Cisco Cisco Email Security Appliance C190 Guía Del Usuario
5-23
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 5 Configuring the Gateway to Receive Email
The Cisco IronPort Mail Flow Monitor feature is a way of defining the sender and providing you with
monitoring tools to create mail flow policy decisions about the sender. To create mail flow policy
decisions about a given sender, ask these questions:
monitoring tools to create mail flow policy decisions about the sender. To create mail flow policy
decisions about a given sender, ask these questions:
Step 1
Which IP addresses are controlled by this sender?
The first piece of information that the Mail Flow Monitor feature uses to control the inbound email
processing is the answer to this question. The answer is derived by querying the SenderBase
Reputation Service. The SenderBase Reputation Service provides information about the relative size
of the sender (either the SenderBase network owner or the SenderBase organization). Answering
this question assumes the following:
processing is the answer to this question. The answer is derived by querying the SenderBase
Reputation Service. The SenderBase Reputation Service provides information about the relative size
of the sender (either the SenderBase network owner or the SenderBase organization). Answering
this question assumes the following:
–
Larger organizations tend to control more IP addresses, and send more legitimate email.
Step 2
Depending on its size, how should the overall number of connections be allotted for this sender?
–
Larger organizations tend to control more IP addresses, and send more legitimate email.
Therefore, they should be allotted more connections to your appliance.
Therefore, they should be allotted more connections to your appliance.
–
The sources of high-volume email are often ISPs, NSPs, companies that manage outsourced
email delivery, or sources of unsolicited bulk email. ISPs, NSPS, and companies that manage
outsourced email delivery are examples of organizations that control many IP addresses, and
should be allotted more connections to your appliance. Senders of unsolicited bulk email
usually do not control many IP addresses; rather, they send large volumes of mail through a few
number of IP addresses. They should be allotted fewer connections to your appliance.
email delivery, or sources of unsolicited bulk email. ISPs, NSPS, and companies that manage
outsourced email delivery are examples of organizations that control many IP addresses, and
should be allotted more connections to your appliance. Senders of unsolicited bulk email
usually do not control many IP addresses; rather, they send large volumes of mail through a few
number of IP addresses. They should be allotted fewer connections to your appliance.
The Mail Flow Monitor feature uses its differentiation between SenderBase network owners and
SenderBase organizations to determine how to allot connections per sender, based on logic in
SenderBase. See the “Using Email Security Monitor” chapter in Cisco IronPort AsyncOS for Email
Daily Management Guide for more information on using the Mail Flow Monitor feature.
SenderBase organizations to determine how to allot connections per sender, based on logic in
SenderBase. See the “Using Email Security Monitor” chapter in Cisco IronPort AsyncOS for Email
Daily Management Guide for more information on using the Mail Flow Monitor feature.
Sender Groups defined by SenderBase Reputation Scores
The Cisco IronPort appliance can query the Cisco IronPort SenderBase Reputation Service to determine
a sender’s reputation score (SBRS). The SBRS is a numeric value assigned to an IP address, domain, or
organization based on information from the SenderBase Reputation Service. The scale of the score
ranges from -10.0 to +10.0, as described in
a sender’s reputation score (SBRS). The SBRS is a numeric value assigned to an IP address, domain, or
organization based on information from the SenderBase Reputation Service. The scale of the score
ranges from -10.0 to +10.0, as described in
Using the SBRS, you configure the Cisco IronPort appliance to apply mail flow policies to senders based
on their trustworthiness. For example, all senders with a score less than -7.5 could be rejected. This is
most easily accomplished via the GUI; see
on their trustworthiness. For example, all senders with a score less than -7.5 could be rejected. This is
most easily accomplished via the GUI; see
Table 5-9
Definition of the SenderBase Reputation Score
Score
Meaning
-10.0
Most likely to be a source of spam
0
Neutral, or not enough information to make a recommendation
+10.0
Most likely to be a trustworthy sender
none
No data available for this sender (typically a source of spam)