AsyncOS 12.0 for Cisco Email Security Appliances 사용자 가이드 - GD(일반 구축)
Unknown
AsyncOS 12.0 for Cisco Email Security Appliances 사용자 가이드 - GD(일반 구축)
Cisco Secure Email Gateway - Cisco
Not Your Device? Search For Manuals or Datasheets below:
File Info : application/pdf, 1306 Pages, 21.13MB
Document DEVICE REPORTb ESA Admin Guide 12 0 ko KRAsyncOS 12.0 for Cisco Email Security Appliances GD( )
: 2019 1 31
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883
. , . .
. CISCO .
Cisco TCP UNIX UCB University of Berkeley(UCB) . All rights reserved. Copyright © 1981, Regents of the University of California.
" " . CISCO , , , , (, ) .
CISCO , , , , , ( , , , ) , CISCO .
IP( ) . , , , IP .
. .
Cisco 200 . Cisco (www.cisco.com/go/office) .
Cisco Cisco Cisco Systems, Inc. / . Cisco www.cisco.com go trademarks . . `' Cisco . (1721R)
© 2019 Cisco Systems, Inc. .
1
Cisco Email Security Appliance 1
Async OS 12.0 2
5
6
6
Cisco 7
7
Cisco Support Community 7
Cisco 7
8
Cisco 8
Cisco 8
Cisco Email Security Appliance 8
10
2
11
(GUI) 11
11
GUI 12
12
13
How-Tos 13
How-Tos 13
14
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) iii
3
14 14 (CLI) 14
15 15 15 Email Security Appliance 15 DNS Email Security Appliance 16 17 17 Incoming 17 Outgoing 18 18 18 18 (NAT, ) 19 Email Security Appliance 19 19 20 22 23 23 IP 24 Management Data IP 24 24 IP 25 25 25 28 GUI( ) 29
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) iv
30 30
1: 31 2: 31 3: 33 4: 37 5: 38 Active Directory 38 39 CLI(Command Line Interface) 39 40 CLI(Command Line Interface) 41 42 42 42 IP 42 43 43 DNS 43 44 Anti-Spam 51 52 52 52 Outbreak Filter SenderBase Email Traffic Monitoring Network 52 AutoSupport 53 53 53 53 54 54
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) v
4
55 55
57 57 57 / 60 HAT(Host Access Table), 61 : 61 61 61 62 RAT(Recipient Access Table) 62 62 LDAP 62 SMTP Call-Ahead 62 / 63 63 LDAP 64 LDAP 64 LDAP 64 64 ( ) 64 / 65 Anti-Spam 65 Anti-Virus 65 66 66 66 (Outbreak Filter) 66 66
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) vi
67 67 67 67 68 68 68
5
69
69
70
72
74
75
, MAIL FROM 79
CLI 80
HAT 81
Enterprise Gateway Configuration 82
6
85
85
SenderBase Reputation Service 85
SBRS(SenderBase Reputation Score) 86
SenderBase 87
87
88
SBRS 89
SenderBase Reputation Service 91
SBRS 91
7
Host Access Table 93
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) vii
93 HAT 94
95 96 , IP 97 HAT 97 SenderBase Reputation 99 DNS 100
101 HAT 102 HAT 102 HAT 103
103 106
106 107 108 108 108 114 HAT(Host Access Table) 115 HAT(Host Access Table) 115 HAT(Host Access Table) 115 116 SenderBase 117 SenderBase 118 HAT 118
HAT 118 HAT 119 119 119
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) viii
: 120 : 121
, MAIL FROM 122 SMTP 122 122 - 123 SUSPECTLIST 124 124 ACCEPTED 124 125 125 125 MAIL FROM 126 126 127 127
8
129
129
RAT(Recipient Access Table) 130
GUI RAT 130
CLI RAT 130
RAT 130
131
131
132
LDAP 132
Bypass 133
Recipient Access Table 134
Recipient Access Table 134
Recipient Access Table 134
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) ix
9
137
137
138
138
138
139
140
141
141
141
142
143
143
MIME/ MIME 144
144
AND OR 145
146
146
158
160
160
ASCII 161
n 161
/ 161
161
PDF 162
162
163
164
True 165
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) x
165 Subject() 165 Envelope Recipient( ) 166 Envelope Recipient in Group( ) 166 Envelope Sender( ) 167 Envelope Sender in Group( ) 167 Sender Group( ) 168 Body Size( ) 168 Remote IP( IP) 169 Receiving Listener( ) 169 Receiving IP Interface( IP ) 170 Date() 170 Header() 170 Random() 171 Recipient Count( ) 172 Address Count( ) 172 Body Scanning( ) 172 Body Scanning( ) 173 173 Attachment Type( ) 174 Attachment Filename( ) 174 DNS List(DNS ) 175 SenderBase Reputation 176 Dictionary() 177 SPF-Status 178 SPF-Passed 180 S/MIME Gateway Message(S/MIME ) 180 S/MIME Gateway Verified(S/MIME ) 181 Workqueue-count 181 SMTP 181 Signed 183
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xi
Signed Certificate( ) 184 Header Repeats( ) 186 URL Reputation(URL ) 188 URL Category(URL ) 189 Corrupt Attachment( ) 189 189 190 191 192 MIME 192 193 ETF 193 SDR 194 196 196 204 206 ASCII 208 208 209 210 210 211 211 S/MIME 211 S/MIME 212 212 214 216 217 217
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xii
( ) 218 219 219 220 221 221 HTML 222 222 223 223 224 224 Outbreak Filter 224 225 225 URL 226 URL 228 229 229 Attachment Scanning( ) 229 231 232 232 233 234 235 236 236 237 237 237
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xiii
239 239 239 240 CLI 240 242 243 243 243 246 246 247 ASCII 247 247 247 247 249 250 255 256 256 256 257 257 257 "To:" 258 "From:" 258 SRBS 258 SRBS 259 Regex 259 SenderBase Reputation 259
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xiv
10
259 260 260 260 260 261 ( ) 261 ( ) 261 261 262 263 265 265 266
269 269 270 271 271 272 272 : 1: 273 : 2: 273 : 3: 273 274 275 276 276 276 277
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xv
11
12
279 280
281 281
283 283 283 284 284 293 299 301 301 303 303 GUI 304
Cisco Email Security 307 307 Cisco Email Security 308 Cisco Email Security 309 309 312 313 313 314 314 315 URL 315 URL 317
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xvi
318 319
320 320 321 321 321 322
13
323
323
SDR 324
326
Cisco Email Security 326
327
328
330
330
331
331
332
332
332
SDR 333
333
333
334
334
14
Anti-Virus 335 335
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xvii
336 336 Sophos 336 337 337 337
338 338 338 338 Sophos 338 339 McAfee Anti-Virus 339 339 339 340 340 340 341 342 342 343 344 347 348 350 351 352 HTTP 352 353 353
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xviii
353 353
15
Anti-Spam 355
355
356
356
IronPort Anti-Spam 358
358
Cisco Anti-Spam: 358
359
IronPort Anti-Spam 359
Cisco Intelligent Multi-Scan 360
Cisco Intelligent Multi-Scan 361
362
365
: 365
366
URL Cisco Web Security : 366
: 367
369
369
Cisco 370
Cisco 370
Cisco 372
Cisco Email Security 372
Cisco 373
373
374
IP 374
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xix
16
375 376
376 376 378 381 381 , HAT, SBRS 382 382 382 () 382 382 382 383 383 384 Cisco Anti-Spam 385 : SMTP 385 386
387 387 Email Security Appliance 387 388 388 390 391 391 392 392 392
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xx
IronPort-PHdr 393 394 394 395 396 396 396 396 396
17
(Outbreak Filter) 399
Outbreak Filter 399
Outbreak Filter 400
, 400
400
Virus Outbreaks( ) 401
, 401
Cisco Security Intelligence Operations 402
Context Adaptive Scanning Engine 402
403
URL 403
404
: Outbreak 404
405
405
Outbreaks 405
406
406
: 407
Outbreak Filter 407
408
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxi
18
408 Outbreak 409
Outbreak Filter 410 Outbreak Filter 411 Outbreak Filter 412 412 Outbreak Filter 412 URL URL 412 Outbreak Filter 414 Outbreak Filter 414 Outbreak Filter 415 416 416 416 417 Outbreak Filter Outbreak 419 Outbreak 420 Outbreak 421
Outbreak Filter 421 Outbreak Filter 422 Outbreak Filter 422 422 , SNMP Outbreak Filter 422
Outbreak Filter 422 Cisco 423 423 423
URL 425 URL 425 URL 426
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxii
URL 426 URL 426 URL 427 Cisco Web Security Services 428 URL 428 429 429 Cisco Aggregator Server 429 URL 429 URL 430 URL 431 431
URL 432 URL () 433 URL URL : 433 URL : URL URL 434 URL: 436
URL 436 URL URL 437 URL 438 URL 440 URL 441 URL 441 URL 441
442 : SDS: 442 : SDS: 442 Cisco Web Security Services 443 : Cisco Aggregator Server 443 : Cisco Aggregator Server 444 websecurityadvancedconfig 444
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxiii
19
444 URL Outbreak Filter 444 URL 445 URL 445 Cisco Web Security Services 445 URL 446 URL 446 URL 459 URL URL 459 URL 459
File Reputation Filtering and File Analysis( ) 461 461 462 462 463 464 465 465 466 466 467 468 AMP for Endpoints Console 472 AMP for Endpoints 474 ! 475 ( ) 475 ? 476 477 479 480
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxiv
480 481 482 X- 482 482 Advanced Malware Protection 483 Advanced Malware Protection 483 Advanced Malware Protection 484 484 SHA-256 484 485 486 Message() Advanced Malware Protection 486 487 487 487 488 488 API ( ) 488 489 489
20
491
491
DLP 492
492
493
493
DLP( ) 494
494
DLP 495
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxv
DLP 495 DLP 496 DLP 497 DLP () 498 499
500 DLP 502 ( DLP ) 503 503 DLP ( DLP ) 505 506 ( DLP ) 508 508 DLP 509 510 510 DLP 510 DLP 511 DLP 511 DLP 511 DLP 512 512 DLP ( ) 513 514 DLP 515 DLP 515 DLP 517 DLP 518 DLP 518 DLP 518 ( ) 518
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxvi
() DLP 519 DLP 519 Data Loss Prevention 520
DLP 520
21
Cisco Email Encryption 521
Cisco Email Encryption 521
522
522
Email Security Appliance 523
Email Security Appliance 524
524
527
PXE 528
528
TLS 529
529
530
531
532
534
534
JavaScript 535
535
535
22
S/MIME 537
S/MIME 537
Email Security Appliance S/MIME 537
S/MIME 538
: Business-to-Business 538
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
xxvii
: Business-to-Consumer 539 S/MIME , 540
Email Security Appliance S/MIME 540 S/MIME 541 S/MIME 541
S/MIME , 541 S/MIME 542
S/MIME 543 S/MIME 544 S/MIME 545 S/MIME 545 S/MIME 545 546 S/MIME 547 , S/MIME 547 S/MIME 549 , 549 , 549 , 550 S/MIME , 551 Email Security Appliance S/MIME 551 S/MIME 551 S/MIME 551 S/MIME , 552 552 553 S/MIME 554 S/MIME 554 554 S/MIME 555 S/MIME 555
xxviii
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
S/MIME 556 S/MIME 556
556 557 558 558 559 559
23
Office 365 561
561
562
563
563
Azure AD 564
Cisco Email Security Office 365 566
567
568
568
568
Office 365 569
569
570
570
24
571
571
DomainKeys DKIM 572
DomainKeys DKIM 572
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxix
AsyncOS DomainKeys DKIM 572 DomainKeys DKIM 574
574 574
575 575
576 576 576 DomainKeys/DKIM (GUI) 577
DomainKeys 578 DKIM 578 580 581 581 582 DNS 583 583 584 584 584 585 DKIM 585 DomainKeys 586 DKIM 586 AsyncOS DKIM 587 DKIM 587 DKIM 588 DKIM 589 DKIM 589 DKIM 589
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxx
DKIM 590 DKIM 590
DKIM 591 DKIM 591 SPF SIDF 591 SPF 592
SPF 592 SIDF 593 SPF 593 SPF/SDIF 593 SPF SIDF 594 CLI SPF SIDF 595 Received-SPF 598 SPF/SIDF 598 599 CLI spf-status 599 GUI spf-status 601 spf-passed 601 SPF/SIDF 601 SPF/SIDF 602 SPF/SIDF 602 DMARC 602 DMARC 603 DMARC 604 DMARC 605 DMARC 607 DMARC 608 DMARC 609 DMARC 609 610 611
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxxi
25
612 612
613 613 613 614 614 615 615 616 616 617 618 618 619 619 619 620 621 621 622 622 622 623 623 624 HTML 624 HTML 624 625 625
xxxii
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
626 626 627 628 631 631 632 634 635 636
26
SMTP 637
SMTP Call-Ahead 637
SMTP Call-Ahead 637
SMTP 639
Call-Ahead 639
SMTP Call-Ahead 640
Call Ahead 641
SMTP 642
LDAP 642
SMTP Call-Ahead 643
SMTP Call-Ahead 644
27
MTA 645
MTA 645
TLS SMTP 645
646
647
647
648
648
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
xxxiii
28
648 CSR(Certificate Signing Request) 649 650 650 651 HAT TLS 651 GUI TLS 652 CLI TLS 653 653 GUI : HAT TLS 653 CLI : HAT TLS 653 TLS 654 TLS 657 TLS 657 657 DNS 658 SMTP DNS 658 SMTP DANE 659 TLSA 659 DANE TLS 660 DANE 661 DANE 661 661 662 662 663 663 HTTPS 664
665 665
xxxiv
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
SMTP 666 SMTP 667 SMTP 667 SMTP 668 SMTP DNS 668 SMTP 668 SMTP , 668 SMTP SMTP 668 GUI SMTP 669
SMTP 669 SMTP 669 SMTP 669 670 671 672 673 673 673 aliasconfig 675 678 altsrchost 679 679 681 681 681 688 693 694 695 695 696
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxxv
status 699 SMTP 700 700 700 701 701 701 701 Minimalist 702 702 703 703 TLS 703 703 703 704 704 704 705 , 705 TLS 707 707 707 707 708 CLI 711 711 : 712 713 Address Tagging 713 713
xxxvi
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
714 714 715 CLI 715 715
715 IP 716 Possible Delivery( ) 716 716 deliveryconfig 717
Virtual GatewayTM 718 719 719 IP 719 IP 722 altsrchost 723 altsrchost 723 altsrchost 723 CLI altsrchost 724 726 726
727 CLI 728 730
: 730
29
LDAP 735
LDAP 735
LDAP 736
LDAP AsyncOS 737
LDAP Cisco IronPort 738
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
xxxvii
LDAP LDAP 739 LDAP 740 LDAP 740
LDAP 741 LDAP 741 LDAP 742 LDAP 743 Microsoft Exchange 5.5 743 LDAP 745 LDAP 745 DN(Distinguishing Name) 746 LDAP 746 : 746 LDAP(SSL) 747 747 LDAP 747 748 Active Directory 749 Active Directory 750 LDAP 750 LDAP 752 752 753 Lotus Notes 753 754 754 : MAILHOST MAILROUTINGADDRESS 755 755 755 " " 755 LDAP 756
xxxviii
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
757 757 : 759 760 761 LDAP 761 762 LDAP 763 SMTP 763 764
765 SMTP AsyncOS 765
SMTP 766 766
SMTP 767 SMTP SMTP ( SMTP ) 768 LDAP SMTP 769
SMTP 769 SMTP 772 SMTP 772 SMTP 773 LDAP 773 774 775 776 Active Directory 777 OpenLDAP 777 778 Active Directory 778 OpenLDAP 779 DN 779
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
xxxix
30 31
LDAP AsyncOS 780 780
781 LDAP 781
782 782
SMTP 783 SMTP 783 784 SMTP LDAP 784 LDAP SMTP 785 785 LDAP Directory 786 TLS SMTP 786 TLS 787 788 SMTP 789 SMTP AUTH SMTP 789 SMTP AUTH SMTP 790
793 793 794 794 796 797 My Dashboard( ) 797 Overview() 799 799
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xl
800 801 802 Incoming Mail( ) 802 Incoming Mail( ) 804 804 : 806 808 Sender Domain Reputation( ) 808 Outgoing Destinations( ) 809 Outgoing Senders( ) 809 Geo Distribution( ) 810 Delivery Status( ) 810 811 Delivery Status Details( ) 811 Internal Users( ) 811 812 813 DLP Incidents(DLP ) 813 DLP 813 DLP 814 Content Filters( ) 814 814 DMARC Verification(DMARC ) 815 Macro Detection( ) 815 External Threat Feeds( ) 815 Outbreak Filters 816 Virus Types( ) 817 URL Filtering(URL ) 818 Web Interaction Tracking( ) 819 820
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xli
820 820 TLS Connections(TLS ) 821 Inbound SMTP Authentication( SMTP ) 821 Rate Limits( ) 822 System Capacity( ) 823
- 824 - 824 - 825 - 825 826 - 826 System Status( ) 826 System Status 826 827 827 827 High Volume Mail( ) 828 Message Filters( ) 828 CSV 829 CSV 829 831 831 832 832 832 833 833 834 834 Archived Reports( ) 834
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlii
32 33
835 835
836 836
837 837 837 838 841 842 844 845 845 845 845
, , 847 , Outbreak 847 848 , Outbreak 849 , Outbreak 850 850 851 851 , , Outbreak 852 , Outbreak 854 854 854 , 855 856
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xliii
34
856 856 856
, 857 , Outbreak 857 , Outbreak 857 , 858 858
859 859 859 860 860 861 861 862 863 863 863 Outbreak 864 Outbreak 864 Manage by Rule Summary( ) 865 Cisco Systems 865
867 867 868 868 869 IP 871 871
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xliv
872 872 872
873 873 873 874 875 / 875 () 876
877 878 878 ( ) 878 ( ) 879 Email Security Appliance (Security Management Appliance ) 879 / 880 880 881 881 882 LDAP 882 IMAP/POP 883 883 884 URL 885 885 886 887 888
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlv
35
888 889
( ) 890 ( ) 890 890
890 891 891 891 892 892 892
893 893 894 896 897 897 897 898 898 899 900 900 901 DLP 902 903 Message Tracking( ) 904 Trace 904 904
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlvi
905 905 905 906 906 906 907 907 907 908 908 909
LDAP 909 RADIUS 910 912 912 913 Email Security Appliance 913 IP 913 914 914 914 915 916 UI 916 CLI 917 917 917 918 SSH(Secure Shell) 918 : 919
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlvii
36
: SSH 919 SSH 920 921
923 924 924 924 925 925 926 AsyncOS 926 Cisco Email Security Appliance 926 926 926 927 928 Smart Software Licensing 928 928 Smart Software Licensing 930 Cisco Smart Software Manager 931 931 Smart Cisco Software Manager 932 Smart Cisco Software Manager 932 932 933 933 Smart Agent 934 Smart Licensing 934 Cisco Email Security Virtual Appliance 934 935
xlviii
AsyncOS 12.0 for Cisco Email Security Appliances - GD( )
935 XML 935 936 936 937 937 940 940
Configuration File( ) 941 941
( ) 941 942 942 943 943 Security Services 943 944 944 944 945 945 946 Cisco 946 946 947 948 948 949 949 951 951
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlix
952 AsyncOS 953
953 953
953 954 AsyncOS 954 955
, 957 958 AsyncOS 959
959 AsyncOS 959
AsyncOS 959 960 961 Email Security Appliance 962 962
963 AutoSupport 963 963
964 964 965
965 966 966
967 967 DHAP(Directory Harvest Attack Prevention) 968 968
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) l
969 / 971 971 981 982 983 986 986 DNS(Domain Name System) 986 DNS 986 987 987 DNS 988 DNS 988 DNS 988 DNS 988 TCP/IP 989 989 SSL 990 SSLv3 990 991 991 GMT 991 992 ( ) NTP(Network Time Protocol) 992 992 993 993 993 Internet Explorer 994 HTTP 994
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) li
37
995
CLI 997 CLI 997 998 998 1000 1002 CLI 1003 1004 1004 1005 1005 1006 1007 1008 1009 1009 1010 1010 1011 1011 1012 DNS 1012 1013 1013 1014 TCP/IP 1014 1014 1014 1014
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lii
38
1015 1016
1016 1017
1017 1017
1018 1018
1018 1018
1019 Syntax 1019
1019 Syntax 1019
1020 Syntax 1020
1020 Syntax 1020
1020 1021
Syntax 1022 Syntax 1022 1022 SNMP 1023 MIB 1024 1024 1024 SNMP 1025 : snmpconfig 1025
SenderBase 1029 SenderBase 1029
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) liii
39 40
SenderBase 1029 FAQ( ) 1030
1030 1030 Cisco 1034 Cisco ? 1034 1034
GUI 1035 (GUI) 1035 GUI 1035 GUI 1036 GUI XML 1036
1039 1039 etherconfig 1039 1040 NIC(Network Interface Card) / 1040 NIC VLAN 1041 NIC 1041 NIC 1041 etherconfig NIC 1041 VLAN(Virtual Local Area Network) 1043 VLAN 1043 VLAN 1044 etherconfig VLAN 1044 interfaceconfig VLAN IP 1046 VLAN 1047 Direct Server Return 1047 DSR(Direct Server Return) 1047
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) liv
etherconfig 1048 interfaceconfig IP 1049 IP 1051 1051 ARP 1052
41
1053
1053
1053
1053
1057
1059
1060
1061
1061
1061
1062
1062
1063
1064
1070
URL URL 1071
URL URL 1071
URL Cisco 1071
URL 1071
URL 1072
Unscannable( ) 1072
RFC Unscannable( ) 1072
1072
1073
1073
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lv
SDR 1073 1075
1077 1077
1078 1079
1079 1082
1082 1083
1083 1084
1084 CLI 1085
CLI 1085 FTP 1085
FTP 1085 HTTP 1086
HTTP 1086 NTP 1087
NTP 1087 1087
1088 1088
1088 1089
1089 1089
1089 AMP 1090
AMP 1090
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lvi
1095 1095
GUI 1095 GUI 1095
LDAP 1096 LDAP 1096
/ 1097 / 1098
1098 1098
1099 1099
1100 1100 1101
1101 1102
1102 1102 1102 1103 1103 1103 1104 1104 1105 1105 1106 GUI 1107 1107 1107
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lvii
42
1108 GUI 1109 1109 Rollover By File Size( ) 1110 Rollover By Time( ) 1110 1111 GUI 1112 CLI (tail ) 1112 1112 1113
1117 1117 1118 1119 1119 1120 clusterconfig 1120 1122 SSH 1122 CCS 1123 SSH 1125 1127 1127 CLI 1127 1128 1128 () 1129 1129 CLI 1130 1130
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lviii
43
commit clearchanges 1130 1130 1131 GUI 1132 1135 DNS 1135 , 1135 CCS(Cluster Communication Security) 1136 1136 / 1137 1138 1139 FAQ 1141 1141 1141 CM 1141 1142 : 1142 CM GUI 1144 1145 1145 1145 1146
1149 : 1149 1156 1157 1159 1160 1161
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lix
44
1165 1166 1168 1169 1169
: C380 C680 (RAID ) 1169 1170 1170 1170 1171 1171 1171 Cisco 1172
1172 1173 1174 1174 1174 1174
D-Mode 1177 : D-Mode 1177 D-Mode 1177 D-Mode 1178 D-Mode 1178 1179 1179 1180 IPMM(IronPort Mail Merge) 1180 IronPort Mail Merge 1180 1180
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lx
1181 SMTP 1181 1181 1181 1 1182 1182 2, 1 1183 2, 2 1183 IPMM DomainKeys Signing 1183
1183 XMRG FROM 1183 XDFN 1183 XPRT 1184
1184 IPMM 1184
1186
45
Cisco Content(M-Series) Security Management Appliance 1187
Cisco Content Security Management Appliance Services 1187
1188
1188
1189
1189
/ 1190
1191
1191
, Outbreak 1191
, , 1192
, Outbreak 1192
, Outbreak 1192
, Outbreak 1193
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lxi
A: B: C:
, Outbreak 1193 , Outbreak 1195
, Outbreak 1195 , Outbreak 1196 1196 Advanced Malware Protection 1196 1197 1197 1197 1198
FTP, SSH SCP 1199 IP 1199 AsyncOS IP 1200 Email Security Appliance FTP 1200 scp(Secure Copy) 1202 1203 80-Series 90-Series 1203 70-Series 1204
IP 1205 1205 IP 1205 1206 IP , 1207 1207 CSA 1207
1209 1209 1209 Enabled(), Disabled() "Not Available( )" 1210
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lxii
D: E:
1211 1212
, 1215 1215 1216 1218
1218 1219
"Confidential" 1219 MP3 1220 1221 1222 1222 MP3 1222 GUI 1223
1227 1227
1233 Cisco Systems 1233 Cisco Systems Content Security 1239
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lxiii
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lxiv
1
Cisco Email Security Appliance
. · Async OS 12.0 , 2 · , 5 · Cisco Email Security Appliance , 8
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1
Async OS 12.0
Cisco Email Security Appliance
Async OS 12.0
1: Async OS 12.0
TAXII STIX Cisco Email Security Appliance .
Cisco Email Security Appliance .
· , , .
· TAXII STIX .
· (: URL ) .
· Cisco Email Security Appliance .
Classic Licensing Cisco GLO(Global Licensing Operations) .
1. "Request for External Threat Feeds Feature Key" GLO ([email protected]) PAK(Product Authorization Key) PO( ) .
2. GLO .
Smart Licensing .
Cisco Email Security , 307 AsyncOS for Cisco Email Security Appliance CLI .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 2
Cisco Email Security Appliance
Async OS 12.0
Cisco SDR( )
.
IP , , SMTP FQDN(Fully Qualified Domain Name) . SDR https://www.talosintelligence.com Cisco Talos Security Intelligence and Research Group(Talos) .
, 323 AsyncOS for Cisco Email Security Appliance CLI .
How-Tos How-Tos
.
.
· DMARC .
· SPF/SIDF .
· DKIM .
· Email Security .
· Email Security .
· .
. How-Tos .
, 11 AsyncOS for Cisco Email Security Appliance CLI .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 3
Async OS 12.0
Cisco Email Security Appliance
Cisco AMP Threat Grid
Cisco AMP Threat Grid
.
· Security Services > File Reputation and Analysis( ) . File Reputation Filtering and File Analysis( ), 461 .
· CLI ampconfig . AsyncOS for Cisco Email Security Appliances CLI .
.
Advanced Malware Protection Incoming Malware Threat Files( ) Custom Threshold( ) .
File Reputation Filtering and File Analysis( ), 461 .
AMP .
, 837 .
TLS DANE( TLS DANE(
DNS )
DNS )
.
DANE .
MTA , 645 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 4
Cisco Email Security Appliance
Smart Software Licensing
Smart Software Licensing Cisco Email Security Appliance . Smart Software Licensing Cisco CSSM(Cisco Smart Software Manager) .
Classic Licensing Smart Licensing .
· PAK(Product Authorization Key) . Classic Licensing .
· .
· PAK .
· Smart Licensing .
Smart Licensing Smart Licensing Classic Licensing .
, 923 AsyncOS for Cisco Email Security Appliance CLI .
Cisco .
· , 6 · , 6 · Cisco , 7 · , 7 · Cisco Support Community, 7 · Cisco , 7 · , 8
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 5
Cisco Email Security Appliance
· Cisco , 8 · Cisco , 8
GUI Help and Support( ) .
Cisco Email Security Appliance .
· · Cisco Email Security Appliance · · Cisco Content Security Virtual Appliance Installation Guide · AsyncOS for Cisco Email Security Appliance ( ) · CLI Reference Guide for AsyncOS for Cisco Email Security Appliances · AsyncOS API for Cisco Email Security Appliances - Getting Started Guide
Cisco Content Security .
Cisco Content Security
.
Cisco Email Security
http://www.cisco.com/c/en/us/support/security/ email-security-appliance/tsd- products-support-series-home.html
Cisco Web Security
http://www.cisco.com/c/en/us/support/security/ web-security-appliance/tsd-products- support-series-home.html
Cisco Content Security Management
http://www.cisco.com/c/en/us/support/ security/content-security-management- appliance/tsdproducts-support-series-home.html
Cisco Content Security Appliance CLI http://www.cisco.com/c/en/us/support/security/
email-security-appliance/products-command-reference-list.html
Cisco IronPort Encryption
http://www.cisco.com/c/en/us/support/security/ email-security-appliance/products-command-reference-list.html
.
· http://www.cisco.com/c/en/us/training-events/training-certifications/supplementaltraining/email-and-web-security.html
· http://www.cisco.com/c/en/us/training-events/training-certifications/overview.html
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 6
Cisco Email Security Appliance
Cisco
Cisco
, , , Cisco Content Security Appliance . , . . http://www.cisco.com/cisco/support/notifications.html . Cisco.com . Cisco , 8 .
1 (http://www.cisco.com/c/en/us/support/security/ email-security-appliance/tsd-products-support-series-home.html) .
2 TechNotes .
Cisco Support Community
Cisco Cisco , . Cisco . Cisco . URL .
· : https://supportforums.cisco.com/community/5756/email-security
· : https://supportforums.cisco.com/community/5786/web-security
Cisco
Cisco TAC: http://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html IronPort : http://www.cisco.com/c/en/us/services/acquisitions/ironport.html , . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 7
Cisco Email Security Appliance
http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html . Cisco AsyncOS FreeBSD, Inc., Stichting Mathematisch Centrum, Corporation for National Research Initiatives, Inc. , Cisco . . https://support.ironport.com/3rdparty/AsyncOS_User_Guide-1-1.html. Cisco AsyncOS Tobi Oetiker RRDtool . Dell Computer Corporation . McAfee, Inc. . Sophos Plc. .
Cisco
Cisco Technical Publications . . . [email protected] , , .
Cisco
Cisco.com Cisco . Cisco.com ID . https://tools.cisco.com/RPF/register/register.do%20
· Cisco , 7 · , 7
Cisco Email Security Appliance
AsyncOSTM . · Anti-Spam( ). SenderBase Cisco Anti-Spam . · Anti-Virus(). Sophos McAfee Anti-Virus .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 8
Cisco Email Security Appliance
Cisco Email Security Appliance
· Outbreak Filters( )TM. , Cisco , .
· Policy(), Virus() Outbreak( ) . .
· Spam Quarantine( ). ( ).
· Email Authentication( ). Cisco AsyncOS SPF(Sender Policy Framework), SIDF(Sender ID Framework) DKIM(DomainKeys Identified Mail) , DomainKeys DKIM .
· Cisco . HIPAA, GLBA . Email Security Appliance , .
· Email Security Manager( ). . Email Security Manager( ) . Cisco , , , .
· (On-box) - AsyncOS for Email Email Security (On-box) .
· - .
· . IP , IP .
· . . , , , , . , , , .
· Transport Layer Security SMTP . .
· Virtual Gateway( )TM. Email Security Appliance . IP . IP .
· . · .
AsyncOS RFC 2821 SMTP(Simple Mail Transfer Protocol) .
HTTP HTTPS GUI , . SSH(Secure Shell) CLI(Command Line Interface) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 9
Cisco Email Security Appliance
Security Management Appliance Email Security Appliance , .
· , 10
AsyncOS GUI CLI . · · · · · · · · () · ( ) ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 10
2
.
· (GUI) , 11 · , 14 · (CLI), 14
(GUI)
GUI( ) CLI(Command Line Interface) . GUI . CLI GUI CLI .
· , 11 · GUI , 12
UI JavaScript . , CSS(Cascading Style Sheet) HTML .
