Cisco Cisco Web Security Appliance S670 Troubleshooting Guide
What data is sent to SenderBase and how can this
be disabled?
be disabled?
Document ID: 118408
Contributed by Nasir Shakour and Enrico Werner, Cisco TAC
Engineers.
Engineers.
Oct 13, 2014
Contents
Introduction
What data is sent to SenderBase when SenderBase Network Participation is enabled?
SenderBase Score Retrieval Information Disclosure
SenderBase Data Disclosure
Related Information
What data is sent to SenderBase when SenderBase Network Participation is enabled?
SenderBase Score Retrieval Information Disclosure
SenderBase Data Disclosure
Related Information
Introduction
This document describes what data is sent from the Email Security Appliance (ESA) to SenderBase when
SenderBase Network Participation is enabled.
SenderBase Network Participation is enabled.
What data is sent to SenderBase when SenderBase Network
Participation is enabled?
Participation is enabled?
The ESA can participate in SenderBase in several different ways, including retrieving SenderBase scores and
feeding SenderBase information about attachments and email volumes.
feeding SenderBase information about attachments and email volumes.
SenderBase Score Retrieval Information Disclosure
SBRS scores are retrieved by DNS queries. Any SMTP listener that has SBRS enabled at the listener level
CLI: listenerconfig > edit > setup will query the SenderBase servers for information about email senders
based on their IP address. These queries disclose several things about your company to SenderBase. Because
SenderBase DNS data are only available to Cisco customers, the SenderBase queries include part of your
system serial number. In addition, because SenderBase queries ask about a particular IP address, the query
itself discloses that certain IP addresses are connecting to your ESA. Information sent to and from
SenderBase regarding SBRS scores is not encrypted.
CLI: listenerconfig > edit > setup will query the SenderBase servers for information about email senders
based on their IP address. These queries disclose several things about your company to SenderBase. Because
SenderBase DNS data are only available to Cisco customers, the SenderBase queries include part of your
system serial number. In addition, because SenderBase queries ask about a particular IP address, the query
itself discloses that certain IP addresses are connecting to your ESA. Information sent to and from
SenderBase regarding SBRS scores is not encrypted.
You can avoid disclosing this information to SenderBase by disabling SenderBase queries on a per−listener
basis. This can only be done in the ESA's CLI as shown below.
basis. This can only be done in the ESA's CLI as shown below.
Note: SenderBase queries are enabled by default on every listener even if you do not use them in any Sender
Groups.
Groups.
The CLI dialog shown below gives an example of how you can disable sending SenderBase queries:
mail.example.com> listenerconfig