- Getting Started with Cisco Email Security
- Accessing the Appliance
- Setup and Installation
- Understanding the Email Pipeline
- Configuring the Gateway to Receive Email
- IP Reputation Filtering
- Defining Which Hosts Are Allowed to Connect Using the Host Access Table
- Accepting or Rejecting Connections Based on Domain Name or Recipient Address
- Using Message Filters to Enforce Email Policies
- Mail Policies
- Content Filters
- Configuring Email Gateway to Consume External Threat Feeds
- Sender Domain Reputation Filtering
- Integrating with Cisco Threat Response
- Configuring Email Gateway to Safe Print Message Attachments
- Anti-Virus
- Managing Spam and Graymail
- Outbreak Filters
- Protecting Against Malicious or Undesirable URLs
- File Reputation Filtering and File Analysis
- Data Loss Prevention
- Cisco Email Encryption
- S/MIME Security Services
- Remediating Messages in Mailboxes
- Email Authentication
- Text Resources
- Validating Recipients Using an SMTP Server
- Encrypting Communication with Other MTAs
- Configuring Routing and Delivery Features
- Integrating the Email Gateway with Cisco Advanced Phishing Protection
- LDAP Queries
- Authenticating SMTP Sessions Using Client Certificates
- Using Email Security Monitor
- Tracking Messages
- Policy, Virus, and Outbreak Quarantines
- Spam Quarantine
- Distributing Administrative Tasks
- System Administration
- Managing and Monitoring Using the CLI
- Improving Phishing Detection Efficacy using Service Logs
- Other Tasks in the GUI
- Advanced Network Configuration
- Logging
- Centralized Management Using Clusters
- Testing and Troubleshooting
- Optimizing the Appliance for Outbound Mail Delivery Using D-Mode
- Centralizing Services on a Cisco Content (M-Series) Security Management Appliance
- FTP, SSH, and SCP Access
- Assigning Network and IP Addresses
- Example of Mail Policies and Content Filters
- Firewall Information
- End User License Agreement
- Index
Contents
$ - < - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X
Index
$
$EnvelopeSender variable 1$TRUSTED mail flow policy 1<
A
accepting email 1access privileges for custom user roles 1Active Directory Wizard 1Adaptive Scanning 1address rewriting 1address tagging keypurging 1Advanced Malware Protection 1alertlisting 1alertsenabling for Outbreak Filters 1severities 1ALL entryin RAT 1ALLOWED_LIST sender group 1alternate address 1always rule 1AMP Archive 1AMP Engine Logs 1AMP. See Advanced Malware Protection. 1anti-spamHAT parameter 1IronPort Anti-Spam 1reporting false positives and negatives 1scanning appliance-generated messages 1selecting a default scanning engine 1testing 1using multiple scanning engines 1Anti-Spam Archive Logs 1Anti-spam logs 1anti-virus 1actions 1add custom header 1advanced options 1archive original message 1dropping attachments 1modify message recipient 1modify message subject 1scan and repair 1scan only 1send custom alert notification 1send to alternate destination host 1sending default notification 1Unscannable 1Virus Infected 1Anti-Virus Archive Logs 1Anti-Virus Logs 1anti-virus quarantine. See quarantine, virus 1archivemessage command 1AsyncOS reversion 1AsyncOS upgrades 1B
Base DN 1body scanning 1Bounce Logs 1bouncerecipients command 1bouncing recipientsall 1by Envelope From 1by hostname 1bypassinganti-spam 1throttling 1C