Internet Explorer 11.0 Microsoft Windows 7
Safari 7.0
Mac OS X
Firefox 39.0 Microsoft Windows 7, Mac OS X
Chrome 44.0 Microsoft Windows 7, Mac OS X
. GUI CLI . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 11
GUI
.
GUI
GUI URL . http://192.168.42.42/ .
· , 12 · , 13
· : admin · : ironport ( AsyncOS ) . IP HTTP / HTTPS . HTTP / HTTPS (" ") IP IP URL GUI . . http://192.168.1.1 https://192.168.1.1 http://mail3.example.com
https://mail3.example.com
HTTPS ( HTTP ), "https://" GUI .
· , 897
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 12
GUI , /, / (clustermode clusterset ). GUI , 1132 .
How-Tos
How-Tos . AsyncOS 12.0 for Cisco Email Security Appliances Cisco Email Security Appliance AsyncOS 12.0 . How-Tos . How-Tos . How-Tos . .
· Conservative Settings( ) - , · Moderate Settings( ) - , · Aggressive Settings( ) - ,
· admin, cloud-admin operator . · Internet Explorer 11 How-Tos . How-Tos System Administration( ) > General Settings( ) Override IE Compatibility Mode(IE ) .
How-Tos
How-Tos CLI adminaccessconfig > how-tos .
: How-Tos
mail.example.com> adminaccessconfig
Choose the operation you want to perform:
- BANNER - Configure login message (banner) for appliance administrator login. - WELCOME - Configure welcome message (post login message) for appliance administrator login. - IPACCESS - Configure IP-based access for appliance administrative interface.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 13
- CSRF - Configure web UI Cross-Site Request Forgeries protection. - XSS - Configure Cross-Site Scripting Attack protection. - HOSTHEADER - Configure option to use host header in HTTP requests. - TIMEOUT - Configure GUI and CLI session inactivity timeout. - MAXHTTPHEADERFIELDSIZE - Configure maximum HTTP header Field size. - HOW-TOS - Configure How-Tos feature.
[]> how-tos How-Tos consists of a list of generic walkthroughs to assist the users in completing a particular task (for example, "enabling and configuring a service engine on the appliance").
Would you like to enable How-Tos? [Y]> no
· , 14 · , 14
.
. Commit Changes( ) . Commit Changes( ) .
(CLI)
IP SSH . SSH . interfaceconfig .
CLI AsyncOS for Cisco Email Security Appliance CLI .
CLI . , 12 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 14
3
. · , 15 · Email Security Appliance , 19 · , 22 · , 28 · , 55
· , 15 · Email Security Appliance , 15 · DNS Email Security Appliance , 16 · , 17
· Email Security Appliance Cisco Content Security Virtual Appliance Installation Guide .
· M-Series Cisco Content Security Management Appliance Cisco Content(M-Series) Security Management Appliance , 1187 .
· , 57 . .
Email Security Appliance
Email Security Appliance MX(mail exchange) SMTP . , IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 15
DNS Email Security Appliance
, , Outbreak Filter (SenderBase , 1029 , IronPort Anti-Spam , 358 , Sophos , 336 (Outbreak Filter), 399 ) . ( , 93 ) . Email Security Appliance , " " . MTA Email Security Appliance IP . IP , SenderBase Reputation Service SBRS(SenderBase Reputation Score) , Outbreak Filter .
. IP , 374 .
Email Security Appliance SMTP · ( , 793 ) . · , LDAP (LDAP , 735 ) . · ( , 671 ), ( , 688 ) ( , 678 ) MTA .
DNS Email Security Appliance
DNS . , Outbreak Filter, McAfee Antivirus Sophos Anti-Virus Email Security Appliance DNS . DNS IP A MX . Email Security Appliance MTA MX . MX (20) Email Security Appliance(ironport.example.com) example.com MTA. , MTA .
$ host -t mx example.com
example.com mail is handled (pri=10) by mail.example.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 16
example.com mail is handled (pri=20) by ironport.example.com
Email Security Appliance DNS MX . MTA . , MX MTA Email Security Appliance .
Email Security Appliance .
. Cisco (Cisco , 7 ).
· , 17 · Incoming, 17 · Outgoing, 18 · , 18 · , 18 · (NAT, ) , 19
Email Security Appliance .
Incoming
Email Security Appliance "DMZ" , Email Security Appliance . .
· : 2 ( - /2 ) , , 22 .
· . · . · Email Security Appliance ,
Email Security Appliance SMTP (: ExchangeTM, GroupwiseTM, DominoTM) . ( , 665 .)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 17
Outgoing
Outgoing
· Email Security Appliance .
· Email Security Appliance Host Access Table . ( , 70 .)
Email Security Appliance . 2 .
IP Virtual GatewayTM , 718 IP , 1205 .
.
C170 C370 C670 X1070 C380 C680 C190 C390 C690
Management 0 1
1
1
1
1
0
1
1
2* 3
3
3
3
3
2*
5
5
9 9 9 9 RJ-45 RJ-45 RJ-45 RJ-45 RJ-45
RPC(Remote
Power Management)
* Data1 .
Hardware Installation Guide( ) .
· , 34 · , 1203 · , 958
/2 1 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 18
(NAT, )
· Email Security Appliance. , 1117 .
· NIC Email Security Appliance 2 " (teaming)" . , 1039 .
(NAT, )
SMTP DNS . . , 1227 .
Email Security Appliance
· , 19
Email Security Appliance . · - Email Security Appliance 3 . 2 . · ( ) - . · HAT(Host Access Table) . HAT (ACCEPT) . · RAT(Recipient Access Table) . . · SMTP .
· ( ) - . · Cisco C-Series X-Series . · Email Security Appliance HAT . HAT (RELAY) .
· , 20
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 19
IP . IPv4(Internet Protocol version 4) IPv6(version 6) . .
· 2 IPv4 2 IPv6 2 · · IPv4 IPv6
· 1 IPv4 1 · · IPv4 IPv6
1 2 ( , 25 ). .
1: /2
: · 2 · IPv4 2 · IPv6 2 · 1 2(1 )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 20
· SMTP
: "InboundMail"() · IPv4 : 1.2.3.4 · IPv6 : 2001:0db8:85a3::8a2e:0370:7334 · Data2 25 · HAT( ) · RAT( , )
: "OutboundMail"() · IP : 1.2.3.5 · IPv6 : 2001:0db8:85a3::8a2e:0370:7335 · Data2 25 · HAT( , )
DNS DNS SMTP Email Security Appliance
2: 1
:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 21
· 1 · IP 1 · 1 · SMTP
: "InboundMail"() · IP : 1.2.3.4 · Data2 25 · HAT( ) RELAYLIST · RAT( , )
DNS DNS SMTP
· , 23 · IP , 24 · , 25
1 .
, 23 .
2 IP .
· Email , 23 Security Appliance IP IP , 24 IP .
3 .
, 25 .
4 , 6
.
.
5
.
. , 6
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 22
6 CLI( ) CLI(Command Line Interface) ,
CLI .
41
7 1. ( )
.
interfaceconfig HTTP
/ HTTPS .
2. IP
.
8 Email Security Appliance .
loadlicense . , 6 Cisco Content Security Virtual Appliance Installation Guide .
9 .
, 28 .
Email Security Appliance Email Security Appliance .
· , 23
.
2:
PC Management . IPv4 192.168.42.42. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 23
IP
PC Serial Console . , - . , 1203 . .
: 9600
: 8
: None
: 1
:
. . . ( FTP, SSH SCP , 1199 .) . ( , 897 .)
IP
IPv4 IPv6 . · Management Data IP , 24 · , 24 · IP , 25 · , 25
Management Data IP
(C170 C190 1 ) IP 192.168.42.42 .
Email Security Appliance Data .
· . · . Data . Management , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 24
IP
IP
IP . IPv4(Internet Protocol version 4) IPv6(version 6) . .
· 2 IPv4 2 IPv6 2 · · IPv4 IPv6
· 1 IPv4 1 · · IPv4 IPv6
Email Security Appliance IPv4 IPv6 . . IPv4 IPv6 .
. · IP (IPv4 IPv6 ) · CIDR IPv4 · CIDR IPv6
. · () IP · DNS IP ( ) · NTP IP (Cisco )
IP , 1205 .
Email Security Appliance . , 1227 .
, . IP IP , 1205 . Cisco Content Security Management Appliance Cisco Content(M-Series) Security Management Appliance , 1187 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 25
3: : 2
:
:
:
:
NTP :
:
SenderBase :
/
:
/
:
DNS( ):
Data 1
IPv4 /:
IPv6 /:
(Fully Qualified) :
:
:
Data 2
IPv4 /:
IPv6 /:
(Fully Qualified) :
:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 26
:
IP :
:
IPv6 :
:
(Fully Qualified) :
:
:
SenderBase Reputation : /
/IronPort
McAfee /
Sophos /
Outbreak Filter
/
4: : 1
:
:
:
:
NTP :
:
SenderBase :
/
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 27
:
/
:
DNS( ):
Data2
IPv4 /:
IPv6 /:
(Fully Qualified) :
:
:
Data1
IPv4 /:
IPv6 /:
(Fully Qualified) :
SenderBase Reputation : /
/IronPort
McAfee /
Sophos /
Outbreak Filter
/
· GUI( ) , 29
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 28
GUI( )
· , 30 · Active Directory , 38 · , 39 · CLI(Command Line Interface) , 39 · CLI(Command Line Interface) , 41 · , 55 . . CLI(command line interface) . GUI( ) , 29 CLI(Command Line Interface) , 41 . , 22 .
Email Security Appliance loadlicense . Cisco Content Security Virtual Appliance Installation Guide .
. .
Email Security Appliance Management IP 192.168.42.42 . , C170 C190 Data 1 . IP . Cisco Content Security Management Appliance Cisco Content(M-Series) Security Management Appliance , 1187 .
Content Security Appliance , IP .
GUI( )
GUI(Graphical User Interface) 192.168.42.42 .
· , 30
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 29
. , CLI .
· · Interfaceconfig · passphrase · Loadconfig · Systemsetup · loadlicense( ) · · Ping · Telnet · netstat
· : admin · : ironport .
login: admin passphrase: ironport
. .
1 · GUI( ) , 29 GUI . · AsyncOS . · System Administration( ) System Setup Wizard( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 30
1:
2 . 1: , 31 . · .
3 . 2: , 31 . · · , AutoSupport · NTP · · SenderBase
4 . 3: , 33 . · DNS · : ( ), SMTP ( ), ( ) ( )
5 . 4: , 37 . · SenderBase Reputation Filtering · · · · Advanced Malware Protection ( ) · Outbreak Filter
6 . 5: , 38 . · ·
7 . .
1:
. Begin Setup( ) .
https://support.ironport.com/license/eula.html .
2:
· , 32 · , 32 · , 32
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 31
· , 32 · , 32 · SenderBase , 32 · AutoSupport , 33
Email Security Appliance . .
Cisco AsyncOS . .
. , . DHAP(Directory Harvest Attack Prevention) , . . , 962 .
. , .
Email Security Appliance . GMT ( GMT , 991 ).
, NTP(Network Time Protocol) . Cisco Systems (time.ironport.com) .
. . Cisco AsyncOS 6 . .
SenderBase
SenderBase .
SenderBase Cisco . Email Security Appliance . Cisco . . SenderBase Click here for more information about what
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 32
AutoSupport
data is being shared( )... (FAQ( ), 1030 ).
SenderBase "Allow IronPort to gather anonymous statistics on email and report them to SenderBase in order to identify and stop email-based threats(IronPort SenderBase )" Accept() .
SenderBase , 1029 .
AutoSupport
AutoSupport ( ) Cisco . ( AutoSupport, 963 .)
Next() .
3:
3 () DNS , Data 1, Data 2 Management / .
· DNS , 33 · , 34 · , 34 · ( ), 35 · C170 C190 , 36
DNS
() IP . IPv4 , IPv6 .
, DNS(Domain Name Service) . AsyncOS DNS / . DNS . DNS IP . 4 DNS . DNS 0. DNS(Domain Name System) , 986 .
DNS DNS . DNS "Use Internet Root DNS Servers( DNS )" , Management IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 33
Email Security Appliance .
"Enable()" IP , . IP DNS . MX DNS . IPv4 , IPv6 . .
(), (), . . , . C170 C190 .
.
IP . Data 1 Data 2 .
C370, C670, X1070, C380, C680, C390 C690 : , .
C170 C190 : 1 1 .
IP , 25 .
.
· IP . IPv4 , IPv6 . · IPv4 : . AsyncOS CIDR
. : 255.255.255.0 /24.
IPv6 : CIDR . : 64 /64.
· ( ) IP .
IP . IP IP , 1205 .
. ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 34
( )
· (SMTP )( )
Accept Incoming Mail( ) . .
Destination() . SMTP .
SMTP . SMTP (RAT(Recipient Access Table) ) MX(mail exchange) . SMTP (: Microsoft Exchange) " " .
, example.com .example.com exchange.example.com .
. Add Row( ) . .
SMTP . SMTP DNS . ( , 665 )
Recipient Access Table . (: example.com). example.net Recipient Access Table .example.net . , 132 .
( )
.
Host Access Table RELAYLIST . , 96 .
Relay Outgoing Mail( ) . .
, SSH .
IPv4 .
· 192.168.42.42 Management . · 192.168.1.1 Data 1 . .example.com
, SMTP exchange.example.com . · 192.168.2.1 Data 1 . exchange.example.com .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 35
C370, C670, X1070, C380, C680, C390 C690
C370, C670, X1070, C380, C680, C390 C690
3: : Management 2 ( )
C170 C190
C170 C190 , Data 1 Data 2 .
IP ( ), 3 .
4: : ( ) IP 1
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 36
4:
Next() .
4:
4 . SenderBase Reputation Filtering . Outbreak Filter Sophos McAfee .
· SenderBase Reputation Filtering , 37 · , 37 · , 37 · Advanced Malware Protection ( ) , 38 · Outbreak Filter , 38
SenderBase Reputation Filtering
SenderBase Reputation Service , Anti-Spam .
SenderBase Reputation Service(http://www.senderbase.org) IP (throttle) . SenderBase Reputation Service . SenderBase Reputation Service , . Cisco SenderBase Reputation Filtering .
SenderBase Reputation Filtering () .
30 . Anti-Spam . .
, AsyncOS . . .
Anti-Spam, 355 . , , , 847 .
Sophos Anti-Virus McAfee Anti-Virus 30 . .
. . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 37
Advanced Malware Protection ( )
Anti-Virus, 335 .
Advanced Malware Protection ( )
Advanced Malware Protection .
File Reputation Filtering and File Analysis( ), 461 .
Outbreak Filter
Outbreak Filter 30 . Outbreak Filter "1 " .
(Outbreak Filter), 399 .
Next() .
5:
. Previous() Edit() System Settings( ), Network Integration( ) Message Security( ) . , . .
Install This Configuration( ) .
. Install() .
.
(C370, C670, X1070, C380, C680, C390 C690 Management , C170 C190 Data 1 ) IP Install() URL(http://192.168.42.42) . IP .
. , 54 .
Active Directory
Email Security Appliance Active Directory . Active Directory , Active Directory Active Directory LDAP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 38
. Active Directory Skip this Step( ) . System Administration( ) > Active Directory Wizard(Active Directory ) Active Directory . System Administration( ) > LDAP Active Directory LDAP . Active Directory LDAP (: , , DN, SSL ) . Active Directory LDAP LDAP . Active Directory LDAP System Administration( ) > LDAP
1 Active Directory Run Active Directory Wizard(Active Directory ) . 2 Active Directory . 3 . 4 Next() .
Active Directory Active Directory . Test Directory Settings( ) .
5 Active Directory Test() . .
6 Done() .
Active Directory System Setup Next Steps( ) . System Setup Next Steps( ) .
CLI(Command Line Interface)
CLI , 23 . . CLI . . ( , 897 .) . passphrase . : IP 192.168.42.42 SSH . SSH 22 . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 39
: PC . , 23 . . .
· , 30
. , CLI .
· · Interfaceconfig · passphrase · Loadconfig · Systemsetup · loadlicense( ) · · Ping · Telnet · netstat
· : admin · : ironport .
login: admin passphrase: ironport
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 40
CLI(Command Line Interface)
CLI(Command Line Interface)
CLI GUI . · CLI . · CLI . · CLI Outbreak Filter . · CLI LDAP . LDAP ldapconfig .
systemsetup .
IronPort> systemsetup
. "Yes"() .
WARNING: The system setup wizard will completely delete any existing
'listeners' and all associated settings including the 'Host Access Table' mail operations may be interrupted.
Are you sure you wish to continue? [Y]> Y
. , 30 GUI CLI .
· , 42 · , 42 · , 42 · IP , 42 · , 43 · , 43 · DNS , 43 · , 44 · Anti-Spam , 51 · , 52 · , 52
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 41
· , 52 · Outbreak Filter SenderBase Email Traffic Monitoring Network , 52 · AutoSupport , 53 · , 53 · , 53 · , 53 · , 54 · , 54
AsyncOS . . 6 . . .
.
Email Security Appliance . .
IP
Management(C370, C670, X1070, C380, C680, C390 C690 ) Data 1(C170 C190 ) IP . IP . IP . IP IP . Data 1 Data 2 IP . C370, C670, X1070, C380, C680, C390 C690 : , . C170 C190 : systemsetup 1 1 .
, SSH .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 42
. · IP (). PrivateNet PublicNet .
/ . AsyncOS . Privatenet PrivateNet () .
· IP . IPv4 IPv6 , IP IP .
· . CIDR . , 255.255.255.0 /24 .
IP . IP IP , 1205 . C170 C190 Data 2 .
systemsetup () IP .
systemsetup ( ) . HTTP(https) . HTTPS , .
DNS
DNS(Domain Name Service) . AsyncOS DNS / . DNS . DNS IP . DNS ( 0). , systemsetup DNS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 43
"" IP . Email Security Appliance . Cisco AsyncOS . IP ( "SMTP ") .
C370, C670, X1070, C380, C680, C390 C690 : systemsetup 2 ( ) . ( , 69 .)
C170 C190 : systemsetup 1 . C170 C190 , 48 .
.
· (). OutboundMail .
· IP 1(systemsetup ) · ( ). ( smtproutes .
, 665 .) · SBRS(SenderBase Reputation Score)
. Conservative(), Moderate() Aggressive() . · : ( ). · ( ) ( ). ( Recipient Access Table Host Access Table . , 96 , 131 .)
· , 44 · , 47 · C170 C190 , 48
C370, C670, X1070, C380, C680, C390 C690 . C170 C190 C170 C190 , 48 .
systemsetup InboundMail PublicNet IP . example.com . MX
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 44
SMTP exchange.example.com . , 4500 .
, . , 200 ""( ) , 10,000 Email Security Appliance 200 . 50 200 . (throttle) . Default Host Access( ) , 96 . .
You are now going to configure how the appliance accepts mail by creating a "Listener". Please create a name for this listener (Ex: "InboundMail"): []> InboundMail
Please choose an IP interface for this Listener. 1. Management (192.168.42.42/24: mail3.example.com) 2. PrivateNet (192.168.1.1/24: mail3.example.com) 3. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 3
Enter the domains or specific addresses you want to accept mail for.
Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed. Usernames such as "postmaster@" are allowed. Full email addresses such as "[email protected]" or "joe@[1.2.3.4]" are allowed.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 45
Separate multiple addresses with commas. []> example.com
Would you like to configure SMTP routes for example.com? [Y]> y
Enter the destination mail server which you want mail for example.com to be delivered. Separate multiple entries with commas. []> exchange.example.com
Do you want to enable rate limiting for this listener? (Rate limiting defines the maximum number of recipients per hour you are willing to receive from a remote domain.) [Y]> y
Enter the maximum number of recipients per hour to accept from a remote domain. []> 4500
Default Policy Parameters ========================== Maximum Message Size: 100M Maximum Number Of Connections From A Single IP: 1,000 Maximum Number Of Messages Per Connection: 1,000 Maximum Number Of Recipients Per Message: 1,000 Maximum Number Of Recipients Per Hour: 4,500 Maximum Recipients Per Hour SMTP Response:
452 Too many recipients received this hour Use SenderBase for Flow Control: Yes Virus Detection Enabled: Yes Allow TLS Connections: No
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 46
Would you like to change the default host access policy? [N]> n
Listener InboundMail created.
Defaults have been set for a Public listener.
Use the listenerconfig->EDIT command to customize the listener.
*****
systemsetup OutboundMail PrivateNet IP . example.com . (.example.com). ( ) . . , 70 .
Do you want to configure the appliance to relay mail for internal hosts? [Y]> y
Please create a name for this listener (Ex: "OutboundMail"): []> OutboundMail
Please choose an IP interface for this Listener. 1. Management (192.168.42.42/24: mail3.example.com) 2. PrivateNet (192.168.1.1/24: mail3.example.com) 3. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 2
Please specify the systems allowed to relay email through the appliance. Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 47
C170 C190
IP addresses, IP address ranges, and partial IP addressed are allowed. Separate multiple entries with commas. []> .example.com
Do you want to enable rate limiting for this listener? (Rate limiting defines the maximum number of recipients per hour you are willing to receive from a remote domain.) [N]> n
Default Policy Parameters ========================== Maximum Message Size: 100M Maximum Number Of Connections From A Single IP: 600 Maximum Number Of Messages Per Connection: 10,000 Maximum Number Of Recipients Per Message: 100,000 Maximum Number Of Recipients Per Hour: Disabled Use SenderBase for Flow Control: No Virus Detection Enabled: Yes Allow TLS Connections: No Would you like to change the default host access policy? [N]> n
Listener OutboundMAil created. Defaults have been set for a Private listener. Use the listenerconfig->EDIT command to customize the listener. *****
C170 C190
C170 C190 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 48
C170 C190
systemsetup MailInterface MailNet IP . example.com . MX SMTP exchange.example.com . example.com . (.example.com). , 450 .
, . , 200 ""( ) , 10,000 200 . 50 200 . (throttle) . Default Host Access( ) , 96 . .
You are now going to configure how the appliance accepts mail by creating a "Listener".
Please create a name for this listener (Ex: "MailInterface"):
[]> MailInterface
Please choose an IP interface for this Listener.
1. MailNet (10.1.1.1/24: mail3.example.com)
2. Management (192.168.42.42/24: mail3.example.com)
[1]> 1
Enter the domain names or specific email addresses you want to accept mail for.
Hostnames such as "example.com" are allowed.
Partial hostnames such as ".example.com" are allowed.
Usernames such as "postmaster@" are allowed.
Full email addresses such as "[email protected]" or "joe@[1.2.3.4]" are allowed.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 49
C170 C190
Separate multiple addresses with commas. []> example.com
Would you like to configure SMTP routes for example.com? [Y]> y
Enter the destination mail server where you want mail for example.com to be delivered. Separate multiple entries with commas. []> exchange.example.com
Please specify the systems allowed to relay email through the appliance. Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed. IP addresses, IP address ranges, and partial IP addresses are allowed. Separate multiple entries with commas. []> .example.com
Do you want to enable rate limiting for this listener? (Rate limiting defines the maximum number of recipients per hour you are willing to receive from a remote domain.) [Y]> y
Enter the maximum number of recipients per hour to accept from a remote domain. []> 450
Default Policy Parameters ========================== Maximum Message Size: 10M Maximum Number Of Connections From A Single IP: 50 Maximum Number Of Messages Per Connection: 100
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 50
Anti-Spam
Maximum Number Of Recipients Per Message: 100 Maximum Number Of Recipients Per Hour: 450 Maximum Recipients Per Hour SMTP Response:
452 Too many recipients received this hour Use SenderBase for Flow Control: Yes Spam Detection Enabled: Yes Virus Detection Enabled: Yes Allow TLS Connections: No Would you like to change the default host access policy? [N]>
Listener MailInterface created. Defaults have been set for a Public listener. Use the listenerconfig->EDIT command to customize the listener. *****
systemsetup C170 C190 ( ) . , 793 .
Anti-Spam
30 . systemsetup , Anti-Spam . .
. Anti-Spam, 355 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 51
.
, . . . , 868 .
30 . systemsetup , . . , . Email Security Appliance . . Anti-Virus, 335 .
Outbreak Filter SenderBase Email Traffic Monitoring Network
SenderBase Outbreak Filter . Outbreak Filter 30 .
· (Outbreak Filter), 52 · SenderBase , 53
(Outbreak Filter) Outbreak Filter "1 " . Outbreak Filter . Outbreak Filter Outbreak Filter . Outbreak Filter (Outbreak Filter), 399 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 52
SenderBase
SenderBase
SenderBase .
SenderBase Email Traffic Monitoring Network Cisco . Email Security Appliance .
Cisco Email Security Appliance SenderBase .
AutoSupport
Cisco AsyncOS . . . DHAP(Directory Harvest Attack Prevention) , . CLI alertconfig GUI System Administration( ) > Alerts() . Cisco Email Security Appliance .
AutoSupport Cisco . Cisco "Yes"() . Cisco Email Security Appliance AutoSupport .
. .
Cisco AsyncOS NTP(Network Time Protocol) , . . Cisco Systems . Continent(), Country() Timezone( ) NTP NTP .
, (commit) . "Yes"() . .
Congratulations! System setup is complete. For advanced configuration, please refer to the User Guide.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 53
mail3.example.com>
.
CiscoAsyncOS mailconfig systemsetup .
mail3.example.com> mailconfig
Please enter the email address to which you want to send the configuration file. Separate multiple addresses with commas. []> [email protected]
The configuration file has been sent to [email protected].
mail3.example.com>
.
Email Security Appliance . systemsetup , , Sophos McAfee Anti-Virus , Outbreak Filter 2: , 31 . . .
Your "Receiving" key will expire in under 30 day(s). Please contact IronPort Customer Support.
Your "Sophos" key will expire in under 30 day(s). Please contact IronPort Customer Support.
Your "Outbreak Filters" key will expire in under 30 day(s). Please contact IronPort Customer Support.
30 Cisco . System Administration( ) > Feature Keys( ) featurekey . ( , 926 .)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 54
( ) , , 69 .
Email Security Appliance . , Outbreak Filter . . , 57 . ( ) , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 55
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 56
4
. · , 57 · , 57 · /, 60 · /, 63 · , 67
.
· Receipt() - . , , .
· Work Queue( ) - , / , / , , .
· Delivery() - . .
, . ( ) . trace .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 57
5: -
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 58
6: -
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 59
/ 7: -
/
. , , .
· HAT(Host Access Table), , 61 · : , 61 · , 61 · , 61 · , 62 · RAT(Recipient Access Table), 62 · , 62 · LDAP , 62 · SMTP Call-Ahead , 62
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 60
HAT(Host Access Table),
HAT(Host Access Table),
HAT (, ).
, . HAT ( SMTP ) .
HAT .
DNS SMTP .
DNS (SMTP ), DNS SMTP . . DNS Sender Verification Exception( ) .
, Cisco SenderBase Reputation Service .
, 103 .
:
listenerconfig , Received: . , 70 .
. "bare()" (: "joe" "[email protected]"). , 70 .
. . , 703 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 61
. . : [email protected] -> [email protected]
, 688 .
RAT(Recipient Access Table)
, RAT . , 129 .
. . Envelope Recipient( )(Envelope To RCPT TO ) .
, 671 .
LDAP
LDAP , SMTP ( ) . , 70 . (DHAP) . SMTP LDAP . LDAP .
LDAP , 745 .
SMTP Call-Ahead
SMTP call-ahead Email Security Appliance MTA SMTP SMTP " (call ahead)". SMTP , SMTP Email Security Appliance . Email Security Appliance SMTP MTA , SMTP ( SMTP Call-Ahead ) .
SMTP , 637 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 62
/
/
. , , , / , / , , , .
DLP(Data Loss Prevention) . DLP , 274 .
· , 63 · LDAP , 62 · LDAP , 64 · LDAP , 64 · , 64 · ( ), 64 · , 66
( , ) . .
· · HAT · . , . , , . , . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 63
LDAP
LDAP
LDAP , SMTP ( ) . , 70 . (DHAP) . SMTP LDAP . LDAP . LDAP , 745 .
LDAP
Masquerading() Envelope Sender( )( MAIL FROM ) To:, From:, / CC: . ( LDAP ) . , 678 . LDAP LDAP , 745 .
LDAP
LDAP / . LDAP , 745 .
. , , , , . , , , , . , 137 . "". .
( )
· / , 65 · Anti-Spam, 65
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 64
/
· Anti-Virus, 65 · , 66 · , 66 · , 66 · (Outbreak Filter), 66
/
. , . , , . , 867 .
Anti-Spam
. . .
( ). , .
Anti-Spam, 355 .
Anti-Virus
. " " . .
· · · · X-header · · ·
(, 66 ) . Anti-Virus, 335 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 65
. . , 387 .
. .
File Reputation Filtering and File Analysis( ), 461 .
. ( "" ) . .
, 283 .
(Outbreak Filter)
Cisco Outbreak Filters( ) . Cisco , Outbreak( ) .
Outbreak( ) . , 66 .
(Outbreak Filter), 399 .
. . .
.
· · · Anti-Virus · ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 66
· (Advanced Malware Protection) .
· , , , 847 · , 867
, .
· , 67 · , 67 · , 67 · , 68 · , 68 · , 68
. IP , .
Virtual GatewayTM , 718 .
IP , deliveryconfig .
, 715 .
. "good neighbor" Mail Policies( ) > Destination Controls( ) ( destconfig ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 67
, 703 .
MX(mail exchange) Network() > SMTP Routes(SMTP ) ( smtproutes ) .
, 665 .
, IP Global Unsubscribe( ) . Global Unsubscribe( ) " " , , IP . .
, 727 .
AsyncOS Network() > Bounce Profiles( ) ( bounceconfig ) . Network() > Listeners() ( listenerconfig ) . .
, 694 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 68
5
. · , 69 · , 70 · , 72 · , 75 · CLI , 80 · Enterprise Gateway Configuration, 82
, , . , . SMTP(Simple Mail Transfer Protocol) . SMTP , MX(Mail Exchanger) SMTP . SMTP . IP . , . , . IP "SMTP " . . .
· . . .
· . , (POP/IMAP) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 69
() .
.
· . . IP , . , 70 .
· . . , . Host Access Table , 93 .
· ( ) . . currentcompany.com oldcompany.com currentcompany.com oldcompany.com . , 129 .
HAT(Host Access Table) RAT(Recipient Access Table) SMTP SMTP . .
8: , IP
GUI Network() > Listeners() CLI listenerconfig . . , 72 . .
· IP , .
· SMTP . QMQP(Quick Mail Queuing Protocol) . listenerconfig CLI .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 70
· IPv4(Internet Protocol version 4) IPv6(version 6) . . . IPv4 IPv6 IPv6 IPv6 . IPv6 IPv4 .
· . AsyncOS SBRS .
· C170 C190 : . , .
· , " " . , . ( " " .) . . CLI listenerconfig .
- . IP , .
- . IP .
9:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 71
10:
.example.com Data2 PublicNet IP 25 SMTP . IP MailNet .
. IPv4(Internet Protocol 4) IPv6( 6) IPv4 IPv6 .
1 Network() > Listeners() . 2 Edit Global Settings( ) . 3 .
5:
. C3x0 C6x0 300 , C1x0 50. IPv4 IPv6 . 300 IPv4 IPv6 300 .
Maximum Concurrent TLS TLS . 100. Connections( IPv4 IPv6 TLS
TLS )
. 100 IPv4 IPv6 100
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 72
:
. IP (: 60 15), .
1. 1(60) 4(14,400) .
, 119 .
Timeout Period for
AsyncOS .
Unsuccessful Inbound
Connections( SMTP ESMTP
) SMTP .
.
"421 Timed out waiting for successful message injection, disconnecting.(421 , .)"
.
SMTP . 5.
Total Time Limit for All AsyncOS .
Inbound Connections(
)
. 80% .
