header formatted as
X-Advertisement: spam
to be spam. The test message you send with this header is flagged by Cisco
IronPort Anti-Spam, and you can confirm that the actions you configured for the mail policy
(
(
) are performed. You can use the
trace
command and include this header, or use a Telnet program to send SMTP commands to the appliance.
See the “Testing and Troubleshooting” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide and
See the “Testing and Troubleshooting” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide and
for more information.
Note
Examining a message’s headers for specific headers added by Cisco IronPort Anti-Spam is another
method to test the configuration of Cisco IronPort Anti-Spam on your appliance. See
method to test the configuration of Cisco IronPort Anti-Spam on your appliance. See
.
Evaluating Anti-Spam Efficacy
Cisco strongly recommends evaluating the product using a live mail stream directly from the Internet.
This is because Cisco IronPort Anti-Spam and Cisco IronPort Intelligent Multi-Scan rules are added
quickly to prevent active spam attacks and quickly expire once attacks have passed. Testing using old
messages will therefore lead to inaccurate test results.
This is because Cisco IronPort Anti-Spam and Cisco IronPort Intelligent Multi-Scan rules are added
quickly to prevent active spam attacks and quickly expire once attacks have passed. Testing using old
messages will therefore lead to inaccurate test results.