call-ahead SMTP server 1routing 1CASE (Context Adaptive Scanning Engine [TM]) 1case-sensitivityin message filters 1categoriesadult 1advertisements 1alcohol 1arts 1astrology 1auctions 1business and industry 1chat and instant messaging 1cheating and plagiarism 1child abuse content 1computer security 1computers and internet 1dating 1digital postcards 1dining and drinking 1dynamic and residential 1education 1entertainment 1extreme 1fashion 1file transfer services 1filter avoidance 1finance 1freeware and shareware 1gambling 1games 1government and law 1hacking 1hate speech 1health and nutrition 1humor 1illegal activities 1illegal downloads 1illegal drugs 1infrastructure and content delivery networks 1internet telephony 1job search 1lingerie and swimsuits 1lotteries 1mobile phones 1nature 1news 1non-governmental organizations 1non-sexual nudity 1online communities 1online storage and backup 1online trading 1organizational email 1parked domains 1peer file transfer 1personal sites 1photo searches and images 1politics 1pornography 1professional networking 1real estate 1reference 1religion 1SaaS and B2B 1safe for kids 1science and technology 1search engines and portals 1sex education 1shopping 1social networking 1social science 1society and culture 1software updates 1sports and recreation 1streaming audio 1streaming video 1tobacco 1transportation 1travel 1unclassified 1weapons 1web hosting 1web page translation 1web-based email 1centralized management 1Centralized Managementand Destination Controls 1and quarantines 1certificatecertificate authority 1Certificate Signing Request 1certificatesdemo 1generating a request 1generating and signing your own 1importing 1intermediate certificates 1chain querycreating 1charset 1CIDR address block 1Cisco Security Intelligence Operations 1Cisco Web Security Services 1clean messageemailclean message 1CLIsee Command Line Interface 1CLI Audit Logs 1cluster 1community string 1conformance levelSPF/SIDF verification 1connectivity issues, troubleshooting 1content filters 1actions 1conditions 1variables 1content matching classifier 1Content Scanner 1counters 1CPU usage 1CRAM-MD5 1CSV data 1custom header 1custom SMTP responsevariable 1D
D-Mode 1data loss prevention 1defaultdomain 1IP address 1default DNS server 1default router 1delete all messages in the spam quarantine 1deleterecipients command 1delivering mailmessage time out 1possible delivery 1Delivery Connection ID (DCID) 1Delivery Logs 1delivery queue 1delivery queue, monitoring 1demo certificate 1Destination Controlsand Centralized Management 1Direct Server Return (DSR) 1Directory Harvest Attack (DHA) 1multiple encodings 1disclaimersadding to messages 1HTML text resources 1using text resources 1DKIM verification 1Authentication-Results header 1DLPincluding sensitive content in Message Tracking 1risk factor score 1severity scale 1troubleshooting 1updating the engine and classifiers 1DLP policiescontent matching classifier 1filtering attachments 1filtering senders and recipients 1DNSauthoritative server 1disabling reverse DNS lookup timeoutReverse DNS Lookupdisabling 1double lookup 1priority 1splitting 1timeout 1timeout for reverse DNS lookups 1DNS cache 1DNS list 1DNS lookup 1DNS servers 1DNSBL 1dnsstatus command 1Domain Debug Logs 1Domain Keys 1importing signing keys 1signing key size 1verification 1verifying signatures 1Domain Name Service (DNS)domain profiledeleting all existing profiles 1double-DNS verified 1drop-attachments-where-dictionary-match 1DSR 1load balancing 1loopback interface 1Virtual IP (VIP) 1DTD (document type definition) 1dual DKIM and DomainKey signing 1dummy accounts 1duplex settings, editing 1E
Early Expirationfor quarantine 1rewriting addresses 1email injectorsee listener 1Email Security Monitor 1automated reporting 1external domains received listing 1Items Displayed menu 1summary table 1Time Range menu 1encodingin disclaimers 1encryption headers 1End User Quarantinesee spam quarantine, end user access 1enterprise gateway 1Enterprise Gateway configuration 1Envelope Recipient 1Envelope Recipient, rewriting 1Envelope Sender 1envelope sender DNS verification 1evaluation keyMcAfee 1Sophos 1evaluation key for IronPort Anti-Spam 1explained 1exportingHTML text resources 1text resources 1external authentication 1enabling LDAP 1enabling RADIUS 1F
