Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
7-25
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
SenderBase Settings and Mail Flow Policies
This feature also appears in the GUI in the Mail Policies > Mail Flow Policies page.
Figure 7-3
Enable the HAT Significant Bits Feature
When the option to use SenderBase for flow control is set to “OFF” or Directory Harvest Attack
Prevention is enabled, the “significant bits” value is applied to the connecting sender’s IP address, and
the resulting CIDR notation is used as the token for matching defined sender groups within the HAT.
Any rightmost bits that are covered by the CIDR block are “zeroed out” when constructing the string.
Thus, if a connection from the IP address 1.2.3.4 is made and matches on a policy with the
significant_bits option set to 24, the resultant CIDR block would be 1.2.3.0/24. So by using this feature,
the HAT sender group entry (for example, 10.1.1.0/24) can have a different number of network
significant bits (24) from the significant bits entry in the policy assigned to that group (32, in the example
above).
Prevention is enabled, the “significant bits” value is applied to the connecting sender’s IP address, and
the resulting CIDR notation is used as the token for matching defined sender groups within the HAT.
Any rightmost bits that are covered by the CIDR block are “zeroed out” when constructing the string.
Thus, if a connection from the IP address 1.2.3.4 is made and matches on a policy with the
significant_bits option set to 24, the resultant CIDR block would be 1.2.3.0/24. So by using this feature,
the HAT sender group entry (for example, 10.1.1.0/24) can have a different number of network
significant bits (24) from the significant bits entry in the policy assigned to that group (32, in the example
above).
Injection Control Periodicity
A global configuration option exists to allow you to adjust when the injection control counters are reset.
For very busy systems maintaining counters for a very large number of different IP addresses,
configuring the counters to be reset more frequently (for example, every 15 minutes instead of every 60
minutes) will ensure that the data does not grow to an unmanageable size and impact system
performance.
For very busy systems maintaining counters for a very large number of different IP addresses,
configuring the counters to be reset more frequently (for example, every 15 minutes instead of every 60
minutes) will ensure that the data does not grow to an unmanageable size and impact system
performance.
[]> 2345
Would you like to specify a custom SMTP limit exceeded response? [Y]> n
Would you like to use SenderBase for flow control by default? [N]> n
Would you like to group hosts by the similarity of their IP addresses? [N]> y
Enter the number of bits of IP address to treat as significant, from 0 to 32.
[24]>