Cisco Cisco Email Security Appliance C190 Guía Del Usuario
Chapter 2 Customizing Listeners
2-46
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Figure 2-10
Enabling SenderBase for Mail Flow Policies
HAT Significant Bits Feature
Beginning with the 3.8.3 release of AsyncOS, you can track and rate limit
incoming mail on a per-IP address basis while managing sender group entries in
a listener’s Host Access Table (HAT) in large CIDR blocks. For example, if an
incoming connection matched against the host “10.1.1.0/24,” a counter could still
be generated for each individual address within that range, rather than aggregating
all traffic into one large counter.
incoming mail on a per-IP address basis while managing sender group entries in
a listener’s Host Access Table (HAT) in large CIDR blocks. For example, if an
incoming connection matched against the host “10.1.1.0/24,” a counter could still
be generated for each individual address within that range, rather than aggregating
all traffic into one large counter.
Note
In order for the significant bits HAT policy option to take effect, you must not
enable “User SenderBase” in the Flow Control options for the HAT (or, for the
CLI, answer
enable “User SenderBase” in the Flow Control options for the HAT (or, for the
CLI, answer
no
to the question for enabling the SenderBase Information Service
in the
listenerconfig
-> setup command: “Would you like to enable SenderBase
Reputation Filters and IP Profiling support?”). That is, the Hat Significant Bits
feature and enabling SenderBase IP Profiling support are mutually exclusive.
feature and enabling SenderBase IP Profiling support are mutually exclusive.
In most cases, you can use this feature to define sender groups broadly — that is,
large groups of IP addresses such as “10.1.1.0/24” or “10.1.0.0/16” — while
applying mail flow rate limiting narrowly to smaller groups of IP addresses.
large groups of IP addresses such as “10.1.1.0/24” or “10.1.0.0/16” — while
applying mail flow rate limiting narrowly to smaller groups of IP addresses.
The HAT Significant Bits feature corresponds to these components of the system:
HAT Configuration
There are two parts of HAT configuration: sender groups and mail flow policies.
Sender group configuration defines how a sender's IP address is “classified” (put
in a sender group). Mail flow policy configuration defines how the SMTP session
from that IP address is controlled. When using this feature, an IP address may be
“classified in a CIDR block” (e.g. 10.1.1.0/24) sender group while being
controlled as an individual host (/32). This is done via the “signficant_bits” policy
configuration setting.
Sender group configuration defines how a sender's IP address is “classified” (put
in a sender group). Mail flow policy configuration defines how the SMTP session
from that IP address is controlled. When using this feature, an IP address may be
“classified in a CIDR block” (e.g. 10.1.1.0/24) sender group while being
controlled as an individual host (/32). This is done via the “signficant_bits” policy
configuration setting.