factory configuration 1feeback about this documentation, sending 1filtering unparsable messages 1filters 1comment character 1matching empty headers 1regular express and Python 1scannable archive file types 1unparsable messages 1final entry, in HAT 1findevent 1finding senders 1forcing updates 1forward DNS lookup 1FTP 1FTP Access 1FTP Server Logs 1fully-qualified domain name 1G
gauges 1global counters 1good neightbor table 1graphical user interfacesee GUI 1graphs 1grouping, of appliances for File Analysis result details in the cloud 1GUIaccessing 1browser requirements 1GUI logs. See HTTP logs 1H
HAT 1exporting 1testing HAT variables 1HAT orderediting via GUI 1headers 1headers, inserting 1headers, logging 1headers, stripping with message filters 1Host Access Table (HAT)reordering in GUI 1specifying the hostname during setup 1hostrate command 1hoststatus command 1HTTP 1enabling 1GUI 1HTTP authentication 1HTTP Logs 1HTTPS 1certificate for 1enabling 1GUI 1HTTPS login 1I
image scanning 1image verdicts 1IMAP authentication 1implementsv 1importingHTML text resources 1text resources 1importing signing keys 1incoming relaycustom header 1received header 1incoming relays 1Incoming Relaysexample log entry 1Injection Connection ID (ICID) 1injection control counter reset 1injection control periodicity 1Injection Debug Logs 1injectorsee listener 1insecure relay 1inserting headers 1installationreverting 1invalid recipient 1IP interfacesassigning 1defining listeners on 1IronPort Anti-Spamfilters 1testing 1IronPort Email Encryptionconfiguring 1envelope settings 1key server settings 1message settings 1notification settings 1IronPort Spam Quarantinereleased messages and email pipeline 1IronPort Spam Quarantine. See Spam quarantine 1IronPort Text Mail Logs 1K
key size 1L
alias consolidation query 1alias expansion 1anonymous queries 1base DN 1connection pooling 1connections 1failover 1LDAPS certificate 1load-balancing 1Microsoft Exchange 5.5 support 1multiple servers 1OpenLDAP queries 1query tokens 1recursive queries 1SSL 1SunONE queries 1test servers 1testing servers 1LDAP Debug Logs 1LDAP errors 1LDAP routing querywith SMTP call-ahead recipient validation 1LDAPS certificate 1limitsSMTP Routes 1link aggregation 1listeneradding disclaimers 1encryption on 1malformed MAIL FROM and default domain 1listenerconfig command 1load 1log file type 1log subscription 1Sophos 1log subscriptions 1logging,headers 1logical IP interface 1logsAnti-Spam Archive 1Anti-Virus 1Anti-Virus Archive 1Bounce Logs 1CLI Audit Logs 1comparison 1Configuration History Logs 1definition 1Delivery Logs 1extensions in filenames 1format 1FTP Server Logs 1global attributes 1HTTP Logs 1Injection Debug Logs 1IronPort Text Mail Logs 1LDAP Debug Logs 1levels 1log subscription defined 1NTP Logs 1qmail Format Delivery Logs 1Scanning 1Status Logs 1subscriptions 1troubleshooting with 1loopback interface 1M
M-Series 1mail loops, detecting 1mail policiesFirst Match Wins 1mail policies, outgoingDLP 1mail protocoldefining in < 1mail transfer agent. See MTA. 1mailertable feature 1mailing listsnotifications 1malwaredefined 1marketing messages 1matching empty headers 1maximummessage size in HAT 1messages per connection in HAT 1recipients per hour in HAT 1recipients per message in HAT 1maximum recipients per hour 1mbox format 1mbox-format log file 1McAfeeevaluation key 1McAfee anti-virus engine 1memory 1message body scanning 1message encodingmodifying 1message filterfilter actions 1message filter action variablesusing in disclaimers 1message filter for SBRS 1message filters 1adding 1attachment-protected 1attachment-unprotected 1body-dictionary-match 1deleting 1encryption 1exporting 1importing 1making (in)active 1MIME types 1moving 1ordering 1overview 1random numbers in 1rules 1SenderBase Reputation Score 1status 1syntax 1time and date 1variables 1message headers 1message headers, inserting with message filters 1Message ID (MID) 1message modification level threshold 1message splinteringdefined 1message trackingIncoming Relays 1Message Trackingand sensitive content 1message variablesspam quarantine notifications 1MIB file 1monitoring 1monitoring Virtual Gateway addresses 1multilayer anti-virus scanning 1multiple appliances 1multiple recipients 1MX 1N
