This document provides a sample configuration on how to configure the
email reputation on the Cisco Content Security and Control (CSC) Security
Services Module (SSM).
You need to have a Security Plus license to use this feature.
The information in this document is based on the Cisco Content Security
and Control SSM with Software release version 6.3.
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Refer to the Cisco Technical Tips
Conventions for more information on document conventions.
Email Reputation is a technology that reduces the spam mails. By
enabling this feature, CSC SSM verifies if the originator of the mail is a
black-listed address or not. It maintains a list of databases that contains all
the IP addresses that source the spam messages. If a mail is found to have an
originator from this list, that mail is considered spam and is dropped.
The service levels offered by this Email Reputation Technology (ERS)
are basically two types. These services are based mainly on the level of
authenticity of the source IP addresses.
When an IP address is added to ERS Standard database, it is termed a
spam source and is rare that you observe an IP address removed from this list.
ERS Standard contains the list of IP addresses that consistently originate
ERS Advanced contains a list of IP addresses which are meant to be
removed if found to not produce the spam any further. For example, a hacked
Mail server can be listed in this database at the time when it is compromised.
When it is restored to normalcy, it is removed from this database.
In this section, you are presented with the information to configure
the features described in this document.
Note: Use the
Command Lookup Tool
(registered customers only)
to obtain more information on
the commands used in this section.
Choose Mail (SMTP) > Anti-spam > Email
Reputation. A new window opens.
From the Target tab, click Enable in order to enable
this Email Reputation feature.
Choose Advanced for the Service
From the Approved IP Addresses field, specify the range of IP
addresses that you want to exempt from scanning.
From the Action tab, specify the type of action based on your
enterprise security policy. These three actions are available:
There is currently no verification procedure available for this
This section provides information you can use to troubleshoot your
The problem is the inability to receive the emails from specific
domains. It appears that the CSC module is blocking the emails. When bypassing
the module, everything works fine. This error message is received:
2012/02/06 14:33:00 GMT+00:00 NRS 220.127.116.11 RBL-Fail QIL-NA
RejectWithErrorCode-550 NA 0 0 NA NA NA 0 NA
In order to resolve this issue, configure the email reputation feature