"421 Exceeded allowable connection time, disconnecting.(421 ,
.)"
80% . 80% . .
SMTP . 15.
Maximum size of
. 0
subject( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 73
HAT
HAT . HAT SMTP .
HAT "Reject()" AsyncOS SMTP (RCPT TO) . , AsyncOS . . HAT MTA .
HAT .
MAIL FROM .
RCPT TO .
MTA SMTP AUTH RELAY .
CLI listenerconfig --> setup .
4 .
· , 74
. · · ASCII ·
CLI localeconfig .
. CLI , 628 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 74
1 Network() > Listener() . 2 Add Listener( ) . 3 .
6:
. / . AsyncOS .
. · . . · . () .
IP TCP . IP IPv4 , IPv6 . SMTP 25 QMQP 628 .
(CLI bounceconfig . , 701 ).
. (Mail Policies( ) > Text Resources( ) CLI textconfig . " " .)
. (Mail Policies( ) > Text Resources( ) CLI textconfig . " " .)
SMTP SMTP .
TLS (Network() > Certificates( ) CLI certconfig . MTA , 645 ).
4 ( ) SMTP "MAIL FROM" "RCPT TO" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 75
RFC2821 . :
· RFC 2821 . / RFC 2821 .
· "MAIL FROM: <[email protected]>" . · . · "MAIL FROM" RCPT TO" / . · (: RFC 2821 "J.D."
).
RFC 2821 . : AsyncOS . "" .
· . ( ) . · "RCPT TO" "MAIL FROM"
. · ( ).
8 , 8 .
8 8 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 76
A . . . · foo · foo@ · foo@bar
Default Domain( ) .
Add Default Domain( ): . SMTP Address Parsing(SMTP ) Allow Partial Domains( ) . " " , . ( "bare()" ).
() . , "joe" . "joe" "@yourdomain.com" [email protected] .
"MAIL FROM" "RCPT TO" . '@' (: @[email protected]:[email protected]). "reject" . "strip" .
.
IPv4 . IPv6
, (hard bounce) .
. . ( ).
.
(: % !) .
5 ( ) .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 77
TCP SMTP AsyncOS .
CR LF
Bare CR(Carriage Return) LF(Line Feed) .
· Clean(). , Bare CR LF CRLF . · Reject(). . · Allow(). .
Received(): , . Received(): .
Received(): . .
IP . .
SenderBase IP SenderBase IP Profiling .
· Timeout for Queries( ). SenderBase Reputation Service
.
· SenderBase Timeout per Connection( Senderbase ). SMTP SenderBase .
6 ( ) LDAP .
LDAP . LDAP . . .
LDAP LDAP , 735 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 78
, MAIL FROM
. SMTP LDAP .
LDAP , ( ).
SMTP LDAP , LDAP . . , SMTP DHAP(Directory Harvest Attack Prevention) .
SMTP LDAP . LDAP .
LDAP , 735 .
. LDAP , 735 .
Masquerade() , (: From
CC ).
LDAP , 735 .
. LDAP , 735 .
7 .
, MAIL FROM, 79
, MAIL FROM
(envelope sender) SMTP Address Parsing(SMTP ) , . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 79
CLI
CLI
7:
listenerconfig .
listenerconfig -> new
listenerconfig -> setup
bounceconfig, listenerconfig-> edit -> bounceconfig
textconfig, listenerconfig -> edit -> setup -> footer
SMTP
smtpauthconfig, listenerconfig -> smtpauth
SMTP
textconfig, listenerconfig -> edit -> setup -> address
listenerconfig -> edit -> setup -> defaultdomain
Received
listenerconfig -> edit -> setup -> received
Bare CR LF CRLF
listenerconfig -> edit -> setup -> cleansmtp
Host Access Table
listenerconfig -> edit -> hostaccess
(RAT)
listenerconfig -> edit -> rcptaccess
( )
(TLS)
certconfig, listenerconfig -> edit
(TLS)
listenerconfig -> edit -> certificate
listenerconfig AsyncOS for Cisco Email Security Appliance CLI .
, 665 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 80
HAT
HAT , 81
HAT
HAT . , k M . . .
8: HAT
max_msgs_per_session
Maximum recipients per message( max_rcpts_per_msg
)
max_message_size
max_concurrency
SMTP SMTP (*) SMTP MTP (*)
smtp_banner_code smtp_banner_text smtp_banner_code smtp_banner_text
SMTP
use_override_hostname
override_hostname
Use TLS(TLS )
tls
Use anti-spam scanning(
spam_check
)
virus_check
max_rcpts_per_hour
on | off | default on | off | required on | off on | off
1000 10000 1k
1048576 20M 1000
220 Accepted 550 Rejected default newhostname on off
off 5k
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 81
Enterprise Gateway Configuration
max_rcpts_per_hour_code
(*)
max_rcpts_per_hour_text
SenderBase
use_sb
SenderBase Reputation
sbrs[value1
:value2
]
DHAP(Directory Harvest Attack Prevention): dhap_limit
on | off -10.0- 10.0
452 Too manyrecipients on sbrs[-10:-7.5]
150
Enterprise Gateway Configuration
Enterprise Gateway , POP/IMAP MTA . SMTP .
11: Enterprise Gateway
. · . · (POP/IMAP) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 82
Enterprise Gateway Configuration
, , . , .
(A) (B) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 83
Enterprise Gateway Configuration
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 84
6
. · , 85 · SenderBase Reputation Service, 85 · , 88 · SBRS , 91
, Cisco SenderBaseTM Reputation Service . (: ) . , . .
. File Reputation Filtering and File Analysis( ), 461 .
SenderBase Reputation Service
Cisco SenderBase Reputation Service SenderBase Affiliate , , SenderBase Reputation Score . SenderBase Reputation Score . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 85
SBRS(SenderBase Reputation Score)
SenderBase Security Network (www.senderbase.org) . IP , URI, .
· SBRS(SenderBase Reputation Score) , 86 · SenderBase , 87 · , 87 · (Outbreak Filter), 399 · , 793
SBRS(SenderBase Reputation Score)
SBRS(SenderBase Reputation Score) SenderBase Reputation Service IP . SenderBase Reputation Service 25 SenderBase -10.0 +10.0 .
-10.0
0
,
+10.0
() . -10.0 "" , 10.0 "".
SBRS . ( SenderBase Reputation Score "" . "SenderBase Reputation , 176 " " , 223 " .)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 86
12: SenderBase Reputation Service
SenderBase
1. SenderBase Affiliate 2. MTA 3. IP 4. SenderBase Reputation Service SenderBase Reputations
Score 5. Cisco SenderBase Reputation Score
SenderBase
. ( , 57 ) . 2000 . "" . 50% .
13:
, .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 87
Whitelist( Blacklist( Suspectlist( Unknownlist(
) )
) )
SenderBase Reputation Score :
(0) , 7 ~ 10
-10 ~ -4
-4 ~ -2
-2 ~ 7
( )
, SenderBase -10 ~ -3
Reputation
Score
.
-3 ~ -1
-1 ~ +10
, 4 ~ 10 .
.
-10 ~ -2
-2 ~ -1
-1 ~ 4
:
SBRS(SenderBase Reputation Service) .
SBRS Host Access Table , 93 .
· MX/MTA IP . IP , 374 .
· SenderBase Reputation Score . SenderBase Reputation , 99 .
· . , 87 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 88
SBRS
1 Mail Policies( ) > HAT Overview(HAT ) . 2 Sender Groups (Listener)( ()) . 3 .
"SUSPECTLIST" .
4 Edit Settings( ) . 5 SenderBase Reputation Score .
"WHITELIST" 7.0~10 .
6 Submit() . 7 . 8 .
· SBRS , 89 · SenderBase Reputation Service , 91 · Host Access Table , 93 · , 356
SBRS
"(dummy)" , SBRS . SenderBase Reputation Score HAT "" .
SBRS trace . : , 1149 . GUI CLI trace .
9:
( )
$BLOCKED
REJECT
None
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 89
SBRS
$THROTTLED
( )
ACCEPT
$ACCEPTED
( )
ACCEPT
$TRUSTED
ACCEPT
Maximum messages / session:
10
Maximum recipients / message: 20
Maximum message size:
1MB
Maximum concurrent connections: 10
Use Spam Detection:
ON
Use TLS:
OFF
Maximum recipients / hour: Use SenderBase:
20()
Maximum messages / session:
1,000
Maximum recipients / message: 1,000
Maximum message size:
100 MB
Maximum concurrent connections: 1,000
Use Spam Detection:
ON
Use TLS:
OFF
Use SenderBase:
ON
Maximum messages / session:
1,000
Maximum recipients / message: 1,000
Maximum message size:
100 MB
Maximum concurrent connections: 1,000
Use Spam Detection:
OFF
Use TLS:
OFF
Maximum recipients / hour:
-1 ()
Use SenderBase:
OFF
$THROTTLED 20 . . . Default Host Access( ) , 103 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 90
SenderBase Reputation Service
SenderBase Reputation Service
SenderBase Reputation Score Service SRBS . SenderBase Network Server IP , . AsyncOS . Security Services( ) > SenderBase . Security Services( ) SenderBase SenderBase Network Status Server SenderBase Reputation Score Service . CLI sbstatus .
SBRS
Cisco , SenderBase Reputation Service . . reputation strip-header insert-header , SenderBase Reputation Score -2.0 {{Spam SBRS}} SenderBase Reputation Score . listener_name . (filters .) : SBRS : 1
sbrs_filter:
if ((recv-inj == "listener_name " AND subject != "\\{Spam -?[0-9.]+\\}"))
{
insert-header("X-SBRS", "$REPUTATION");
if (reputation <= -2.0)
{
strip-header("Subject");
insert-header("Subject", "$Subject \\{Spam $REPUTATION\\}");
}
}
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 91
SBRS
· , 137
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 92
7
Host Access Table
. · , 93 · , 95 · , 101 · , 103 · , 106 · HAT(Host Access Table) , 115 · , 116 · SenderBase , 117 · , 119
. , . AsyncOS HAT(Host Access Table) . HAT . HAT . HAT . , .
· . . . , IP . SenderBase Reputation . , 95 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 93
HAT
Host Access Table
· . . . , . , 101 .
Mail Policies( ) > HAT Overview(HAT ) . HAT Overview(HAT ) .
14: Mail Policies( ) > HAT Overview(HAT ) -
TCP , IP . HAT Overview(HAT ) . . . AsyncOS . , . , 103 . Host Access Table Host Access Table Host Access Table . HAT(Host Access Table) , 115 .
· HAT , 94
HAT
, HAT . · . HAT . · . HAT .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 94
Host Access Table
HAT "ALL". Mail Policies( ) > HAT Overview(HAT ) ALL .
listenerconfig systemsetup " " . ( " " "" ) SMTP . .
. . . .
· IP (IPv4 IPv6) · IP · · SenderBase Reputation Service "" · SenderBase Reputation (SBRS) ( ) · DNS , 96 . SMTP SMTP , (: SenderBase , IP ) .
DNS IP . IP DNS(PTR) PTR DNS(A) . A PTR . A , HAT IP .
Mail Policies( ) > HAT Overview(HAT ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 95
Host Access Table
· , 96 · , IP , 97 · SenderBase Reputation , 99 · DNS , 100
10: HAT:
Syntax
n:n:n:n:n:n:n:n
IPv6 0 .
n:n:n:n:n:n:n:n-n:n:n:n:n:n:n:n IPv6 0 .
n:n:n-n:n:n:n:n:n
n.n.n.n
() IPv4
n.n.n. n.n.n. n.n. n.n. n.
IPv4
n.n.n.n-n. n.n.n.n-n. n.n.n-n. n.n-n. n.n-n n-n. n-n
IPv4
yourhost.example.com
.partialhost
n/c n.n/c n.n.n/c n.n.n.n/c n:n:n:n:n:n:n:n/c
SBRS[n:n]SBRS[none]
partialhost IPv4 CIDR
IPv6 CIDR 0 . SenderBase Reputation Score. SenderBase Reputation , 99 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 96
Host Access Table
, IP
Syntax
SBO:n
SenderBase Network Owner . SenderBase Reputation , 99 .
dnslist[dnsserver.domain] DNS . DNS , 100 .
ALL
.
(, ).
, IP
SMTP ID . HELO , . " ?" . SenderBase Reputation Service IP ( ) ID .
IP IP . Email Security Appliance IPv4(Internet Protocol version 4) IPv6(version 6) .
(: yahoo.com) , IP (PTR) .
(Network Owner) IP ( ) , ARIN(American Registry for Internet Numbers) IP .
IP , SenderBase . , .
· HAT , 97
HAT
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 97
HAT
Host Access Table
11:
Level 3 Communications
GE
The Motley Fool
Macromedia Inc. AllOutDeals.com GreatOffers.com GE Appliances GE Capital GE Mortgage The Motley Fool
. SenderBase Reputation Service , . , HAT(Host Access Table) "Level 3 Communications" SenderBase .
Level 3 10 , Macromedia Inc., Alloutdeals.com Greatoffers.com 10 (Level 3 30). , Level 3 . "The Motley Fool" . 10 The Motley Fool 10 .
. .
· IP ?
. SenderBase Reputation Service . SenderBase Reputation Service (SenderBase SenderBase ) . .
· IP .
· , ?
· IP . .
· ISP, NSP, . ISP, NSP IP , . IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 98
Host Access Table
SenderBase Reputation
IP . .
Mail Flow Monitor SenderBase SenderBase SenderBase . Mail Flow Monitor " " .
SenderBase Reputation
SenderBase Reputation Service (SBRS) . SBRS SenderBase Reputation Service IP , . -10.0~+10.0.
12: SenderBase Reputation
-10.0 0 +10.0 none
, ( )
SBRS . -7.5 . GUI . , 106 . HAT SenderBase Reputation .
13: SenderBase Reputation
SBRS[ n n
SBRS[none]
SenderBase Reputation Score. SenderBase Reputation Service , .
SBRS ( SenderBase Reputation ).
GUI HAT SBO:n . n SenderBase Reputation Service .
SenderBase Reputation Service Network() > Listeners() CLI listenerconfig -> setup . SenderBase Reputation Service . GUI Mail
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 99
DNS
Host Access Table
Policies( ) CLI listenerconfig -> edit -> hostaccess SenderBase Reputation Service .
SenderBase Reputation Score " " . "SenderBase Reputation ", " (Bypass Anti-Spam System Action)" " (Bypass Anti-Virus System Action)" .
DNS
HAT DNS . DNS . (" " "DNS List(DNS ) " ), . DNS List(DNS ) . .
DNS IP (: "127.0.0.1" "127.0.0.2" "127.0.0.3") . DNS (" " "DNS List(DNS ) " ), . DNS HAT (, IP ).
CLI . GUI DNS . , DNL , DNS CLI dnslistconfig .
"" "" . query.bondedsender.org Cisco Systems Bonded SenderTM . Bonded Sender DNS ( ) WHITELIST .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 100
Host Access Table
SMTP . SMTP .
· (: ) · (: ) · SMTP SMTP · · · (: TLS SMTP ) · (: DKIM )
.
· ACCEPT. , Recipient Access Table( ) .
· REJECT. , 4XX 5XX SMTP . .
SMTP (RCPT TO) AsyncOS . , AsyncOS . CLI listenerconfig > setup . CLI , 80 .
· TCPREFUSE. TCP . · RELAY. . Recipient Access Table
. · CONTINUE. HAT HAT . CONTINUE
. CONTINUE GUI HAT . , 106 .
· HAT , 102
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 101
HAT
Host Access Table
HAT
Rate Limiting SMTP . / . , $group $Group .
14: HAT
$Group $Hostname
$OrgID
$RemoteIP $HATEntry
HAT . "None" .
. IP DNS "None" . DNS (: DNS DNS ) "Unknown" .
SenderBase Organization ID( ) . SenderBase Organization ID SenderBase Reputation Service "None" .
IP .
HAT .
· HAT , 102 · HAT , 103
HAT
" " smtp_banner_text max_rcpts_per_hour_text HAT .
GUI $TRUSTED SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 102
Host Access Table 15: HAT
HAT
CLI .
Would you like to specify a custom SMTP response? [Y]> y
Enter the SMTP code to use in the response. 220 is the standard code.
[220]> 200
Enter your custom SMTP response. Press Enter on a blank line to finish.
You've connected from the hostname: $Hostname, IP address of: $RemoteIP, matched the group: $Group,
$HATEntry and the SenderBase Organization: $OrgID.
HAT
IP $WHITELIST . . SMTP . .
# telnet IP_address_of_Email_Security_Appliance port
220 hostname ESMTP
200 You've connected from the hostname: hostname , IP address of: IP-address_of_connecting_machine , matched the group: WHITELIST, 10.1.1.1 the SenderBase Organization: OrgID .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 103
Host Access Table
15:
WHITELIST
Whitelist $TRUSTED . $TRUSTED , .
BLACKLIST
Blacklist $BLOCKED ($BLOCKED ). SMTP HELO 5XX SMTP .
SUSPECTLIST
Suspectlist $THROTTLED (throttle) . Suspectlist . .
· , , .
· 20 . . .
· ( ).
· SenderBase Reputation Service .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 104
Host Access Table
UNKNOWNLIST
$ACCEPTED Unknownlist . ( ), SenderBase Reputation Service . . , 337 . SenderBase Reputation Service SenderBase Reputation Service, 85 .
ALL
$ACCEPTED
. HAT ,
94 .
.
16:
RELAYLIST
$RELAYED Relaylist . $RELAYED , .
RELAYLIST .
ALL
$BLOCKED
. HAT ,
94 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 105
Host Access Table
. $RELAYED . RELAYLIST $RELAYED .
Mail Policies( ) > HAT Overview(HAT ) Mail Flow Policy( ) . .
· , 106 · , 107 · , 108 · , 108 · , 101 · , 114
1 2 3 4 5 6 7
Mail Policies( ) > HAT Overview(HAT ) . Listener() . Add Sender Group( ) . . . ( ) (: ). .
( ) "CONTINUE (no policy)" .
8 ( ) DNS . 9 ( ) SBRS . "none"
. 10 ( ) DNS . 11 ( ) DNS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 106
Host Access Table
, 124 . 12 Submit() . 13 . 14 Add Sender( ) .
· IP . IP Addresses(IP ) IPv4 , IPv6 . IP .
· . Geolocation() .
15 .
· , 88
1 , IP Add to Sender Group( ) . 2 . 3 .
GUI . Add to Sender Group( ) example.net example.net .example.net . example.net . , 96 . , .
4 Incoming Mail Overview( ) Save() .
· , 369 · , 356
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 107
Host Access Table
. HAT . .
1 Mail Policies( ) > HAT Overview(HAT ) . 2 Listener() . 3 Edit Order( ) . 4 HAT .
RELAYLIST( ) WHITELIST, BLACKLIST, SUSPECTLIST UNKNOWNLIST .
5 .
HAT Overview(HAT ) Find Senders( ) . Find() .
. · "Use Default( )" " ". "On" . , 114 . · . ( DHAP(Directory Harvest Attack Prevention) LDAP .)
1 Mail Policies( ) > Mail Flow Policies( ) . 2 Add Policy( ) . 3 .
17:
Connections
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 108
Host Access Table
. 1.
Maximum concurrent IP connections from a single
IP( IP
)
Maximum messages per connection( )
Maximum recipients per message( )
SMTP
Custom SMTP Banner SMTP Code( SMTP )
Custom SMTP Banner SMTP
Text( SMTP
)
. HAT , 102 .
Custom SMTP Reject SMTP Banner Code( SMTP )
Custom SMTP Reject Banner Text( SMTP )
SMTP
Override SMTP Banner Host Name(SMTP )
SMTP (: 220- ESMTP). . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 109
Host Access Table
Max. Recipients per
. IP
Hour( . .
)
, IP ()
.
. HAT , 102 .
Max. Recipients per Hour SMTP Code( )
Max. Recipients Per Hour SMTP Exceeded Text(
)
Max. Recipients per Time ,
Interval( . .
)
. ,
.
, , .
Default Mail Flow Policy( ) . Default Mail Flow Policy( ) .
Sender Rate Limit
(envelope)
Exceeded Error Code( SMTP
)
Sender Rate Limit
(envelope)
Exceeded Error Text( SMTP
)
. , 116 .
Flow Control( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 110
Host Access Table
Use SenderBase for Flow SenderBase Reputation Service "" . Control( SenderBase )
Group by Similarity of IP CIDR HAT(Host Access Table) IP
Addresses: (significant .
bits 0-32)(IP IP (0-32) , IP
. "Use SenderBase(SenderBase )"
( 0-32))
. HAT , 665
.
DHAP(Directory Harvest Attack Prevention)
DHAP(Directory Harvest . RAT
Attack Prevention): SMTP call-ahead SMTP
( LDAP ) LDAP
. LDAP DHAP
LDAP , 745 .
Directory Harvest Attack . Prevention: Drop Connection if DHAP threshold is Reached within an SMTP Conversation(DHAP(Directory Harvest Attack
Prevention): SMTP
DHAP
)
. 550. :
. "Too many invalid recipients( : )".
Drop Connection if DHAP threshold is
SMTP DHAP .
reached within an SMTP
Conversation(SMTP
DHAP
)
Max. Invalid Recipients SMTP DHAP . Per Hour Code( 550.
)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 111
Host Access Table
SMTP DHAP . :
Anti-spam scanning( . )
Anti-virus scanning( . )
TLS
SMTP TLS(Transport Layer Security) Deny(), Prefer(
) Require() .
Preferred( ) , Address List( ) TLS . TLS TLS .
Verify Client Certificate( ) TLS Email Security Appliance . TLS Preferred(TLS ) , TLS . TLS Required(TLS ) , .
, 116 .
TLS TLS , 787 .
SMTP
SMTP . SMTP "LDAP " .
TLS SMTP TLS SMTP . :
Domain Key/ DKIM Signing(Domain Key/DKIM )
Domain Keys DKIM (ACCEPT RELAY).
DKIM
DKIM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 112
Host Access Table
S/MIME
S/MIME Decryption/Verification(S/MIME /)
· S/MIME . · S/MIME .
(triple wrapped) .
S/MIME
S/MIME S/MIME . (S/MIME )
Harvest Certificates on . Verification Failure( )
Store Updated
.
Certificate(
)
SPF/SIDF
Enable SPF/SIDF
SPF/SIDF . , 571
Verification(SPF/SIDF .
)
Conformance Level( SPF/SIDF . SPF, SIDF SIDF Compatible
)
. , 571 .
Downgrade PRA verification result if 'Resent-Sender:' or 'Resent-From:' were
SIDF Compatible(SIDF ) , Resent-Sender: Resent-From: PRA Identity Pass None . .
used:('Resent-Sender:'
'Resent-From:'
PRA
:)
HELO Test(HELO HELO ID (SPF SIDF Compatible
)
).
DMARC
Enable DMARC
DMARC . DMARC , 602
Verification(DMARC .
)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 113
Host Access Table
Use DMARC Verification DMARC . Profile(DMARC )
DMARC Feedback
DMARC .
Reports(DMARC
)
DMARC DMARC , 609
.
DMARC DMARC . DKIM SPF .
Consider Untagged
(" " )
Bounces to be Valid( . , Bounce
Verification( ) .
)
.
DNS
, 119 .
Use Exception Table( . ,
)
. ,
122 .
HAT , . , .
4 .
1 Mail Policies( ) > Mail Flow Policies( ) . 2 Listener() . 3 Default Policy Parameters( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 114
Host Access Table
HAT(Host Access Table)
4 . , 108 .
5 .
HAT(Host Access Table)
HAT(Host Access Table) , HAT HAT .
· HAT(Host Access Table) , 115 · HAT(Host Access Table) , 115
HAT(Host Access Table)
1 Mail Policies( ) > HAT Overview(HAT ) . 2 Listener() . 3 Export HAT(HAT ) . 4 HAT . configuration
. 5 .
HAT(Host Access Table)
HAT HAT HAT .
1 Mail Policies( ) > HAT Overview(HAT ) . 2 Listener() . 3 Import HAT(HAT ) . 4 .
configuration . 5 Submit() . HAT . 6 Import() . 7 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 115
Host Access Table
"" . '#' AsyncOS . .
# File exported by the GUI at 20060530T215438 $BLOCKED
REJECT {} [ ... ]
(: TLS ) . , , IP . GUI Mail Policies( ) > Address Lists( ) CLI addresslistconfig . Address Lists( ) .
1 Mail Policies( ) > Address Lists( ) . 2 Add Address List( ) . 3 . 4 . 5 ( ) Full Email Addresses only( )
. 6 .
· Full Email Addresses only( ) .
· Domains only() . · IP Addresses only(IP ) .
7 . . · : [email protected] · : user@ Allow only full Email Addresses( ) . · IP : @[1.2.3.4] · : @example.com · : @.example.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 116
Host Access Table
SenderBase
IP @ . . AsyncOS .
8 .
SenderBase
( ) . Classification() -> Sender Group( ) -> Mail Flow Policy( ) -> Rate Limiting( ) , IP , 97 . "" IP SMTP ( ) . . ( , , / .) . , . .
· SenderBase Reputation Service .
( /24 CIDR ).
· HAT Significant Bits(HAT ) . .
Mail Flow Policy( ) -> Rate Limiting( ) . IP "network/bits" CIDR "bits" . SenderBase Reputation Service IP Profiling .
· SenderBase , 118 · HAT , 118
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 117
SenderBase
Host Access Table
SenderBase
SenderBase Reputation Service . SenderBase . GUI "Use SenderBase for Flow Control( SenderBase )" CLI listenerconfig > hostaccess > edit SenderBase .
HAT
AsyncOS 3.8.3 , CIDR HAT(Host Access Table) IP . "10.1.1.0/24" , .
HAT HAT Flow Control( ) "User SenderBase( SenderBase)" ( CLI listenerconfig -> setup SenderBase Information Service , "Would you like to enable SenderBase Reputation Filters and IP Profiling support?(SenderBase Reputation Filters IP Profiling ?)" no() ). , HAT SenderBase IP Profiling .
("10.1.1.0/24" "10.1.0.0/16" IP ) . , IP . HAT .
· HAT , 118 · HAT , 119 · , 119
HAT
HAT . IP ""( ) . IP SMTP . IP "CIDR "(: 10.1.1.0/24) (/32) . "signficant_bits" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 118
Host Access Table
HAT
HAT
HAT signficant_bits . GUI Mail Policies( ) > Mail Flow Policies( ) .
SenderBase "OFF" Directory Harvest Attack Prevention , "significant bits" IP , HAT CIDR . CIDR " (zeroed out)". IP 1.2.3.4 significant_bits 24 CIDR 1.2.3.0/24 . , HAT ( 10.1.1.0/24) ( 32) (24) .
listenerconfig AsyncOS for Cisco Email Security Appliance CLI .
. IP (: 60 15), .
3,600(1). 1(60) 4(14,400) .
GUI ( , 72 ).
CLI listenerconfig -> setup . listenerconfig AsyncOS for Cisco Email Security Appliance CLI .
IP DNS . DNS . SMTP ( IP DNS ) .
. AsyncOS . SMTP (throttle) .
.
· . SMTP . : , 120 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 119
:
Host Access Table
· . SMTP . : , 121 .
· : , 120 · : , 121 · - , 123 · , 125 · , 127
:
. DNS "" . DNS SMTP .
DNS . SMTP . DNS IP (, ) . DNS IP DNS(PTR) PTR DNS(A) . A PTR . PTR A , HAT IP .
.
· PTR DNS . · PTR DNS . · DNS (PTR) DNS (A) .
"Connecting Host DNS Verification( DNS )" (SUSPECTLIST , 124 ).
DNS . DNS . , . (throttle) . WHITELIST DNS WHITELIST ( / , ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 120
Host Access Table
:
:
DNS . ( ? DNS A MX ?) DNS DNS . , "domain does not exist( )" . SMTP , DNS SMTP IP .
, AsyncOS MX . MX A . DNS "NXDOMAIN" ( ), AsyncOS . "Envelope Senders whose domain does not exist( )" . NXDOMAIN .
DNS "SERVFAIL" "Envelope Senders whose domain does not resolve( )" . SERVFAIL DNS .
MAIL FROM ( ) . MAIL FROM . ( ) MAIL FROM .
.
· DNS . · SMTP . DNS
. · . · DNS .
( , 122 ). . . .
, . , DNS . DNS .
DNS SMTP . DNS (throttle) . , MAIL FROM SMTP . SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 121
, MAIL FROM
Host Access Table
GUI CLI(listenerconfig -> edit -> hostaccess -> < policy >) DNS ( ) .
· , MAIL FROM, 122 · SMTP , 122 · : , 121
, MAIL FROM
(envelope sender) SMTP Address Parsing(SMTP ) (" " SMTP ), .
.
SMTP
, DNS , DNS (: DNS ) SMTP .
SMTP $EnvelopeSender . .
"Domain does not exist( )" . "" 5XX 4XX .
SMTP . SMTP . .
, . MAIL FROM: [email protected] . . RAT(Recipient Access Table) (SMTP RCPT TO ) .
GUI Mail Policies( ) > Exception Table( ) ( CLI exceptionconfig ) , GUI(ACCEPTED , 124 ) CLI(AsyncOS for Cisco Email Security Appliance CLI ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 122
Host Access Table
-
.
, 125 .
-
.
, DNS SUSPECTLIST THROTTLED (throttle).
(UNVERIFIED) (THROTTLEMORE) . SMTP (throttle)(UNVERIFIED THROTTLEMORE ).
ACCEPTED .
.
18: :
UNVERIFIED SUSPECTLIST
THROTTLEMORE THROTTLED
ACCEPTED
SMTP : PTR DNS . DNS (PTR) DNS (A) .
SMTP : - MAIL FROM: - DNS . - DNS .
· SUSPECTLIST , 124 · , 124 · ACCEPTED , 124 · , 125 · , 125
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 123
SUSPECTLIST
Host Access Table
SUSPECTLIST
1 Mail Policies( ) > HAT Overview(HAT ) . 2 SUSPECTLIST . 3 Edit Settings( ) . 4 THROTTLED . 5 Connecting Host DNS Verification( DNS ) "Connecting host reverse DNS lookup (PTR)
does not match the forward DNS lookup (A)( DNS (PTR) DNS (A) )" . 6 . DNS SUSPECTLIST , THROTTLED .
1 ( THROTTLEMORE ) (throttling) . a) Mail Flow Policies( ) Add Policy( ) . b) Connection Behavior( ) Accept() . c) . d) .
2 ( UNVERIFIED ) THROTTLEMORE . a) HAT Overview(HAT ) Add Sender Group( ) . b) THROTTLEMORE . c) Connecting Host DNS Verification( DNS ) "Connecting host PTR record does not exist in DNS( PTR DNS )" . d) .
ACCEPTED
1 Mail Policies( ) > Mail Flow Policies( ) . 2 Mail Flow Policies( ) ACCEPTED . 3 Sender Verification( ) . 4 Envelope Sender DNS Verification( DNS ) .
· DNS On .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 124
Host Access Table
· SMTP . 5 Use Domain Exception Table( ) On . 6 .
1 Mail Policies( ) > Exception Table( ) . "Use Exception Table( )" .
2 Mail Policies( ) > Exception Table( ) Add Domain Exception( ) .
3 . ([email protected]), (user@), (@example.com or @.example.com) IP (user@[192.168.23.1]) .
4 . SMTP .
5 .
1 Exception Table( ) Find Domain Exception( ) .
2 Find() . .
. DNS .
· MAIL FROM , 126 · , 126
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 125
MAIL FROM
Host Access Table
MAIL FROM
THROTTLED DNS , MAIL FROM .
1 (Telnet) . 2 SMTP MAIL FROM(: "admin") .
(" " ), , .
3 .