negative scores 1netmask 1network access list 1network time protocol (NTP)NIC pairing 1alerts 1named on upgrade 1NIC teaming 1Normal Expirationfor quarantine 1not.double.verified 1NTP Logs 1NTP serverremoving 1O
oldmessage command 1open relay, definition 1opening links in a separate window 1Outbreak FiltersAdaptive rules defined 1Adaptive Scanning 1alerts 1always rule 1anti-virus updates 1bypassed file extensions 1Context Adaptive Scanning EngineOutbreak FiltersCASE 1delaying messages 1enabling alerts 1modifying messagesOutbreak Filtersmessage modification 1multiple scores 1non-viral threats 1Outbreak rules defined 1overview 1redirecting links 1rule 1setting a message modification level threshold 1setting a quarantine level threshold 1skipping 1SNMP Traps 1threat categoriesOutbreak Filtersvirus outbreaks 1updating rules 1using without anti-virus scanning 1overflow 1P
partial addressin HAT 1in RAT 1passphrasesettings 1pausing the work queue 1PEM format, for certificates 1performance 1phased approach to reputation filters 1pinout for serial connection 1POP authentication 1POP/IMAP servers 1positive scores 1possible delivery 1private injector 1private key 1private listenersdefault entries 1prototcolsee mail protocol 1proxy server for IronPort Anti-Spam Rules 1public blocked list 1public listenersdefault entries 1purging address tagging keys 1PVO. See quarantines, policy, virus, and outbreak 1Q
qmail Format Delivery Logs 1quarantine 1applying actions to messages in 1displaying non-ascii characters in subject 1early expiration 1In other quarantines 1international character sets 1normal expiration 1outbreak 1outbreak, reporting messages to Cisco 1retention time 1spam. See Spam quarantine 1stripping attachments 1subject tagging 1testing messages for viruses 1unclassified 1virus 1quarantine level threshold 1quarantine overflow 1Quarantine Threat Level Thresholdrecommended default 1setting 1quarantinescentralized policy, virus, and outbreak quarantines 1policy 1policy, virus, and outbreakcentralized 1policy, virus, and outbreak, managing 1types 1queriesacceptance 1external authentication 1group 1masquerading 1routing 1SMTP authentication 1spam quarantine alias consolidation 1queue 1R
RADIUS external authentication 1RAM 1RAM Utilization 1RATbypassing recipients 1bypassing recipients (CLI) 1bypassing recipients (GUI) 1rate command 1rates 1RBL 1RCPT TO command 1real-time monitoring 1received header 1receiving control, bypass 1receiving errors 1Recipient Access Table (RAT)default entry 1definition 1editing via CLI 1recipient validation 1recipients, counting in message filters 1reconfigure 1recursive DNS queries 1recursive queries, LDAP 1redirecting email 1redirecting URLs in messages 1redirectrecipients 1relaying email 1relaying messages 1remote 1removemessage command 1reportingIncoming Relays 1required TLS 1resetcounters command 1resume command 1resumedel command 1resumelistener command 1resuming email delivery 1resuming receiving 1Retention Timefor quarantines 1retrospective verdict 1retry message delivery 1revertinstallation 1rewriting email addresses 1rewriting URLs in messages 1RFC1065 11066 11067 11213 11907 12047 12487 12821 1821 1822 1risk factor score 1DLP 1rolling over log files 1routingSMTP call-ahead server 1S
