Cisco Cisco Email Security Appliance C170 用户指南

While the mail trend graph displays a visual representation of the mail flow, the summary table (right 
side, 

) provides a numeric breakdown of the same information. The summary table includes 

the percentage and actual number of each type of message, including the total number of attempted, 
threat, and clean messages.

The outgoing graph and summary show similar information for outbound mail.

The method Email Security Monitor uses to count incoming mail depends on the number of recipients 
per message. For example, an incoming message from example.com sent to three recipients would count 
as three messages coming from that sender.

Because messages blocked by reputation filtering do not actually enter the work queue, the appliance 
does not have access to the list of recipients for an incoming message. In this case, a multiplier is used 
to estimate the number of recipients. This multiplier was determined by Cisco and based upon research 
of a large sampling of existing customer data.

Messages reported in the Overview and Incoming Mail pages are categorized as follows:

Stopped by Reputation Filtering: All connections blocked by HAT policies multiplied by a fixed 
multiplier (see 

) plus all recipients 

blocked by recipient throttling. 

Invalid Recipients: All recipients rejected by conversational LDAP rejection plus all RAT rejections.

Spam Messages Detected: The total count of messages detected by the anti-spam scanning engine as 
positive or suspect and also those that were both spam and virus positive.

Virus Messages Detected: The total count and percentage of messages detected as virus positive and 
not also spam.