# telnet IP_address_of_Email_Security_Appliance port 220 hostname ESMTP helo example.com 250 hostname mail from: admin 553 #5.5.4 Domain required for sender address
SMTP THROTTLED .
1 [email protected] "Allow()" . 2 . 3 . 4 SMTP ([email protected])
. 5 .
# telnet IP_address_of_Email_Security_Appliance port 220 hostname ESMTP helo example.com 250 hostname mail from: [email protected] 250 sender <[email protected]> ok
, DNS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 126
Host Access Table
.
· , 127
:
Thu Aug 10 10:14:10 2006 Info: ICID 3248 Address: <user> sender rejected, envelope sender domain missing
(NXDOMAIN):
Wed Aug 9 15:39:47 2006 Info: ICID 1424 Address: <[email protected]> sender rejected, envelope sender domain does not exist
(SERVFAIL):
Wed Aug 9 15:44:27 2006 Info: ICID 1425 Address: <[email protected]> sender rejected, envelope sender domain could not be resolved
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 127
Host Access Table
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 128
8
. · , 129 · RAT(Recipient Access Table) , 130 · GUI RAT , 130 · CLI RAT , 130 · RAT , 130 · , 131
AsyncOS RAT(Recipient Access Table) . .
· · · . . RAT . "All Other Recipients( )" . . , . AsyncOS RAT(Recipient Access Table) . . currentcompanyname.com oldcompanyname.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 129
RAT(Recipient Access Table)
currentcompanyname.com oldcompanyname.com . RAT . (: . " " (Domain Map) .)
RAT(Recipient Access Table)
Recipient Access Table . . RAT(Recipient Access Table) RAT , , LDAP .
GUI RAT
GUI
Mail Policies( ) > Recipient Access Table(RAT) .
CLI RAT
CLI
listenerconfig edit > rcptaccess > new .
RAT
· . · . (" " " " ) SMTP . . RAT . · RAT .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 130
1 Mail Policies( ) > Recipient Access Table(RAT) . 2 All Other Recipients( ) .
RAT Mail Policies( ) > Recipient Access Table (RAT) , . .
· RAT , . · . · RAT . · RAT .
· , 131 · Recipient Access Table , 134 · Recipient Access Table , 134 · Recipient Access Table , 134
1 2 3 4 5 6 7 8
Mail Policies( ) > Recipient Access Table (RAT) . Overview for Listener( ) . Add Recipient( ) . . . . ( ) LDAP . ( ) SMTP . a) Custom SMTP Response( SMTP ) Yes() . b) SMTP . RCPT TO SMTP .
9 ( ) Bypass Receiving Control( ) Yes() . 10 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 131
· , 132 · LDAP , 132 · Bypass, 133
RAT . , , , IP .
[IPv4 address]
IPv4(Internet Protocol version 4) . IP "[]" .
[IPv6 address]
IPv6(Internet Protocol version 6) . IP "[]" .
division.example.com
.partialhost
"partialhost"
user@domain
user@
user@[IP_address ]
IPv4 IPv6 . IP "[]" .
"user@IP_address"( ) . , RAT .
GUI 4 Recipient Access Table (3: , 33 ) . example.net .example.net . example.net Recipient Access Table . RAT .example.com .example.com , (: [email protected]) .
LDAP
LDAP . LDAP (: [email protected]).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 132
Bypass
LDAP (: ), LDAP . [email protected] [email protected] [email protected] . [email protected] LDAP , LDAP [email protected] [email protected] .
GUI LDAP RAT Bypass LDAP Accept Queries for this Recipient( LDAP ) .
CLI LDAP listenerconfig -> edit -> rcptaccess yes() .
Would you like to bypass LDAP ACCEPT for this entry? [Y]> y
LDAP RAT RAT . RAT RAT . RAT [email protected] ironport.com . [email protected] LDAP , ironport.com ACCEPT . [email protected] [email protected] ironport.com LDAP . ironport.com [email protected] RAT ACCEPT .
Bypass
, .
. , "postmaster@domain" . RAT , "postmaster@domain" . .
GUI RAT "Bypass Receiving Control( )" Yes() .
CLI listenerconfig > edit > rcptaccess yes .
Would you like to bypass receiving control for this entry? [N]> y
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 133
Recipient Access Table
Recipient Access Table
1 Mail Policies( ) > Recipient Access Table (RAT) . 2 Overview for Listener( ) . 3 Edit Order( ) . 4 Order() . 5 .
Recipient Access Table
1 Mail Policies( ) > Recipient Access Table (RAT) . 2 Overview for Listener( ) . 3 Export RAT(RAT ) . 4 .
. 5 .
Recipient Access Table
Recipient Access Table Recipient Access Table .
1 Mail Policies( ) > Recipient Access Table (RAT) . 2 Overview for Listener( ) . 3 Import RAT(RAT ) . 4 .
AsyncOS . 5 Submit() .
Recipient Access Table . 6 Import() . 7 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 134
Recipient Access Table
"" . '#' AsyncOS . .
:
# File exported by the GUI at 20060530T220526 .example.com ACCEPT ALL REJECT
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 135
Recipient Access Table
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 136
9
Cisco . , , . .
· , 137 · , 138 · , 140 · , 146 · , 196 · Attachment Scanning( ), 229 · , 240 · CLI , 240 · , 255 · , 263
Cisco . . Cisco . .
· . . , , , , . , , , BCC( ) . , 138 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 137
· . AsyncOS AsyncOS , , , MIME , . , 140 .
· . . . , 138 .
· . true . 2 . (: , ) (: ). , 138 .
· . . , . . , . Attachment Scanning( ), 229 .
· CLI . CLI . , , , . CLI , 240 .
· . . , 255 .
. .
· , 138 · , 138 · , 139
. AND, OR NOT . .
.
2 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 138
· (, ) .
· .
. . , .
· , 196 · , 206 · , 208 · , 209
. . else else . , . .
expedite:
if (recv-listener == 'InboundMail' or recv-int == 'notmain')
{ alt-src-host('outbound1');
skip-filters(); }
else {
alt-src-host('outbound2'); }
. expedite2:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 139
if ((not (recv-listener == 'InboundMail')) and
(not (recv-int == 'notmain')))
{ alt-src-host('outbound2');
skip-filters();
}
.
. . , notify(`[email protected]') notify("[email protected]") notify("[email protected]') .
`#' filters -> detail AsyncOS .
AsyncOS AsyncOS , .
· . . , AsyncOS . , . , 141 .
· . AsyncOS . AsyncOS . , 141 .
· MIME . MIME "" " " . . , 141 .
· . "" . "" . , 142 .
· . AND OR AsyncOS . . , AND OR . AND OR , 145 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 140
· , 141 · , 141 · , 141 · , 142 · AND OR , 145
. . 9 (: ) 30 . . .
.
.
· . · . · .
"" . .
· , .
· , .
· , .
.
. RFC " " , "" " " . Cisco (body-variable attachment-variable ) , Cisco "" " " MUA .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 141
body-variable attachment-variable MIME . (, MIME ) . AsyncOS MIME .
, "Document attached below." "This is a Microsoft Word document.doc" Microsoft Outlook MUA . , RFCS 1521 1522 MIME , Cisco " " , ""( ) .doc ( MIME ) .
16: " "
Cisco body-variable attachment-variable .
· , "Content-Type: text/plain" "Content-Type: text/html" Cisco . Cisco .
· (: UU ) . , .
· . , .zip .
. AsyncOS "" . true . .
· body-contains · only-body-contains
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 142
· attachment-contains · every-attachment-contains · dictionary-match · attachment-dictionary-match
drop-attachments-where-contains .
.
· , 143 · , 143 · MIME/ MIME , 144 · , 144
true .
if(<filter rule>('<pattern>',<minimum threshold>)){
, body-contains "Company Confidential" 2 .
if(body-contains('Company Confidential',2)){
, AsyncOS , 1 .
. " " .
. AsyncOS "" . MIME (: attachment-contains ) AsyncOS . , 2 body-contains , 1 . AsyncOS , 2 .
AsyncOS . , 3 attachment-contains
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 143
MIME/ MIME
, 2 2 . AsyncOS 4 .
MIME/ MIME
2 ( HTML) AsyncOS . , . AsyncOS . , body-contains 4 . HTML, 2 . .
multipart/mixed
multipart/alternative
text/plain
text/html
application/octet-stream
application/octet-stream
body-contains text/plain text/html . . , . ,
multipart/mixed
multipart/alternative
text/plain (2 matches)
text/html (2 matches)
application/octet-stream (1 match)
application/octet-stream
AsyncOS text/plain text/html 3 .
"" . , "" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 144
AND OR
"" "" ABA . . . ,
19:
/ ABA
3 2 1
dictionary-match attachment-dictionary-match AsyncOS "" . "" 3 , AsyncOS 6 . 6 AsyncOS . 1 , 6 .
AND OR
AND OR AsyncOS . AND false . . , AND OR . , remote-ip rcpt-to-group ( LDAP ).
andTestFilter:
if (remote-ip == "192.168.100.100" AND rcpt-to-group == "GROUP")
{ ... }
. if . .
expensiveAvoid:
if (<simple tests>)
{ if (<expensive test>)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 145
{ <action> }
}
.
if (test1 AND test2 AND test3) { ... }
.
if ((test1 AND test2) AND test3) { ... }
, (test1 AND test2) test3 AND . (test1 AND test2) test3 .
. true .
· , 146 · , 158 · , 162 · , 209
.
20:
Subject Header( )
Syntax
subject
Body Size( )
body-size
? Subject() , 165 .
? Body Size( ) , 168 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 146
Envelope Sender( )
Syntax
mail-from
Envelope Sender in Group( mail-from-group )
sendergroup
Envelope Recipient( ) rcpt-to
Envelope Sender( )(, Envelope From, <MAIL FROM>) ? Envelope Sender( ) , 167 .
Envelope Sender( )(, Envelope From, <MAIL FROM>) LDAP ? Envelope Sender in Group( ) , 167 .
HAT(Host Access Table) ? Sender Group( ) , 168 .
Envelope Recipient( )(, Envelope To, <RCPT TO>) ? Envelope Recipient( ) , 166 .
rcpt-to . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 147
Syntax
rcpt-to-group
Remote IP( IP)
remote-ip
Receiving Interface( recv-int )
Receiving Listener( ) recv-listener
Date()
date
Header()
header(<string>)
Envelope Recipient( )(, Envelope To, <RCPT TO>) LDAP ? Envelope Recipient in Group( ) , 166 .
rcpt-to-group
.
,
.
IP IP ? Remote IP( IP) , 169 .
? .Receiving IP Interface( IP ) , 170
? Receiving Listener( ) , 169 .
, ? Date() , 170 .
? ? Header( ) , 170 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 148
Random()
Syntax
random(<integer>)
Recipient Count( )
rcpt-count
Address Count( )
addr-count()
SPF Status(SPF )
spf-status
SPF Passed(SPF )
spf-passed
S/MIME
smime-gateway
? Random() , 171 .
? Recipient Count( ) , 172 .
?
rcpt-count . Address Count( ) , 172 .
SPF ? SPF . SPF/SIDF . SPF-Status , 178 .
SPF/SIDF ? SPF/SIDF . SPF-Passed , 180 .
S/MIME , , ? S/MIME Gateway Message(S/MIME ) , 180 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 149
S/MIME
Syntax
smime-gateway-verified
Image verdict( )
image-verdict
Workqueue count( ) workqueue-count
Body Scanning( )
body-contains( <regular expression>)
Body Scanning( )
only-body-contains (<regular expression>)
Encryption Detection( encrypted )
, , ? S/MIME Gateway Verified(S/MIME ) , 181 .
? . , 232 .
, , ? Workqueue-count , 181 .
? ?
delivery-status .
Body Scanning( ) , 173 .
? ? . Body Scanning( ) , 172 .
? , 173 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 150
Syntax
attachment-filename
Attachment Type( )a
attachment-type
Attachment File Type
attachment-filetype
? Attachment Filename( ) , 174 .
MIME ? Attachment Type( ) , 174 .
(UNIX file )? Excel Word .exe , .dll, .bmp, .tiff, .pcx, .gif, .jpeg, png Photoshop .
. . .exe .
if (attachment-filetype == "exe")
, 175 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 151
Attachment MIME Type
Attachment Protected Attachment Unprotected
Syntax
attachment-mimetype
attachment-protected attachment-unprotected
MIME ? MIME MIME attachment-type . ( "" .) , 237 .
? , 239 .
attachment-unprotected true . . zip .
- attachment-unprotected attachment-protected . true . zip .
, 239 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 152
Syntax
Attachment Scanning( attachment-contains
(<regular expression>)
)a
Attachment Scanning( attachment-binary-contains
(<regular expression>)
) Attachment Scanning( every-attachment-contains
(<regular expression>)
)
? ?
body-contains() , "" . , . , 237 .
?
attachment-contains () , .
? , 'attachment-contains()' AND . . ?
, 237 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 153
Syntax
Attachment Size( )a attachment-size
? body-size , "" . , . . , 237 .
Public Blacklists( dnslist(<query server>) )
IP (RBL) ? DNS List(DNS ) , 175 .
SenderBase Reputation
reputation
SenderBase Reputation ? SenderBase Reputation , 176 .
No SenderBase
no-reputation
Reputation(SenderBase Reputation
)
SenderBase Reputation "None()" . SenderBase Reputation , 176 .
dictionary-match (<dictionary_name>)
dictionary_name ? ? Dictionary() , 177 .
Attachment Dictionary Match( attachment-dictionary-match
(<dictionary_name>)
)
dictionary_name ? ? Dictionary() , 177 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 154
Syntax
Subject Dictionary Match( subject-dictionary-match
(<dictionary_name>)
)
Header Dictionary Match( header-dictionary-match
(<dictionary_name>,
)
<header>)
Body Dictionary Match( body-dictionary-match
(<dictionary_name>)
)
Envelope Recipient Dictionary rcpt-to-dictionary-match Match( ) (<dictionary_name>)
Envelope Sender Dictionary
mail-from-dictionary-match
Match( ) (<dictionary_name>)
SMTP Authenticated User
smtp-auth-id-matches
Match(SMTP ) (<target>[, <sieve-char>])
True()
true
Subject dictionary name ? Dictionary() , 177 .
(/ ) dictionary name ? Dictionary() , 177 .
true . MIME , ( 1) true . Dictionary() , 177 .
dictionary name ? Dictionary() , 177 .
dictionary name ? Dictionary() , 177 .
SMTP ID ? SMTP , 181 .
. True , 165 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 155
Syntax
Valid()
valid
/ MIME false, true . , 165 .
Signed()
signed
? Signed , 183 .
Signed Certificate( ) signed-certificate
(<field> [<operator> <regular expression>])
X.509 ? Signed Certificate( ) , 184 .
Header Repeats( )
header-repeats (<target>,
<threshold> [, <direction>])
true .
· 1
· 1
URL Reputation(URL )
url-reputation url-no-reputation
URL
url-category
Header Repeats( ) , 186 .
URL ?
URL ?
URL Reputation(URL ) , 188 Cisco Email Security , 307 .
URL ?
URL Category(URL ) , 189 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 156
Syntax
Corrupt Attachment( attachment-corrupt )
?
Corrupt Attachment( ) , 189 .
message-language
( )?
, 189 .
macro-detection-rule
([`file_type-1', 'file_type-2',
...,'file_type-n'])
?
, 190 .
forged-email-detection ("<dictionary_name>", <threshold>)
? : .
, 191 .
duplicate_boundaries
MIME ?
, 192 .
MIME malformed-header
MIME ?
MIME , 192 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 157
Syntax
geolocation-rule (['country_name-1', 'country_name-2', 'country_name-n'])
Sender Domain Reputation: - sdr-reputation (<`sdr_verdict_range'>, <`domain_exception _list'>) - sdr-age (<`unit'>, <`operator'> <`actual value'>) - sdr-unscannable (<'domain_exception _list'>)
External Threat Feeds: domain-externalthreat-feeds (<'external_threat_ feed_source_name'>, <'header'> , <'domain
_exception_list'>)
?
.
, 193 .
?
·
·
ETF , 193 SDR , 194 .
Cisco Email Security , 307 , 323 .
Cisco . ( , 138 ) , (AND, OR, NOT) .
. . .
21:
(abc)
.
Georg George Of The Jungle , Georgy Porgy, La Meson Georgette Georg .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 158
(^) ($)
($) , (^) . ^Georg$ Georg . "^$" .
, @ , @ .
^George@admin$ George@admin .
(. )
(.) ( ).
^...admin$ macadmin sunadmin win32admin .
(*)
(*) "0 " . (.*) ( ).
^P.*Piper$ PPiper, Peter Piper, P.Piper Penelope Penny Piper .
(\)
. \. , \$ , \^ . ^ik\.ac\.uk$ ik.ac.uk .
: . "" 2 . ^ik\\.ac\\.uk$ .
/ ((?i))
(?i) / . / / .
"(?i)viagra" Viagra, vIaGrA VIAGRA .
{min,max}
.
"fo\{2,3\}" foo fooo fo fofo .
if(header('To') == "^.{500,}") 500 "To" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 159
(|)
"or" . A B "A|B" "A" "B" .
"foo|bar" foo bar foobar .
· , 160 · , 160 · ASCII , 161 · n , 161 · / , 161 · , 161 · PDF , 162
ASCII ( ) . ASCII (regex) .
· · MIME ·
· MIME (, ) · MIME ( MIME ) · MIME · MIME
(regex) . , HTML, MS Word, Excel . gb2312, HZ, EUC, JIS, Shift-JIS, Big5, Unicode . GUI . . CLI , 240 , 263 .
(^) ($) .
"" . . "^ $" . Subject() , 165 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 160
ASCII
. sun.com thegodsunocommando , ^sun\.com$ sun.com .
, Python re Module . Python Python Regular Expression HOWTO(http://www.python.org/doc/howto/) .
ASCII
/ . (regex "\w" ) .
n
== , != . .
rcpt-to == "^goober@dev\\.null\\....$" (matching)
rcpt-to != "^goober@dev\\.null\\....$" (non-matching)
/
/ . foo FOO Foo .
, CPU . .
attachment-filter: if ((recv-listener == "Inbound") AND ((((((((((((((((((((((((((((((((((((((((((((((attachment-filename ==
"\\.386$") OR (attachment-filename == "\\.exe$")) OR (attachment-filename == "\\.ad$")) OR
(attachment-filename == "\\.ade$")) OR (attachment-filename == "\\.adp$")) OR (attachment-filename == "\\.asp$")) OR (attachment-filename == "\\.bas$")) OR (attachment-filename == "\\.bat$")) OR (attachment-filename == "\\.chm$")) OR (attachment-filename == "\\.cmd$")) OR (attachment-filename == "\\.com$")) OR (attachment-filename == "\\.cpl$")) OR (attachment-filename == "\\.crt$")) OR (attachment-filename == "\\.exe$")) OR (attachment-filename == "\\.hlp$")) OR (attachment-filename == "\\.hta$")) OR (attachment-filename == "\\.inf$")) OR (attachment-filename == "\\.ins$")) OR (attachment- filename == "\\.isp$")) OR (attachment-filename == "\\.js$")) OR (attachment-filename == "\\.jse$")) OR (attachment- filename == "\\.lnk$")) OR (attachment-filename == "\\.mdb$")) OR (attachment-filename == "\\.mde$")) OR (attachment-filename == "\\.msc$")) OR (attachment-filename == "\\.msi$")) OR (attachment-filename == "\\.msp$")) OR
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 161
PDF
(attachment-filename == "\\.mst$")) OR (attachment-filename == "\\.pcd$")) OR (attachment-filename == "\\.pif$")) OR (attachment-filename == "\\.reg$")) OR (attachment-filename == "\\.scr$")) OR (attachment-filename == "\\.sct$")) OR (attachment-filename == "\\.shb$")) OR (attachment-filename == "\\.shs$")) OR (attachment-filename == "\\.url$")) OR (attachment-filename == "\\.vb$")) OR (attachment-filename == "\\.vbe$")) OR (attachment-filename == "\\.vbs$")) OR (attachment-filename == "\\.vss$")) OR (attachment-filename == "\\.vst$")) OR (attachment-filename == "\\.vsw$")) OR (attachment-filename == "\\.ws$")) OR (attachment-filename == "\\.wsc$")) OR (attachment-filename == "\\.wsf$")) OR (attachment-filename == "\\.wsh$"))) { bounce(); }
AsyncOS recv-listener 30 .
.
attachment-filter: if (recv-listener == "Inbound") AND (attachment-filename == "\\. (386|exe|ad|ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|jse|l nk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shb|shs| url|vb|vbe|vbs|vss|vst|vsw|ws|wsc|wsf|wsh)$") {
. "()" , . CPU .
PDF
PDF . . , PDF . PDF .
PowerPoint . PDF . PDF "callout "call out" "c a l lout" . "callout" .
.
.
· · · CUSIP(Committee on Uniform Security Identification Procedures) · ABA(American Banking Association)
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 162
22:
*credit
14, 15 16 . : enRoute .
*aba ABA ABA .
*ssn . *ssn , .
*cusip CUSIP
CUSIP .
· , 163
, .
ID_Credit_Cards:
if(body-contains("*credit")){
notify("[email protected]");
} .
.
. *credit|*ssn .
*SSN *ssn . "only-body-contains" . MIME true . .
SSN-nohtml: if only-body-contains("*ssn") { duplicate-quarantine("Policy");}
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 163
.
· True , 165 · , 165 · Subject() , 165 · Envelope Recipient( ) , 166 · Envelope Recipient in Group( ) , 166 · Envelope Sender( ) , 167 · Envelope Sender in Group( ) , 167 · Sender Group( ) , 168 · Body Size( ) , 168 · Remote IP( IP) , 169 · Receiving Listener( ) , 169 · Receiving IP Interface( IP ) , 170 · Date() , 170 · Header() , 170 · Random() , 171 · Recipient Count( ) , 172 · Address Count( ) , 172 · Body Scanning( ) , 172 · Body Scanning( ) , 173 · , 173 · Attachment Type( ) , 174 · Attachment Filename( ) , 174 · DNS List(DNS ) , 175 · SenderBase Reputation , 176 · Dictionary() , 177 · SPF-Status , 178 · SPF-Passed , 180 · S/MIME Gateway Message(S/MIME ) , 180 · S/MIME Gateway Verified(S/MIME ) , 181 · Workqueue-count , 181 · SMTP , 181 · Signed , 183 · Header Repeats( ) , 186 · URL Reputation(URL ) , 188 · URL Category(URL ) , 189 · Corrupt Attachment( ) , 189
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 164
True
True
· , 189 · , 190 · , 191 · , 192 · MIME , 192 · , 193 · ETF , 193 · SDR , 194
true . IP external .
externalFilter:
if (true)
{
alt-src-host('external');
}
valid / MIME false, true . .
not-valid-mime:
if not valid
{
drop();
}
Subject()
subject . Make Money... .
not-valid-mime: if not valid { drop();
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 165
Envelope Recipient( )
}
ASCII . (: , ) . , 141 . true .
EmptySubject_To_filter: if (header('Subject') != ".") OR (header('To') != ".") { drop(); }
Subject To true , true . true .
Envelope Recipient( )
rcpt-to . "scarface" .
rcpt-to / .
scarfaceFilter: if (rcpt-to == 'scarface') { drop(); }
rcpt-to . , .
Envelope Recipient in Group( )
rcpt-to-group LDAP . LDAP "ExpiredAccounts" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 166
Envelope Sender( )
expiredFilter: if (rcpt-to-group == 'ExpiredAccounts') { drop(); }
rcpt-to-group . , .
Envelope Sender( )
mail-from . [email protected] .
mail-from / . .
kremFilter: if (mail-from == '^admin@yourdomain\\.com$') { skip-filters(); }
Envelope Sender in Group( )
mail-from-group LDAP ( LDAP ). LDAP "KnownSenders" .
SenderLDAPGroupFilter: if (mail-from-group == 'KnownSenders') { skip-filters(); }
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 167
Sender Group( )
Sender Group( )
sendergroup HAT(Host Access Table) . '=='() '!='() ( ) . Internal true , .
senderGroupFilter:
if (sendergroup == "Internal")
{
alt-mailhost("[172.17.0.1]");
}
Body Size( )
. body-size . 5 .
BigFilter:
if (body-size > 5M)
{
bounce();
}
body-size .
body-size < 10M
body-size <= 10M
body-size > 10M
body-size >= 10M
body-size == 10M
body-size != 10M
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 168
Remote IP( IP)
10b 13k 5M 40G
10
13
5
40(: Cisco 100 .)
Remote IP( IP)
remote-ip IP . IP IPv4(Internet Protocol version 4) IPv6(Internet Protocol version 6) . IP "Sender Group Syntax" (SBO, SBRS, dnslist ALL ). IP ( ) . 10.1.1.x IP ( X 50, 51, 52, 53, 54 55) .
notMineFilter:
if (remote-ip != '10.1.1.50-55')
{
bounce();
}
Receiving Listener( )
recv-listener . . expedite .
expediteFilter:
if (recv-listener == 'expedite')
{
skip-filters();
}
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 169
Receiving IP Interface( IP )
Receiving IP Interface( IP )
recv-int . . outside .
outsideFilter: if (recv-int == 'outside') { bounce(); }
Date()
date . MM/DD/YYYY hh:mm:ss . . ( .) 2003 7 28 1 [email protected] .
TimeOutFilter: if ((date > '07/28/2003 13:00:00') and (mail-from == 'campaign1@yourdomain\\.com')) { bounce(); }
date $Date .
Header()
header() . ("header name"). (subject ) . "true", "false". X-Sample , "sample text" . .
FooHeaderFilter: if (header('X-Sample') == 'sample text') { bounce();
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 170
Random()
}
ASCII . . X-DeleteMe .
DeleteMeHeaderFilter: if header('X-DeleteMe') { strip-header('X-DeleteMe'); }
(: , ) . , 141 .
Random()
random (0) N-1 . N . header() , "" . (0) true . A, B .
load_balance_a: if (random(10) < 5) { alt-src-host('interface_a'); } else { alt-src-host('interface_b'); } load_balance_b: if (random(2)) { alt-src-host('interface_a'); } else { alt-src-host('interface_b');
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 171
Recipient Count( )
}
Recipient Count( )
rcpt-count body-size . , . 100 .
large_list_filter:
if (rcpt-count > 100) {
alt-src-host('mass_mailing_interface');
}
Address Count( )
addr-count() , , . rcpt-count . "undisclosed-recipients" .
large_list_filter:
if (rcpt-count > 100) {
alt-src-host('mass_mailing_interface');
}
Body Scanning( )
body-contains() . delivery-status . body-contains() . MIME MIME Scan Behavior( ) CLI scanconfig . true . video/*, audio/*, image/* MIME . , .zip, .bzip, .compress, .tar .gzip . "" (: .zip .zip) . , 263 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 172
Body Scanning( )
Body Scanning( )
AsyncOS . , true . AsyncOS MIME , MIME . MIME AsyncOS . AsyncOS , . . AsyncOS Scan Behavior( ) scanconfig . AsyncOS MIME , 141 . MIME AsyncOS .zip .tar . . AsyncOS . "Company Confidential" . 2 . .
ConfidentialFilter:
if (body-contains('Company Confidential',2)) {
notify ('[email protected]');
bounce();
}
only-body-contains .
disclaimer:
if (not only-body-contains('[dD]isclaimer',1) ) {
notify('[email protected]');
}
encrypted . , . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 173
Attachment Type( )
encrypted . .
encrypted true . true, false . Scan Behavior( ) scanconfig . , 263 . , (BCC) .
prevent_encrypted_data:
if (encrypted) {
bcc ('[email protected]');
bounce();
}
Attachment Type( )
attachment-type MIME . , 263 Scan Behavior( ) scanconfig , (/) . MIME "true" . , 263 . Attachment Scanning( ), 229 . , video/* MIME .
bounce_video_clips:
if (attachment-type == 'video/*') {
bounce();
}
Attachment Filename( )
attachment-filename . / . ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 174
. "true" . .
· MIME . MIME .
· Cisco ( , 263 ). · ( ) . , attachment-filename . gzip (.exe). · (: foo.exe.gz) . , 175 .
Attachment Scanning( ), 229 . , *.mp3 .
block_mp3s:
if (attachment-filename == '(?i)\\.mp3$') {
bounce();
}
· , 175
(: gzip ) .
quarantine_gzipped_exe_or_pif:
if (attachment-filename == '(?i)\\.(exe|pif)($|.gz$)') {
quarantine("Policy");
}
DNS List(DNS )
dnslist() DNSBL ("ip4r lookups" ) DNS . IP (IP 1.2.3.4 4.3.2.1 ) ( ). DNS
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 175
SenderBase Reputation
DNS ( IP ) IP ( ) . IP 127.0.0.x . x 0~255(IP ). , . header() dnslist() . true, (: DNS ) false . Cisco Bonded Sender .
whitelist_bondedsender:
if (dnslist('query.bondedsender.org')) {
skip-filters();
}
, (==) (!=) . "127.0.0.2" . "false" .
blacklist:
if (dnslist('dnsbl.example.domain') == '127.0.0.2') {
drop();
}
SenderBase Reputation
reputation SenderBase Reputation . > , == , <= . SenderBase Reputation ( , SenderBase Reputation Service ) ( , , ). no-reputation SBRS "none" . SenderBase Reputation Service -7.5 "*** BadRep ***" "Subject:" .
note_bad_reps:
if (reputation < -7.5) { strip-header ('Subject'); insert-header ('Subject', '*** BadRep $Reputation *** $Subject'); }
" " . , 223 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 176
Dictionary()
SenderBase Reputation -10 10, NONE . NONE no-reputation .
none_rep: if (no-reputation) { strip-header ('Subject'); insert-header ('Subject', '*** Reputation = NONE *** $Subject'); }
Dictionary()
"dictonary_name" dictionary-match(<dictonary_name>) true . false . (/ ) " " . Cisco "secret_words" .
copy_codenames: if (dictionary-match ('secret_words')) { bcc('[email protected]'); }
"secret_words" Policy() . only-body-contains body-dictionary-match . (multipart/alternative ) .
quarantine_data_loss_prevention: if (body-dictionary-match ('secret_words')) { quarantine('Policy'); }
.
quarantine_policy_subject: if (subject-dictionary-match ('gTest')) { quarantine('Policy'); }
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 177
SPF-Status
"to" .
headerTest: if (header-dictionary-match ('competitorsList', 'to')) { bcc('[email protected]'); }
attachment-dictionary-match(<dictonary_name>) dictionary-match . "secret_words" Policy() .
quarantine_codenames_attachment: if (attachment-dictionary-match ('secret_words')) { quarantine('Policy'); }
header-dictionary-match(<dictonary_name>, <header>) <header> dictionary-match . / "subject" "Subject" . "ex_employees" "cc" Policy() .
quarantine_codenames_attachment: if (header-dictionary-match ('ex_employees', 'cc')) { quarantine('Policy'); }
. .
SPF-Status
SPF/SIDF SPF/SIDF . spf-status SPF . , 599 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 178
SPF-Status
SPF ID SPF SPF ID . SPF/SIDF .
if (spf-status == "Pass")
.
if (spf-status == "PermError, TempError")
HELO, MAIL FROM PRA ID .
if (spf-status("pra") == "Fail")
spf-status .
skip-spam-check-for-verified-senders: if (sendergroup == "TRUSTED" and spf-status == "Pass"){ skip-spamcheck(); } quarantine-spf-failed-mail: if (spf-status("pra") == "Fail") { if (spf-status("mailfrom") == "Fail"){ # completely malicious mail quarantine("Policy"); } else { if(spf-status("mailfrom") == "SoftFail") { # malicious mail, but tempting quarantine("Policy"); } } } else { if(spf-status("pra") == "SoftFail"){ if (spf-status("mailfrom") == "Fail" or spf-status("mailfrom") == "SoftFail"){
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 179
SPF-Passed
# malicious mail, but tempting quarantine("Policy"); } } } stamp-mail-with-spf-verification-error: if (spf-status("pra") == "PermError, TempError"
or spf-status("mailfrom") == "PermError, TempError" or spf-status("helo") == "PermError, TempError"){ # permanent error - stamp message subject strip-header("Subject"); insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); } .
