This document provides a sample configuration on how to configure the email reputation on the Cisco Content Security and Control (CSC) Security Services Module (SSM).
You need to have a Security Plus license to use this feature.
The information in this document is based on the Cisco Content Security and Control SSM with Software release version 6.3.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Email Reputation is a technology that reduces the spam mails. By enabling this feature, CSC SSM verifies if the originator of the mail is a black-listed address or not. It maintains a list of databases that contains all the IP addresses that source the spam messages. If a mail is found to have an originator from this list, that mail is considered spam and is dropped.
The service levels offered by this Email Reputation Technology (ERS) are basically two types. These services are based mainly on the level of authenticity of the source IP addresses.
ERS Standard - Contains the known sources of spam
ERS Advanced - Contains the known sources and the suspected sources
When an IP address is added to ERS Standard database, it is termed a spam source and is rare that you observe an IP address removed from this list. ERS Standard contains the list of IP addresses that consistently originate spam.
ERS Advanced contains a list of IP addresses which are meant to be removed if found to not produce the spam any further. For example, a hacked Mail server can be listed in this database at the time when it is compromised. When it is restored to normalcy, it is removed from this database.
In this section, you are presented with the information to configure the features described in this document.
Choose Mail (SMTP) > Anti-spam > Email Reputation. A new window opens.
From the Target tab, click Enable in order to enable this Email Reputation feature.
Choose Advanced for the Service Level.
From the Approved IP Addresses field, specify the range of IP addresses that you want to exempt from scanning.
From the Action tab, specify the type of action based on your enterprise security policy. These three actions are available:
Close connection with an error message
Close connection without error message
Bypass the connection
There is currently no verification procedure available for this configuration.
This section provides information you can use to troubleshoot your configuration.
The problem is the inability to receive the emails from specific domains. It appears that the CSC module is blocking the emails. When bypassing the module, everything works fine. This error message is received: 2012/02/06 14:33:00 GMT+00:00 NRS 18.104.22.168 RBL-Fail QIL-NA RejectWithErrorCode-550 NA 0 0 NA NA NA 0 NA
In order to resolve this issue, configure the email reputation feature properly.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.