Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 5 Configuring the Gateway to Receive Email
5-14
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Group by Similarity of
IP Addresses:
(significant bits 0-32)
IP Addresses:
(significant bits 0-32)
Used to track and rate limit incoming mail on a per-IP
address basis while managing entries in a listener’s
Host Access Table (HAT) in large CIDR blocks. You
define a range of significant bits (from 0 to 32) by
which to group similar IP addresses for the purposes of
rate limiting, while still maintaining an individual
counter for each IP address within that range. Requires
“Use SenderBase” to be disabled. For more information
about HAT significant bits, see “HAT Significant Bits
Feature” in the “Configuring Routing and Delivery
Features” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
address basis while managing entries in a listener’s
Host Access Table (HAT) in large CIDR blocks. You
define a range of significant bits (from 0 to 32) by
which to group similar IP addresses for the purposes of
rate limiting, while still maintaining an individual
counter for each IP address within that range. Requires
“Use SenderBase” to be disabled. For more information
about HAT significant bits, see “HAT Significant Bits
Feature” in the “Configuring Routing and Delivery
Features” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
Directory Harvest Attack Prevention (DHAP)
Directory Harvest
Attack Prevention:
Maximum Invalid
Recipients Per Hour
Attack Prevention:
Maximum Invalid
Recipients Per Hour
The maximum number of invalid recipients per hour
this listener will receive from a remote host. This
threshold represents the total number of RAT rejections
and SMTP call-ahead server rejections combined with
the total number of messages to invalid LDAP
recipients dropped in the SMTP conversation or
bounced in the work queue (as configured in the LDAP
accept settings on the associated listener). For more
information on configuring DHAP for LDAP accept
queries, see “LDAP Queries” in the Cisco IronPort
AsyncOS for Email Advanced Configuration Guide.
this listener will receive from a remote host. This
threshold represents the total number of RAT rejections
and SMTP call-ahead server rejections combined with
the total number of messages to invalid LDAP
recipients dropped in the SMTP conversation or
bounced in the work queue (as configured in the LDAP
accept settings on the associated listener). For more
information on configuring DHAP for LDAP accept
queries, see “LDAP Queries” in the Cisco IronPort
AsyncOS for Email Advanced Configuration Guide.
Directory Harvest
Attack Prevention:
Drop Connection if
DHAP threshold is
Reached within an
SMTP Conversation
Attack Prevention:
Drop Connection if
DHAP threshold is
Reached within an
SMTP Conversation
The Cisco IronPort appliance will drop a connection to
a host if the threshold of invalid recipients is reached.
a host if the threshold of invalid recipients is reached.
Max. Invalid
Recipients Per Hour
Code:
Recipients Per Hour
Code:
Specify the code to use when dropping connections.
The default code is 550.
The default code is 550.
Table 5-3
HAT Mail Flow Policy Parameters (Continued)
Parameter
Description