Cisco Cisco Email Security Appliance X1070 トラブルシューティングガイド
Blacklist a Malicious or Problem Sender on the
ESA
ESA
Document ID: 118219
Contributed by John Yu and Andreas Mueller, Cisco TAC Engineers.
Aug 12, 2014
Aug 12, 2014
Contents
Introduction
Blacklist a Malicious or Problem Sender
Blacklist a Sender via the GUI
Blacklist a Sender via the CLI
Blacklist a Malicious or Problem Sender
Blacklist a Sender via the GUI
Blacklist a Sender via the CLI
Introduction
This document describes how to add a malicious IP address or domain name to your blacklist on a Cisco
Email Security Appliance (ESA).
Email Security Appliance (ESA).
Blacklist a Malicious or Problem Sender
The easiest way to blacklist a sender is to add their IP address or domain name to the BLACKLIST sender
group within the ESA Host Access Table (HAT). The BLACKLIST sender group uses the $BLOCKED mail
flow policy, which has an access rule of REJECT.
group within the ESA Host Access Table (HAT). The BLACKLIST sender group uses the $BLOCKED mail
flow policy, which has an access rule of REJECT.
Note
: The IP address or the domain name is from the sending mail server. The IP address from the sending
mail server can be captured from message tracking or in the mail logs, if not known.
Blacklist a Sender via the GUI
Complete these steps in order to blacklist a sender via the GUI:
Click Mail Policies.
1.
Select HAT Overview.
2.
If there are multiple listeners configured on the ESA, ensure that the InboundMail listener is currently
selected.
selected.
3.
Select BLACKLIST from the Sender Group column.
4.
Click Add Sender....
5.
Enter the IP address or domain name that you wish to blacklist. These formats are allowed:
IPv6 addresses, such as 2001:420:80:1::5
♦
IPv6 subnets, such as 2001:db8::/32
♦
IPv4 addresses, such as 10.1.1.0
♦
IPv4 subnets, such as 10.1.1.0/24 or 10.2.3.1
♦
IPv4 and IPv6 address ranges, such as 10.1.1.10-20, 10.1.1-5, or 2001::2-2001::10
♦
6.