SPF-Passed
spf-passed spf-passed .
quarantine-spf-unauthorized-mail: if (not spf-passed) { quarantine("Policy"); }
spf-status spf-passed SPF/SIDF . None, Neutral, Softfail, TempError, PermError Fail spf-passed . spf-status .
S/MIME Gateway Message(S/MIME )
S/MIME Gateway Message(S/MIME ) S/MIME , , . S/MIME , S/MIME .
quarantine_smime_messages: if (smime-gateway-message and not smime-gateway-verified) { quarantine("Policy"); }
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 180
S/MIME Gateway Verified(S/MIME )
S/MIME , 537 .
S/MIME Gateway Verified(S/MIME )
S/MIME Gateway Message Verified(S/MIME ) , , . S/MIME , S/MIME .
quarantine_smime_messages: if (smime-gateway-message and not smime-gateway-verified) { quarantine("Policy"); }
S/MIME , 537 .
Workqueue-count
workqueue-count workqueue-count . > , == , <= . , .
wqfull:
if (workqueue-count > 1000) {
skip-spamcheck();
}
SPF/SIDF SPF SIDF , 591 .
SMTP
SMTP smtp-auth-id-matches (<target> [, <sieve-char>]) SMTP ID . .
smtp-auth-id-matches SMTP ID .
*EnvelopeFrom
SMTP Envelope Sender(MAIL FROM ) .
*FromAddress
From . From: .
*Sender
Sender .
*Any
ID SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 181
SMTP
*None
SMTP . ().
. / . sieve-char . + [email protected] + . [email protected] +folder . SMTP ID . .
$SMTPAuthID STMP ID .
SMTP ID smtp-auth-id-matches .
SMTP ID
Sieve Char
someuser
[email protected]
someuser
[email protected]
someuser
[email protected]
SomeUser
[email protected]
someuser
[email protected]
someuser
+
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
SMTP , From SMTP ID . ID . .
Msg_Authentication: if (smtp-auth-id-matches("*Any")) { # Always include the original authentication credentials in a # special header. insert-header("X-Auth-ID","$SMTPAuthID"); if (smtp-auth-id-matches("*FromAddress", "+") and
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 182
Signed
smtp-auth-id-matches("*EnvelopeFrom", "+")) { # Username matches. Verify the domain if header('from') != "(?i)@(?:example\\.com|alternate\\.com)" or mail-from != "(?i)@(?:example\\.com|alternate\\.com)" { # User has specified a domain which cannot be authenticated quarantine("forged"); } } else { # User claims to be an completely different user quarantine("forged"); } }
Signed
signed . . ASN.1 DER , CMS SignedData Type (RFC 3852, Section 5.1.) . . signed .
signedcheck: if signed { insert-header("X-Signed", "True"); }
signed .
Signed: if ((sendergroup == "NOTTRUSTED") AND NOT signed) {
html-convert();
if (attachment_size > 0)
{
drop_attachments("");
}
}
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 183
Signed Certificate( )
Signed Certificate( )
signed-certificate X.509 S/MIME . X.509 .
signed-certificate (<field> [<operator> <regular expression>]).
· <field> "issuer" "signer", · <operator> == !=. · <regular expression> "issuer" "signer" .
true . signed-certificate("issuer") signed-certificate("signer") S/MIME true .
· , 184 · , 184 · , 184 · $CertificateSigners , 185 · 1, 186
X.509 subjectAltName rfc822Name . subjectAltName rfc822Name signed-certificate("signer") false . rfc822Name true .
X.509 . AsyncOS LDAP-UTF8 . .
· C=US,S=CA,O=IronPort · C=US,CN=Bob Smith
X.509 signed-certificate("issuer") S/MIME X.509 .
LDAP-UTF8 . LDAP-UTF8 LDAP(Lightweight Directory Access Protocol) String Representation of Distinguished Names(http://www.ietf.org/rfc/rfc4514.txt ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 184
$CertificateSigners
signed-certificate LDAP-UTF8 . LDAP-UTF8 . LDAP-UTF8 "Example, Inc." .
· Example\, Inc. · Example\,\ Inc\. signed-certificate Example\, Inc. . (LDAP-UTF8 ) . signed-certificate .
$CertificateSigners $CertificateSigners subjectAltName , . . Alice . Bob . . S/MIME .
[
{
'issuer': 'CN=Auth,O=Example\, Inc.',
'signer': ['[email protected]', '[email protected]']
},
{
'issuer': 'CN=Auth,O=Example\, Inc.',
'signer': ['[email protected]', '[email protected]']
},
{
'issuer': 'CN=Auth,O=Example\, Inc.',
'signer': ['[email protected]', '[email protected]']
}
]
$CertificateSigners .
"[email protected], [email protected], [email protected], [email protected]"
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 185
1
1 .
Issuer: if signed-certificate("issuer") == "(?i)C=US" { insert-header("X-Test", "US issuer"); }
example.com .
NotOurSigners: if signed-certificate("signer") AND signed-certificate("signer") != "example\\.com$" { notify("[email protected]"); }
X.509 .
AnyX509: if signed-certificate ("issuer") { insert-header("X-Test", "X.509 present"); }
.
NoSigner: if not signed-certificate ("signer") { insert-header("X-Test", "Old X.509?"); }
Header Repeats( )
Header Repeats( ) true . · 1 · 1
. . . header-repeats (<target>, <threshold> [, <direction>]).
· <target> subject mail-from. AsyncOS . · <threshold> 1 .
true . · <direction> incoming, outgoing . direction
. Header Repeats( ) true . , 971 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 186
Header Repeats( )
. .
Header Repeats( ) 1 . 1 .
· Header Repeats( ) , 187 · , 187
Header Repeats( ) AND OR Header Repeats( ) . .
F1: if (recv_listener == 'Gray') AND (header-repeats('subject', X, 'incoming') { drop();}
AND OR Header Repeats( ) Header Repeats( ) . Header Repeats( ) , subject mail-from . Header Repeats( ) , OR . Signed Header Repeats( ) OR .
f1: if signed OR (header-repeats('subject', 10)) { drop();}
9 Header Repeats( ) . 10 9 , .
1 X Policy() .
f1 : if header-repeats('subject', X, 'incoming') { quarantine('Policy');}
1 X .
f2 : if header-repeats('mail-from', X, 'outgoing') {drop();}
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 187
URL Reputation(URL )
1 X .
f3: if header-repeats('subject', X) {notify('[email protected]');}
URL Reputation(URL )
URL URL . URL , 425 URL URL : , 433 .
· msg_filter_name: . · whitelist URL (urllistconfig ).
.
url-reputation . url-reputation .
<msg_filter_name>: url reputation('<min_score'>, <'max_score'>, '<whitelist>', '<include_attachments>','<include_message_body_subject>') {<action>}
. · min_score max_score . .
-10.0 10.0 . · include_attachments URL . '1' URL '0' URL . · include_message_body_subject URL . '1' URL '0' URL .
url-no-reputation . url-no-reputation .
<msg_filter_name>: if url_no_reputation('<whitelist>', '<include_attachments>','<include_message_body_subject>')
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 188
URL Category(URL )
{<action>}
URL Category(URL )
URL URL . URL , 425 URL URL : , 433 . url-category .
<msg_filter_name>: if url-category ([`<category-name1>','<category-name2>',..., `<category-name3>'],'<url_white_list>','<include_attachments>','<include_message_body_subject>')
<action>
. · msg_filter_name . · action . · category-name URL . . URL Category . URL , 446 . · url_white_list URL (urllistconfig ). · include_attachments URL . '1' URL '0' URL . · include_message_body_subject URL . '1' URL '0' URL .
Corrupt Attachment( )
Corrupt Attachment( ) true . .
· , 189
Policy Quarantine( ) .
quar_corrupt_attach: if (attachment-corrupt) { quarantine("Policy"); }
. , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 189
· ·
.
.
Cisco Email Security Appliance . .
. . ' ' .
· Cisco Email Security Appliance · · 50
< msg_filter_name >: if (message language < operator > "< language1 >, < language2 >,..., < language n >") {< action >}
.
· msg_filter_name . · operator == != . · language .
. . ([ ]) . · action .
.
DropMessagesWithUndeterminedLanguage: if (message-language == "unknown") { drop(); }
.
ussianDisclaimerRule: if (message-language == "ru") { add-heading("RussianDisclaimer");
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 190
.
<msg_filter_name>: if (macro-detection-rule (['file_type-1', 'file_type-2',... ,'file_type-n'])) {<action>}
. · msg_filter_name . · file_type . · Adobe Portable Document Format · Microsoft Office · OLE
· action .
Microsoft Office .
Drop_Messages_With_Macro-enabled_Office_Files: if (macro-detection-rule (['Microsoft Office Files'])) { drop(); }
PDF .
Strip_Macro_enabled_PDF: if (rcpt-to == "[email protected]") { drop-macro-enabled-attachments(['Adobe Portable Document Format']); }
(From: ) . . (1~100) . forged-email-detection From: . . .
· From: <[email protected]> `John Simons' 82 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 191
· From: <[email protected]> `John Simons' 100 .
. , . , 610 .
<filter_name>: if (forged-email-detection("<content_dictionary>", threshold)) {<action>;}
. · filter_name . · content_dictionary . · threshold (1~100).
From: 70 From: .
FED_CF: if (forged-email-detection("Execs", 70)) { fed("from", ""); }
duplicate_boundaries MIME .
(: attachment-contains) (: drop-attachments-where-contains) ( MIME ) .
<filter_name>: if (duplicate_boundaries){<action>;}
MIME .
DuplicateBoundaries: if (duplicate_boundaries) { quarantine("Policy"); }
MIME
malformed-header MIME .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 192
<filter_name>: if (malformed-header){<action>;}
MIME .
quarantine_malformed_headers: if (malformed-header) { quarantine("Policy"); }
.
<msg_filter_name>: if (geolocation-rule (['country_name-1', 'country_name-2',... ,'country_name-n'])) {<action>}
. · msg_filter_name . · country_name . · action .
Country1 Country2 .
Quarantine_Incoming_Messages_from_Country1_and_Country2: if (geolocation-rule (['Country1', 'Country2'])) {quarantine("Policy");}
ETF
, ETF . :
quarantine_msg_based_on_ETF: if (domain-external-threat-feeds (['etf_source1'], ['mail-from', 'from'], <'domain_exception_list'>)) { quarantine("Policy"); }
· `domain-external-threat-feeds' . · `etf_source1' ETF . · `mail-from','from' .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 193
SDR
· 'domain_exception_list' . "" .
'Errors To:' ETF .
Quaranting_Messages_with_Malicious_Domains: if domain-external-threat-feeds (['threat_feed_source'], ['Errors-To'], "")) {quarantine("Policy");}
SDR
SDR .
· · ·
"Poor". SDR Cisco Talos(https://www.talosintelligence.com) .
:
drop_msg_based_on_sdr_verdict: if sdr-reputation (['awful', 'poor'], "<domain_exception_list>") {drop();}
: · 'drop_msg_based_on_sdr_verdict' . · 'sdr-reputation' . · 'awful','poor' SDR . · 'domain_exception_list' . "" . · 'drop' .
SDR 'Unknownr' .
quarantine_unknown_sdr_verdicts: if sdr-reputation (['unknown'], "") {quarantine("Policy")}
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 194
:
<msg_filter_name> if sdr-age (<`unit'>, <`operator'> <`actual value'>) {<action>}
: · 'sdr-reputation' . · 'sdr_age' SDR . · `unit' 'days', 'years', 'months' 'weeks' . · 'operator' . · >( ) · >=( ) · <( ) · <=( ) · ==() · !=( ) · Unknown( )
· `actual value' .
.
Drop_Messages_Based_On_SDR_Age: if (sdr-age ("unknown", "")) {drop();}
.
Drop_Messages_Based_On_SDR_Age: if (sdr-age ("months", <, 1, "")) { drop(); }
:
<msg_filter_name> if sdr-unscannable (<'domain_exception_list'>) {<action>}
: · 'sdr-unscannable' .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 195
'domain_exception_list' . "" .
SDR 'Unknown' .
Quarantine_Messages_Based_On_Sender_Domain_Unscannable: if (sdr-unscannable ("")) {quarantine("Policy");}
. 2 .
· (, ) .
· .
. . , .
· , 196 · , 206 · , 208 · , 209
.
23:
Syntax
alt-src-host
IP ( ) . ( ) , 218 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 196
Syntax alt-rcpt-to
alt-mailhost
Notify
notify
notify-copy
bcc
bcc-scan
archive
quarantine (quarantine_name
()
duplicate-quarantine (quarantine_name
strip-header
insert-header
. , 217 .
. , 217 .
. , 212 .
notify , bcc-scan . , 212 .
( ). , 214 .
, . , 214 .
mbox . , 219 .
quarantine_name . , 216 .
. , 216 .
. , 219 .
. , 220 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 197
Syntax
edit-header-text
edit-body-text()
HTML
html-convert()
bounce-profile
skip-spamcheck
skip-marketingcheck
skip-socialcheck
skip-bulkcheck
skip-viruscheck
. , 221 .
. URL . , 221 .
HTML . HTML . HTML , 222 .
. , 222 .
Cisco . , 223 .
. , 223 .
. , 223 .
. , 223 .
Cisco . , 224 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 198
Syntax
skip-ampcheck
Outbreak Filter skip-vofcheck
drop-attachments-by-name
drop-attachments-by-type
drop-attachments-by-filetype
MIME drop-attachments-by-mimetype
. , 224 .
Outbreak Filter . , 224 .
. (zip, tar), Microsoft Office (doc, .docx) (winmail.dat) . , 237 .
MIME ( MIME ) . (zip, tar) . , 237 .
"" . (zip, tar) . , 237 .
MIME . MIME . , 237 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 199
Syntax
drop-attachments-by-size
, ( ) . , . , 237 .
drop-attachments-where-contains
. ? (zip, tar) . , 237 .
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 200
Syntax
drop-macro-enabled-attachments
.
.
Syntax
drop-macro-enabled-attachments ([`file_type-1', 'file_type-2', ...,'file_type-n'], "custom_replacement_message")
.
· file_type .
· Adobe Portable Document
Format
· Microsoft Office
· OLE
· .
, 190 .
drop-attachments-where-dictionary-match . MIME ( ) . , 237 .
add-footer(footer-name)
. " " " " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 201
Syntax
add-heading(heading-name)
. " " " " .
encrypt-deferred
. , .
S/MIME smime-gateway-deferred
/
("sending_profile")
S/MIME . S/MIME , 211 .
S/MIME / smime-gateway("sending_profile")
S/MIME , . S/MIME , 212 .
tag-message(tag-name)
. DLP . . , 225 " " .
Add Log Entry
log-entry
INFO . . . , 225 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 202
Syntax
URL URL
URL URL Defang
URL URL Cisco
· url-reputation-replace · url-no-reputation-replace
URL URL URL .
URL
· url-reputation-defang · url-no-reputation-defang
.
URL , 226 · url-reputation-proxy-redirect . · url-no-reputation-proxy-redirect
URL url-category-replace URL
URL url-category-defang URL Defang
URL URL URL .
URL , 228 .
URL url-category-proxy-redirect URL Cisco
fed
: . , 229 .
no-op
. , 229 .
* skip-filters
. , 210 .
*
drop
. , 210 .
*
bounce
. , 211 .
* encrypt
Cisco . , 211 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 203
*
Syntax
· , 204
attachment-filetype drop-attachments-by-filetype rules (: "exe" ) . AsyncOS . != , . .exe .
exe_check: if (attachment-filetype != "exe") {
drop();
}
.exe .exe Email Security Appliance .
24:
· doc · docx · mdb · mpp · ole · pdf · ppt · pptx · rtf · wps · x-wmf · xls · xlsx
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 204
· exe · java · msi · pif
.dll .scr .
· ace (ACE Archiver compressed file) · arc (SQUASH Compressed archive) · arj (Robert Jung ARJ compressed archive) · binhex · bz (Bzip compressed file) · bz2 (Bzip compressed file) · cab (Microsoft cabinet file) · gzip* (Compressed file - UNIX gzip) · lha (Compressed Archive [LHA/LHARC/LZH]) · rar (Compressed archive · sit (Compressed archive - Macintosh file [Stuffit]) · tar* (Compressed archive) · unix (UNIX compress file) · zip* (Compressed archive - Windows) · zoo (ZOO Compressed Archive File)
* "body-scanned" .
· txt · html · xml
· bmp · cur · gif · ico · jpeg · pcx · png · psd · psp · tga · tiff
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 205
· aac · aiff · asf · avi · flash · midi · mov · mp3 · mpeg · ogg · ram · snd · wav · wma · wmv
bcc(), bcc-scan(), notify(), notify-copy(), add-footer(), add-heading() insert-headers() , . . Cisco .
25:
Syntax
$AllHeaders
.
Body Size( )
$BodySize
.
Certificate Signers(
subjectAltName
$CertificateSigners
)
. $CertificateSigners
, 185 .
$Date
MM/DD/YYYY .
.
$dropped_filename
Dropped File Names(
($filenames ).
$dropped_filenames
)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 206
Syntax
Dropped File Types(
($filetypes
$dropped_filetypes
)
).
Envelope Sender(
$EnvelopeFrom
)
Envelope Sender(Envelope From, <MAIL FROM>) .
Envelope Recipients(
Envelope Recipient(Envelope To,
$EnvelopeRecipients
)
<RCPT TO>) .
$filenames
.
File Sizes( )
$filesizes
.
$filetypes
.
GMTimeStamp
$FilterName $GMTimeStamp
.
Received: GMT .
HAT
$Group
. ">Unknown<" .
$MatchedContent
(body-contains ).
$Policy
HAT . ">Unknown<" .
$Header['string ']
. .
$Hostname
Cisco .
ID
$MID
MID(Message ID) . $Header RFC822 "Message-Id" .
$RecvListener
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 207
ASCII
IP
Syntax
$RecvInt $RemoteIP
$remotehost
SenderBase Reputation
$Reputation
$Subject
$Time
$Timestamp
.
Cisco IP . Cisco . SenderBase Reputation . "None" . .
.
Received: .
· ASCII , 208
ASCII
ISO-2022 ( ) , . , UTF-8, QP(quoted printable) .
Attachment Content( ) , Message Body or Attachment( ) , Message Body( ) , Attachment Content( ) . . $MatchedContent .
, GUI . GUI , . GUI . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 208
17:
. · , 210 · , 210 · , 211 · , 211 · , 212 · , 214 · , 216 · , 217 · , 217 · ( ) , 218 · , 219 · , 219 · , 220 · , 221
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 209
· , 221 · HTML , 222 · , 222 · , 223 · , 223 · , 224 · , 224 · , 224 · , 225 · , 225 · URL , 226 · URL , 228 · , 229 · , 229
skip-filters . skip-filters ( ) . skip-filters .
[email protected] boss@admin .
bossFilter: if(rcpt-to == 'boss@admin$') { notify('[email protected]'); skip-filters(); }
drop . , , . [email protected] SPAM .
spamFilter: if(subject == '^SPAM.*') {
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 210
notify('[email protected]'); drop(); }
bounce (Envelope Sender) . @yahoo\\.com ().
yahooFilter: if(mail-from == '@yahoo\\.com$') { bounce(); }
encrypt . [encrypt] .
Encrypt_Filter: if ( subject == '\\[encrypt\\]' ) { encrypt('My_Encryption_Profile'); }
Cisco . .
S/MIME
smime-gateway-deferred S/MIME . , . S/MIME .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 211
S/MIME
smime-deferred:if(mail-from == "[email protected]"){smime-gateway-deferred("smime-encrypt");}
S/MIME
smime-gateway S/MIME , . S/MIME .
smime-deliver-now:if(mail-from == "[email protected]"){smime-gateway("smime-sign");}
notify notify-copy . notify-copy (bcc-scan ). .
· (MAIL FROM RCPT TO)
· · , , . 4 , [email protected] , .
bigFilter: if(body-size >= 4M) { notify('[email protected]'); drop(); }
bigFilterCopy: if(body-size >= 4M) { notify-copy('[email protected]'); drop(); }
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 212
(: [email protected]) , $EnvelopeRecipients( , 206 ) .
bigFilter: if(body-size >= 4M) { notify('$EnvelopeRecipients'); drop(); }
notify 3 . , , . . . ( , 206 ) . Message Notification . , $EnvelopeFrom . . , 236 . , [bigFilter] Message too large , , "message.too.large" .
bigFilter: if (body-size >= 4M) { notify('[email protected]', '[$FilterName] Message too large', '$EnvelopeFrom', 'message.too.large'); drop(); }
$MatchedContent . $MatchedContent . ABA .
ABA_filter: if (body-contains ('*aba')){
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 213
Notification Template
notify('[email protected]','[$MatchedContent]Account Information Displayed'); }
· Notification Template, 214
Notification Template Text Resources( ) textconfig CLI notify() notify-copy() . . , . $AllHeaders . " " . , .
bigFilter: if (body-size >= 4M) { notify('$EnvelopeRecipients', '[$FilterName] Message too large', '$EnvelopeFrom', 'message.too.large'); drop(); }
bcc . . , . johnny sue [email protected] .
momFilter: if ((mail-from == '^johnny$') and (rcpt-to == '^sue$')) { bcc('[email protected]'); }
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 214
bcc 3 . alt-mailhost . . . ( , 206 ) . , ($Subject ) . , $EnvelopeFrom . [Bcc] <original subject>, [email protected] .
momFilter: if ((mail-from == '^johnny$') and (rcpt-to == '^sue$')) { bcc('[email protected]', '[Bcc] $Subject', '[email protected]'); }
alt-mailhost .
momFilterAltM: if ((mail-from == '^johnny$') and (rcpt-to == '^sue$')) { bcc('[email protected]', '[Bcc] $Subject', '$EnvelopeFrom', 'momaltmailserver.example.com'); }
Bcc(), notify() bounce() . BCC . . . 10k . .
bcc() .
multiplealthosts: if (recv-listener == "IncomingMail") { insert-header('X-ORIGINAL-IP', '$remote_ip');
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 215
bcc-scan()
bcc ('$EnvelopeRecipients', '$Subject', '$EnvelopeFrom', '10.2.3.4'); bcc ('$EnvelopeRecipients', '$Subject', '$EnvelopeFrom', '10.2.3.5'); bcc ('$EnvelopeRecipients', '$Subject', '$EnvelopeFrom', '10.2.3.6'); }
bcc-scan()
· , 257
bcc-scan bcc .
momFilter: if ((mail-from == '^johnny$') and (rcpt-to == '^sue$')) { bcc-scan('[email protected]'); }
quarantine(`quarantine_name') . "" . duplicate-quarantine(`quarantine_name') . . / .
. . . .
quarantine() bounce() drop() , . . skip-filters() , . skip-filters() , .
"secret_word" Policy() .
quarantine_codenames:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 216
if (dictionary-match ('secret_words')) { quarantine('Policy'); }
.mp3 . .mp3 ( ) . (Policy() ). .
strip_all_mp3s: if (attachment-filename == '(?i)\\.mp3$') { duplicate-quarantine('Policy'); drop-attachments-by-name('(?i)\\.mp3$'); }
alt-rcpt-to . .freelist.com [email protected] .
freelistFilter: if(rcpt-to == '\\.freelist\\.com$') { alt-rcpt-to('[email protected]'); }
alt-mailhost IP IP .
alt-mailhost . alt-mailhost . example.com .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 217
( )
localRedirectFilter: if(true) { alt-mailhost('example.com'); }
[email protected] Envelope To [email protected] example.com . smtproutes ( , 665 ).
alt-mailhost . SMTP .
192.168.12.5 .
local2Filter: if(true) { alt-mailhost('192.168.12.5'); }
( )
alt-src-host . IP IP . IP IP . , Cisco Email Security Appliance . Virtual GatewayTM , 718 . IP IP . IP 1.2.3.4 ( ) IP outbound2 .
externalFilter: if(remote-ip == '1.2.3.4') { alt-src-host('outbound2');
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 218
}
IP 1.2.3.4 IP Group1 .
groupFilter: if(remote-ip == '1.2.3.4') { alt-src-host('Group1'); }
archive mbox . . . . filters -> logconfig .
logconfig filters . CLI , 240 .
mbox UNIX , . UNIX "mail-f mbox.filename" . mbox . [email protected] joesmith .
logJoeSmithFilter: if(mail-from == '^joesmith@yourdomain\\.com$') { archive('joesmith'); }
strip-header . (: "Received:" ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 219
X-DeleteMe .
stripXDeleteMeFilter: if (true) { strip-header('X-DeleteMe'); }
(: , ) . , 141 .
insert-header . AsyncOS . . My Company Name X-Company .
addXCompanyFilter: if (not header('X-Company')) { insert-header('X-Company', 'My Company Name'); }
insert-header() ASCII , ASCII ( ). QP(quoted printable) .
strip-headers insert-header . (: Received:), MUA (: Subject: ).
(: , ) . , 141 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 220
edit-header-text . . .
Subject: SCAN Marketing Messages
"SCAN" "Marketing Messages" .
Remove_SCAN: if true { edit-header-text (`Subject', `^SCAN\\s*',''); }
.
Subject: Marketing Messages
edit-body-text() Edit-Header-Text() , . edit-body-text() .
Example: if true { edit-body-text("parameter 1","parameter 2"); }
edit-body-text() . MIME " " " " , 141 . URL 'URL REMOVED' .
URL_Replaced: if true { edit-body-text("(?i)(?:https?|ftp)://[^\\s\">]+", "URL REMOVED"); }
"XXX-XX-XXXX" .
ssn: if true { edit-body-text("(?!000)(?:[0-6]\\d{2}|7(?:[0-6]\\d|7[012]))([
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 221
HTML
-]?)(?!00)\\d\\d\\1(?!0000)\\d{4}", "XXX-XX-XXXX"); }
edit-body-text() .
HTML
RFC 2822 , RFC 2822 (: MIME) . AsyncOS html-convert() HTML .
Convert_HTML_Filter:
if (true)
{
html-convert();
}
Cisco MIME "" " " . html-convert() . , 141 . html-convert() HTML . (text/plain) . HTML (text/html) HTML HTML . , HTML . MIME(multipart/alternative ) text/plain text/html , text/html text/plain . MIME (: multipart/mixed) HTML . html-convert() . . .
bounce-profile ( , 694 ). . ( ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 222
X-Bounce-Profile: fastbounce "fastbounce" .
fastbounce: if (header ('X-Bounce-Profile') == 'fastbounce') { bounce-profile ('fastbounce'); }
skip-spamcheck . . SenderBase Reputation .
whitelist_on_reputation: if (reputation > 7.5) { skip-spamcheck(); }
· , 381 · , 369
.
skip-marketingcheck
skip-socialcheck
skip-bulkcheck
"private_listener" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 223
internal_mail_is_safe: if (recv-listener == 'private_listener') { skip-socialcheck(); }
skip-viruscheck . . "private_listener" .
internal_mail_is_safe: if (recv-listener == 'private_listener') { skip-spamcheck(); skip-viruscheck(); }
skip-ampcheck . . PDF .
skip_amp_scan: if (attachment-filetype == 'pdf') { skip-ampcheck(); }
Outbreak Filter
skip-vofcheck Outbreak Filter . Outbreak Filter .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 224
"private_listener" Outbreak Filter .
internal_mail_is_safe: if (recv-listener == 'private_listener') Outbreak Filters { skip-vofcheck(); }
tag-message DLP . DLP . . [a-zA-Z0-9_-.] . . DLP " " . "[Encrypt]" . Cisco DLP .
Tag_Message: if (subject == '^\\[Encrypt\\]') { tag-message('Encrypt-And-Deliver'); }
log-entry INFO . . . . .
CompanyConfidential: if (body-contains('Company Confidential')) {
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 225
URL
log-entry('Message may have contained confidential information.');
bounce();
}
URL
URL URL URL . URL , 425 URL : URL URL , 434 . . URL
· msg_filter_name: . · min_score max_score .
. -10.0 10.0 .
· "no-reputation" .
· whitelist URL (urllistconfig .) .
· Preserve_signed 0 1 . · 1 - · 0 -
preserve_signed .
· URL URL , 226 · URL URL Defang, 227 · URL URL Cisco , 227
URL URL
url-reputation-replace . url-reputation-replace .
<msg_filter_name>: if <condition>
{url-reputation-replace(<min_score>, <max_score>,'<replace_text>', '< whitelist> ', < Preserve_signed> );}
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 226
URL URL Defang
replace_text URL .
url-no-reputation-replace . url-no-reputation-replace .
<msg_filter_name>: if <condition> {url-no-reputation-replace ('<replace_text>', '<whitelist>', <Preserve_signed>);}
replace_text URL . URL URL Defang
url-reputation-defang . url-reputation-defang .
<msg_filter_name>: if <condition> {url-reputation-defang (<min_score>, <max_score>, '<whitelist>', <Preserve_signed>);}
url-no-reputation-defang . url-no-reputation-defang .
<msg_filter_name>: if <condition> {url-no-reputation-defang ('<whitelist>', <Preserve_signed>);}
URL URL Cisco
url-reputation-proxy-redirect . url-reputation-proxy-redirect .
<msg_filter_name>: if <condition> {url-reputation-proxy-redirect (<min_score>, <max_score>, '<whitelist>', <Preserve_signed>);}
url-no-reputation-proxy-redirect .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 227
URL
url-no-reputation-proxy-redirect .
<msg_filter_name>: if <condition> {url-no-reputation-proxy-redirect ('<whitelist>', <Preserve_signed>);}
URL
URL URL URL . URL , 425 URL : URL URL , 434 . . URL
· msg_filter_name: . · category-name URL . .
URL Category . URL , 446 . · url_white_list URL (urllistconfig ). · unsigned-only: 0 1 .
· 1 - · 0 -
· URL URL , 228 · URL URL Defang , 228 · URL URL Cisco , 229
URL URL url-category-replace .
<msg_filter_name>: if <condition> url-category-replace([`<category-name1>','<category-name2>',..., `<category-name3>'],'<replacement-text>', '<url_white_list>', <unsigned-only>);
replacement-text URL .
URL URL Defang url-category-defang .
<msg_filter_name>: if <condition>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 228
URL URL Cisco
url-category-defang([`<category-name1>','<category-name2>',..., `<category-name3>'], '<url_white_list>', <unsigned-only>);
URL URL Cisco url-category-proxy-redirect .
<msg_filter_name>: if <condition> url-category-proxy-redirect([`<category-name1>','<category-name2>',..., `<category-name3>'], '<url_white_list>', <unsigned-only>);
No Operation( ) . Notify(), Quarantine(), Drop() . , No Operation( ) . Message Filters( ) .
No Operation( ) .
new_filter_test: if header-repeats ('subject', X, 'incoming') {no-op();}
: . From: 70 From: .
FED_CF: if (forged-email-detection("Execs", 70)) { fed("from", ""); }
Attachment Scanning( )
Email Security Appliance .
, . (: .exe) (: .doc) .
. . Excel Word .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png Photoshop .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 229
Attachment Scanning( )
.
· ACE · ALZ · Apple · ARJ · bzip2 · EGG · GNU Zip · ISO · Java · LZH · Microsoft Cabinet · RAR · RedHat Package Manager · Roshal (RAR) · Unix AR · UNIX · UNIX cpio · UNIX Tar · XZ · ZIP · 7-Zip
Security Services > Scan Behavior( ) CLI contentscannerstatus . . , 263 .
