Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
27-11
Cisco AsyncOS 8.5.6 for Email User Guide
Chapter 27 Using Email Security Monitor
Email Security Monitor Pages
Incoming Mail Details Listing
The top senders which have connected to public listeners of the appliance are listed in the External
Domains Received listing table at the bottom of the Incoming Mail page, based on the view selected.
Click the column headings to sort the data. See
Domains Received listing table at the bottom of the Incoming Mail page, based on the view selected.
Click the column headings to sort the data. See
for an explanation of the
various categories.
The system acquires and verifies the validity of the remote host’s IP address (that is, the domain) by
performing a double DNS lookup. For more information about double DNS lookups and sender
verification, see
performing a double DNS lookup. For more information about double DNS lookups and sender
verification, see
The Sender Detail listing has two views, Summary and All.
The default Sender Detail view shows the total number of attempted messages for each sender, and
includes a breakdown by category (the same categories as the Incoming Mail Summary graph on the
Overview page.
includes a breakdown by category (the same categories as the Incoming Mail Summary graph on the
Overview page.
The value for Stopped by Reputation Filtering is calculated based on several factors:
- Number of “throttled” messages from this sender.
- Number of rejected or TCP refused connections (may be a partial count).
- A conservative multiplier for the number of messages per connection.
When the appliance is under heavy load, an exact count of rejected connections is not maintained on a
per-sender basis. Instead, rejected connections counts are maintained only for the most significant
senders in each time interval. In this situation, the value shown can be interpreted as a “floor”; in other
words, at least this many messages were stopped.
per-sender basis. Instead, rejected connections counts are maintained only for the most significant
senders in each time interval. In this situation, the value shown can be interpreted as a “floor”; in other
words, at least this many messages were stopped.
Note
The Stopped by Reputation Filtering total on the Overview page is always based on a complete count of
all rejected connections. Only the per-sender connection counts are ever limited due to load.
all rejected connections. Only the per-sender connection counts are ever limited due to load.
Additional columns that you can display are:
Connections Rejected: All connections blocked by HAT policies. When the appliance is under heavy
load, an exact count of rejected connections is not maintained on a per-sender basis. Instead, rejected
connections counts are maintained only for the most significant senders in each time interval.
load, an exact count of rejected connections is not maintained on a per-sender basis. Instead, rejected
connections counts are maintained only for the most significant senders in each time interval.
Connections Accepted: All connections accepted
Stopped by Recipient Throttling: This is a component of Stopped by Reputation Filtering. It represents
the number of recipient messages stopped because any of the following HAT limits have been exceeded:
maximum recipients per hour, maximum recipients per message, or maximum messages per connection.
This is summed with an estimate of the recipient messages associated with rejected or TCP refused
connections to yield Stopped by Reputation Filtering.
the number of recipient messages stopped because any of the following HAT limits have been exceeded:
maximum recipients per hour, maximum recipients per message, or maximum messages per connection.
This is summed with an estimate of the recipient messages associated with rejected or TCP refused
connections to yield Stopped by Reputation Filtering.
Detected by Advanced Malware Protection: Messages with attachments that were found to be
malicious by file reputation filtering. This value does not include verdict updates or files found to be
malicious by file analysis.
malicious by file reputation filtering. This value does not include verdict updates or files found to be
malicious by file analysis.
Total Threat: Total number of threat messages (stopped by sender reputation, stopped as invalid
recipient, spam, plus virus).
recipient, spam, plus virus).
Show or hide columns by clicking the Column link at the bottom of the table.
Sort the listing by clicking the column header links. A small triangle beside the column header indicates
the column by which the data is currently sorted.
the column by which the data is currently sorted.