Cisco Cisco Email Security Appliance C650 Guía Del Usuario
29-25
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 29 Using Email Security Monitor
Email Security Monitor Pages
The Received Connections graph shows the incoming connections from mail clients that attempt to
authentication their connections using SMTP authentication over the time range you specify. The graph
displays the total number of connections the appliance received, the number that did not attempt to
authenticate using SMTP authentication, the number that failed and succeeded to authenticate the
connection using a client certificate, and the number that failed and succeeded to authenticate using the
SMTP AUTH command.
authentication their connections using SMTP authentication over the time range you specify. The graph
displays the total number of connections the appliance received, the number that did not attempt to
authenticate using SMTP authentication, the number that failed and succeeded to authenticate the
connection using a client certificate, and the number that failed and succeeded to authenticate using the
SMTP AUTH command.
The Received Recipients graph displays the number of recipients whose mail clients attempted to
authenticate their connections to the Email Security appliances to send messages using SMTP
authentication. The graph also show the number of recipients whose connections were authenticated and
the number of recipients whose connections were not authenticated.
authenticate their connections to the Email Security appliances to send messages using SMTP
authentication. The graph also show the number of recipients whose connections were authenticated and
the number of recipients whose connections were not authenticated.
The SMTP Authentication details table displays details for the domains whose users attempt to
authenticate their connections to the Email Security appliance to send messages. For each domain, you
can view the number of connection attempts using a client certificate that were successful or failed, the
number of connection attempts using the SMTP AUTH command that were successful or failed, and the
number that fell back to the SMTP AUTH after their client certificate connection attempt failed. You can
use the links at the top of the page to display this information by domain name or domain IP address.
authenticate their connections to the Email Security appliance to send messages. For each domain, you
can view the number of connection attempts using a client certificate that were successful or failed, the
number of connection attempts using the SMTP AUTH command that were successful or failed, and the
number that fell back to the SMTP AUTH after their client certificate connection attempt failed. You can
use the links at the top of the page to display this information by domain name or domain IP address.
Rate Limits Page
Rate Limiting by envelope sender allows you to limit the number of email message recipients per time
interval from an individual sender, based on the mail-from address. The Rate Limits report shows you
the senders who most egregiously exceed this limit.
interval from an individual sender, based on the mail-from address. The Rate Limits report shows you
the senders who most egregiously exceed this limit.
Use this report to help you identify the following:
•
Compromised user accounts that might be used to send spam in bulk.
•
Out-of-control applications in your organization that use email for notifications, alerts, automated
statements, etc.
statements, etc.
•
Sources of heavy email activity in your organization, for internal billing or resource-management
purposes.
purposes.
•
Sources of large-volume inbound email traffic that might not otherwise be considered spam.
Note that other reports that include statistics for internal senders (such as Internal Users or Outgoing
Senders) measure only the number of messages sent; they do not identify senders of a few messages to
a large number of recipients.
Senders) measure only the number of messages sent; they do not identify senders of a few messages to
a large number of recipients.
The Top Offenders by Incident chart shows the envelope senders who most frequently attempted to send
messages to more recipients than the configured limit. Each attempt is one incident. This chart
aggregates incident counts from all listeners.
messages to more recipients than the configured limit. Each attempt is one incident. This chart
aggregates incident counts from all listeners.
The Top Offenders by Rejected Recipients chart shows the envelope senders who sent messages to the
largest number of recipients above the configured limit. This chart aggregates recipient counts from all
listeners.
largest number of recipients above the configured limit. This chart aggregates recipient counts from all
listeners.
To configure rate limiting by envelope sender or modify the existing rate limit, see
System Capacity Page
The System Capacity page provides a detailed representation of the system load, including messages in
the work queue, average time spent in the work queue, incoming and outgoing messages (volume, size,
and number), overall CPU usage, CPU usage by function, and memory page swapping information.
the work queue, average time spent in the work queue, incoming and outgoing messages (volume, size,
and number), overall CPU usage, CPU usage by function, and memory page swapping information.