safelist/blocklistand external spam quarantine 1backing up and restoring 1enabling 1importing and exporting 1managing 1troubleshooting 1workqueue 1SBRStesting 1SBRS see Senderbase Reputation Service Score 1scannable archive file types 1scanning images 1Scanning Logs 1scheduled log rollover 1scp command 1SDS. See Cisco Web Security Services 1secure copy 1secure HTTP (https) 1Secure LDAP 1Secure Socket Layer (SSL) 1selecting a notification 1SenderBase 1SBO in sender groups 1SenderBase Affiliate network 1SenderBase Network Owner Identification Number 1SenderBase Reputation score 1SenderBase Reputation Scores, syntax in CLI 1SenderBase Reputation Service Score 1SenderBase, querying 1separate window icon 1serial connection pinouts 1severity scaleDLP 1showmessage command 1showrecipients 1SIDF recordstesting 1valid 1SIDF verification 1configuring 1conformance level 1enabling 1results 1testing 1signing keysize 1signing keysdeleting all existing keys 1removing specific keys 1SMI file 1SMTPmessages 1response 1testing IronPort Anti-Spam 1SMTP AuthDIGEST-MD5 1MD5 1SHA 1suported authentication mechanisms 1TLS 1SMTP authenticated user match filter rule 1SMTP Authentication profile 1SMTP call-ahead recipient validation 1bypassing 1conversation workflow 1SMTP server responses 1with LDAP routing query 1SMTP CAll-Ahead Server Profilecreating 1enabling on a listener 1SMTP conversationSMTP call-ahead server 1SMTP daemonsee injector 1see listener 1SMTP Routes 1limits 1mail delivery and splintering 1SNMPcommunity string 1MIB file 1overview 1SMI file 1specifying multiple trap targets 1traps 1SNMP (Simple Network Management Protocol) 1snmpconfig command 1SNMPv1 1SNMPv2 1Sophosupdates 1Sophos virus scanningfilters 1spamtesting 1spam message 1spam quarantinealias consolidation 1behavior when full 1disabling 1end user access 1end-user access 1IMAP/POP authentication 1LDAP authentication 1local 1message details 1message variables 1notification 1receiving multiple notifications 1released messages and email pipeline 1testing notifications 1specifying an offset 1SPF recordstesting 1valid 1SPF verificationconfiguring 1conformance level 1enabling 1received SPF header 1results 1testing 1SPFverification 1SSH 1SSL 1STARTTLSdefinition 1stateless logs 1status command 1status detail command 1Status Logs 1stopped by content filter 1stopped by reputation filtering 1streaming upgrades 1strip headers 1strip-header filter action 1subnet 1suspenddel command 1suspending email delivery 1suspending receiving 1suspendlistener command 1System CapacityAll page 1Incoming Mail page 1memory page swapping 1Outgoing Mail page 1System Load page 1WorkQueue page 1System Logs 1system quarantine. See quarantines, policy, virus, and outbreak 1system setup wizard 1system timeT
testingIronPort Anti-Spam 1Sophos virus engine 1testing HAT variables 1text resourcescode view 1disclaimers 1exporting 1exporting and importing into HTML resources 1HTML-based 1importing 1managing 1using in policies and settings 1third-party relay 1Threat Leveldefined 1Threat Operations Center (TOC) 1thresholds, in SenderBase Reputation Scores 1throttling 1time zone 1TLScertificates 1default 1preferred 1required 1tophosts command 1topin command 1trace 1trace command 1troubleshootingDLP 1trustworthiness 1TTL 1U
unary form, in message filters 1unclassified quarantine. See quarantine, unclassified 1unparsable messages 1unsolicited commercial email 1updatesDLP engine and classifiers 1upgrades 1available 1local 1obtaining via GUI 1URL reputation 1user accounts 1limits 1locking and unlocking 1user types 1uuencoded attachments 1V
verdictverificationSIDF 1SPF 1version 1virtual appliancelicense 1virtual Email Security applianceloading the license 1Virtual Gateway addresses 1Virtual Gateway queue 1Virtual IP (VIP) 1virus message 1virus quarantine. See quarantinevirus. 1VLANdefined 1labels 1W
WBRSSee URL reputation 1web interfaceenabling 1web reputationweekly status updates 1white space 1whitespace 1wizardActive Directory 1system setup 1work queue, pausing 1X
X-headers, adding 1X-IronPort-AV header 1XML Status feature 1