Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
28-23
Cisco AsyncOS 9.0 for Email User Guide
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
Inbound SMTP Authentication Page
The Inbound SMTP Authentication page shows the use of client certificates and the SMTP AUTH
command to authenticate SMTP sessions between the Email Security appliance and users’ mail clients.
If the appliance accepts the certificate or SMTP AUTH command, it will establish a TLS connection to
the mail client, which the client will use to send a message. Since it is not possible for the appliance to
track these attempts on a per-user basis, the report shows details on SMTP authentication based on the
domain name and domain IP address.
command to authenticate SMTP sessions between the Email Security appliance and users’ mail clients.
If the appliance accepts the certificate or SMTP AUTH command, it will establish a TLS connection to
the mail client, which the client will use to send a message. Since it is not possible for the appliance to
track these attempts on a per-user basis, the report shows details on SMTP authentication based on the
domain name and domain IP address.
Use this report to determine the following information:
•
Overall, how many incoming connection use SMTP authentication?
•
How many connections use a client certificated?
•
How many connections use SMTP AUTH?
•
What domains are failing to connect when attempting to use SMTP authentication?
•
How many connections are successfully using the fall-back when SMTP authentication fails?
The Inbound SMTP Authentication page includes a graph for received connections, a graph for mail
recipients who attempted an SMTP authentication connection, and a table with details on the attempts
to authenticate connections.
recipients who attempted an SMTP authentication connection, and a table with details on the attempts
to authenticate connections.
The Received Connections graph shows the incoming connections from mail clients that attempt to
authentication their connections using SMTP authentication over the time range you specify. The graph
displays the total number of connections the appliance received, the number that did not attempt to
authenticate using SMTP authentication, the number that failed and succeeded to authenticate the
connection using a client certificate, and the number that failed and succeeded to authenticate using the
SMTP AUTH command.
authentication their connections using SMTP authentication over the time range you specify. The graph
displays the total number of connections the appliance received, the number that did not attempt to
authenticate using SMTP authentication, the number that failed and succeeded to authenticate the
connection using a client certificate, and the number that failed and succeeded to authenticate using the
SMTP AUTH command.
The Received Recipients graph displays the number of recipients whose mail clients attempted to
authenticate their connections to the Email Security appliances to send messages using SMTP
authentication. The graph also show the number of recipients whose connections were authenticated and
the number of recipients whose connections were not authenticated.
authenticate their connections to the Email Security appliances to send messages using SMTP
authentication. The graph also show the number of recipients whose connections were authenticated and
the number of recipients whose connections were not authenticated.
The SMTP Authentication details table displays details for the domains whose users attempt to
authenticate their connections to the Email Security appliance to send messages. For each domain, you
can view the number of connection attempts using a client certificate that were successful or failed, the
number of connection attempts using the SMTP AUTH command that were successful or failed, and the
number that fell back to the SMTP AUTH after their client certificate connection attempt failed. You can
use the links at the top of the page to display this information by domain name or domain IP address.
authenticate their connections to the Email Security appliance to send messages. For each domain, you
can view the number of connection attempts using a client certificate that were successful or failed, the
number of connection attempts using the SMTP AUTH command that were successful or failed, and the
number that fell back to the SMTP AUTH after their client certificate connection attempt failed. You can
use the links at the top of the page to display this information by domain name or domain IP address.
Rate Limits Page
Rate Limiting by envelope sender allows you to limit the number of email message recipients per time
interval from an individual sender, based on the mail-from address. The Rate Limits report shows you
the senders who most egregiously exceed this limit.
interval from an individual sender, based on the mail-from address. The Rate Limits report shows you
the senders who most egregiously exceed this limit.
Use this report to help you identify the following:
•
Compromised user accounts that might be used to send spam in bulk.
•
Out-of-control applications in your organization that use email for notifications, alerts, automated
statements, etc.
statements, etc.
•
Sources of heavy email activity in your organization, for internal billing or resource-management
purposes.
purposes.