· , 231
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 230
· , 232 · , 232 · , 234 · , 236 · , 237
. ( .)
( ), ( , 237 ).
26:
Syntax
drop-attachments-by-name (<regular expression >[, <optional
comment >])
. (zip, tar) . , 237 .
drop-attachments-by-type
(<MIME type
>[, <optional comment
>])
MIME ( MIME ) . (zip, tar) .
""
drop-attachments-by-filetype
.
(<fingerprint name >[, <optional comment >])
(zip, tar) .
MIME
MIME
drop-attachments-by-mimetype
.
(<MIME type >[, <optional comment >])
MIME .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 231
Syntax
drop-attachments-by-size (<number >[, <optional comment >])
() ( ) . .
drop-attachments-where-contains
.
(<regular expression >[, <optional comment >])
(zip, tar) .
drop-attachments-where-dictionary
-match(<dictionary name>) . MIME
(
)
. , 237
.
. . . . .
. BMP, JPG, TIF, PNG, GIF, TGA, PCX . , . Cisco , . . . "clean()" "0" . "clean()" .
GUI
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 232
1 Security Services( ) > IronPort Image Analysis(IronPort ) . 2 Enable() .
, . .
· Clean(): . , "clean()" .
· Suspect(): . · Inappropriate(): . . . · Clean: 0~49 · Suspect: 50~74 · Inappropriate: 75~100
. , . , . 0( ) 100( ) . 65.
· , 233
1 Security Services( ) > IronPort Image Analysis(IronPort ) . 2 Edit Settings( ) . 3 . 65. 4 Clean(), Suspect() Inappropriate() .
.
5 , AsyncOS (). 100 . 100 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 233
imageanalysisconfig CLI .
· , 234
. . . . , JPEG zip JPEG zip . zip . . (clean, suspect inappropriate) . , . .
Thu Apr 3 08:17:56 2009 Debug: MID 154 IronPort Image Analysis: image 'Unscannable.jpg' is unscannable. Thu Apr 3 08:17:56 2009 Info: MID 154 IronPort Image Analysis: attachment 'Unscannable.jpg' score 0 unscannable Thu Apr 3 08:17:56 2009 Info: MID 6 rewritten to MID 7 by drop-attachments-where-image-verdict filter 'f-001' Thu Apr 3 08:17:56 2009 Info: Message finished MID 6 done
. , .
Inappropriate() suspect() . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 234
.
image_analysis: if image-verdict == "inappropriate" { strip-header("Subject"); insert-header("Subject", "[inappropriate image] $Subject"); } else { if image-verdict == "suspect" { strip-header("Subject");
insert-header("Subject", "[suspect image] $Subject"); } }
· , 235
, . .
1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Actions() Add Action( ) . 5 Strip Attachment by File Info( ) Image Analysis Verdict is(
) . 6 .
· · · · ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 235
1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Conditions() Add Condition( ) . 5 Attachment File Info( ) Image Analysis Verdict( ) . 6 .
· · · · ·
7 Add Action( ) . 8 . 9 .
GUI Text Resources( ) textconfig CLI . ASCII ( ). textconfig strip.mp3 , . .mp3 .mp3 .
drop-mp3s: if (attachment-type == '*/mp3') { drop-attachments-by-filetype('Media'); notify ('$EnvelopeRecipients', 'Your mp3 has been removed', '$EnvelopeFrom', 'strip.mp3'); }
, 212 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 236
.
· , 237 · , 237 · , 239 · , 239 · , 239
AsyncOS .
. X-Header .
attach_disclaim: if (every-attachment-contains('[dD]isclaimer') ) { insert-header("X-Example-Approval", "AttachOK"); }
. attachment-binary-contains , PDF . .
match_PDF_Encrypt: if (attachment-filetype == 'pdf' AND attachment-binary-contains('/Encrypt')){ strip-header (`Subject'); insert-header (`Subject', `[Encrypted] $Subject'); }
" " (.exe, .dll .scr) , ($dropped_filename ) . drop-attachments-by-filetype , . ("mpeg") ("Media") .
strip_all_exes: if (true) {
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 237
drop-attachments-by-filetype ('Executable', "Removed attachment: $dropped_filename"); }
example.com " " (.exe, .dll .scr) .
strip_inbound_exes: if (mail-from != "@example\\.com$") { drop-attachments-by-filetype ('Executable'); }
example.com " " (.exe, .dll .scr) ("wmf") .
strip_inbound_exes_and_wmf: if (mail-from != "@example\\.com$") { drop-attachments-by-filetype ('Executable'); drop-attachments-by-filetype ('x-wmf'); }
" " . ( .)
strip_all_dangerous: if (true) { drop-attachments-by-filetype ('Executable'); drop-attachments-by-name('(?i)\\.(cmd|pif|bat)$'); }
drop-attachments-by-name ASCII .
drop-attachments-by-name MIME . MIME . .exe . . .exe .
exe_check: if (attachment-filetype != "exe") { drop();
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 238
}
.exe .exe Email Security Appliance .
drop-attachments-where-dictionary-match . MIME ( ) . "secret_words" . 1 .
Data_Loss_Prevention: if (true) { drop-attachments-where-dictionary-match("secret_words", 1); }
attachment-protected . . zip . , PDF , . .
quarantine_protected: if attachment-protected { quarantine("Policy"); }
attachment-unprotected . attachment-protected . . AsyncOS .
quarantine_unprotected: if attachment-unprotected {
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 239
quarantine("Policy"); }
, ETF . :
Strip_malicious_files: if (file-hash-etf-rule (['etf_source1'], <'file_hash_exception_list'>)) { file-hash-etf-strip-attachment-action (['etf_source1'], <'file_hash_exception_list>,
"file stripped from message attachment"); }
: · `file-hash-etf-rule' . · `etf_source1' ETF . · 'file_hash_exception_list' . "" . · 'file-hash-etf-strip-attachment-action' .
ETF .
Strip_Malicious_Attachment: if (true) {file-hash-etf-strip-attachment-action (['threat_feed_source'], "", "Malicious message attachment has been stripped from the message.");}
CLI
CLI , , /, / . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 240
CLI
27:
Syntax
filters
. , (: new, delete, import).
new
. .
.
, 242 .
delete
. , 243 .
move
. , 242
.
set
.
, 242 .
import
( /configuration ). , 242 .
export
( /configuration ). , 247 .
list
. , 247
.
detail
. , 247 .
logconfig
archive() logconfig . , 247 .
commit .
.
28:
seqnum filtname
. seqnum 2 .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 241
range
range X Y . X Y seqnum. 2-4 , , . X Y . -4 4 2- . all .
· , 242 · , 243 · , 243 · , 243 · , 246 · , 247 · ASCII , 247 · , 247 · , 247 · , 247 · , 249 · , 250
new [seqnum|filtname|last]
. last . . seqnum . filtname filtname, seqnum last .
. (.) .
.
· · filtname · filtname · · (: )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 242
delete [seqnum|filtname|range]
. .
· . ·
move [seqnum|filtname|rangeseqnum|last]
. last . . .
· . · · ·
, . . CLI . ( ) .
. AsyncOS . AsyncOS .
"filterstatus" . filter -> set . ( ) .
mail3.example.com> filters
Choose the operation you want to perform: - NEW - Create a new filter.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 243
- IMPORT - Import a filter script from a file. []> new Enter filter script. Enter '.' on its own line to end. filterstatus: if true{skip-filters();} . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> list Num Active Valid Name 1 Y Y filterstatus Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> set
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 244
Enter the filter name, number, or range: [all]> all Enter the attribute to set: [active]> inactive 1 filters updated. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> detail Enter the filter name, number, or range: []> all Num Active Valid Name 1 N Y filterstatus filterstatus! if (true) { skip-filters(); } Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 245
- DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []>
· , 246
set [seqnum|filtname|range] active|inactive
. . · active: . · inactive: .
. · filtname ·
. ( ) (!) . ). CLI . mailfrompm: mailfrompm! .
import filename
. configuration (interfaceconfig FTP/SCP ). , . . FTP, SSH SCP , 1199 . ( , 247 ), . , . .
· · · filtname · · (: )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 246
export filename[seqnum|filtname|range]
FTP/SCP configuration . FTP, SSH SCP , 1199 . , . .
· . ·
ASCII
ASCII CLI UTF-8 . / UTF-8 . ASCII ( , 246 ).
list [seqnum|filtname|range]
. .
· · · / · / . ·
detail [seqnum|filtname|range]
.
logconfig
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 247
archive() . logconfig , . , logconfig .
· - FTP Poll · - 10MB · - 10 "" .
mail3.example.com> filters
Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> logconfig Currently configured logs: 1. "joesmith" Type: "Filter Logs" Retrieval: FTP Poll Choose the operation you want to perform: - EDIT - Modify a log setting.
[]> edit Enter the number of the log you wish to edit. []> 1 Choose the method to retrieve the logs. 1. FTP Poll 2. FTP Push 3. SCP Push
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 248
[1]> 1
Please enter the filename for the log:
[joesmith.mbox]>
Please enter the maximum file size:
[10485760]>
Please enter the maximum number of files:
[10]>
Currently configured logs:
1. "joesmith" Type: "Filter Logs" Retrieval: FTP Poll
Enter "EDIT" to modify or press Enter to go back.
[]>
AsyncOS localeconfig .
example.com> localeconfig
Behavior when modifying headers: Use encoding of message body Behavior for untagged non-ASCII headers: Impose encoding of message body Behavior for mismatched footer or heading encoding: Try both body and footer or heading encodings Behavior when decoding errors found: Disclaimer is displayed as inline content and the message body is added as an attachment.
Choose the operation you want to perform: - SETUP - Configure multi-lingual settings. []> setup
If a header is modified, encode the new header in the same encoding as the message body? (Some MUAs incorrectly handle headers encoded in a different encoding than the body. However, encoding a modified header in the same encoding as the message body may cause certain characters in the modified header to be lost.) [Y]>
If a non-ASCII header is not properly tagged with a character set and is being used or modified, impose the encoding of the body on the header during processing and final representation of the message? (Many MUAs create non-RFC-compliant headers that are then handled in an undefined way. Some MUAs handle headers encoded in character sets that differ from that of the main body in an incorrect way. Imposing the encoding of the body on the header may encode the header more precisely. This will be used to interpret the content of headers for processing, it will not modify or rewrite the header unless that is done explicitly as part of the processing.) [Y]>
Disclaimers (as either footers or headings) are added in-line with the message body whenever possible.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 249
However, if the disclaimer is encoded differently than the message body, and if imposing a single encoding
will cause loss of characters, it will be added as an attachment. The system will always try to use the message body's encoding for the disclaimer. If that fails, the system can try to edit the message body to use an encoding that is compatible with the message body as well as the disclaimer. Should
the system try to re-encode the message body in such a case? [Y]>
If the disclaimer that is added to the footer or header of the message generates an error when decoding the message body, it is added at the top of the message body. This prevents you to rewrite a new message content that must merge with the original message content and the header/footer-stamp. The disclaimer is now added as an additional MIME part that displays only the header disclaimer as an inline content, and the rest of the message
content is split into separate email attachments. Should the system try to ignore such errors when decoding the message body? [N]>
Behavior when modifying headers: Use encoding of message body Behavior for untagged non-ASCII headers: Impose encoding of message body Behavior for mismatched footer or heading encoding: Try both body and footer or heading encodings Behavior when decoding errors found: Disclaimer is displayed as inline content and the message body is added as an attachment.
Choose the operation you want to perform: - SETUP - Configure multi-lingual settings. []>
(: ) .
.
( ) . " " " " .
. 'Yes()' . 'No()' .
filter .
· big_messages. 10 body-size .
· no_mp3s. .mp3 attachment-filename .
· mailfrompm. [email protected] [email protected] mail-from .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 250
filter -> list . move . , .
mail3.example.com> filters Choose the operation you want to perform: - NEW - Create a new filter. - IMPORT - Import a filter script from a file. []> new Enter filter script. Enter '.' on its own line to end. big_messages: if (body-size >= 10M) { drop(); } . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> new Enter filter script. Enter '.' on its own line to end. no_mp3s: if (attachment-filename == '(?i)\\.mp3$') { drop(); } .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 251
1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> new Enter filter script. Enter '.' on its own line to end. mailfrompm: if (mail-from == "^postmaster$") { bcc ("[email protected]");} . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> list Num Active Valid Name
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 252
1 Y Y big_messages 2 Y Y no_mp3s 3 Y Y mailfrompm Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> move Enter the filter name, number, or range to move: []> 1 Enter the target filter position number or name: []> last 1 filters moved. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> list
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 253
Num Active Valid Name 1 Y Y no_mp3s 2 Y Y mailfrompm 3 Y Y big_messages Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter.
- IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> move Enter the filter name, number, or range to move: []> 2 Enter the target filter position number or name: []> 1 1 filters moved. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 254
- ROLLOVERNOW - Roll over a filter log file.
[]> list Num Active Valid Name 1 Y Y mailfrompm 2 Y Y no_mp3s 3 Y Y big_messages Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file
- MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters.
- DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> mail3.example.com> commit Please enter some comments describing your changes: []> entered and enabled 3 filters: no_mp3s, mailfrompm, big_messages Do you want to save the current configuration for rollback? [Y]> n Changes committed: Fri May 23 11:42:12 2014 GMT
.
· , 256 · , 256 · , 260
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 255
%, @ ! . · user%otherdomain@validdomain · user@otherdomain@validdomain: · domain!user@validdomain
sourceRouted:
if (rcpt-to == "(%|@|!)(.*)@") {
bounce();
}
Sendmail/Qmail . (: %) , , , . Cisco . MTA .
. , 75 .
· , 256 · , 257 · , 257 · , 257 · "To:" , 258 · "From:" , 258 · SRBS , 258 · SRBS , 259 · Regex , 259 · SenderBase Reputation , 259 · , 259 · , 260
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 256
search_for_sensitive_content:
if (Subject == "(?i)plaintiff|lawsuit|judge" ) {
notify ("[email protected]");
}
. header-dictionary-match() (Dictionary() , 177 ).
competitorFilter: if (rcpt-to == '@competitor1.com|@competitor2.com') { bcc-scan('[email protected]'); }
.
block_harrasing_user: if (mail-from == "ex-employee@hotmail\\.com") { notify ("[email protected]"); drop (); }
.
drop_attachments: if (mail-from != "[email protected]") AND (attachment-filename == '(?i)\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$') { archive("Drop_Attachments"); insert-header("X-Filter", "Dropped by: $FilterName MID: $MID"); drop-attachments-by-name("\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$");
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 257
"To:"
}
"To:"
"To" . drop() archive() .
toTooBig: if(header('To') == "^.{500,}") { archive('tooTooBigdropped'); drop(); }
"From:"
"From:" . "from" .
blank_mail_from_stop: if (recv-listener == "InboundMail" AND header("From") == "^$|<\\s*>") { drop (); }
envelope from .
blank_mail_from_stop: if (recv-listener == "InboundMail" AND (mail-from == "^$|<\\s*>" OR header ("From") == "^$|<\\s*>")) { drop (); }
SRBS
SenderBase Reputation
note_bad_reps: if (reputation < -2) { strip-header ('Subject');
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 258
SRBS
insert-header ('Subject', '***BadRep $Reputation *** $Subject'); }
SRBS
SBRS(SenderBase Reputation Score) .
mod_sbrs: if ( (rcpt-count == 1) AND (rcpt-to == "@domain\\.com$") AND (reputation < -2) ) { drop (); }
Regex
, ("readme.zip", "readme.exe", "attach.exe" ).
filename_filter: if ((body-size >= 9k) AND (body-size <= 20k)) { if (body-contains ("(?i)(readme|attach|information)\\.(zip|exe)$")) { drop (); } }
SenderBase Reputation
("" ).
Check_SBRS: if (true) { insert-header('X-SBRS', '$Reputation'); }
.
Policy_Tracker: if (true) { insert-header ('X-HAT', 'Sender Group $Group, Policy $Policy applied.'); }
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 259
50 .
bounce_high_rcpt_count: if ( (rcpt-count > 49) AND (rcpt-to != "@example\\.com$") ) { bounce-profile ("too_many_rcpt_bounce"); bounce (); }
· , 260 · , 260 · , 261 · ( ), 261 · ( ), 261 · , 261 · , 262
. 'public1' 'public2' 'public1' . . public1 .
virtual_gateways: if (recv-listener == "OutboundMail") { alt-src-host ("public2"); }
. "listener1" "listener1" ( ).
same_listener: if (recv-inj == 'listener1') { alt-src-host('listener1');
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 260
}
. .
textfilter-new: if (recv-inj == 'inbound' and body-contains("some spammy message")) { alt-rcpt-to ("[email protected]"); }
( )
( , ). IP mycompany.com .
DomainSpoofed: if (mail-from == "mycompany\\.com$") { if ((remote-ip != "1.2.") AND (remote-ip != "3.4.")) { drop(); } }
( )
, .
domain_spoof: if ((recv-listener == "Inbound") and (mail-from == "@mycompany\\.com")) { archive('domain_spoof'); drop (); }
:
reject_domain_spoof:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 261
if (recv-listener == "MailListener") { insert-header("X-Group", "$Group"); if ((mail-from == "@test\\.mycompany\\.com") AND (header("X-Group") != "RELAYLIST")) { notify("[email protected]"); drop(); strip-header("X-Group"); }
. Exchange Server .
External_Loop_Count: if (header("X-ExtLoop1")) {
if (header("X-ExtLoopCount2")) { if (header("X-ExtLoopCount3")) { if (header("X-ExtLoopCount4")) { if (header("X-ExtLoopCount5")) { if (header("X-ExtLoopCount6")) { if (header("X-ExtLoopCount7")) { if (header("X-ExtLoopCount8")) { if (header("X-ExtLoopCount9")) { notify ('[email protected]'); drop(); } else {insert-header("X-ExtLoopCount9", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount8", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount7", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount6", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount5", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount4", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount3", "from $RemoteIP");}}
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 262
else {insert-header("X-ExtLoopCount2", "from $RemoteIP");}} else {insert-header("X-ExtLoop1", "1"); }
AsyncOS 100 .
(: ) . Scan Behavior( ) scanconfig . . , .
zip MIME 'compressed', 'zip' 'application/zip' .
1 Security Services( ) > Scan Behavior( ) . 2 . .
· . Add Mapping( ) . · . Import List( )
, configuration .
configuration . , 935 .
· Edit() .
3 . . a) Global Settings( ) Edit Global Settings( ) . b) .
Action for attachments with MIME types / fingerprints in table above( . MIME /
)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 263
Maximum depth of attachment recursion . to scan(
)
Maximum attachment size to scan( . )
Attachment Metadata scan( . )
Attachment scanning timeout( . )
Assume attachment matches pattern if not scanned for any reason( .
)
Action when message cannot be
deconstructed to remove specified
.
attachments(
)
Bypass all filters in case of a content or
message filter error( . )
Encoding to use when none is specified( . )
Convert opaque-signed messages to
clear-signed (S/MIME unpacking)( (S/MIME ) .
(S/MIME ))
URL URL .
.
RFC RFC
.
c) Submit() .
4 ( ) . Current Content Scanner files( ) Update Now( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 264
. CLI contentscannerupdate . 5 .
.
· · RFC · URL
.
· · ·
Security Services > Scan Behavior( ) Edit Global Settings( ) .
. · · · ·
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 265
.
"Modify message subject( )" . ( ) ( ) . [WARNING: UNSCANNABLE EXTRACTION FAILURE] .
.
[WARNING: UNSCANNABLE EXTRACTION FAILED(: )]
RFC
[WARNING: UNSCANNABLE RFC NON-COMPLIANT(: RFC )]
URL [WARNING: DECODING ERRORS WHEN APPLYING URL
FILTERING ACTIONS(: URL
)]
. Yes() .
. Yes() .
. Yes() . . .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 266
. .
, .
. . · ·
.
"Modify message subject( )" . ( ) ( ) . [WARNING: UNSCANNABLE EXTRACTION FAILURE] .
.
[WARNING: UNSCANNABLE EXTRACTION FAILED(: )]
RFC
[WARNING: UNSCANNABLE RFC NON-COMPLIANT(: RFC )]
URL
[WARNING: DECODING ERRORS WHEN APPLYING URL FILTERING ACTIONS(: URL )]
. Yes() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 267
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 268
10
. · , 269 · , 270 · , 271 · , 271 · , 274 · , 276 · , 281
Email Security Appliance . , . .
· · · · · · · . Email Security Appliance , . IT . System Administrator( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 269
1 Email Security Appliance .
.
· Anti-Virus, 335 · File Reputation Filtering and File Analysis(
), 461 ( ) · Anti-Spam, 355 · .
, 387 . · (Outbreak Filter), 399 · , 491 ( ) · , 283
2 ( ) , 283 . .
3 ( ) LDAP
LDAP .
, 756 .
4 ( ) , 276
.
.
5 .
.
, 276
.
6
.
.
· : , 303
· : , 342
· : File Reputation Filtering and File Analysis( ), 461
· : , 362 · :
, 392
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 270
· : Outbreak Filter Outbreak , 419
· : DLP , 511 .
Email Security Appliance .
· ACCEPT HAT .
· RELAY HAT . SMTP AUTH .
. GUI Mail Policies( ) > Incoming Mail Policies( ) Outgoing Mail Policies( ) CLI policyconfig .
. . Advanced Malware Protection( ) . , Cisco "" . C170 C190 , .
Email Security Appliance , . , .
·
, . , LDAP , , , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 271
· : · (RFC821 MAIL FROM ) · RFC822 From: · RFC822 Reply-To:
, , , LDAP .
· , 272 · , 272
( ) .
. .
, . ( .)
. .
. .
29:
1 2 3
special_people
ANY
from_lawyers
@lawfirm.com
acquired_domains ANY
Recipient [email protected] [email protected] ANY @newdomain.com @anotherexample.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 272
: 1:
1 2 3
4
engineering
ANY
5
sales_team
ANY
6
Default Policy ANY
· : 1:, 273 · : 2:, 273 · : 3:, 273
PublicLDAP.ldapgroup: engineers
jim@john@larry@
ANY
[email protected] [email protected] . · (@lawfirm .com) (ANY) 2. · [email protected] 2. · [email protected] @lawfirm .com 5.
[email protected] ([email protected], [email protected] [email protected]) .
· [email protected] #3 , , .
· [email protected] #5 . · [email protected] LDAP
. . , 274 .
[email protected]([email protected] ) [email protected] [email protected] .
· [email protected] 1 , , .
· (@lawfirm.com) (ANY) [email protected] 2 , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 273
.
( ) .
. .
· , "" .
· . , .
· , , , Advanced Malware Protection( ), DLP ( ), .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 274
(filters)
(antispamconfig, antispamupdate)
(antivirusconfig, antivirusupdate)
(Advanced Malware Protection)
(ampconfig)
()
, .
1
2
( )
DLP .
(policyconfig -> filters)
(Outbreak Filter)
(outbreakconfig, outbreakflush, outbreakstatus, outbreakupdate)
(policyconfig)
MID(message ID) (: MID 1 MID 2 MID 3 ). "" . trace .
Email Security Manager( ) .
· , 275
. ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 275
"" . , .
.
· , 276 · , 276 · , 280
. . . , 270 .
1 . · Mail Policies( ) > Incoming Mail Policies( ) · Mail Policies( ) > Outgoing Mail Policies( )
2 . , . "Disable()" .
3 . 4 Submit() . 5 .
· . , 270 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 276
· ( ) . , 272 .
· ( ) . , , Advanced Malware Protection, , . , , . .
1 Mail Policies( ) > Incoming Mail Policies( ) Mail Policies( ) > Outgoing Mail Policies( ) .
2 Add Policy( ) . 3 . 4 ( ) Editable by (Roles)( ()) ,
. 5 . , 277
. 6 Submit() . 7 . 8 . 9 . 10 .
· , 277 · , 356
. · : [email protected] · : user@ · : @example.com · : @.example.com · LDAP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 277
AsyncOS GUI CLI / . Joe@ [email protected] .
. · . · . · , · ,
1 Users() Add User( ) . 2 . .
· Any Sender( ). . · Following Senders( ). .
LDAP . · Following Senders are Not( ).
. LDAP . , 279 .
3 . . · Any Recipient( ). . · Following Recipients( ). . LDAP .
, . If one more conditions match( ) Only if all conditions match( ) .
· Following Recipients are Not( ). . LDAP .
Following Recipients( ) Only if all conditions match( ) .
, 279 .
4 Submit() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 278
5 Users() .
· , 276 · , 279
Add User( ) .
Recipient
Any Following Following Any
Following
Sender( Senders( Senders Recipient( Recipients(
are Not( )
) )
)
)
Following Recipients are Not( )
-
-
-
-
() Only if all conditions match(
)
:
user1 @,
user2 @
: Recipient:
user1@[AND]user2 @
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 279
-
-
-
:
[email protected],
[email protected]
-
-
: [email protected],
[email protected]
() Only :
if all conditions
[email protected],
match( [email protected]
)
:
[email protected],
[email protected]
-
If one or more conditions match(
)
:
[email protected],
[email protected]
Sender:
[email protected] [OR] [email protected]
Recipient:
[[email protected][AND][email protected]] [AND] [[NOT] [[email protected][AND][email protected]]]
Sender:
[NOT] [[email protected][OR][email protected]]
Recipient:
[email protected] [OR] [email protected]
· , 277
Mail Policies( ) Find Policies( ) . [email protected] Find Policies( ) . . .
· , 275
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 280
. , . "" , . , .
, . . "" . "" .
30: /
Anti-Spam
:
:
:
: "[Suspected
: "[Marketing]" Spam]"
:
Anti-Virus
: : : :
: : : :
AMP(Advanced :
Malware Protection)
:
(
)
:
: "[WARNING: ATTACHMENT UNSCANNED]"
:
: "[WARNING: ATTACHMENT(S) MAY CONTAIN MALWARE]"
, ,
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 281
SUMMARY STEPS
1. Mail Policies( ) > Mail Policy Settings( ) . 2. Add Priority( ) (: "From")
. 3. Submit() .
DETAILED STEPS
1 Mail Policies( ) > Mail Policy Settings( 1
) .
. Envelope Sender( )
.
2 Add Priority( ) (: "From") .
3 Submit() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 282
11
. · , 283 · , 283 · , 284 · , 293 · , 301
DLP . , .
, , "" ( , 274 ) . . . Email Security Appliance " " . . . ( ) . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 283
· conditions() - ( )
· actions() - () · action variables( ) - ( )
· , 284 · , 284 · , 293 · , 299
1 ( )
.
.
· · · · · URL
2 .
.
· , 284 ( ) · , 293 · , 299 ( )
, 301
3 . .
4 , 269 . .
Email Security Appliance "". . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 284
, . AsyncOS "" . true . , .
. OR(" ...") , AND(" ...") .
31:
( )
. true . true .
Contains text( ):
?
Contains smart identifier( ): ?
Contains term in content dictionary( ): <dictionary name> ?
. , 613 .
. , 613 .
Number of matches required( ). true . , .
delivery-status .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 285
Contains text( ): ? Contains smart identifier( ): ? .
·
·
· CUSIP(Committee on Uniform Security Identification Procedures)
· ABA(American Banking Association)
Contains term in content dictionary( ): <dictionary name> ?
. , 613 .
. , 613 .
Number of matches required( ). true . .
. .
URL Category(URL URL URL : , 433 URL
)
, 446 .
? . body-size .
?
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 286
. ? body-contains() , "" . , .
Contains a smart identifier( ). ?
Contains terms in content dictionary( ). <dictionary name> ?
. , 613 .
. , 613 .
Number of matches required( ). true . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 287
. ?
Filename contains term in content dictionary( ). <dictionary name> ?
. , 613 .
. , 613 .
File type( ). (UNIX file ) ?
MIME type(MIME ). MIME ? MIME MIME attachment-type . ( "" .)
Image Analysis( ). ? Suspect( ), Inappropriate(), Suspect or Inappropriate( ), Unscannable( ) Clean().
External Threat Feeds( ): ?
Select a File Hash Exception List( ): ( ) Cisco Email Security Gateway .
Cisco Email Security , 307 .
Attachment is Corrupt( ). ?
.
( , .)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 288
Subject Header( Subject Header( ): ?
)
Contains terms in content dictionary( ):
<dictionary name>
?
. , 613 .
. , 613 .
Other Header
Header name( ): ?
Header value( ): ?
. <dictionary name> ?
. , 613 .
. , 613 .
URL Cisco Web Security : , 366 .
Envelope Sender( ). Envelope Sender( )(, Envelope From, <MAIL FROM>) ?
Matches LDAP group(LDAP ). Envelope Sender( )(, Envelope From, <MAIL FROM>) LDAP ?
Contains term in content dictionary( ). <dictionary name> ?
. , 613 .
. , 613 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 289
Envelope Recipient( ). Envelope Recipient( )(, Envelope To, <RCPT TO>) ?
Matches LDAP group(LDAP ). Envelope Recipient( )(, Envelope To, <RCPT TO>) LDAP ?
Contains term in content dictionary( ). <dictionary name> ?
. , 613 .
. , 613 .
Envelope Recipient( ) . , .
Envelope Sender( )(, Envelope From, <MAIL FROM>) LDAP ?
Receiving Listener( ?
)
.
Remote IP( IP)
IP IP ? Remote IP( IP) IP . IPv4(Internet Protocol version 4) IPv6(version 6) . IP , 96 (SBO, SBRS, dnslist ALL ).
Reputation Score
SenderBase Reputation ? Reputation Score(Reputation ) SenderBase Reputation .
DKIM
, , , , DKIM ?
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 290
? : .
(1 ~ 100) .
Forged Email Detection( ) From: . . .
· From: <[email protected]> `John Simons' 82 .
· From: <[email protected]> `John Simons' 100 .
. , .
Exception List( ) .
.
, 610 .
SPF
SPF ? SPF . SPF " " .
SPF ID SPF SPF ID .
S/MIME S/MIME , , ?
S/MIME , 537 .
S/MIME , , ?
S/MIME , 537 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 291
( )? . ?
Cisco Email Security Appliance . .
. . ' ' .
· Cisco Email Security Appliance · · 50
MIME ?
MIME .
( MIME ) (: ) (: ) .
?
.
.
?
·
·
Cisco Email Security , 307 , 323 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 292
Email Security Appliance . , , . " "( ) Email Security Appliance , Outbreak Filter DLP .
.
, .
Attachment Content( ) , Message Body or Attachment( ) , Message Body( ) , Attachment Content( ) . . $MatchedContent . .
, . , . GUI CLI .
, 299 .
32:
Quarantine(). .
Duplicate message( ): . .
. .
Encryption rule( ): , TLS . TLS , 529 .
Encryption Profile( ). . Cisco Encryption Appliance .
Subject(). . $Subject.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 293
Attachment contains( ). . (zip, tar) .
Contains smart identifier( ). .
Attachment contains terms in the content dictionary( ). <dictionary name> ?
Number of matches required( ). true . , .
Replacement message( ). . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 294
File name( ).
.
(zip, tar) .
File size( ). () ( ) . .
File type( ). "" . (zip, tar) .
MIME type(MIME ). MIME .
Image Analysis Verdict( ). . Suspect(), Inappropriate(), Suspect or Inappropriate( ), Unscannable( ) Clean() .
External Threat Feeds( ). ETF .
Select a File Hash Exception List( ). ( ) Cisco Email Security Gateway .
Cisco Email Security , 307 .
Replacement message( ). . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 295
.
.
Custom Replacement Message( )( ): .
.
<application/vnd.ms-excel> MIME <mail.example.com> drop-macro-enabled-attachments .
Custom Replacement Message( ) .
URL Reputation(URL ) URL : URL URL , 434 URL , 430 .
URL "No Score( )" .
S/MIME S/MIME .
