Руководство Пользователя для Cisco Cisco Email Security Appliance C170
9-12
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 9 Anti-Spam
Monitoring Rules Updates
Once you have accepted the license agreement, the most recent Cisco IronPort Anti-Spam and Cisco
IronPort Intelligent Multi-Scan rules updates are listed on the their corresponding page in the Security
Services menu (GUI) and in the
IronPort Intelligent Multi-Scan rules updates are listed on the their corresponding page in the Security
Services menu (GUI) and in the
antispamstatus
command (CLI).
Note
If the update has not occurred, or a server has not been configured, the string “Never Updated” is
displayed.
displayed.
Figure 9-9
Rules Updates Section of Security Services > IronPort Anti-Spam Page: GUI
Configuring Per-Recipient Policies for Anti-Spam
The Cisco IronPort Anti-Spam and Cisco IronPort Intelligent Multi-Scan solutions process email for
incoming (and outgoing) mail based on policies (configuration options) you configure using the Email
Security Manager feature. Cisco IronPort Anti-Spam and Cisco IronPort Intelligent Multi-Scan scan
messages through their filtering modules for classification. The classification, or verdict, is then returned
for subsequent delivery action. Four verdicts are possible: messages can be identified as not spam,
identified as a unwanted marketing email, positively identified as spam, or suspected to be spam. Actions
taken on messages positively identified as spam, suspected to be spam, or identified as unwanted
marketing messages include:
incoming (and outgoing) mail based on policies (configuration options) you configure using the Email
Security Manager feature. Cisco IronPort Anti-Spam and Cisco IronPort Intelligent Multi-Scan scan
messages through their filtering modules for classification. The classification, or verdict, is then returned
for subsequent delivery action. Four verdicts are possible: messages can be identified as not spam,
identified as a unwanted marketing email, positively identified as spam, or suspected to be spam. Actions
taken on messages positively identified as spam, suspected to be spam, or identified as unwanted
marketing messages include:
•
Specifying a Positive or Suspected Spam threshold.
•
Choosing which overall action to take on unwanted marketing messages, positively identified spam,
or suspected spam messages: deliver, drop, bounce, or quarantine.
or suspected spam messages: deliver, drop, bounce, or quarantine.
•
Archiving messages to an mbox-format log file. You must create a log to enable archiving messages
identified as spam. See
identified as spam. See
•
Altering the subject header of messages identified as spam or marketing.
•
Sending messages to an alternate destination mailhost.
•
Adding a custom X-Header to messages.
•
Sending messages to an alternate envelope recipient address. (For example, you could route
messages identified as spam to an administrator’s mailbox for subsequent examination.) In the case
of a multi-recipient message, only a single copy is sent to the alternate recipient.
messages identified as spam to an administrator’s mailbox for subsequent examination.) In the case
of a multi-recipient message, only a single copy is sent to the alternate recipient.
Note
These actions are not mutually exclusive; you can combine some or all of them differently within
different incoming or outgoing policies for different processing needs for groups of users. You can also
treat positively identified spam differently from suspected spam in the same policy. For example, you
may want to drop messages positively identified as spam, but quarantine suspected spam messages.
different incoming or outgoing policies for different processing needs for groups of users. You can also
treat positively identified spam differently from suspected spam in the same policy. For example, you
may want to drop messages positively identified as spam, but quarantine suspected spam messages.