Cisco Cisco Email Security Appliance X1070 Guide De Dépannage
This document explains how to test your Anti−Spam setup by sending a sample spam message through your
Cisco Email Security Appliance (ESA). First, you need to make sure that Anti−Spam is enabled on the server.
This can be verified by logging on to the web interface and selecting 'Security Services' tab and then
'Anti−Spam', and make sure it is enabled. Also make sure that your Incoming Mail Policies have Anti−Spam
settings enabled. You can confirm that by going to 'Mail Policies' then 'Incoming Mail Policies', and modify
the policy spam settings by clicking on the hyperlink under Anti−Spam.
Cisco Email Security Appliance (ESA). First, you need to make sure that Anti−Spam is enabled on the server.
This can be verified by logging on to the web interface and selecting 'Security Services' tab and then
'Anti−Spam', and make sure it is enabled. Also make sure that your Incoming Mail Policies have Anti−Spam
settings enabled. You can confirm that by going to 'Mail Policies' then 'Incoming Mail Policies', and modify
the policy spam settings by clicking on the hyperlink under Anti−Spam.
After you have configured your Incoming Mail Policies to take appropriate actions on the spam messages, log
on to the CLI of your ESA. We are going to generate a sample spam message with "X−Advertisement: spam"
header in the mail message. Telnet to your appliance at port 25 and initiate SMTP conversation as showed in
the below example.
on to the CLI of your ESA. We are going to generate a sample spam message with "X−Advertisement: spam"
header in the mail message. Telnet to your appliance at port 25 and initiate SMTP conversation as showed in
the below example.
example.domain.com> telnet mail.example.com 25
Trying 172.19.1.93...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP
ehlo example.com
250−example.com
250−8BITMIME
250 SIZE 104857600
mail from:test@example.com
250 sender <test@example.com> ok
rcpt to:test2@example.com
250 recipient <test2@example.com> ok
data
354 go ahead
X−Advertisement: Spam
Subject: testing spam filter
data
spam test
.
250 ok: Message 44 accepted
quit
Type in 'tail mail_logs' on the CLI of your ESA to watch the message coming in and the output should look
something like it is shown below:
something like it is shown below:
Tue Apr 26 16:33:48 2005 Info: Start MID 44 ICID 28
Tue Apr 26 16:33:48 2005 Info: MID 44 ICID 28 From: <test@example.com>
Tue Apr 26 16:33:53 2005 Info: MID 44 ICID 28 RID 0 To: <test2@example.com>
Tue Apr 26 16:34:18 2005 Info: MID 44 Message−ID '<41faeo$1c@example.com>'
Tue Apr 26 16:34:18 2005 Info: MID 44 Subject 'testing spam filter'
Tue Apr 26 16:34:18 2005 Info: MID 44 ready 84 bytes from <test@example.com>
Tue Apr 26 16:34:18 2005 Info: MID 44 matched all recipients for per−recipient
policy DEFAULT in the inbound table
Tue Apr 26 16:34:18 2005 Info: MID 44 Brightmail positive
Tue Apr 26 16:34:18 2005 Info: Message aborted MID 44 Dropped by case
Tue Apr 26 16:34:18 2005 Info: Message finished MID 44 done
Tue Apr 26 16:34:21 2005 Info: ICID 28 close
The result in the mail logs show that the message was identified as Spam positive and was dropped as defined
in the Anti−Spam incoming mail policy. Please verify that the ESA is taking the appropriate actions as
defined in your Anti−Spam settings.
in the Anti−Spam incoming mail policy. Please verify that the ESA is taking the appropriate actions as
defined in your Anti−Spam settings.