Cisco Cisco Email Security Appliance C190 Guía Del Usuario
7-7
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Defining Remote Hosts into Sender Groups
Using the SBRS, you configure the appliance to apply mail flow policies to senders based on their
trustworthiness. For example, all senders with a score less than -7.5 could be rejected. This is most easily
accomplished via the GUI; see
trustworthiness. For example, all senders with a score less than -7.5 could be rejected. This is most easily
accomplished via the GUI; see
. However, if
you are modifying an exported HAT in a text file, the syntax for including SenderBase Reputation Scores
is described in
is described in
Note
Network owners added to a HAT via the GUI use the syntax
SBO:
n, where n is the network owner’s
unique identification number in the SenderBase Reputation Service.
Use the Network > Listeners page or
listenerconfig -> setup
command in the CLI to enable a listener
to query the SenderBase Reputation Service. You can also define the timeout value that the appliance
should wait when querying the SenderBase Reputation Service. Then, you can configure different
policies to use look ups to the SenderBase Reputation Service by using the values in the Mail Policies
Pages in the GUI or the
should wait when querying the SenderBase Reputation Service. Then, you can configure different
policies to use look ups to the SenderBase Reputation Service by using the values in the Mail Policies
Pages in the GUI or the
listenerconfig -> edit -> hostaccess
commands in the CLI.
Note
You can also create message filters to specify “thresholds” for SenderBase Reputation Scores to further
act upon messages processed by the system. For more information, see “SenderBase Reputation Rule,”
“Bypass Anti-Spam System Action,” and “Bypass Anti-Virus System Action” in the anti-spam and
anti-virus chapters.
act upon messages processed by the system. For more information, see “SenderBase Reputation Rule,”
“Bypass Anti-Spam System Action,” and “Bypass Anti-Virus System Action” in the anti-spam and
anti-virus chapters.
Sender Groups Defined by Querying DNS Lists
You also have the ability in a listener’s HAT to define a sender group as matching a query to a specific
DNS List sever. The query is performed via DNS at the time of the remote client’s connection. The
ability to query a remote list also exists currently as a message filter rule (see “DNS List Rule” in the
chapter on “Using Message Filters to Enforce Email Policies”), but only once the message content has
been received in full.
DNS List sever. The query is performed via DNS at the time of the remote client’s connection. The
ability to query a remote list also exists currently as a message filter rule (see “DNS List Rule” in the
chapter on “Using Message Filters to Enforce Email Policies”), but only once the message content has
been received in full.
This mechanism allows you to configure a sender within a group that queries a DNS List so that you can
adjust your mail flow policies accordingly. For example, you could reject connections or limit the
behavior of the connecting domain.
adjust your mail flow policies accordingly. For example, you could reject connections or limit the
behavior of the connecting domain.
Note
Some DNS Lists use variable responses (for example, “127.0.0.1” versus “127.0.0.2” versus
“127.0.0.3”) to indicate various facts about the IP address being queried against. If you use the message
filter DNS List rule (see “DNS List Rule” in the chapter on “Using Message Filters to Enforce Email
Policies”), you can compare the result of the query against different values. However, specifying a DNS
List server to be queried in the HAT only supports a Boolean operation for simplicity (that is, does the
IP address appear in the list or not)
“127.0.0.3”) to indicate various facts about the IP address being queried against. If you use the message
filter DNS List rule (see “DNS List Rule” in the chapter on “Using Message Filters to Enforce Email
Policies”), you can compare the result of the query against different values. However, specifying a DNS
List server to be queried in the HAT only supports a Boolean operation for simplicity (that is, does the
IP address appear in the list or not)
Table 7-4
Syntax for SenderBase Reputation Scores
SBRS[
n
:
n
]
SenderBase Reputation Score. Senders are identified by querying the SenderBase
Reputation Service, and the scores are defined between the ranges.
Reputation Service, and the scores are defined between the ranges.
SBRS[none]
Specify no SBRS (very new domains may not have SenderBase Reputation Scores
yet).
yet).