URL Category(URL ) URL : URL URL , 434 URL , 446 .
S/MIME S/MIME .
Above(). (). Below(). (). : . , 625 .
Outbreak Filter . Bypass
DKIM
DKIM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 296
(Bcc:)
Email addresses( ). .
Subject(). .
Return path (optional)( ( )). .
Alternate mail host (optional)( ( )). .
Notify
Notify(). . .
Subject(). .
Return path (optional)( ( )). .
Use template( ). . Include original message as an attachment( ). .
Email address( ). .
Send to Alternate Destination Mail host( ).
Host( .
)
.
.
IP
IP . IP . Deliver from IP Interface(IP ) . IP .
Header name( ). .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 297
/
Inserts a new header into the message or modifies an existing header( ).
Header name( ). .
Specify value of new header( ). .
Prepend to the Value of Existing Header( ). .
Append to the Value of Existing Header( ). .
Search & Replace from the Value of Existing Header( ). Search for() . Replace with() . . Replace with() .
: . , 610 .
DLP . DLP . . DLP , 494 .
Add Log Entry
INFO IronPort . . .
S/MIME / S/MIME . ,
.
S/MIME Sending Profile(S/MIME ): S/MIME S/MIME . S/MIME , 547 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 298
( )
, .
Encryption rule( ): , TLS . TLS , 529 .
Encryption Profile( ). . Cisco Encryption Appliance .
Subject(). . $Subject.
S/MIME /( S/MIME ,
)
.
S/MIME Sending Profile(S/MIME ): S/MIME S/MIME . S/MIME , 547 .
( )
.
, .
( )
, Outbreak Filter .
Drop (Final Action)
.
· , 299
, . . .
33:
Syntax
Body Size( )
$AllHeaders $BodySize
. ( ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 299
Syntax
$Date
MM/DD/YYYY .
.
$dropped_filename
Dropped File Names(
$filenames ,
$dropped_filenames
)
.
Dropped File Types(
$filetypes ,
$dropped_filetypes
)
.
Envelope Sender(
$envelopefrom
)
or
$envelopesender
Envelope Sender( )(Envelope From, <MAIL FROM>) .
Envelope Recipients(
$EnvelopeRecipients
)(Envelope To, <RCPT TO>) .
$filenames
.
File Sizes( )
$filesizes
.
$filetypes
.
GMTimeStamp
$FilterName $GMTimeStamp
.
Received: (GMT ).
HAT
$Group
. ">Unknown<" .
$Policy
HAT . ">Unknown<" .
$MatchedContent
. , .
$Header['string ']
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 300
ID
Syntax
$Hostname $MID
$RecvListener $RecvInt
IP
$RemoteIP
$remotehost
SenderBase Reputation
$Reputation
$Subject
$Time
$Timestamp
Email Security Appliance .
MID(Message ID) . RFC822 "Message-Id" ( $Header ).
.
.
Email Security Appliance IP .
.
SenderBase Reputation . "None" .
.
( ).
Received: ( ).
· , 301 · , 303 · , 303 · GUI , 304
· .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 301
· .
· .
· .
1 Mail Policies( ) > Incoming Mail Policies( ) .
Mail Policies( ) > Outgoing Mail Policies( ).
2 Add Filter( ) . 3 . 4 (X-REF) Editable By (Roles)( ()) Policy Administrator( )
OK() .
Policy Administrator( ) .
5 ( ) . a) Add Condition( ) . b) . c) . d) OK() . e) . ( AND) , ( OR) .
.
6 . a) Add Action( ) . b) . c) . d) OK() . e) . f) . "" , AsyncOS .
7 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 302
· . · .
1 Mail Policies( ) > Incoming Mail Policies( ) . Mail Policies( ) > Outgoing Mail Policies( ).
2 . 3 Content Filtering for Default Policy( ) "Disable
Content Filters( )" "Enable Content Filters (Customize settings)( ( ))" . ( , 283 ) . "Enable Content Filters (Customize settings)( ( ))" . 4 Enable() . 5 .
· . , 276 .
1 Mail Policies( ) > Incoming Mail Policies( ) . Mail Policies( ) > Outgoing Mail Policies( ).
2 (Content Filters ) . 3 Content Filtering for Policy: Engineering( : )
"Enable Content Filtering (Inherit default policy settings)( ( ))" "Enable Content Filtering (Customize settings)( ( ))" . 4 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 303
GUI
5 .
GUI
· . . ( true() . .)
· , . " " .
· .
· . . ^ $ * + ? { [ ] \ | ( )
'\'() . : "\*Warning\*"
· "benign()" . "deliver()" . . Email Security Manager( ) (: ) .
· , " " . .
· Incoming or Outgoing Content Filters( ) 1 .
· Incoming or Outgoing Mail Policies( ) .
· .
· Bcc: . ( , , , 847 .) (, ) .
· "Entire Message( )" Scan Behavior( ) scanconfig . "Entire Message( )" . "Subject( )" "Header()" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 304
GUI
· LDAP (, ldapconfig LDAP ) LDAP GUI .
· GUI . , Text Resources( ) CLI textconfig .
· , , .
· (UTF-8) · (UTF-16) · /-1(ISO 8859-1) · /-1(Windows CP1252) · (Big 5) · (GB 2312) · (HZ GB 2312) · (ISO 2022-KR) · (KS-C-5601/EUC-KR) · (Shift-JIS (X0123)) · (ISO-2022-JP) · (EUC)
. . .
· Incoming or Outgoing Content Filters( ) "Description()", "Rules()" "Policies()" .
· Description() . ( .)
· Rules() . · Policies() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 305
GUI
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 306
12
Cisco Email Security
. · , 307 · Cisco Email Security , 308 · Cisco Email Security , 309 · , 309 · , 312 · , 313 · , 313 · , 320 · , 321 · , 321 · , 321 · , 322
ETF( ) Cisco Email Security TAXII STIX . Cisco Email Security .
· , , .
· . · Cisco Email Security .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 307
Cisco Email Security Cisco Email Security
Cisco Email Security ETF . Cisco . STIX (Structured Threat Information eXpression) . STIX . STIX IOC( ) .
· ( )
· IP ( IP )
· ( )
· URL ( URL )
TAXII(Trusted Automated eXchange of Indicator Information) (TAXII ) . STIX 1.1.1 1.2 TAXII 1.1 .
Cisco Email Security
.
1
Cisco Email Security Cisco Email Security ETF .
, 309
2
Cisco Email Security , 309 TAXII STIX ETF .
3
, 312
.
· HAT
·
4
, URL , 320 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 308
Cisco Email Security
Cisco Email Security
Cisco Email Security
Cisco Email Security ETF .
1 Security Services > External Threat Feeds( ) . 2 Enable() . 3 Accept() .
Cisco Email Security ETF .
4 Enable External Threat Feeds( ) . 5 ( ) ETF ETF
Yes() . 6 .
ETF . , 309 .
ETF TAXII . Cisco Email Security TAXII STIX ETF .
Cisco Email Security 8 ETF . ' ' ' ' ETF .
· Cisco Email Security ETF . · -80 HTTP 443 HTTPS . , 1227 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 309
Cisco Email Security
1 Mail Policies( ) > External Threat Feeds Manager( ) . 2 Add Source( ) . 3 ETF .
ETF . ETF .
TAXII
TAXII (FQDN(Fully Qualified Domain Name) IP ) .
TAXII (: /taxii-data) .
TAXII (: guest.Abuse_ch) .
Polling Interval( )
TAXII . 15 60.
TAXII . 1~365 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 310
Cisco Email Security
HTTPS
.
1. 'Age of Threat Feeds( )' .
'Time Span for Poll Segment( )' .
· TAXII 'Age of Threat Feeds( )' .
· TAXII .
· TAXII 30 .
· 'Age of Threat Feeds( )' TAXII , .
, 100 TAXII (: '40 days') 40 .
(: '5 days') .
HTTPS TAXII Yes() .
TAXII TAXII Yes() .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 311
Cisco Email Security
4 .
Cisco Email Security TAXII Yes() . .
· Security Services > Service Updates( )
· CLI updateconfig
No() Cisco Email Security TAXII .
ETF Cisco Email Security TAXII .
· CLI threatfeedsconfig > sourceconfig ETF .
· ( ) Mail Policies( ) > External Threat Feeds Manager( ) Suspend Polling( )( ) ETF .
· ( ) Mail Policies( ) > External Threat Feeds Manager( ) Resume Polling( )( ) ETF .
· ( ) Mail Policies( ) > External Threat Feeds Manager( ) Poll Now( ) .
· , 312 .
Cisco Email Security . · HAT ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 312
Cisco Email Security
· , 313 . · , 313 .
EFT IP .
1 Mail Policies( ) > HAT Overview(HAT ) . 2 . 3 Edit Settings( ) . 4 IP ETF . 5 ( ) ETF Add Row( ) . 6 .
ETF .
· URL - ETF URL . · - ETF . · - ETF
.
· , 314 . · , 315 · URL , 315 · URL , 317 · , 318 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 313
Cisco Email Security
· , 240 .
' ' ETF .
· ) . Mail Policies( ) > Address Lists( ) CLI addresslistconfig . , 269 . · ( ) . .
1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 Domain Reputation( ) . 6 External Threat Feeds( ) . 7 ETF . 8 . 9 ( ) Cisco Email Security
. 10 OK() . 11 Add Action( ) . 12 .
. Cisco Email Security .
1 Security Services > Domain Reputation( ) . 2 Edit Settings( ) . 3 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 314
Cisco Email Security
4 .
CLI domainrepconfig . AsyncOS for Cisco Email Security Appliances CLI .
, ETF . :
quarantine_msg_based_on_ETF: if (domain-external-threat-feeds (['etf_source1'], ['mail-from', 'from'], <'domain_exception_list'>)) { quarantine("Policy"); }
· `domain-external-threat-feeds' . · `etf_source1' ETF . · `mail-from','from' . · 'domain_exception_list' . "" .
'Errors To:' ETF .
Quaranting_Messages_with_Malicious_Domains: if domain-external-threat-feeds (['threat_feed_source'], ['Errors-To'], "")) {quarantine("Policy");}
URL
'URL ' ETF URL . ETF 'URL ' .
· 'URL ' . · 'URL ' . · 'URL ' .
'URL ' URL .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 315
URL
Cisco Email Security
· 'URL ' 11~20 .
· 'URL ' 4~10 .
· Cisco Email Security URL . URL Security Services > URL Filtering(URL ) . URL , 425 . · Cisco Email Security . Security Services > Outbreak Filters( ) . (Outbreak Filter), 399 . · Cisco Email Security . Security Services > Anti-Spam() . Anti-Spam, 355 . · ( ) URL . Mail Polices(Mail ) > URL Lists(URL ) . URL , 425 .
1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 URL Reputation(URL ) . 6 External Threat Feeds( ) . 7 URL ETF . 8 ( ) Cisco Email Security URL
. 9 / URL Check URLs within(
URL ) . 10 OK() . 11 Add Action( ) . 12 URL Reputation(URL ) . 13 External Threat Feeds( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 316
Cisco Email Security
URL
14 ETF (7). 15 ( ) 8 URL . 16 ' ' / ' ' URL Check URLs within(
URL ) . 17 / URL .
16 'Check URLs within( URL )' 'Attachments( )' .
18 . 19 OK() . 20 .
WBRS( ) ETF URL , WBRS URL ETF URL .
URL
, ETF URL URL 'URL ' . :
defang_url_in_message: if (url-external-threat-feeds (['etf_source1'], <'URL_whitelist'>, <'message_attachments'> , <'message_body_subject'> ,)) { url-etf-defang(['etf-source1'], "", 0); } <'URL_whitelist'> , <'Preserve_signed'>)}
· `url-external-threat-feeds' URL .
· `etf_source1' URL ETF .
· `URL_whitelist' URL . URL "" .
· `message_attachments' URL . '1' URL .
· 'message_body_subject' URL . '1' URL .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 317
Cisco Email Security
"1,1" , URL .
· 'url-etf-defang' URL . URL ETF . · url-etf-strip(['etf_source1'], "None", 1) · url-etf-defang-strip(['etf_source1'], "None", 1, "Attachment removed") · url-etf-defang-strip(['etf_source1'], "None", 1) · url-etf-proxy-redirect(['etf_source1'], "None", 1) · url-etf-proxy-redirect-strip(['etf_source1'], "None", 1) · url-etf-proxy-redirect-strip(['etf_source1'], "None", 1, " Attachment removed") · url-etf-replace(['etf_source1'], "", "None", 1) · url-etf-replace(['etf_source1'], "URL removed", "None", 1) · url-etf-replace-strip(['etf_source1'], "URL removed ", "None", 1) · url-etf-replace-strip(['etf_source1'], "URL removed*", "None", 1, "Attachment removed")
· 'Preserve_signed' '1' '0' . '1' '0' .
URL ETF .
Strip_Malicious_URLs: if (true) {url-etf-strip(['threat_feed_source'], "", 0);}
' ' ETF .
ETF . ETF ' ' . · ' ' . · ' ' .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 318
Cisco Email Security
· ' ' ' ' .
' ' ' ' .
· ' ' 10~15 .
· ' ' 4~9 .
( ) . Mail Polices(Mail ) > File Hash Lists( ) . , 319 .
1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 Attachment File Info( ) . 6 External Threat Feeds( ) . 7 ETF . 8 ( ) Cisco Email Security . 9 OK() . 10 Add Action( ) . 11 Strip Attachment by File Info( ) . 12 External Threat Feeds( ) . 13 etf (7 ). 14 ( ) 8 . 15 .
1 Mail Policies( ) > File Hash Lists( ) . 2 Add File Hash List( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 319
Cisco Email Security
3 ('SHA256' 'MD5' ) . 4 3 . 5 .
, ETF . :
Strip_malicious_files: if (file-hash-etf-rule (['etf_source1'], <'file_hash_exception_list'>)) { file-hash-etf-strip-attachment-action (['etf_source1'], <'file_hash_exception_list>,
"file stripped from message attachment"); }
: · `file-hash-etf-rule' . · `etf_source1' ETF . · 'file_hash_exception_list' . "" . · 'file-hash-etf-strip-attachment-action' .
ETF .
Strip_Malicious_Attachment: if (true) {file-hash-etf-strip-attachment-action (['threat_feed_source'], "", "Malicious message attachment has been stripped from the message.");}
, URL .
1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Content Filters( ) . 3 Enable Content Filters (Customize Settings)( ( )) . 4 , URL .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 320
Cisco Email Security
5 .
Cisco Email Security ETF .
, ETF .
Cisco ETF . (: ) ETF . ETG .
· Security Services > External Threat Feeds( ) Update Now( ) .
· CLI threatfeedupdate .
ETF Security Services > External Threat Feeds( ) 'External Threat Feeds Engine Updates( )' CLI threatfeedstatus .
ETF .
/
ETF
'source' - TAXII
$source _name .
. 'reason' -
: $reason
.
Information(). TAXII .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 321
Cisco Email Security
/ ETF
$type $count - $count . . $ type - Information(). . .
ETF IOC .
· . Security Services > Centralized Services( ) > Message Tracking( ) . · .
1 Monitor() > Message Tracking( ) . 2 Advanced() . 3 Message Event( ) External Threat Feeds( ) . 4 IOC IOC . 5 ( ) Cisco Email Security ETF ETF
All External Threat Feed Sources( ) . 6 ( ) Cisco Email Security ETF
Current External Threat Feed Sources( ) ETF . 7 ( ) ETF 'External Threat Feed Sources( )' ETF . 8 Search() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 322
13
. · , 323 · , 326 · Cisco Email Security , 326 · , 327 · , 331 · , 331 · , 332 · , 332 · , 332
Cisco SDR( ) . Cisco SDR( ) . IP , , SMTP(Simple Mail Transfer Protocol) FQDN(Fully Qualified Domain Name) . Cisco Cisco Talos SDR( ) (http://www.cisco.com/go/ccp).
· SDR Cisco . · Cisco IPAS Cisco TAC(Technical Assistance Center) SDR .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 323
SDR
SDR
SDR , .
34: SDR
.
.
FN() .
. .
FN() FP( ) . Talos SDR poor() awful( ) SDR .
.
.
.
Talos
.
.
( . ) . Talos .
(Talos ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 324
Good
SDR
SDR . . Talos . Talos . . Talos "unknown" .
Talos .
. . SPF, DKIM , .
DKIM ("From:" . ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 325
1
2 3
Cisco Email Security Cisco Email Security
SDR
.
, 326
AsyncOS 12.0 SDR .
SDR
.
, 327
SDR , 331 .
Cisco Email Security
AsyncOS 12.0 SDR .
1 Security Services > Domain Reputation( ) . 2 Enable() . 3 Enable Sender Domain Reputation Filtering( ) . 4 ( ) SDR SDR Include Additional Attributes(
) . , SDR .
· 'Envelope From( ):', 'From( ):', 'Reply-To( ):' .
· 'From( ):' 'Reply-To( ):' .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 326
5 ( ) SDR () . SDR .
6 ( ) Envelope From( ): SDR Match Domain Exception List based on Domain in Envelope From Envelope From( ): .
7 Submit() . 8 ( ) SDR Include Additional Attributes Agreement(SDR ) I Agree(
) . SDR Include Additional Attributes Agreement(SDR ) Include Additional
Attributes( ) .
9 Commit() .
SDR . , 327 .
' ' SDR .
· · ·
· , 328 · , 330
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 327
"Poor". SDR SDR , 324 .
:
drop_msg_based_on_sdr_verdict: if sdr-reputation (['awful', 'poor'], "<domain_exception_list>") {drop();}
: · 'drop_msg_based_on_sdr_verdict' . · 'sdr-reputation' . · 'awful','poor' SDR . · 'domain_exception_list' . "" . · 'drop' .
SDR 'Unknown' .
quarantine_unknown_sdr_verdicts: if sdr-reputation (['unknown'], "") {quarantine("Policy")}
:
<msg_filter_name> if sdr-age (<`unit'>, <`operator'> <`actual value'>) {<action>}
: · 'sdr-reputation' . · 'sdr_age' SDR . · `unit' 'days', 'years', 'months' 'weeks' . · 'operator' .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 328
· >( ) · >=( ) · <( ) · <=( ) · ==() · !=( ) · Unknown( )
· `actual value' .
.
Drop_Messages_Based_On_SDR_Age: if (sdr-age ("unknown", "")) {drop();}
.
Drop_Messages_Based_On_SDR_Age: if (sdr-age ("months", <, 1, "")) { drop(); }
:
<msg_filter_name> if sdr-unscannable (<'domain_exception_list'>) {<action>}
: · 'sdr-unscannable' . 'domain_exception_list' . "" .
SDR 'Unknown' .
Quarantine_Messages_Based_On_Sender_Domain_Unscannable: if (sdr-unscannable ("")) {quarantine("Policy");}
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 329
· ( ) . Mail Policies( ) > Address Lists( ) CLI addresslistconfig . , 269 . · ( ) . , 330 .
1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 Domain Reputation( ) . 6 SDR .
· SDR Sender Domain Reputation Verdict( ) . "Poor". SDR SDR , 324 .
· Sender Domain Age( ) , , , .
· SDR Sender Domain Reputation Unscannable( ) .
7 ( ) Cisco Email Security SDR .
8 Add Action( ) SDR . 9 .
. Cisco Email Security SDR .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 330
SDR . SDR , Envelope From( ):, From( ):, Reply-To( ): . Envelope From( ): SDR Domain Reputation settings( ) 'Match Domain Exception List based on Domain in Envelope From Envelope From( )' .
1 Security Services > Domain Reputation( ) . 2 Edit Settings( ) . 3 . 4 .
CLI domainrepconfig . AsyncOS for Cisco Email Security Appliance CLI .
SDR .
1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Content Filters( ) . 3 'Enable Content Filters (Customize Settings)( ( ))' . 4 SDR . 5 .
, SDR .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 331
SDR .
· . Security Services > Message Tracking( ) . · SDR .
1 Monitor() > Message Tracking( ) . 2 Advanced() . 3 Message Event( ) Sender Domain Reputation( ) . 4 SDR SDR . 5 ( ) SDR Unscannable( ) . 6 ( ) SDR . 7 Search() .
SDR .
/
MAIL.IMH.SENDER_DOMAIN_ SDR . 'reason' - SDR
LOOKUP_FAILURE_ALERTS - <$reason>
.
Warning() SDR .
SDR . Info() Debug() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 332
SDR
SDR
SDR . Info() Debug() .
· , 333
· , 333
· , 334
· , 334
SDR SDR .
Mon Jul 2 08:57:18 2018 Info: New SMTP ICID 3 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 08:57:18 2018 Info: ICID 3 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled
country not enabled Mon Jul 2 08:57:18 2018 Info: Start MID 3 ICID 3 Mon Jul 2 08:57:18 2018 Info: MID 3 ICID 3 From: <[email protected]> Mon Jul 2 08:57:18 2018 Info: MID 3 ICID 3 RID 0 To: <[email protected]> Mon Jul 2 08:57:18 2018 Info: MID 3 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon
Jul 2 08:57:18 2018 Info: MID 3 Subject 'Message 001' Mon Jul 2 08:57:19 2018 Info: MID 3 SDR: Message was not scanned for Sender Domain Reputation.
Reason: Authentication failure.
CLI sdradvancedconfig Cisco Email Security SDR .
SDR SDR .
Mon Jul 2 09:00:13 2018 Info: New SMTP ICID 4 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 09:00:13 2018 Info: ICID 4 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled
country not enabled Mon Jul 2 09:00:13 2018 Info: Start MID 4 ICID 4 Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 From: <[email protected]> Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 RID 0 To: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:00:13 2018 Info: MID 4 Subject 'Message 001' Mon Jul 2 09:00:13 2018 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation.
Reason: Request timed out.
SDR .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 333
SDR Cisco Email Security SDR .
Mon Jul 2 09:04:08 2018 Info: ICID 7 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled
Mon Jul 2 09:04:08 2018 Info: Start MID 7 ICID 7 Mon Jul 2 09:04:08 2018 Info: MID 7 ICID 7 From: <[email protected] > Mon Jul 2 09:04:08 2018 Info: MID 7 ICID 7 RID 0 To: <[email protected] > Mon Jul 2 09:04:08 2018 Info: MID 7 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon
Jul 2 09:04:08 2018 Info: MID 7 Subject 'Message 001' Mon Jul 2 09:04:08 2018 Info: MID 7 SDR: Message was not scanned for Sender Domain Reputation.
Reason: Invalid host configured.
CLI sdradvancedconfig Cisco Email Security SDR .
SDR .
Mon Jul 2 09:00:13 2018 Info: New SMTP ICID 4 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 09:00:13 2018 Info: ICID 4 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled
country not enabled Mon Jul 2 09:00:13 2018 Info: Start MID 4 ICID 4 Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 From: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 RID 0 To: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:00:13 2018 Info: MID 4 Subject 'Test mail' Mon Jul 2 09:00:13 2018 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation.
Reason: Unknown error.
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 334
14
Anti-Virus
. · , 335 · Sophos , 336 · McAfee Anti-Virus , 339 · , 340 · , 351 · , 352
Cisco Sophos McAfee . , Cisco . McAfee Sophos , , , , . . "", , X-header , , . , " " ( , 63 ). .
· , 336 · , 336
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 335
Anti-Virus
Cisco 30 . Security Services( ) > Sophos/McAfee Anti-Virus (GUI), antivirusconfig systemsetup (CLI) . . 30 Cisco . System Administration( ) > Feature Keys( ) featurekey . ( , 926 .)
AsyncOS , . Cisco . , Sophos McAfee .
Sophos McAfee " " . (McAfee Anti-Virus , 339 Sophos , 336 ) . . Cisco .
. McAfee , Sophos . McAfee , Sophos . McAfee Cisco Sophos , .
Sophos
Cisco Sophos, Plc. . Sophos Anti-Virus , .
Sophos Anti-Virus , . " " . .
· , 337 · , 337 · , 337
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 336
Anti-Virus
· , 338 · Sophos , 338 · , 339
Sophos Sophos Anti-Virus , Microsoft COM(Component Object Model) . . " " . .
. .
· · · OLE2
Cisco SAV .
( ) . .
. . , . Word . MIME .
. . .
· , 338 · , 338 · , 338
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 337
Anti-Virus
, . ( ) . Sophos .
Sophos , ( ) . . Sophos .
. . , . . DOS Windows , Sophos Virus Description Language . , Sophos . , . . . , . , .
Sophos . Sophos , 30% . . Sophos .
Sophos
Cisco Sophos Anti-Virus Sophos http://www.sophos.com/virusinfo/notifications/ Sophos . Sophos .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 338
Anti-Virus
Sophos Anti-Virus () . Sophos Anti-Virus , . . . , . , . . Mail Policies > Incoming or Outgoing Mail Policies( > ) (GUI) policyconfig -> antivirus (CLI) . , 342 .
McAfee Anti-Virus
McAfee® . · . · . · . · .
· , 339 · , 339 · , 340 · , 339
McAfee , (DAT) . . .
. · . . . · . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 339
Anti-Virus
. . .
. .
, . , , . . , .
.
Sophos Anti-Virus () . Sophos Anti-Virus , . .
. , . , . . Mail Policies > Incoming or Outgoing Mail Policies( > ) (GUI) policyconfig -> antivirus (CLI) . , 342 .
1
Email Security Appliance
.
, 341
2
.
, 276
3
( ) , , Outbreak , 852
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 340
Anti-Virus
4 5 6
,
.
342
.
, 347
( )
.
, 351
· , 341 · , 342 · , 347 · , 348 · , 350
. .
Sophos, McAfee .
1 Security Services( ) > McAfee . Security Services( ) > Sophos .
2 Enable() . Enable() . .
3 Accept() . 4 Edit Global Settings( ) . 5 .
. 60. 6 ( ) Enable Automatic Updates( ) .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 341
Anti-Virus
7 .
. , 342 .
Cisco ( ) . . Mail Policies( ) > Incoming or Outgoing Mail Policies( ) (GUI) policyconfig > antivirus (CLI) .
· , 342 · , 343 · , 344
· Scan for Viruses Only( ) . . .
· Scan and Repair Viruses( ) . "" .
· Dropping Attachments( ) . " " . .
This attachment contained a virus and was stripped. Filename: filename
Content-Type: application/filetype
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 342
Anti-Virus
. ( , 346 ). .
· X-IronPort-AV X-IronPort-AV: . , " " . X-IronPort-AV . .
. - . . ( , 344 ). , , .
. .
. . ( , 173 ) "" . PGP S/MIME "" . PGP S/MIME . ZIP Microsoft Word Excel . " " .
3.8 AsyncOS Sophos Anti-Virus , .
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 343
Anti-Virus
. , .
, .
· , 344 · , 345 · , 345 · , 345 · , 346 · , 346 · , 346 · , 347 · , 347
, . , , , ( , 345 ).
.
.
· · · GUI "Advanced()" . · · · ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 344
Anti-Virus
. . , 348 .
. .
. . .
, .
( ) "avarchive" . mbox . "Anti-Virus Archive" . , 1053 .
GUI "Archive original message( )" "Advanced()" .
.
"Modify message subject( )" . ( ) ( ) . [WARNING: VIRUS REMOVED] .
.
Encrypted()
[WARNING: MESSAGE ENCRYPTED]
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 345
Anti-Virus
Infected() Repaired()
[WARNING: VIRUS DETECTED] [WARNING: VIRUS REMOVED] [WARNING: A/V UNSCANNABLE]
(: , ).
, / . (CLI GUI ). .
Repaired()
The following virus(es) was detected in a mail message: <virus name(s)>( <virus name(s)> .)
Actions taken: Infected attachment dropped (or Infected attachment repaired)( : ( )).
Encrypted()
The following message could not be fully scanned by the anti-virus engine due to encryption( ).
Unscannable( The following message could not be fully scanned by the anti-virus engine(
)
).
Infectious()
The following unrepairable virus(es) was detected in a mail message: <virus name(s)>( <virus name(s)> ).
. Yes() . skip-viruscheck . , 224 .
. Yes() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 346
Anti-Virus
, . Yes() .
, . .
, / ( ) . . , 621 .
18:
$TRUSTED , WHITELIST . , 101 .
. "Use Default( )" . . . GUI CLI policyconfig > antivirus .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 347
Anti-Virus
. .
1 Mail Policies > Incoming Mail Policies( > ) Mail Policies > Outgoing Mail Policies( > ) .
2 . .
3 Yes() Use Default( ) . . Disable() . "Yes()" Repaired(), Encrypted(), Unscannable( ) Virus Infected( ) .
4 . McAfee Sophos . 5 Message Scanning( ) .
, 342 .
6 Repaired(), Encrypted(), Unscannable( ) Virus Infected( ) . , 343 , 344 .
7 Submit() . 8 .
drop attachments . "Drop infected attachments if a virus is found and it could not be repaired( )" , MIME . clean() . (GUI ) . "Scan for Viruses only( )" "clean()". RFC822 . "Scan for Viruses only( )" "Drop infected attachments if a virus is found and it could not be repaired( )" . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 348
Anti-Virus
Drop-attachments( ): NO()
Scanning(): Scan-Only() Cleaned messages( ): Deliver() .
Unscannable messages( ): DROP message( )
Encrypted messages( ): Send to administrator or quarantine for review( )
Viral messages( ): Drop message( )
Drop-attachments( ): YES()
Scanning(): Scan and Repair( )
.
Cleaned messages( ): [VIRUS REMOVED] and Deliver([
] )
Unscannable messages( ): Forward as attachment( )
Encrypted messages( ): Mark and forward( )
Viral messages( ): Quarantine or mark and forward( )
Drop-attachments( ): YES()
Scanning(): Scan and Repair( )
Cleaned messages( ): [VIRUS REMOVED] and Deliver([ ] )
( ) Unscannable messages( ): Send notification(s), quarantine, OR drop and archive( , )
Encrypted messages( ): Mark and forward OR treat as unscannable( )
Viral messages( ): Archive and drop( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 349
Anti-Virus
Drop-attachments( ): NO()
Scanning(): Scan-Only() Cleaned messages( ): Deliver()( ) .
Unscannable messages( ): Forward as attachment( ), alt-src-host alt-rcpt-to
Encrypted messages( ): Treat as unscannable( )
Viral messages( ): Forward to quarantine or administrator( )
.
19:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 350
Anti-Virus
Cisco McAfee , Sophos . McAfee . McAfee Cisco (, ) .
1 . Security Services( ) > Sophos/McAfee Anti-virus antivirusconfig , Email Security Manager( ) (GUI) policyconfig antivirus .
2 , .
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
. . "X5O..." (0) O .
PDF HTML . .
3 EICAR.COM . 68 70. . , , . .
4 EICAR.COM , 1 . . ( , 131 .) Cisco (: Microsoft Exchange ) , . .
5 , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 351
Anti-Virus
. 1. Scan and Repair( ) Scan only() (
). · Eicar . ( , 344 ) .
2. Scan and Repair( ) Scan only() ( ). · Eicar . · ( , 343 ) .
http://www.eicar.org/anti_virus_test_file.htm . 4 . .
· HTTP , 352 · , 353 · , 353 · , 353
HTTP
Sophos McAfee . . Cisco 5 . Sophos McAfee . . . 1 (Security Services > Service Updates( > ) ). 10 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 352
Anti-Virus
Security Services > Service Updates( > ) . , . , 945 .
Security Services( ) > Sophos McAfee antivirusstatus CLI , , . . , 353 .
1 Security Services( ) > Sophos McAfee Anti-Virus . 2 Current McAfee/Sophos Anti-Virus Files( McAfee/Sophos ) Update Now(
) . .
CLI antivirusstatus antivirusupdate .
