Cisco Cisco Email Security Appliance X1070 User Guide
9-6
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 9 Anti-Spam
products to meet the needs of large-scale enterprises. Conversely, the efficiency of the engine allows
for implementation on low-cost hardware, making Cisco IronPort’s security services attractive for
low-end customers.
for implementation on low-cost hardware, making Cisco IronPort’s security services attractive for
low-end customers.
•
Off-box network calculations
International Users
Cisco IronPort Anti-Spam is tuned to deliver industry-leading efficacy world-wide. In addition to
locale-specific content-aware threat detection techniques, you can further optimize anti-spam scanning
for specific regions using regional rules profiles. The anti-spam engine includes a regional rules profile.
The regional rules profile targets spam on a regional basis. For example, China and Taiwan receive a high
percentage of spam in traditional or modern Chinese. The Chinese regional rules are optimized for this
type of spam. Cisco strongly recommends you use the Chinese regional rules profile if you receive mail
primarily for mainland China, Taiwan, and Hong Kong. You can enable the regional rules profile from
Security Services > IronPort Anti-Spam.
locale-specific content-aware threat detection techniques, you can further optimize anti-spam scanning
for specific regions using regional rules profiles. The anti-spam engine includes a regional rules profile.
The regional rules profile targets spam on a regional basis. For example, China and Taiwan receive a high
percentage of spam in traditional or modern Chinese. The Chinese regional rules are optimized for this
type of spam. Cisco strongly recommends you use the Chinese regional rules profile if you receive mail
primarily for mainland China, Taiwan, and Hong Kong. You can enable the regional rules profile from
Security Services > IronPort Anti-Spam.
Note
Because the regional rules profile optimizes the anti-spam engine for a particular region, it can
reduce capture rates for other types of spam. Therefore, Cisco recommends you enable this
feature only if you receive the bulk of your email from the specified region.
reduce capture rates for other types of spam. Therefore, Cisco recommends you enable this
feature only if you receive the bulk of your email from the specified region.
Cisco IronPort Anti-Spam leverages globally representative email and web content-agnostic data
contributed by over 125,000 ISPs, universities and corporations throughout the Americas, Europe, and
Asia. The Threat Operations Center is set up for global operations with centers in Sao Paulo, Beijing and
London. In addition, analysts speak 32 languages including Chinese, Japanese, Korean, Portuguese, and
Spanish.
contributed by over 125,000 ISPs, universities and corporations throughout the Americas, Europe, and
Asia. The Threat Operations Center is set up for global operations with centers in Sao Paulo, Beijing and
London. In addition, analysts speak 32 languages including Chinese, Japanese, Korean, Portuguese, and
Spanish.
Enabling Cisco IronPort Anti-Spam and Configuring Global Settings
Overview
You enable Cisco IronPort Anti-Spam and modify its global configuration settings using the Security
Services > IronPort Anti-Spam and Security Services > Service Updates pages (GUI) or the
Services > IronPort Anti-Spam and Security Services > Service Updates pages (GUI) or the
antispamconfig
and
updateconfig
commands (CLI). The following global settings are configured:
•
Enable Cisco IronPort Anti-Spam globally for the appliance.
•
Configure the thresholds for message scanning by Cisco IronPort Anti-Spam.
To optimize the throughput of your appliance while still being able to scan the increasing larger
messages sent by spammers, you can define an always scan message size, where messages smaller
than the defined size are completely scanned by CASE, delivering Cisco IronPort’s industry-leading
level of efficacy, and a never scan message size, where messages larger than the defined size are not
scanned by CASE. For messages larger than the always scan size and smaller than the never scan
size, CASE performs a limited and faster scan.
messages sent by spammers, you can define an always scan message size, where messages smaller
than the defined size are completely scanned by CASE, delivering Cisco IronPort’s industry-leading
level of efficacy, and a never scan message size, where messages larger than the defined size are not
scanned by CASE. For messages larger than the always scan size and smaller than the never scan
size, CASE performs a limited and faster scan.
Note
If the Outbreak Filters maximum message size is greater than Cisco IronPort Anti-Spam’s
always scan message, CASE fully scans messages smaller than the Outbreak Filters
maximum size.
always scan message, CASE fully scans messages smaller than the Outbreak Filters
maximum size.
•
Enter a length of time to wait for timeout when scanning a message.