Cisco Cisco Email Security Appliance C690 Guida Utente
Chapter 8 Anti-Spam
8-28
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Evaluating Anti-Spam Efficacy
Cisco strongly recommends evaluating the product using a live mail stream
directly from the Internet. This is because IronPort Anti-Spam and IronPort
Intelligent Multi-Scan rules are added quickly to prevent active spam attacks and
quickly expire once attacks have passed. Testing using old messages will
therefore lead to inaccurate test results.
directly from the Internet. This is because IronPort Anti-Spam and IronPort
Intelligent Multi-Scan rules are added quickly to prevent active spam attacks and
quickly expire once attacks have passed. Testing using old messages will
therefore lead to inaccurate test results.
Using the
X-Advertisement: spam
header is the best method to test if your system
configuration is correctly handling a message that would be considered spam if it
were “live.” Use the
were “live.” Use the
trace
command (see
Debugging Mail Flow Using Test
Messages: Trace, page -446
) or see the following example.
Common pitfalls to avoid while evaluating include:
•
Evaluating using resent or forwarded mail or cut-and-pasted spam messages
Mail lacking the proper headers, connecting IP, signatures, etc. will result in
inaccurate scores.
inaccurate scores.
•
Testing “hard spam” only
Removing the “easy spam” using SBRS, blacklists, message filters, etc. will
result in a lower overall catch rate percentage.
result in a lower overall catch rate percentage.
•
Resending spam caught by another anti-spam vendor
•
Testing older messages
CASE adds and removes rules rapidly based on current threats. Testing using
an older collection of messages will significantly distort the results.
an older collection of messages will significantly distort the results.
Example
Use SMTP commands to send a test message with the
X-advertisement: spam
header to an address to which you have access. Ensure that the mail policy is
configured to receive messages for the test address (see
configured to receive messages for the test address (see
the HAT will accept the test connection.
# telnet IP_address_of_IronPort_Appliance_with_IronPort_Anti-Spam
port
220 hostname ESMTP