Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
6-7
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 6 Reputation Filtering
Entering Low SBRS Scores in the Message Subject
Monitoring the Status of the SenderBase Reputation Service
The SenderBase page in the Security Services menu displays the connection status and the timestamp of
the most recent query from the Cisco appliance to the SenderBase Network Status Server and
SenderBase Reputation Score Service. The SenderBase Reputation Score Service sends the SRBS scores
to the appliance. The SenderBase Network Server sends the appliance information about the IP
addresses, domains, and organizations that are sending mail to you. AsyncOS uses this data for its
reporting and email monitoring features.
the most recent query from the Cisco appliance to the SenderBase Network Status Server and
SenderBase Reputation Score Service. The SenderBase Reputation Score Service sends the SRBS scores
to the appliance. The SenderBase Network Server sends the appliance information about the IP
addresses, domains, and organizations that are sending mail to you. AsyncOS uses this data for its
reporting and email monitoring features.
Figure 6-3
SenderBase Network Status on the SenderBase Page
The
sbstatus
command in CLI displays the same information.
Entering Low SBRS Scores in the Message Subject
Although Cisco recommends throttling, an alternate way to use the SenderBase Reputation Service is to
modify the subject line of suspected spam messages. To do this, use the message filter shown in
modify the subject line of suspected spam messages. To do this, use the message filter shown in
. This filter uses the
reputation
filter rule and the
strip-header
and
insert-header
filter
actions to replace the subject line of messages having a SenderBase Reputation Score lower than -2.0
with a subject line that includes the actual SenderBase Reputation Score represented as:
with a subject line that includes the actual SenderBase Reputation Score represented as:
{Spam
SBRS
}
.
Replace listener_name in this example with the name of your public listener. (The period on its own line
is included so that you can cut and paste this text directly into the command line interface of the
is included so that you can cut and paste this text directly into the command line interface of the
filters
command.)
Table 6-2
Message Filter to Modify Subject Header with SBRS: Example 1
sbrs_filter:
if ((recv-inj == "listener_name" AND subject != "\\{Spam -?[0-9.]+\\}"))
{
insert-header("X-SBRS", "$REPUTATION");
if (reputation <= -2.0)
{
strip-header("Subject");
insert-header("Subject", "$Subject \\{Spam $REPUTATION\\}");
}
}
.