Cisco Cisco Email Security Appliance C170 사용자 가이드

IronPort strongly recommends evaluating the product using a live mail stream 
directly from the Internet. This is because IronPort Anti-Spam and IronPort 
Intelligent Multi-Scan rules are added quickly to prevent active spam attacks and 
quickly expire once attacks have passed. Testing using old messages will 
therefore lead to inaccurate test results.

Using the 

X-Advertisement: spam

 header is the best method to test if your system 

configuration is correctly handling a message that would be considered spam if it 
were “live.” Use the 

trace

 command (see 

) or see the following example.

Common pitfalls to avoid while evaluating include:

Evaluating using resent or forwarded mail or cut-and-pasted spam messages

Mail lacking the proper headers, connecting IP, signatures, etc. will result in 
inaccurate scores.

Testing “hard spam” only

Removing the “easy spam” using SBRS, blacklists, message filters, etc. will 
result in a lower overall catch rate percentage.

Resending spam caught by another anti-spam vendor

Testing older messages

CASE adds and removes rules rapidly based on current threats. Testing using 
an older collection of messages will significantly distort the results.

Use SMTP commands to send a test message with the 

X-advertisement: spam

 

header to an address to which you have access. Ensure that the mail policy is 
configured to receive messages for the test address (see 

) and that 

the HAT will accept the test connection. 

# telnet IP_address_of_IronPort_Appliance_with_IronPort_Anti-Spam 

port

220 hostname ESMTP