Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide

Contributed by Liz Slocum and Enrico Werner, Cisco TAC Engineers.

Oct 13, 2014

This document describes common configuration errors on Email Security Appliance (ESA).

Whether you are setting up a new evaluation or looking over an existing configuration, you can refer to this
checklist of common configuration mistakes.

Do not put positive SBRS scores like +5 or +7 into the WHITELIST. A range of 9.0−10.0 would be
OK, but including lower scores will only make it more likely that spam will get through.

• 

Disable the UNKNOWNLIST, Envelope Sender DNS Verification and Connecting Host DNS
Verification unless you really need and understand these.

• 

Instead of changing message size and other policy settings in each Mail Flow Policy, go to the Mail
Flow Policies menu and choose the last option, "Default Policy Parameters".

• 

Limit maximum connections to three for most senders, and make this the default for new Mail Flow
Policies.

• 

Check that SenderBase scores from −10.0 to −2.0 are included in the BLACKLIST. The
documentation and setup wizards are overly conservative; we currently have no false positives in this
range.

•