Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

CSC 6.X: Email Reputation Configuration Example

Document ID: 113502

Updated: Apr 27, 2012

   Print

Introduction

This document provides a sample configuration on how to configure the email reputation on the Cisco Content Security and Control (CSC) Security Services Module (SSM).

Prerequisites

Requirements

You need to have a Security Plus license to use this feature.

Components Used

The information in this document is based on the Cisco Content Security and Control SSM with Software release version 6.3.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information

Email Reputation is a technology that reduces the spam mails. By enabling this feature, CSC SSM verifies if the originator of the mail is a black-listed address or not. It maintains a list of databases that contains all the IP addresses that source the spam messages. If a mail is found to have an originator from this list, that mail is considered spam and is dropped.

The service levels offered by this Email Reputation Technology (ERS) are basically two types. These services are based mainly on the level of authenticity of the source IP addresses.

  • ERS Standard - Contains the known sources of spam

  • ERS Advanced - Contains the known sources and the suspected sources

When an IP address is added to ERS Standard database, it is termed a spam source and is rare that you observe an IP address removed from this list. ERS Standard contains the list of IP addresses that consistently originate spam.

ERS Advanced contains a list of IP addresses which are meant to be removed if found to not produce the spam any further. For example, a hacked Mail server can be listed in this database at the time when it is compromised. When it is restored to normalcy, it is removed from this database.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

  1. Choose Mail (SMTP) > Anti-spam > Email Reputation. A new window opens.

  2. From the Target tab, click Enable in order to enable this Email Reputation feature.

  3. Choose Advanced for the Service Level.

  4. From the Approved IP Addresses field, specify the range of IP addresses that you want to exempt from scanning.

    csc6x-email-config-01.gif

  5. From the Action tab, specify the type of action based on your enterprise security policy. These three actions are available:

    • Close connection with an error message

    • Close connection without error message

    • Bypass the connection

    csc6x-email-config-02.gif

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Unable to receive emails from some domains

Problem:

The problem is the inability to receive the emails from specific domains. It appears that the CSC module is blocking the emails. When bypassing the module, everything works fine. This error message is received: 2012/02/06 14:33:00 GMT+00:00 NRS 174.37.94.181 RBL-Fail QIL-NA RejectWithErrorCode-550 NA 0 0 NA NA NA 0 NA

Solution:

In order to resolve this issue, configure the email reputation feature properly.

Related Information

Updated: Apr 27, 2012
Document ID: 113502