Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
28-9
Cisco AsyncOS 9.1 for Email User Guide
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
Note
Messages that match a message filter and are not dropped or bounced by the filter are treated as clean.
Messages dropped or bounced by a message filter are not counted in the totals.
Messages dropped or bounced by a message filter are not counted in the totals.
How Messages are Categorized
As messages proceed through the email pipeline, they can apply to multiple categories. For example, a
message can be marked as spam or virus positive, it can also match a content filter. The various verdicts
follow these rules of precedence: Outbreak Filters quarantining (in this case the message is not counted
until it is released from the quarantine and again processed through the work queue), followed by spam
positive, virus positive, and matching a content filter.
message can be marked as spam or virus positive, it can also match a content filter. The various verdicts
follow these rules of precedence: Outbreak Filters quarantining (in this case the message is not counted
until it is released from the quarantine and again processed through the work queue), followed by spam
positive, virus positive, and matching a content filter.
For example, if a message is marked as spam positive, and your anti-spam settings are set to drop spam
positive messages, the message is dropped and the spam counter is incremented. Further, if your
anti-spam settings are set to let the spam positive message continue on in the pipeline, and a subsequent
content filter drops, bounces, or quarantines the message, the spam count is still incremented. The
content filter count is only incremented if the message is not spam or virus positive.
positive messages, the message is dropped and the spam counter is incremented. Further, if your
anti-spam settings are set to let the spam positive message continue on in the pipeline, and a subsequent
content filter drops, bounces, or quarantines the message, the spam count is still incremented. The
content filter count is only incremented if the message is not spam or virus positive.
Incoming Mail Page
The Incoming Mail page provides a mechanism to report on the real-time information being collected
by the Email Security Monitor feature for all remote hosts connecting to your appliance. This allows you
to gather more information about an IP address, domain, and organization (network owner) sending mail
to you. You can perform a Sender Profile search on IP addresses, domains, or organizations that have
sent mail to you.
by the Email Security Monitor feature for all remote hosts connecting to your appliance. This allows you
to gather more information about an IP address, domain, and organization (network owner) sending mail
to you. You can perform a Sender Profile search on IP addresses, domains, or organizations that have
sent mail to you.
The Incoming Mail page has three views: Domain, IP Address, and Network Owner and provides a
snapshot of the remote hosts connecting to the system in the context of the selected view.
snapshot of the remote hosts connecting to the system in the context of the selected view.
It displays a table (Incoming Mail Details) of the top domains (or IP addresses, or network owners,
depending on the view) that have sent mail to all public listeners configured on the appliance. You can
monitor the flow of all mail into your gateway. You can click on any domain/IP/network owner to drill
down to access details about this sender on a Sender Profile page (this is an Incoming Mail page, specific
to the domain/IP/network owner you clicked on).
depending on the view) that have sent mail to all public listeners configured on the appliance. You can
monitor the flow of all mail into your gateway. You can click on any domain/IP/network owner to drill
down to access details about this sender on a Sender Profile page (this is an Incoming Mail page, specific
to the domain/IP/network owner you clicked on).
Not all available columns are displayed by default. You can show a different set of information by
clicking the Columns link below the table. For example, you can show the "Detected by Advanced
Malware Protection" column, which is hidden by default.
clicking the Columns link below the table. For example, you can show the "Detected by Advanced
Malware Protection" column, which is hidden by default.
The Incoming Mail page extends to include a group of pages (Incoming Mail, Sender Profiles, and the
Sender Group Report). From the Incoming Mail pages, you can:
Sender Group Report). From the Incoming Mail pages, you can:
•
Perform a search on IP addresses, domains, or organizations (network owners) that have sent mail
to you.
to you.
•
View the Sender Groups report to see connections via a specific sender group and mail flow policy
actions. See
actions. See
for more information.
•
See detailed statistics on senders which have sent mail to you, including the number of attempted
messages broken down by security service (sender reputation filtering, anti-spam, anti-virus, etc.).
messages broken down by security service (sender reputation filtering, anti-spam, anti-virus, etc.).
•
Sort by senders who have sent you a high volume of spam or virus email, as determined by anti-spam
or anti-virus security services.
or anti-virus security services.
•
Use the SenderBase Reputation service to drill down on and examine the relationship between
specific IP addresses, domains, and organizations to obtain more information about a sender.
specific IP addresses, domains, and organizations to obtain more information about a sender.