Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The SenderBase page in the Security Services menu displays the connection status and the timestamp of 
the most recent query from the appliance to the SenderBase Network Status Server and SenderBase 
Reputation Score Service. The SenderBase Reputation Score Service sends the SRBS scores to the 
appliance. The SenderBase Network Server sends the appliance information about the IP addresses, 
domains, and organizations that are sending mail to you. AsyncOS uses this data for its reporting and 
email monitoring features.

The 

sbstatus

 command in CLI displays the same information.

Although Cisco recommends throttling, an alternate way to use the SenderBase Reputation Service is to 
modify the subject line of suspected spam messages. To do this, use the message filter shown in 

. This filter uses the 

reputation

 filter rule and the 

strip-header

 and 

insert-header

 filter 

actions to replace the subject line of messages having a SenderBase Reputation Score lower than -2.0 
with a subject line that includes the actual SenderBase Reputation Score represented as:

. 

Replace listener_name in this example with the name of your public listener. (The period on its own line 
is included so that you can cut and paste this text directly into the command line interface of the 

filters

 

command.) 

sbrs_filter: 

if ((recv-inj == "listener_name" AND subject != "\\{Spam -?[0-9.]+\\}")) 

{

       insert-header("X-SBRS", "$REPUTATION");

       if (reputation <= -2.0) 

{

       strip-header("Subject");

       insert-header("Subject", "$Subject \\{Spam $REPUTATION\\}");

      }

 }

.