Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
7-6
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 7 Reputation Filtering
Configuring Reputation Filtering
Configure reputation filtering via the Mail Policies > HAT Overview page. For more information, see
.
Conservative
A conservative approach is to block messages with a SenderBase Reputation Score lower than -4.0,
throttle between -4.0 and -2.0, apply the default policy between -2.0 and +6.0, and apply the trusted
policy for messages with a score greater than +6.0. Using this approach ensures a near zero false positive
rate while achieving better system performance.
throttle between -4.0 and -2.0, apply the default policy between -2.0 and +6.0, and apply the trusted
policy for messages with a score greater than +6.0. Using this approach ensures a near zero false positive
rate while achieving better system performance.
Moderate
A moderate approach is to block messages with a SenderBase Reputation Score lower than -3.0, throttle
between -3.0 and 0, apply the default policy between 0 and +6.0, and apply the trusted policy for
messages with a score greater than +6.0. Using this approach ensures a very small false positive rate
while achieving better system performance (because more mail is shunted away from Anti-Spam
processing).
between -3.0 and 0, apply the default policy between 0 and +6.0, and apply the trusted policy for
messages with a score greater than +6.0. Using this approach ensures a very small false positive rate
while achieving better system performance (because more mail is shunted away from Anti-Spam
processing).
Aggressive
An aggressive approach is to block messages with a SenderBase Reputation Score lower than -2.0,
throttle between -2.0 and 0.5, apply the default policy between 0 and +4.0, and apply the trusted policy
for messages with a score greater than +4.0. Using this approach, you might incur some false positives;
however, this approach maximizes system performance by shunting the most mail away from Anti-Spam
processing.
throttle between -2.0 and 0.5, apply the default policy between 0 and +4.0, and apply the trusted policy
for messages with a score greater than +4.0. Using this approach, you might incur some false positives;
however, this approach maximizes system performance by shunting the most mail away from Anti-Spam
processing.
Note
Users are also recommended to assign all messages with a SenderBase Reputation Score greater than 6.0
to the $TRUSTED policy.
to the $TRUSTED policy.
The steps below outline a phased approach to implementing reputation filtering:
Table 7-2
Recommended Phased Approach to Implementing Reputation Filtering using the
SBRS
SBRS
Policy
Blacklist
Throttle
Default
Whitelist
Conservative
-10 to -4
-4 to -2
-2 to 7
7 to 10
Moderate
-10 to -3
-3 to -1
-1 to 6
6 to 10
Aggressive
-10 to -2
-2 to -0.5
-0.5 to 4
4 to 10
Policy:
Characteristics:
Mail Flow Policy to Apply:
Conservative:
Near zero false positives, better performance
$BLOCKED
Moderate:
Very few false positives, high performance
$THROTTLED
Aggressive:
Some false positives, maximum performance
$DEFAULT