Cisco Cisco Email Security Appliance C160 用户指南
7-6
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Defining Remote Hosts into Sender Groups
The Mail Flow Monitor feature is a way of defining the sender and providing you with monitoring tools
to create mail flow policy decisions about the sender. To create mail flow policy decisions about a given
sender, ask these questions:
to create mail flow policy decisions about the sender. To create mail flow policy decisions about a given
sender, ask these questions:
•
Which IP addresses are controlled by this sender?
The first piece of information that the Mail Flow Monitor feature uses to control the inbound email
processing is the answer to this question. The answer is derived by querying the SenderBase
Reputation Service. The SenderBase Reputation Service provides information about the relative size
of the sender (either the SenderBase network owner or the SenderBase organization). Answering
this question assumes the following:
processing is the answer to this question. The answer is derived by querying the SenderBase
Reputation Service. The SenderBase Reputation Service provides information about the relative size
of the sender (either the SenderBase network owner or the SenderBase organization). Answering
this question assumes the following:
–
Larger organizations tend to control more IP addresses, and send more legitimate email.
•
Depending on its size, how should the overall number of connections be allotted for this
sender?
sender?
–
Larger organizations tend to control more IP addresses, and send more legitimate email.
Therefore, they should be allotted more connections to your appliance.
Therefore, they should be allotted more connections to your appliance.
–
The sources of high-volume email are often ISPs, NSPs, companies that manage outsourced
email delivery, or sources of unsolicited bulk email. ISPs, NSPS, and companies that manage
outsourced email delivery are examples of organizations that control many IP addresses, and
should be allotted more connections to your appliance. Senders of unsolicited bulk email
usually do not control many IP addresses; rather, they send large volumes of mail through a few
number of IP addresses. They should be allotted fewer connections to your appliance.
email delivery, or sources of unsolicited bulk email. ISPs, NSPS, and companies that manage
outsourced email delivery are examples of organizations that control many IP addresses, and
should be allotted more connections to your appliance. Senders of unsolicited bulk email
usually do not control many IP addresses; rather, they send large volumes of mail through a few
number of IP addresses. They should be allotted fewer connections to your appliance.
The Mail Flow Monitor feature uses its differentiation between SenderBase network owners and
SenderBase organizations to determine how to allot connections per sender, based on logic in
SenderBase. See the “Using Email Security Monitor” chapter for more information on using the Mail
Flow Monitor feature.
SenderBase organizations to determine how to allot connections per sender, based on logic in
SenderBase. See the “Using Email Security Monitor” chapter for more information on using the Mail
Flow Monitor feature.
Defining Sender Groups by SenderBase Reputation Score
The appliance can query the SenderBase Reputation Service to determine a sender’s reputation score
(SBRS). The SBRS is a numeric value assigned to an IP address, domain, or organization based on
information from the SenderBase Reputation Service. The scale of the score ranges from -10.0 to +10.0,
as described in
(SBRS). The SBRS is a numeric value assigned to an IP address, domain, or organization based on
information from the SenderBase Reputation Service. The scale of the score ranges from -10.0 to +10.0,
as described in
.
Table 7-3
Definition of the SenderBase Reputation Score
Score
Meaning
-10.0
Most likely to be a source of spam
0
Neutral, or not enough information to make a recommendation
+10.0
Most likely to be a trustworthy sender
none
No data available for this sender (typically a source of spam)