Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
26-11
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 26 Using Email Security Monitor
Email Security Monitor Pages
Choose from the time range options in
The time range options that you see will differ if you have enabled Centralized Reporting. For details,
see information about Centralized Reporting Mode in
see information about Centralized Reporting Mode in
Incoming Mail Details Listing
The top senders which have connected to public listeners of the appliance are listed in the External
Domains Received listing table at the bottom of the Incoming Mail page, based on the view selected.
Click the column headings to sort the data. See
Domains Received listing table at the bottom of the Incoming Mail page, based on the view selected.
Click the column headings to sort the data. See
for an explanation of the
various categories.
The system acquires and verifies the validity of the remote host’s IP address (that is, the domain) by
performing a double DNS lookup. For more information about double DNS lookups and sender
verification, see
performing a double DNS lookup. For more information about double DNS lookups and sender
verification, see
The Sender Detail listing has two views, Summary and All.
The default Sender Detail view shows the total number of attempted messages for each sender, and
includes a breakdown by category (the same categories as the Incoming Mail Summary graph on the
Overview page: number of clean messages, stopped by reputation filtering, invalid recipients, spam
detected, virus detected, stopped by content filter, and marketing messages). It also shows the total
number of threat messages (messages stopped by reputation or stopped as invalid recipient, spam, and
viruses).
includes a breakdown by category (the same categories as the Incoming Mail Summary graph on the
Overview page: number of clean messages, stopped by reputation filtering, invalid recipients, spam
detected, virus detected, stopped by content filter, and marketing messages). It also shows the total
number of threat messages (messages stopped by reputation or stopped as invalid recipient, spam, and
viruses).
The value for Stopped by Reputation Filtering is calculated based on several factors:
- Number of “throttled” messages from this sender.
- Number of rejected or TCP refused connections (may be a partial count).
- A conservative multiplier for the number of messages per connection.
When the appliance is under heavy load, an exact count of rejected connections is not maintained on a
per-sender basis. Instead, rejected connections counts are maintained only for the most significant
senders in each time interval. In this situation, the value shown can be interpreted as a “floor”; in other
words, at least this many messages were stopped.
per-sender basis. Instead, rejected connections counts are maintained only for the most significant
senders in each time interval. In this situation, the value shown can be interpreted as a “floor”; in other
words, at least this many messages were stopped.
Table 26-1
Time Ranges Available in the Email Security Monitor Feature
This time range selected in the GUI
...is defined as:
Hour
the last 60 minutes + up to 5 minutes
Day
the last 24 hours + the last 60 minutes
Week
the last 7 days + the elapsed hours of the current day
30 days
the last 30 days + the elapsed hours of the current day
90 days
the last 90 days + the elapsed hours of the current day
Yesterday
00:00 to 23:59 (midnight to 11:59 PM)
Previous Calendar Month
00:00 of the first day of the month to 23:59 of the last
day of the month
day of the month
Custom Range
the range enclosed by the start date and hour and the
end date and hour that you specify
end date and hour that you specify