Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The time range options that you see will differ if you have enabled Centralized Reporting. For details, 
see information about Centralized Reporting Mode in the “Cisco IronPort M-Series Security 
Management Appliance” chapter of the Cisco IronPort AsyncOS for Email Security Configuration 
Guide. 

The top senders which have connected to public listeners of the appliance are listed in the External 
Domains Received listing table at the bottom of the Incoming Mail page, based on the view selected. 
Click the column headings to sort the data. See 

 for an explanation of the 

various categories.

The system acquires and verifies the validity of the remote host’s IP address (that is, the domain) by 
performing a double DNS lookup. For more information about double DNS lookups and sender 
verification, see the “Configuring the Gateway to Receive Email” chapter in the Cisco IronPort AsyncOS 
for Email Configuration Guide.

The Sender Detail listing has two views, Summary and All.

The default Sender Detail view shows the total number of attempted messages for each sender, and 
includes a breakdown by category (the same categories as the Incoming Mail Summary graph on the 
Overview page: number of clean messages, stopped by reputation filtering, invalid recipients, spam 
detected, virus detected, stopped by content filter). It also shows the total number of threat messages 
(messages stopped by reputation or stopped as invalid recipient, spam, and viruses).

The value for Stopped by Reputation Filtering is calculated based on several factors:

- Number of “throttled” messages from this sender.

- Number of rejected or TCP refused connections (may be a partial count).

- A conservative multiplier for the number of messages per connection. 

When the appliance is under heavy load, an exact count of rejected connections is not maintained on a 
per-sender basis. Instead, rejected connections counts are maintained only for the most significant 
senders in each time interval. In this situation, the value shown can be interpreted as a “floor”; in other 
words, at least this many messages were stopped. 

The Stopped by Reputation Filtering total on the Overview page is always based on a complete count of 
all rejected connections. Only the per-sender connection counts are ever limited due to load.

the last 7 days + the elapsed hours of the current day 

the last 30 days + the elapsed hours of the current day 

the last 90 days + the elapsed hours of the current day 

00:00 to 23:59 (midnight to 11:59 PM) 

00:00 of the first day of the month to 23:59 of the last 
day of the month

the range enclosed by the start date and hour and the 
end date and hour that you specify