Cisco Cisco Email Security Appliance C170 Guía Del Usuario
6-7
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 6 Sender Reputation Filtering
Entering Low SBRS Scores in the Message Subject
Note
In the $THROTTLED policy, the maximum recipients per hour from the remote host is set to 20
recipients per hour, by default. Note that this setting controls the maximum throttling available. You can
increase the number of recipients to receive per hour if this parameter is too aggressive. For more
information on Default Host Access policies, see
recipients per hour, by default. Note that this setting controls the maximum throttling available. You can
increase the number of recipients to receive per hour if this parameter is too aggressive. For more
information on Default Host Access policies, see
.
Monitoring the Status of the SenderBase Reputation Services
The SenderBase Reputation Score Service sends the SRBS scores to the appliance. The SenderBase
Network Server sends the appliance information about the IP addresses, domains, and organizations that
are sending mail to you. AsyncOS uses this data for its reporting and email monitoring features.
Network Server sends the appliance information about the IP addresses, domains, and organizations that
are sending mail to you. AsyncOS uses this data for its reporting and email monitoring features.
To view the status of the connections to these services, select Security Services > SenderBase.
The
sbstatus
command in CLI displays the same information.
Entering Low SBRS Scores in the Message Subject
Although Cisco recommends throttling, an alternate way to use the SenderBase Reputation Service is to
modify the subject line of suspected spam messages. To do this, use the message filter shown in
modify the subject line of suspected spam messages. To do this, use the message filter shown in
. This filter uses the
reputation
filter rule and the
strip-header
and
insert-header
filter
actions to replace the subject line of messages having a SenderBase Reputation Score lower than -2.0
with a subject line that includes the actual SenderBase Reputation Score represented as:
with a subject line that includes the actual SenderBase Reputation Score represented as:
{Spam
SBRS
}
.
Replace listener_name in this example with the name of your public listener. (The period on its own line
is included so that you can cut and paste this text directly into the command line interface of the
is included so that you can cut and paste this text directly into the command line interface of the
filters
command.)
Table 6-2
Message Filter to Modify Subject Header with SBRS: Example 1
sbrs_filter:
if ((recv-inj == "listener_name" AND subject != "\\{Spam -?[0-9.]+\\}"))
{
insert-header("X-SBRS", "$REPUTATION");
if (reputation <= -2.0)
{
strip-header("Subject");
insert-header("Subject", "$Subject \\{Spam $REPUTATION\\}");
}
}
.