Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

IronPort Reputation Filter technology aims to shunt as much mail as possible 
from the remaining security services processing that is available on the IronPort 
appliance. (See 

.) 

When enabling reputation filtering, mail from known bad senders is simply 
refused. Known good mail from global 2000 companies is automatically routed 
around the spam filters, reducing the chance of false positives. Unknown, or 
“grey” email is routed to the anti-spam scanning engine. Using this approach, 
reputation filters can reduce the load on the content filters by as much as 50%.

 lists a set of recommended policies for implementing SenderBase 

reputation filtering. Depending on the objectives of your enterprise, you can 
implement a conservative, moderate, or aggressive approach. 

Although IronPort recommends throttling, an alternative for implementing the 
SenderBase Reputation Service is to modify the subject line of suspected spam 
messages. To do this, use the following message filter shown in 

filter uses the 

reputation

 filter rule and the 

strip-header

 and 

insert-header

 

filter actions to replace the subject line of messages with a SenderBase Reputation 
Score lower than -2.0 with a subject line that includes the actual SenderBase 
Reputation Score represented as:

. Replace listener_name in this 

example with the name of your public listener. (The period on its own line is 
included so that you can cut and paste this text directly into the command line 
interface of the 

filters

 command.)