Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
4-12
AsyncOS 8.3.6 for Cisco Content Security Management User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
How Incoming Mail Messages are Counted
AsyncOS counts incoming mail dependent on the number of recipients per message. For example, an
incoming message from example.com sent to three recipients is counted as three messages coming from
that sender.
incoming message from example.com sent to three recipients is counted as three messages coming from
that sender.
Because the messages blocked by sender reputation filtering do not actually enter the work queue, the
appliance does not have access to the list of recipients for an incoming message. In this case, a multiplier
is used to estimate the number of recipients. This multiplier is based on research of a large sampling of
existing customer data.
appliance does not have access to the list of recipients for an incoming message. In this case, a multiplier
is used to estimate the number of recipients. This multiplier is based on research of a large sampling of
existing customer data.
How Email Messages Are Categorized by the Appliances
As messages proceed through the email pipeline, they can apply to multiple categories. For example, a
message can be marked as spam or virus positive; it can also match a content filter. The precedence of
the various filters and scanning activities greatly impacts the results of message processing.
message can be marked as spam or virus positive; it can also match a content filter. The precedence of
the various filters and scanning activities greatly impacts the results of message processing.
In the example above, the various verdicts follow these rules of precedence:
–
Spam positive
–
Virus positive
–
Matching a content filter
Following these rules, if a message is marked as spam positive, and your anti-spam settings are set to
drop spam positive messages, the message is dropped and the spam counter is incremented.
drop spam positive messages, the message is dropped and the spam counter is incremented.
Further, if your anti-spam settings are set to let the spam positive message continue on in the email
pipeline, and a subsequent content filter drops, bounces, or quarantines the message, the spam count is
still incremented. The content filter count is only incremented if the message is not spam or virus
positive.
pipeline, and a subsequent content filter drops, bounces, or quarantines the message, the spam count is
still incremented. The content filter count is only incremented if the message is not spam or virus
positive.
Alternately, if the message were quarantined by Outbreak Filters, it would not be counted until it was
released from the quarantine and again processed through the work queue.
released from the quarantine and again processed through the work queue.
For complete information about message processing precedence, see chapter about the email pipeline in
the online help or user guide for your Email Security appliance.
the online help or user guide for your Email Security appliance.
Categorizing Email Messages on the Overview Page
Messages reported on the Overview page are categorized as follows:
Table 4-4
Email Categories on Overview Page
Category
Description
Stopped by
Reputation Filtering
Reputation Filtering
All connections blocked by HAT policies multiplied by a fixed multiplier
(see the
(see the
)
plus all recipients blocked by recipient throttling.
The Stopped by Reputation Filtering total on the Overview page is always
based on a complete count of all rejected connections. Only the per-sender
connection counts are limited due to load.
based on a complete count of all rejected connections. Only the per-sender
connection counts are limited due to load.
Invalid Recipients
All mail recipients rejected by conversational LDAP rejection plus all RAT
rejections.
rejections.