Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi

Network owners are entities that contain domains. Domains are entities that contain IP addresses.

Depending on the view you select, the Incoming Mail Details interactive table displays the top IP 
addresses, domains, or network owners that have sent mail to all public listeners configured on the Email 
Security appliances. You can monitor the flow of all mail into your appliances. 

Click an IP address, domain, or network owner to access details about the sender on the Sender Profile 
page. The Sender Profile page is an Incoming Mail page that is specific to a particular IP address, 
domain, or network owner.

To access the mail flow information by sender group, click the Sender Groups Report link at the bottom 
of the Incoming Mail page. See 

. 

Messages reported on the Incoming Mail page are categorized as follows:

All connections blocked by HAT policies multiplied by a 
fixed multiplier (see the 

) plus all recipients blocked by 

recipient throttling.

The value for Stopped by Reputation Filtering is calculated 
based on several factors:

Number of “throttled” messages from this sender

Number of rejected or TCP refused connections (may be 
a partial count)

A conservative multiplier for the number of messages per 
connection

When the appliance is under heavy load, an exact count of 
rejected connections is not maintained on a per-sender basis. 
Instead, rejected connections counts are maintained only for 
the most significant senders in each time interval. In this 
situation, the value shown can be interpreted as a “floor”; that 
is, at least this many messages were stopped. 

All mail recipients rejected by conversational LDAP 
rejection plus all RAT rejections.

The total count of messages detected by the anti-spam 
scanning engine as positive or suspect. Additionally, 
messages that are both spam and virus positive.

The total count and percentage of messages detected as virus 
positive and not also spam.