Cisco Cisco Email Security Appliance C160 Mode D'Emploi
13-3
Cisco AsyncOS 8.5 for Email User Guide
Chapter 13 Anti-Spam
IronPort Anti-Spam Filtering
IronPort Anti-Spam Filtering
Evaluation Key
Your Cisco appliance ships with a 30-day evaluation key for the Cisco Anti-Spam software. This key is
not enabled until you accept the license agreement in the system setup wizard or Security Services >
IronPort Anti-Spam pages (in the GUI) or the
not enabled until you accept the license agreement in the system setup wizard or Security Services >
IronPort Anti-Spam pages (in the GUI) or the
systemsetup
or
antispamconfig
commands (in the CLI).
Once you have accepted the agreement, Cisco Anti-Spam will be enabled, by default, for the default
incoming Mail Policy. An alert is also sent to the administrator address you configured (see the System
Setup Wizard,
incoming Mail Policy. An alert is also sent to the administrator address you configured (see the System
Setup Wizard,
) noting that the Cisco Anti-Spam license will expire in 30 days.
Alerts are sent 30, 15, 5, and 0 days prior to expiration. For information on enabling the feature beyond
the 30-day evaluation period, contact your Cisco sales representative. You can see how much time
remains on the evaluation via the System Administration > Feature Keys page or by issuing the
the 30-day evaluation period, contact your Cisco sales representative. You can see how much time
remains on the evaluation via the System Administration > Feature Keys page or by issuing the
featurekey
command. (For more information, see
.)
Cisco Anti-Spam: an Overview
IronPort Anti-Spam addresses a full range of known threats including spam, phishing and zombie
attacks, as well as hard-to-detect low volume, short-lived email threats such as “419” scams. In addition,
IronPort Anti-Spam identifies new and evolving blended threats such as spam attacks distributing
malicious content through a download URL or an executable.
attacks, as well as hard-to-detect low volume, short-lived email threats such as “419” scams. In addition,
IronPort Anti-Spam identifies new and evolving blended threats such as spam attacks distributing
malicious content through a download URL or an executable.
To identify these threats, IronPort Anti-Spam examines the full context of a message-its content,
methods of message construction, the reputation of the sender, the reputation of web sites advertised in
the message, and more. IronPort Anti-Spam combines the power of email and web reputation data,
leveraging the full power of the world's largest email and web traffic monitoring network — SenderBase
— to detect new attacks as soon as they begin.
methods of message construction, the reputation of the sender, the reputation of web sites advertised in
the message, and more. IronPort Anti-Spam combines the power of email and web reputation data,
leveraging the full power of the world's largest email and web traffic monitoring network — SenderBase
— to detect new attacks as soon as they begin.
Step 7
If your Email Security appliance does not connect
directly to external senders to receive incoming mail, but
instead receives messages relayed through a mail
exchange, mail transfer agent, or other machine on your
network, ensure that relayed incoming messages include
the original sender IP address.
directly to external senders to receive incoming mail, but
instead receives messages relayed through a mail
exchange, mail transfer agent, or other machine on your
network, ensure that relayed incoming messages include
the original sender IP address.
Step 8
Prevent alert and other messages generated by your
appliance from being incorrectly identified as spam.
appliance from being incorrectly identified as spam.
Step 9
(Optional) Enable URL filtering to strengthen protection
against malicious URLs in messages.
against malicious URLs in messages.
Step 10
Test your configuration.
Step 11
(Optional) Configure settings for service updates
(including anti-spam rules.)
(including anti-spam rules.)
Scanning rules for both anti-spam solutions are retrieved
by default from the Cisco update servers.
by default from the Cisco update servers.
•
•
•
Do This
More Info