Cisco Cisco Email Security Appliance C160 Mode D'Emploi
27-10
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 27 Using Email Security Monitor
Email Security Monitor Pages
When the appliance is under heavy load, an exact count of rejected connections is not maintained on a
per-sender basis. Instead, rejected connections counts are maintained only for the most significant
senders in each time interval. In this situation, the value shown can be interpreted as a “floor”; in other
words, at least this many messages were stopped.
per-sender basis. Instead, rejected connections counts are maintained only for the most significant
senders in each time interval. In this situation, the value shown can be interpreted as a “floor”; in other
words, at least this many messages were stopped.
Note
The Stopped by Reputation Filtering total on the Overview page is always based on a complete count of
all rejected connections. Only the per-sender connection counts are ever limited due to load.
all rejected connections. Only the per-sender connection counts are ever limited due to load.
Additional columns that you can display are:
Connections Rejected: All connections blocked by HAT policies. When the appliance is under heavy
load, an exact count of rejected connections is not maintained on a per-sender basis. Instead, rejected
connections counts are maintained only for the most significant senders in each time interval.
load, an exact count of rejected connections is not maintained on a per-sender basis. Instead, rejected
connections counts are maintained only for the most significant senders in each time interval.
Connections Accepted: All connections accepted
Stopped by Recipient Throttling: This is a component of Stopped by Reputation Filtering. It represents
the number of recipient messages stopped because any of the following HAT limits have been exceeded:
maximum recipients per hour, maximum recipients per message, or maximum messages per connection.
This is summed with an estimate of the recipient messages associated with rejected or TCP refused
connections to yield Stopped by Reputation Filtering.
the number of recipient messages stopped because any of the following HAT limits have been exceeded:
maximum recipients per hour, maximum recipients per message, or maximum messages per connection.
This is summed with an estimate of the recipient messages associated with rejected or TCP refused
connections to yield Stopped by Reputation Filtering.
Detected by Advanced Malware Protection: Messages with attachments that were found to be
malicious by file reputation filtering. This value does not include verdict updates or files found to be
malicious by file analysis.
malicious by file reputation filtering. This value does not include verdict updates or files found to be
malicious by file analysis.
Total Threat: Total number of threat messages (stopped by sender reputation, stopped as invalid
recipient, spam, plus virus).
recipient, spam, plus virus).
Show or hide columns by clicking the Column link at the bottom of the table.
Sort the listing by clicking the column header links. A small triangle beside the column header indicates
the column by which the data is currently sorted.
the column by which the data is currently sorted.
“No Domain Information”
Domains which have connected to the appliance and could not be verified with a double-DNS lookup
are automatically grouped into the special domain “No Domain Information.” You can control how these
types of unverified hosts are managed via Sender Verification. See
are automatically grouped into the special domain “No Domain Information.” You can control how these
types of unverified hosts are managed via Sender Verification. See
You can select the number of senders to show in the listing via the Items Displayed menu.
Querying for More Information
For senders listed in the Email Security Monitor table, click the sender (or “No Domain Information”
link) to drill down for more information on the particular sender. The results are displayed on a Sender
Profile page which includes real-time information from the SenderBase Reputation Service. From the
Sender Profile page, you can drill down for more information on specific IP addresses or network owners
(see
link) to drill down for more information on the particular sender. The results are displayed on a Sender
Profile page which includes real-time information from the SenderBase Reputation Service. From the
Sender Profile page, you can drill down for more information on specific IP addresses or network owners
(see
).
You can also view another report, the Sender Groups report, by clicking the Sender Groups report link
at the bottom of the Incoming Mail page. For more information about Sender Groups reports, see
at the bottom of the Incoming Mail page. For more information about Sender Groups reports, see