Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
4-31
AsyncOS 8.3.6 for Cisco Content Security Management User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
•
Overall, how many incoming connection use SMTP authentication?
•
How many connections use a client certificated?
•
How many connections use SMTP AUTH?
•
What domains are failing to connect when attempting to use SMTP authentication?
•
How many connections are successfully using the fall-back when SMTP authentication fails?
The Inbound SMTP Authentication page includes a graph for received connections, a graph for mail
recipients who attempted an SMTP authentication connection, and a table with details on the attempts
to authenticate connections.
recipients who attempted an SMTP authentication connection, and a table with details on the attempts
to authenticate connections.
The Received Connections graph shows the incoming connections from mail clients that attempt to
authentication their connections using SMTP authentication over the time range you specify. The graph
displays the total number of connections the appliance received, the number that did not attempt to
authenticate using SMTP authentication, the number that failed and succeeded to authenticate the
connection using a client certificate, and the number that failed and succeeded to authenticate using the
SMTP AUTH command.
authentication their connections using SMTP authentication over the time range you specify. The graph
displays the total number of connections the appliance received, the number that did not attempt to
authenticate using SMTP authentication, the number that failed and succeeded to authenticate the
connection using a client certificate, and the number that failed and succeeded to authenticate using the
SMTP AUTH command.
The Received Recipients graph displays the number of recipients whose mail clients attempted to
authenticate their connections to the Email Security appliances to send messages using SMTP
authentication. The graph also show the number of recipients whose connections were authenticated and
and the number of recipients whose connections were not authenticated.
authenticate their connections to the Email Security appliances to send messages using SMTP
authentication. The graph also show the number of recipients whose connections were authenticated and
and the number of recipients whose connections were not authenticated.
The SMTP Authentication details table displays details for the domains whose users attempt to
authenticate their connections to the Email Security appliance to send messages. For each domain, you
can view the number of connection attempts using a client certificate that were successful or failed, the
number of connection attempts using the SMTP AUTH command that were successful or failed, and the
number that fell back to the SMTP AUTH after their client certificate connection attempt failed. You can
use the links at the top of the page to display this information by domain name or domain IP address.
authenticate their connections to the Email Security appliance to send messages. For each domain, you
can view the number of connection attempts using a client certificate that were successful or failed, the
number of connection attempts using the SMTP AUTH command that were successful or failed, and the
number that fell back to the SMTP AUTH after their client certificate connection attempt failed. You can
use the links at the top of the page to display this information by domain name or domain IP address.
Rate Limits Page
Rate Limiting by envelope sender allows you to limit the number of email message recipients per time
interval from an individual sender, based on the mail-from address. The Rate Limits report shows you
the senders who most egregiously exceed this limit.
interval from an individual sender, based on the mail-from address. The Rate Limits report shows you
the senders who most egregiously exceed this limit.
Use this report to help you identify the following:
•
Compromised user accounts that might be used to send spam in bulk.
•
Out-of-control applications in your organization that use email for notifications, alerts, automated
statements, etc.
statements, etc.
•
Sources of heavy email activity in your organization, for internal billing or resource-management
purposes.
purposes.
•
Sources of large-volume inbound email traffic that might not otherwise be considered spam.
Note that other reports that include statistics for internal senders (such as Internal Users or Outgoing
Senders) measure only the number of messages sent; they do not identify senders of a few messages to
a large number of recipients.
Senders) measure only the number of messages sent; they do not identify senders of a few messages to
a large number of recipients.
The Top Offenders by Incident chart shows the envelope senders who most frequently attempted to send
messages to more recipients than the configured limit. Each attempt is one incident. This chart
aggregates incident counts from all listeners.
messages to more recipients than the configured limit. Each attempt is one incident. This chart
aggregates incident counts from all listeners.