Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
Chapter 1 Customizing Listeners
1-28
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
This feature also appears in the GUI in the Mail Policies > Mail Flow Policies
page.
page.
Figure 1-11
Enable the HAT Significant Bits Feature
When the option to use SenderBase for flow control is set to “OFF” or Directory
Harvest Attack Prevention is enabled, the “significant bits” value is applied to the
connecting sender’s IP address, and the resulting CIDR notation is used as the
token for matching defined sender groups within the HAT. Any rightmost bits that
are covered by the CIDR block are “zeroed out” when constructing the string.
Thus, if a connection from the IP address 1.2.3.4 is made and matches on a policy
with the significant_bits option set to 24, the resultant CIDR block would be
1.2.3.0/24. So by using this feature, the HAT sender group entry (for example,
10.1.1.0/24) can have a different number of network significant bits (24) from the
significant bits entry in the policy assigned to that group (32, in the example
above).
Harvest Attack Prevention is enabled, the “significant bits” value is applied to the
connecting sender’s IP address, and the resulting CIDR notation is used as the
token for matching defined sender groups within the HAT. Any rightmost bits that
are covered by the CIDR block are “zeroed out” when constructing the string.
Thus, if a connection from the IP address 1.2.3.4 is made and matches on a policy
with the significant_bits option set to 24, the resultant CIDR block would be
1.2.3.0/24. So by using this feature, the HAT sender group entry (for example,
10.1.1.0/24) can have a different number of network significant bits (24) from the
significant bits entry in the policy assigned to that group (32, in the example
above).
Injection Control Periodicity
A global configuration option exists to allow you to adjust when the injection
control counters are reset. For very busy systems maintaining counters for a very
large number of different IP addresses, configuring the counters to be reset more
frequently (for example, every 15 minutes instead of every 60 minutes) will
ensure that the data does not grow to an unmanageable size and impact system
performance.
control counters are reset. For very busy systems maintaining counters for a very
large number of different IP addresses, configuring the counters to be reset more
frequently (for example, every 15 minutes instead of every 60 minutes) will
ensure that the data does not grow to an unmanageable size and impact system
performance.
The current default value is 3600 seconds (1 hour).You can specify periods
ranging from as little as 1 minute (60 seconds) to as long as 4 hours (14,400
seconds).
ranging from as little as 1 minute (60 seconds) to as long as 4 hours (14,400
seconds).
Adjust this period via the GUI, using the global settings (for more information,
see
see