Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
6-2
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 6 Email Security Manager
•
Drop dangerous executable attachments for all users except those in the System Administrator
group.
group.
•
Scan and attempt to repair viruses in messages destined for the Engineering organization, but drop
infected attachments for all messages sent to the address
infected attachments for all messages sent to the address
jobs@example.com
.
•
Scan all outgoing messages using RSA Email Data Loss Prevention (DLP) for possible confidential
information. If a message matches, quarantine the message and send a blind-carbon copy to the
Legal department.
information. If a message matches, quarantine the message and send a blind-carbon copy to the
Legal department.
Note
If you are using RSA Enterprise Manager for DLP, the outgoing mail policy is assigned to a DLP
policy in Enterprise Manager. See
policy in Enterprise Manager. See
for more information.
•
If an incoming message contains an MP3 attachment, quarantine the message and send a message
to the intended recipient with instructions for calling the Network Operations Center to retrieve the
message. Expire such messages after 10 days.
to the intended recipient with instructions for calling the Network Operations Center to retrieve the
message. Expire such messages after 10 days.
•
Include a disclaimer to all outgoing mail from the Executive Staff with the company’s newest tag
line, but include a different “forward-looking statements” disclaimer to all outgoing mail from the
Public Relations organization.
line, but include a different “forward-looking statements” disclaimer to all outgoing mail from the
Public Relations organization.
•
Enable the Outbreak Filters feature for all incoming messages, but bypass scanning for messages
with links to example.com or attachments whose file extension is
with links to example.com or attachments whose file extension is
.dwg
.
Note
Content dictionaries, disclaimers, and notification templates must be created before they can be
referenced by content filters. For more information, see
referenced by content filters. For more information, see
.
Incoming vs. Outgoing Messages
Two policy tables are defined in the Email Security Manager: one table for messages from sending hosts
that are stipulated by HAT policies with the “Accept” behavior, the other table for sending hosts qualified
as having HAT “Relay” behavior. The former table is the incoming policy table, the latter is the outgoing
policy table.
that are stipulated by HAT policies with the “Accept” behavior, the other table for sending hosts qualified
as having HAT “Relay” behavior. The former table is the incoming policy table, the latter is the outgoing
policy table.
•
Incoming messages are messages received from connections that match an ACCEPT HAT policy in
any listener.
any listener.
•
Outgoing messages are messages from connections that match a RELAY HAT policy in any listener.
This includes any connection that was authenticated with SMTP AUTH.
This includes any connection that was authenticated with SMTP AUTH.
Note
In certain installations, “internal” mail being routed through the Cisco IronPort appliance will be
considered outgoing, even if all the recipients are addressed to internal addresses. For example, by
default for Cisco IronPort C10/100 customers, the system setup wizard will configure only one physical
Ethernet port with one listener for receiving inbound email and relaying outbound email.
considered outgoing, even if all the recipients are addressed to internal addresses. For example, by
default for Cisco IronPort C10/100 customers, the system setup wizard will configure only one physical
Ethernet port with one listener for receiving inbound email and relaying outbound email.
For many configurations, you can think of the incoming table as Public, while the Outgoing table is
Private, although both could be used by a single listener. The policy table used on a particular message
is not dependant on the direction of the message, with respect to sender or recipient addresses, out to the
internet or in to an intranet.
Private, although both could be used by a single listener. The policy table used on a particular message
is not dependant on the direction of the message, with respect to sender or recipient addresses, out to the
internet or in to an intranet.