Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Group by Similarity of 
IP Addresses: 
(significant bits 0-32) 

Used to track and rate limit incoming mail on a per-IP 
address basis while managing entries in a listener’s 
Host Access Table (HAT) in large CIDR blocks. You 
define a range of significant bits (from 0 to 32) by 
which to group similar IP addresses for the purposes of 
rate limiting, while still maintaining an individual 
counter for each IP address within that range. Requires 
“Use SenderBase” to be disabled. For more information 
about HAT significant bits, see “HAT Significant Bits 
Feature” in the “Configuring Routing and Delivery 
Features” chapter of the Cisco IronPort AsyncOS for 
Email Advanced Configuration Guide.

Directory Harvest 
Attack Prevention: 
Maximum Invalid 
Recipients Per Hour

The maximum number of invalid recipients per hour 
this listener will receive from a remote host. This 
threshold represents the total number of RAT rejections 
and SMTP call-ahead server rejections combined with 
the total number of messages to invalid LDAP 
recipients dropped in the SMTP conversation or 
bounced in the work queue (as configured in the LDAP 
accept settings on the associated listener). For more 
information on configuring DHAP for LDAP accept 
queries, see “LDAP Queries” in the Cisco IronPort 
AsyncOS for Email Advanced Configuration Guide.

Directory Harvest 
Attack Prevention: 
Drop Connection if 
DHAP threshold is 
Reached within an 
SMTP Conversation

The Cisco IronPort appliance will drop a connection to 
a host if the threshold of invalid recipients is reached.

Max. Invalid 
Recipients Per Hour 
Code:

Specify the code to use when dropping connections. 
The default code is 550.