Cisco Cisco Email Security Appliance C170 Guía Del Usuario
1-16
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 1 Customizing Listeners
SenderBase Settings and HAT Mail Flow Policies
In order to classify connections to the appliance and apply mail flow policies (which may or may not
contain rate limiting), a listener's Host Access Table (HAT) uses the following methodology:
contain rate limiting), a listener's Host Access Table (HAT) uses the following methodology:
For more information, refer to “Sender Groups Defined by Network Owners, Domains, and IP
Addresses” in the “Configuring the Gateway to Receive Email” chapter of the Cisco IronPort AsyncOS
for Email Configuration Guide.
Addresses” in the “Configuring the Gateway to Receive Email” chapter of the Cisco IronPort AsyncOS
for Email Configuration Guide.
The “Classification” stage uses the sending host’s IP address to classify an inbound SMTP session
(received on a public listener) into a Sender Group. The Mail Flow Policy associated with that Sender
Group may have parameters for rate limiting enabled. (Rate limiting limits the maximum number of
messages per session, the maximum number of recipients per message, the maximum message size,
and/or the maximum number of concurrent connections you are willing to accept from a remote host.)
(received on a public listener) into a Sender Group. The Mail Flow Policy associated with that Sender
Group may have parameters for rate limiting enabled. (Rate limiting limits the maximum number of
messages per session, the maximum number of recipients per message, the maximum message size,
and/or the maximum number of concurrent connections you are willing to accept from a remote host.)
Normally, in this process, recipients are counted against each sender in the corresponding named sender
group. If mail is received from several senders in the same hour, the total recipients for all senders is
compared against the limit.
group. If mail is received from several senders in the same hour, the total recipients for all senders is
compared against the limit.
There are some exceptions to this counting methodology:
Step 1
If the classification is done by Network Owner, then the SenderBase Information Service will
automatically divide a large block of addresses into smaller blocks.
automatically divide a large block of addresses into smaller blocks.
Counting of recipients and recipient rate limiting is done separately for each of these smaller blocks
(usually, but not always, the equivalent of a /24 CIDR block).
(usually, but not always, the equivalent of a /24 CIDR block).
Step 2
If the HAT Significant Bits feature is used. In this case, a large block of addresses may be divided into
smaller blocks by applying the significant bits parameter associated with the policy.
smaller blocks by applying the significant bits parameter associated with the policy.
Maximum Recipients per
Hour
Hour
max_rcpts_per_hour
Number
5k
Maximum Recipients per
Hour Error Code
Hour Error Code
max_rcpts_per_hour_code
Number
452
Maximum Recipients per
Hour Text (*)
Hour Text (*)
max_rcpts_per_hour_text
String
Too many
recipients
Use SenderBase
use_sb
on | off
on
Define SenderBase
Reputation Score
Reputation Score
sbrs[value1:value2]
-10.0- 10.0
sbrs[-10:-7.5]
Directory Harvest Attack
Prevention: Maximum
Invalid Recipients Per
Hour
Prevention: Maximum
Invalid Recipients Per
Hour
dhap_limit
Number
150
Table 1-5
Advanced HAT Parameter Syntax
Parameter
Syntax
Values
Example Values
Classification -> Sender Group -> Mail Flow Policy -> Rate
Limiting
Limiting