Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
7-5
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Defining Remote Hosts into Sender Groups
or simply rotating through different domain names. This leaves many mail administrators asking
themselves the fundamental question, “Who is sending me all of this email?” To answer this question,
the SenderBase Reputation Service has developed a unique hierarchy for aggregating identity-based
information based on the IP address of the connecting host — the one thing that is almost impossible for
a sender to forge in a message.
themselves the fundamental question, “Who is sending me all of this email?” To answer this question,
the SenderBase Reputation Service has developed a unique hierarchy for aggregating identity-based
information based on the IP address of the connecting host — the one thing that is almost impossible for
a sender to forge in a message.
An IP Address is defined as the IP address of the sending mail host. The Email Security appliance
supports both Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses.
supports both Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses.
A Domain is defined as an entity that uses hostnames with a given second-level domain name (for
example, yahoo.com), as determined by a reverse (PTR) lookup on the IP address.
example, yahoo.com), as determined by a reverse (PTR) lookup on the IP address.
A Network Owner is defined as an entity (usually a company) that controls a block of IP addresses, as
determined based on IP address space assignments from global registries such as ARIN (the American
Registry for Internet Numbers) and other sources.
determined based on IP address space assignments from global registries such as ARIN (the American
Registry for Internet Numbers) and other sources.
An Organization is defined as an entity that most closely controls a particular group of mail gateways
within a network owner’s IP block, as determined by SenderBase. An Organization may be the same as
the Network Owner, a division within that Network Owner, or a customer of that Network Owner.
within a network owner’s IP block, as determined by SenderBase. An Organization may be the same as
the Network Owner, a division within that Network Owner, or a customer of that Network Owner.
Setting Policies Based on the HAT
As network owners can range dramatically in size, the appropriate entity to base your mail flow policy
on is the organization. The SenderBase Reputation Service has a unique understanding of the source of
the email down to the organization level, which the appliance leverages to automatically apply policies
based on the organization. In the example above, if a user specified “Level 3 Communications” as a
sender group in the Host Access Table (HAT), SenderBase will enforce policies based on the individual
organizations controlled by that network owner.
on is the organization. The SenderBase Reputation Service has a unique understanding of the source of
the email down to the organization level, which the appliance leverages to automatically apply policies
based on the organization. In the example above, if a user specified “Level 3 Communications” as a
sender group in the Host Access Table (HAT), SenderBase will enforce policies based on the individual
organizations controlled by that network owner.
For example, in the table above, if a user enters a limit of 10 recipients per hour for Level 3, the appliance
will allow up to 10 recipients per hour for Macromedia Inc., Alloutdeals.com and Greatoffers.com (a
total of 30 recipients per hour for the Level 3 network owner). The advantage of this approach is that if
one of these organizations begins spamming, the other organizations controlled by Level 3 will not be
impacted. Contrast this to the example of “The Motley Fool” network owner. If a user sets rate limiting
to 10 recipients per hour, the Motley Fool network owner will receive a total limit of 10 recipients per
hour.
will allow up to 10 recipients per hour for Macromedia Inc., Alloutdeals.com and Greatoffers.com (a
total of 30 recipients per hour for the Level 3 network owner). The advantage of this approach is that if
one of these organizations begins spamming, the other organizations controlled by Level 3 will not be
impacted. Contrast this to the example of “The Motley Fool” network owner. If a user sets rate limiting
to 10 recipients per hour, the Motley Fool network owner will receive a total limit of 10 recipients per
hour.
The Mail Flow Monitor feature is a way of defining the sender and providing you with monitoring tools
to create mail flow policy decisions about the sender. To create mail flow policy decisions about a given
sender, ask these questions:
to create mail flow policy decisions about the sender. To create mail flow policy decisions about a given
sender, ask these questions:
Table 7-2
Example of Network Owners and Organizations
Example Type
Network Owner
Organization
Network Service Provider
Level 3 Communications
Macromedia Inc.
AllOutDeals.com
GreatOffers.com
Email Service Provider
GE
GE Appliances
GE Capital
GE Mortgage
Commercial Sender
The Motley Fool
The Motley Fool