Cisco Cisco Email Security Appliance C160 Mode D'Emploi
7-17
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Handling Messages from a Group of Senders in the Same Manner
Group by Similarity of IP
Addresses: (significant bits
0-32)
Addresses: (significant bits
0-32)
Used to track and rate limit incoming mail on a per-IP address basis
while managing entries in a listener’s Host Access Table (HAT) in large
CIDR blocks. You define a range of significant bits (from 0 to 32) by
which to group similar IP addresses for the purposes of rate limiting,
while still maintaining an individual counter for each IP address within
that range. Requires “Use SenderBase” to be disabled. For more
information about HAT significant bits, see “HAT Significant Bits
Feature” in the “Configuring Routing and Delivery Features” chapter of
the Cisco IronPort AsyncOS for Email Advanced Configuration Guide.
while managing entries in a listener’s Host Access Table (HAT) in large
CIDR blocks. You define a range of significant bits (from 0 to 32) by
which to group similar IP addresses for the purposes of rate limiting,
while still maintaining an individual counter for each IP address within
that range. Requires “Use SenderBase” to be disabled. For more
information about HAT significant bits, see “HAT Significant Bits
Feature” in the “Configuring Routing and Delivery Features” chapter of
the Cisco IronPort AsyncOS for Email Advanced Configuration Guide.
Directory Harvest Attack Prevention (DHAP)
Directory Harvest Attack
Prevention: Maximum
Invalid Recipients Per Hour
Prevention: Maximum
Invalid Recipients Per Hour
The maximum number of invalid recipients per hour this listener will
receive from a remote host. This threshold represents the total number
of RAT rejections and SMTP call-ahead server rejections combined
with the total number of messages to invalid LDAP recipients dropped
in the SMTP conversation or bounced in the work queue (as configured
in the LDAP accept settings on the associated listener). For more
information on configuring DHAP for LDAP accept queries, see
“LDAP Queries” in the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
receive from a remote host. This threshold represents the total number
of RAT rejections and SMTP call-ahead server rejections combined
with the total number of messages to invalid LDAP recipients dropped
in the SMTP conversation or bounced in the work queue (as configured
in the LDAP accept settings on the associated listener). For more
information on configuring DHAP for LDAP accept queries, see
“LDAP Queries” in the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
Directory Harvest Attack
Prevention: Drop Connection
if DHAP threshold is
Reached within an SMTP
Conversation
Prevention: Drop Connection
if DHAP threshold is
Reached within an SMTP
Conversation
The Cisco appliance will drop a connection to a host if the threshold of
invalid recipients is reached.
invalid recipients is reached.
Max. Invalid Recipients Per
Hour Code:
Hour Code:
Specify the code to use when dropping connections. The default code is
550.
550.
Max. Invalid Recipients Per
Hour Text:
Hour Text:
Specify the text to use for dropped connections. The default text is “Too
many invalid recipients.”
many invalid recipients.”
Drop Connection if DHAP
threshold is reached within
an SMTP Conversation
threshold is reached within
an SMTP Conversation
Enable to drop connections if the DHAP threshold is reached within an
SMTP conversation.
SMTP conversation.
Max. Invalid Recipients Per
Hour Code
Hour Code
Specify the code to use when dropping connections due to DHAP
within an SMTP conversation. The default code is 550.
within an SMTP conversation. The default code is 550.
Max. Invalid Recipients Per
Hour Text:
Hour Text:
Specify the text to use when dropping connections due to DHAP within
an SMTP conversation.
an SMTP conversation.
Spam Detection
Anti-spam scanning
Enable anti-spam scanning on this listener.
Virus Detection
Anti-virus scanning
Enable the anti-virus scanning on this listener.
Encryption and Authentication
Parameter
Description