, Updater Logs( ) . tail .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 353
Anti-Virus
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 354
15
Anti-Spam
. · , 355 · , 356 · IronPort Anti-Spam , 358 · Cisco Intelligent Multi-Scan , 360 · , 362 · , 369 · , 369 · Cisco , 370 · IP , 374 · , 383 · , 384
( ) .
· . · .
. · .
· Not spam( ) · Suspected spam( ) · Positively-identified spam( ) · . , . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 355
Anti-Spam
. , .
. , , , .
, 63 .
· , 356
Cisco . · IronPort Anti-Spam , 358 . · Cisco Intelligent Multi-Scan , 360 .
Cisco , . .
1 Email Security Appliance .
.
Cisco IronPort Anti-Spam Intelligent Multi-Scan .
· IronPort Anti-Spam , 358
· Cisco Intelligent Multi-Scan , 360
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 356
Anti-Spam
2
Email Security Appliance Security Management Appliance .
· , 868 · , 1188
3 , 276
.
4 , 362 .
5
Cisco Anti-Spam , 223 skip-spamcheck .
6
() SenderBase Reputation "Use SenderBase for
Flow Control( Senderbase )"
SenderBase Reputation Service .
.
, 108 .
7
Email Security Appliance IP , , , 374 IP .
8
.
, 369
9 ( ) URL URL , 427 URL .
10 .
, 384
11 ( ) (
) .
Cisco .
· , 945
· , 949
· , 949
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 357
IronPort Anti-Spam
Anti-Spam
IronPort Anti-Spam
· , 358 · Cisco Anti-Spam: , 358 · IronPort Anti-Spam , 359
Cisco Cisco Anti-Spam 30 . Security Services( ) > IronPort Anti-Spam (GUI), systemsetup antispamconfig (CLI) . Cisco Anti-Spam . Cisco Anti-Spam 30 ( , 2: , 31 ) . 30, 15, 5, 0 . 30 Cisco . System Administration( ) > Feature Keys( ) featurekey . ( , 926 .)
Cisco Anti-Spam:
IronPort Anti-Spam , (: "419" ) . IronPort Anti-Spam URL (: ) .
IronPort Anti-Spam , , , , . IronPort Anti-Spam (SenderBase) .
IronPort Anti-Spam 100,000 .
· - ? · - ? · - ? · - ?
. , IP "" PC URL . , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 358
Anti-Spam
· , 359 · URL , 425
Cisco Anti-Spam . , .
· . . . , .
· . . .
IronPort Anti-Spam .
· IronPort Anti-Spam , 359
IronPort Anti-Spam
IronPort Anti-Spam .
· . , 359 .
1 Security Services( ) > IronPort Anti-Spam . 2 IronPort Anti-Spam .
a) Enable() . b) Accept() . 3 Edit Global Settings( ) . 4 Enable IronPort Anti-Spam Scanning(IronPort Anti-Spam Scanning ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 359
Cisco Intelligent Multi-Scan
Anti-Spam
.
5 Cisco Anti-Spam .
1. - 1MB . " " . .
3MB . .
2. - 2MB . Cisco Anti-Spam X-IronPort-Anti-Spam-Filtered: true .
10MB . .
always scan( ) never scan( ) .
Outbreak Filter Cisco Anti-Spam Outbreak Filter .
() .
1~120 . 60.
, .
. .
6 .
Cisco Intelligent Multi-Scan
Cisco Intelligent Multi-Scan Cisco Anti-Spam . Cisco Intelligent Multi-Scan :
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 360
Anti-Spam
Cisco Intelligent Multi-Scan
· . · Cisco Intelligent Multi-Scan
Cisco Anti-Spam . · Cisco Anti-Spam AsyncOS . · Cisco Anti-Spam Cisco
Anti-Spam . Cisco Intelligent Multi-Scan . Cisco Anti-Spam , Cisco Intelligent Multi-Scan . Cisco Intelligent Multi-Scan . Cisco .
, Intelligent Multi-Scan Cisco Anti-Spam Cisco Intelligent MultiScan Cisco Anti-Spam .
· Cisco Intelligent Multi-Scan , 361
Cisco Intelligent Multi-Scan
Cisco Intelligent Multi-Scan .
. , 926 . IronPort Intelligent Multi-Scan .
1 Security Services( ) > IronPort Intelligent Multi-Scan . 2 Cisco Intelligent Multi-Scan .
a) Enable() . b) Accept() . 3 Edit Global Settings( ) . 4 Enable IronPort Intelligent Multi-Scan(IronPort Intelligent Multi-Scan ) . . Mail Policies( ) . 5 Cisco Intelligent Multi-Scan .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 361
Anti-Spam
. · 512K · 1M
6 () . 1~120 . 60. . , .
7 .
. . . . .
· , 356 .
· . · , 365 · : , 365 · , 366 · , : , 367 . · , 369
· " " , , 1053 . · , , 217
.
1 Mail Policies( ) > Incoming Mail Policies( ) .
2 Mail Policies > Outgoing Mail Policies( > ) . 3 Anti-Spam() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 362
Anti-Spam
4 Enable Anti-Spam Scanning for This Policy( ) . . , . .
5 , .
Enable Suspected Spam . Scanning( ) .
Enable Marketing Email Scanning( )
Apply This Action to ,
Message( .
)
·
·
·
·
( ) (SMTP DNS
) .
IP . MX( ) . MX DNS A (SMTP ).
.
, 217 .
.
. ( ) ( ) . [SPAM] .
" " US-ASCII .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 363
Anti-Spam
( )
( ) .
Advanced() .
URL Cisco Web Security . URL Cisco Web Security : , 366 .
( ) .
Advanced() .
. .
" " . mbox .
Spam Thresholds( ,
)
.
6 .
Host Access Table , . , 101 .
· , 356 · , 365 · : , 365 · , 366 · URL Cisco Web Security :
, 366 · : , 367
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 364
Anti-Spam
. .
. 90 100 . 50.
· . ·
.
.
50~99 . 25 .
:
· ( ) . , .
· ( ) . , . , .
. " " "" .
· , 356 · : , 365
:
()
()
· "[ ]"
·
"[ "[ ]" ]"
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 365
Anti-Spam
. ( ) .
. . .
, 281 .
Marketing Email Settings( ) , AsyncOS 9.5 for Email Marketing Email Settings( ) . , 387 .
URL Cisco Web Security :
Cisco Web Security URL . .
URL . URL , 426 .
1 . a) Mail Policies( ) > Incoming Mail Policies( ) . b) Anti-Spam() . c) Suspected Spam Settings( ) . d) Advanced() Add Custom Header( ) . e) url_redirect . f) .
2 URL . a) Mail Policies > Incoming Content Filters( > ) . b) Add Filter( ) . c) url_redirect . d) Add Condition( ) . e) Other Header( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 366
Anti-Spam
:
f) url_redirect . .
g) Header exists( ) . h) OK() . i) Add Action( ) . j) URL Category(URL ) . k) Available Categories( ) Selected Categories( )
. l) Action on URL(URL ) Redirect to Cisco Security Proxy(Cisco Security )
. m) OK() . 3 . a) Mail Policies( ) > Incoming Mail Policies( ) . b) Content Filters( ) . a) Enable Content Filters( ) . b) url_filtering . c) .
· URL , 403 · , 283
:
( CLI systemsetup ) Cisco Intelligent Multi-Scan Cisco Anti-Spam . , Security Services( ) . Mail Policies( ) > Incoming Mail Policies( ) . . . "" Cisco Anti-Spam .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 367
: 20: -
Anti-Spam
Cisco Intelligent Multi-Scan Partners() Anti-Spam( ) (" ").
Cisco Intelligent Multi-Scan Yes() . .
Cisco Intelligent Multi-Scan .
21: Mail Policies( ) - Cisco Intelligent Multi-Scan
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 368
Anti-Spam
22: - Intelligent Multi-Scan
Cisco IronPort (: ) URL . . , 276 , 223 .
· . X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result Cisco . .
· Cisco Intelligent Multi-Scan . · ,
. , 362 .
· URL Cisco Web Security : , 366
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 369
Cisco
Anti-Spam
Cisco
Cisco . . .
· · · · ·
· Cisco , 370 · , 374
Cisco
Cisco . .
1 ID . ID Cisco Email Security . 1. . 2. System Administration( ) > Email Submission and Tracking Portal Registration( ) . 3. . 4. Set Registration ID( ID ) . 5. Registration ID( ID) . 16 48 , (-) (_) . 6. . 7. 1~6 .
CLI portalregistrationconfig ID . 2 Cisco . Cisco
Cisco .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 370
Anti-Spam
Cisco
Cisco Cisco .
· : 1. Cisco Cisco (https://email-submission.cisco.com) .
2. Register a new Registration ID( ID ) 1 ID Register() . ID .
· : 1. Cisco Cisco (https://email-submission.cisco.com) .
2. Register as an administrator( ) Register() .
Register() . Admin registration requests( ) .
3 Cisco . 1. Cisco .
2. Configuration() > Domains() .
3. Add new domain( ) .
4. Add() .
. , example.com [email protected] . .
[email protected] . domain.com . . [email protected] postmaster [email protected] [email protected] . .
redirect_postmaster: if (rcpt-to == "[email protected]") AND (mail-from == "^[email protected]$") { alt-rcpt-to ("[email protected]"); }
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 371
Cisco
Anti-Spam
Cisco
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/ 200648-ESA-FAQ-How-to-work-with-Cisco-Email-Su.html .
1 Cisco , 370 . 2 Cisco .
· Cisco Email Security , 372 · Cisco , 373 · , 373 Cisco 2 . .
2 . Help() > Troubleshooting Instructions( ) .
, 374
Cisco Email Security
Cisco Email Security ( ) Microsoft Outlook Cisco . Microsoft Outlook Microsoft Outlook . .
· https://software.cisco.com/portal/pub/download/portal/ select.html?&mdfid=284900944&flowid=41782&softwareid=283090986 Cisco Email Security . · Cisco Email Security (http://www.cisco.com/c/en/us/support/ security/email-encryption/products-user-guide-list.html) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 372
Anti-Spam
Cisco
Cisco
Cisco Cisco . .
.
1 Cisco Cisco (https://email-submission.cisco.com) . 2 Submissions() New Submission( ) . 3 . EML 15MB
. 4 Create() .
Cisco .
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance Cisco /117822-qanda-esa-00.html
Cisco https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance
/200648-ESA-FAQ-How-to-work-with-Cisco-Email-Su.html
Cisco https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/
200653-ESA-FAQ-Troubleshooting-Email-Submissio.html
RFC 822 .
· - [email protected] · - [email protected] · - [email protected] · - [email protected] · - [email protected]
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 373
Anti-Spam
· Apple Mail · Microsoft Outlook for Mac · Microsoft Outlook Web App · Mozilla Thunderbird
Microsoft Windows Microsoft Outlook 2010, 2013 2016 , Cisco Email Security Microsoft Outlook Web App . Windows Outlook . .
Cisco .
1 Cisco Cisco (https://email-submission.cisco.com) . 2 Submission() . 3 (, ID, , ) .
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/ 200648-ESA-FAQ-How-to-work-with-Cisco-Email-Su.html. .
IP
/ (MX MTA), Cisco IP . MX/MTA . IronPort Anti-Spam Cisco Intelligent Multi-Scan(SenderBase Reputation Service ) IP . . Cisco MX/MTA IP IP .
· , 375 · , 376 · , 381
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 374
Anti-Spam
· , 383
. IP 7.8.9.1 MX/MTA Cisco IP 10.2.3.4 .
23: MX/MTA -
Cisco . A 7.8.9.1 Cisco MX MTA . B 7.8.9.1 Cisco MX .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 375
24: MX/MTA -
Anti-Spam
· , 376 · , 376 · , 378
MX/MTA Cisco .
1 Network() > Incoming Relays( ) . 2 Enable() . 3 .
. · Email Security Appliance
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 376
Anti-Spam
· IP , 378 .
· IP Received .
· . · IP . · MX, MTA IP .
1 Network() > Incoming Relays( ) . 2 Add Relay( ) . 3 . 4 Email Security Appliance MTA, MX IP
. IPv4 IPv6 , CIDR IP . MTA , MTA IP (: 10.2.3.1/8 10.2.3.1~10). IPv6 AsyncOS .
· 2620:101:2004:4202::0-2620:101:2004:4202::ff
· 2620:101:2004:4202::
· 2620:101:2004:4202::23
· 2620:101:2004:4202::/64
5 IP . . a) . () Received . b) : . .
SenderIP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 377
Anti-Spam
X-CustomHeader
c) Received : IP . IP "" .
6 .
.
· DHAP . , 382 .
· . , 383 .
· , 356
.
· , 378 · , 379
. . IP . .
SenderIP: 7.8.9.1
X-CustomHeader: 7.8.9.1
MX/MTA , . C D IP 10.2.3.5 . C 2 D . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 378
Anti-Spam 25: MX/MTA -
· , 376
IP MX/MTA , "Received:" IP . "Received:" IP "" . , ( - MX/MTA - 10.2.3.5) . ( - MX/MTA - ) Cisco ( , 378 ).
( Received: ) . (Cisco . , 383 . AsyncOS Received: IP . Cisco Received: . IP Cisco IP .
([) IP 7.8.9.1 . ()) IP . IP (10.2.3.5).
- MX/MTA - .
· A - 10.2.3.5(Received 2 ) · B - 10.2.6.1(Received 2 )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 379
Anti-Spam
- MX/MTA - Cisco . (Cisco ) . .
35: Received: ( A 1)
1
Microsoft Mail Internet Headers Version 2.0
Received: from smemail.rand.org ([10.2.2.7]) by smmail5.customerdoamin.org with
Microsoft SMTPSVC(5.0.2195.6713);
Received: from ironport.customerdomain.org ([10.2.3.6]) by
smemail.customerdoamin.org with Microsoft SMTPSVC(5.0.2195.6713);
2
Received: from mta.customerdomain.org ([10.2.3.5]) by ironport.customerdomain.org
with ESMTP; 21 Sep 2005 13:46:07 -0700
3
Received: from mx.customerdomain.org (mx.customerdomain.org) [10.2.3.4]) by
mta.customerdomain.org (8.12.11/8.12.11) with ESMTP id j8LKkWu1008155 for
<[email protected]>
4
Received: from sending-machine.spamham.com (sending-machine.spamham.com [7.8.9.1])
by mx.customerdomain.org (Postfix) with ESMTP id 4F3DA15AC22 for
<[email protected]>
5
Received: from linux1.thespammer.com (HELO linux1.thespammer.com) ([10.1.1.89])
by sending-machine.spamham.com with ESMTP;
Received: from exchange1.thespammer.com ([10.1.1.111]) by linux1.thespammer.com
with Microsoft SMTPSVC(6.0.3790.1830);
Subject: Would like a bigger paycheck?
Date: Wed, 21 Sep 2005 13:46:07 -0700
From: "A. Sender" <[email protected]>
To: <[email protected]>
:
· Cisco . · Cisco ( ) . · ( ). · . MTA. IP 7.8.9.1. · Cisco Microsoft Exchange .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 380
Anti-Spam
36: Received: ( A 2)
1
Received: from mta.customerdomain.org ([10.2.3.5]) by ironport.customerdomain.org
with ESMTP; 21 Sep 2005 13:46:07 -0700
2
Received: from mx.customerdomain.org (mx.customerdomain.org) [10.2.3.4]) by
mta.customerdomain.org (8.12.11/8.12.11) with ESMTP id j8LKkWu1008155 for
<[email protected]>;
3
Received: from sending-machine.spamham.com (sending-machine.spamham.com [7.8.9.1])
by mx.customerdomain.org (Postfix) with ESMTP id 4F3DA15AC22 for
<[email protected]>;
GUI Add Relay( ) A() .
26: Received
· , 376
· , 381 · , HAT, SBRS , 382 · , 382 · , 382 · () , 382 · , 382 · , 382
SenderBase Reputation SenderBase Reputation Service (reputation, no-reputation) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 381
, HAT, SBRS
Anti-Spam
, HAT, SBRS
HAT . SenderBase Reputation $reputation HAT .
MX MTA , (DHAP) . Email Security Appliance . , MX MTA . DHAP .
IP SenderBase Reputation .
()
:
· IP MX/MTA . (IP 7.8.9.1) MX/MTA(IP 10.2.3.4) 5 , IP 7.8.9.1 5 MX/MTA(IP 10.2.3.5) 5 .
· SenderBase Reputation . , .
Message Tracking Details( ) IP IP SenderBase Reputation .
SenderBase Reputation 1 . SenderBase Reputation 5 .
1
Fri Apr 28 17:07:29 2006 Info: ICID 210158 ACCEPT SG UNKNOWNLIST match
nx.domain SBRS rfc1918
2
Fri Apr 28 17:07:29 2006 Info: Start MID 201434 ICID 210158
3
Fri Apr 28 17:07:29 2006 Info: MID 201434 ICID 210158 From: <[email protected]>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 382
Anti-Spam
4
Fri Apr 28 17:07:29 2006 Info: MID 201434 ICID 210158 RID 0 To:
<[email protected]>
5
Fri Apr 28 17:07:29 2006 Info: MID 201434 IncomingRelay(senderdotcom): Header
Received found, IP 192.192.108.1 being used, SBRS 6.8
6
Fri Apr 28 17:07:29 2006 Info: MID 201434 Message-ID
'<[email protected]>'
7
Fri Apr 28 17:07:29 2006 Info: MID 201434 Subject 'That report...'
8
Fri Apr 28 17:07:29 2006 Info: MID 201434 ready 2367 bytes from <[email protected]>
9
Fri Apr 28 17:07:29 2006 Info: MID 201434 matched all recipients for per-recipient
policy DEFAULT in the inbound table
10
Fri Apr 28 17:07:34 2006 Info: ICID 210158 close
11
Fri Apr 28 17:07:35 2006 Info: MID 201434 using engine: CASE spam negative
12
Fri Apr 28 17:07:35 2006 Info: MID 201434 antivirus negative
13
Fri Apr 28 17:07:35 2006 Info: MID 201434 queued for delivery
.
Wed Aug 17 11:20:41 2005 Info: MID 58298 IncomingRelay(myrelay): Header Received found, IP 192.168.230.120 being used
Cisco . (: Microsoft Exchange ) Cisco . AsyncOS . , 1107 .
Cisco Anti-Spam Cisco Intelligent Multi-Scan .
1 Security Services( ) > IronPort Anti-Spam .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 383
Anti-Spam
2 Security Services > IMS and Graymail(IMS ) . 3 Rule Updates( ) .
"Never Updated( )" .
--
Update Now( ) .
· , 945 · , 949 · , 949
X-advertisement: spam
.
.
Cisco Anti- Spam
Cisco Anti- Spam ( , 362 )
X-header
X-Advertisement: spam .
.
.
· SMTP
.
Cisco Anti-Spam
, 385 .
· trace
.
: , 1149
.
.
.
, 386 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 384
Anti-Spam
Cisco Anti-Spam
· Cisco Anti-Spam , 385 · , 386
Cisco Anti-Spam
: SMTP , 385 .
1 Cisco Anti-Spam . 2 X-Advertisement: spam .
SMTP . 3
. .
· ? · ? · ? · ?
· : SMTP , 385
: SMTP
HAT .
# telnet IP_address_of_IronPort_Appliance_with_IronPort_Anti-Spam port 220 hostname ESMTP helo example.com 250 hostname mail from: <[email protected]> 250 sender <[email protected]> ok rcpt to: <test@address>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 385
Anti-Spam
250 recipient <test@address> ok data 354 go ahead Subject: Spam Message Test
X-Advertisement: spam spam test . 250 Message MID accepted 221 hostname quit
IronPort Anti-Spam Cisco Intelligent Multi-Scan .
· . , IP, .
· " " . SBRS, , " " .
· . · .
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 386
16
. · , 387 · Email Security Appliance , 387 · , 388 · , 391 · , 396
, , , . , . , ( , ).
Email Security Appliance
Email Security Appliance Unsubscribe Service( ), . .
· . · Unsubscribe Service( )
. .
· . . . Unsubscribe Service( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 387
URL , URL , . . · . . . . · . ( , 388 ), . ·
· , 388
. · . (: Amazon.com ) · . , , . : · LinkedIn - · CNET -
· . (: TechTarget )
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 388
27:
1 Email Security Appliance . 2 Email Security Appliance .
3 . 8 . 3 Email Security Appliance , . 8
. 4 . 4 Email Security Appliance . 5 .
8 . 5 Email Security Appliance , , , . 6 Email Security Appliance .
7 . 8 . 7 Email Security Appliance . Email Security Appliance
. 8 Email Security Appliance .
, , 57 .
· , 390 · , 57
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 389
.
28:
1 . 2 Unsubscribe( ) . 3 Unsubscribe Service( ) URI . 4 Unsubscribe Service( ) URI . 5 URI , Unsubscribe Service( ) .
· URI Unsubscribe Service( ) .
· URI URI (http mailto) Unsubscribe Service( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 390
· Unsubscribe Service( ) "Successfully unsubscribed( )" .
· Unsubscribe Service( ) "Unsubscribe process in progress( )" URL .
URL . Unsubscribe Service( ) 4 .
· 1 , Unsubscribe Service( ) "Successfully unsubscribed( )" .
· 4 , Unsubscribe Service( ) "Unable to subscribe( )" URL .
· , 391 · , 392 · , 392 · , 392 · IronPort-PHdr , 393 · , 394 · , 394 · , 395 · , 396 · , 396 · , 396
· . IronPort Anti-Spam, Intelligent Multi-Scan Outbreak Filters . Anti-Spam, 355 .
·
· .
· Unsubscribe Service( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 391
, .
, 391 .
1 Security Services( ) > Detection and Safe Unsubscribe( ) . 2 Edit Global Settings( ) . 3 Enable Graymail Detection( ) . 4 ( )
. · . · ().
5 ( ) Enable Automatic Updates( ) . .
6 Enable Safe Unsubscribe( ) . 7 .
CLI graymailconfig . AsyncOS for Cisco Email Security Appliance CLI .
, 392
1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Graymail() . 3 .
· ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 392
IronPort-PHdr
· , . S/MIME S/MIME .
· ( , ) · , , ( ) . · · · · . · . Email Security Appliance .
4 .
. .
CLI policyconfig . AsyncOS for Cisco Email Security Appliance CLI .
IronPort-PHdr
IronPort-PHdr . · . · .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 393
IronPort-PHdr .
IronPort-PHdr . .
, IronPort-PHdr .
.
skip-marketingcheck
skip-socialcheck
skip-bulkcheck
"private_listener" .
internal_mail_is_safe: if (recv-listener == 'private_listener') { skip-socialcheck (); }
.
Overview() > Incoming Mail (, ) Overview(
Summary( )
) ,
.
799
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 394
Incoming Mail( ) > Top . Senders by Graymail Messages( )
Incoming Mail( ) ,
Incoming Mail( ) >
802 IP ,
Incoming Mail Details( (,
)
)
.
Incoming Mail( ) >
IP ,
Incoming Mail Details( (,
) > Sender Profile( )( )
)
.
Internal Users( ) > Top . Internal
Users by Graymail(
Users(
)
)
, 811
Internal Users( ) > User (
Mail Flow Details( , )
)
.
Internal Users( ) > User ( Mail Flow Details( , ) ) > Internal User( )( . )
AsyncOS 9.5 Marketing Email Scanning( ) .
· . ·
. · .
Cisco . (: ) .
.
· Security Service( ) > IMS and Graymail(IMS ) Update Now( ) .
· CLI, graymailupdate .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 395
IMS and Graymail(IMS ) Rule Updates( ) CLI graymailstatus .
Unsubscribe Service( ) , Cisco Unsubscribe( ) ( , 390 ). Security Services( ) > Block Page Customization( ) Unsubscribe( ) (: , ) . , 431 .
, . , 873 .
.
· Graymail Engine Logs( ). , , . Info() Debug() .
· Graymail Archive( ). ( " " ) . mbox .
· Mail Logs( ). . Info() Debug() .
Unsubscribe( ) "Unable to unsubscribe from...(... )" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 396
Unsubscribe Service( ) . Unsubscribe Service( ) .
· URI mailto · Credential · · captcha Unsubscribe Service( )
captcha ·
URL .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 397
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 398
17
(Outbreak Filter)
. · Outbreak Filter , 399 · Outbreak Filter , 400 · Outbreak Filter , 407 · Outbreak Filter , 410 · Outbreak Filter , 421 · Outbreak Filter , 422
Outbreak Filter
Outbreak Filter (: ) . , Cisco Email Security Appliance . Cisco , . Cisco Sophos McAfee . , , URL . . Outbreak Filter , URL . Outbreak Filter URL . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 399
Outbreak Filter
(Outbreak Filter)
Outbreak Filter
· , , 400 · , 400 · Cisco Security Intelligence Operations, 402 · Context Adaptive Scanning Engine, 402 · , 403 · URL , 403 · , 404 · : Outbreak, 404 · Outbreaks, 405 · , 406
,
Outbreak Filter .
· . Outbreak Filter . .
· . Outbreak Filter URL , Cisco . . . URL URL , 403 .
· . Outbreak Filter URL , . , 404 .
Outbreak Filter . , , .
Outbreak Filter . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 400
(Outbreak Filter)
Virus Outbreaks( )
Outbreak Filter Anti-Spam Intelligent Multi-Scan .
· Virus Outbreaks( ), 401 · , , 401
Virus Outbreaks( )
Outbreak Filter . . . . .
,
. .
· . · (: ) HTML
. · IP URL. ,
. · URL URL.
. Outbreak Filter .
CASE URL Outbreak , . Email Security Appliance , URL Cisco . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 401
Cisco Security Intelligence Operations
(Outbreak Filter)
Cisco Security Intelligence Operations
Cisco SIO(Security Intelligence Operations) , Cisco .
SIO .
· SenderBase. · TOC(Threat Operations Center). SenderBase
· .
SIO SenderBase , . TOC . Email Security Appliance Outbreak Outbreak .
SenderBase . http://www.senderbase.org/
SIO , . http://tools.cisco.com/security/center/home.x
Context Adaptive Scanning Engine
Outbreak Filter Cisco CASE(Context Adaptive Scanning Engine) . CASE 100,000 .
CASE , . CASE SIO Outbreak .
CASE URL , URL SIO Outbreak .
CASE . CASE SIO Outbreak . .
CASE . CASE .
CASE Cisco Anti-Spam: , 358 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 402
(Outbreak Filter)
. . Outbreak Filter , Cisco .
Outbreak .
URL URL . URL CASE SIO Outbreak , .
Outbreak Filter , 408 .
URL
CASE Outbreak Filter URL . CASE Outbreak . Outbreak Filter Cisco URL ( URL ) TOC . URL URL , 418 .
Email Security Appliance Cisco . Cisco , . .
URL Cisco . . Ignore this warning( ) Exit() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 403
29: Cisco (proxy_splash_screen)
(Outbreak Filter)
Cisco URL . URL .
(: , ) . , 431 .
URL Cisco Web Security URL Cisco Web Security : , 366 .
Outbreak Filter URL , . Outbreak Filter . , 417 . Mail Policies( ) > Text Resources( ) Disclaimer( ) . , 622 .
: Outbreak
Outbreak Filter Adaptive() Outbreak( ), . Outbreak Filter . Outbreak Filter , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 404
(Outbreak Filter)
· , 405 · , 405
Outbreak Cisco Security Intelligence Operations Cisco TOC(Threat Operations Center) , . Outbreak SenderBase ( ) , , . Outbreak GUI (: Outbreak ) ID .
SenderBase . TOC . 0( ) 5( ) , Cisco ( , 406 ). TOC Outbreak .
Outbreak .
· , , · · · URL · Sophos IDE
CASE . . . Outbreak . Outbreak , (Adaptive Rules) "" . .
Outbreaks
Outbreak Filter (: , , , ) (: 4). , Cisco SIO 143 (: "hello") .exe . Outbreak . Outbreak 5 (Outbreak Filter , 414 ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 405
(Outbreak Filter)
Outbreak . . Outbreak( ) . URL .
.
0
None
.
1
Low
.
2
Low/Medium . "".
3
Medium
.
4
High
.
5
Extreme
.
Outbreak Filter , 414 .
· , 406 · : , 407
. (1 2) . , (4 5) . , . , 408 . Cisco 3 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 406
(Outbreak Filter)
:
:
(.zip) . TOC .
TOC .exe .zip .zip .exe (.zip(exe)) Outbreak , .zip (: .txt ) . (.zip(*)) . (Always) . SIO .
37:
Outbreak
.zip(exe)
4
.zip .exe 4 .
.zip(doc) 0
.zip .doc 0 .
zip(*)
2
.zip 2 .
Outbreak Filter
" " ( , 57 ). , . , ( ) Outbreak Filter . Outbreak Filter . Outbreak Filter CASE .
Outbreak Filter .
· , 408 · , 408
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 407
(Outbreak Filter)
Outbreak Filter . Outbreak CASE ( : Outbreak, 404 ). . ( ) CASE . ( ) 0 .
Email Security Appliance , URL . .
CASE . , .
( ) Outbreak ( Outbreak ) .
Outbreak Filter . . , Outbreak . Outbreak Filter .
· . · Outbreak . · .
(desktops/groupware) .
Outbreak Filter .
Outbreak Filter Outbreak . ( Outbreak , 409 .) Outbreak . CASE Outbreak . (Outbreak ) . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 408
(Outbreak Filter)
Outbreak
. , . .
CASE Outbreak . CASE . . CASE , Email Security Appliance . 1. 4. .
Email Security Appliance ( ). Outbreak 100% . .
· ( ) · Outbreak ( )
Outbreak 100% . , 850 , 851 .
Outbreak ( ) . ( ). Outbreak Filter Outbreak , 419 .
. Outbreak Filter , Outbreak . (Outbreak Filter , Outbreak ) . Outbreak Filter . Outbreak Filter ( ), .
· Outbreak , 409
Outbreak
Outbreak( ) . . . Outbreak .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 409
Outbreak Filter
(Outbreak Filter)
38: Outbreak
T=0
T=5 T=10 T=20 T=12
( , ) 100,000
Outbreak .zip(exe) .exe .zip
Outbreak
50KB .zip(exe) 50KB .zip(exe)
Outbreak
50~55KB .zip(exe) "Price"
Outbreak
Outbreak Filter
GUI(Graphical User Interface) , Security Services( ) Outbreak Filters .
30: Outbreak Filters
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 410
(Outbreak Filter)
Outbreak Filter
Outbreak Filters Outbreak Filters Overview() Outbreak Filter Rules() ( ), . Outbreak Filter , Adaptive Scanning( ) , 512k . Edit Global Settings( ) . Outbreak Filter , 411 . Outbreak Filter Rules() ( ) , Outbreak Filter . Outbreak Outbreak Filter , 414 .
· Outbreak Filter , 411 · Outbreak Filter , 414 · Outbreak Filter , 415 · Outbreak Filter Outbreak , 419
Outbreak Filter
1 Security Services( ) > Outbreak Filters . 2 Edit Global Settings( ) . 3 .
· Outbreak Filter · · ( ) · Outbreak Filter · . , 429 . 4 .
outbreakconfig CLI (AsyncOS for Cisco Email Security Appliance CLI ). .
URL . CLI URL URL URL , 412 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 411
Outbreak Filter
(Outbreak Filter)
· Outbreak Filter , 412
· , 412
· Outbreak Filter , 412
· URL URL , 412
Outbreak Filter
Outbreak Filter Outbreak Filters Global Settings(Outbreak Filter ) Enable Outbreak Filters(Outbreak Filter ) Submit( ) . Outbreak Filters . Outbreak Filter . Outbreak Filter , 415 . Outbreak Filter CASE(Context Adaptive Scanning Engine) . Anti-Spam Intelligent Multi-Scan .
(4: , 37 ), Security Services( ) > Outbreak Filters Enable() .
Adaptive Scanning( ) Outbreak Filters . ( ) . Adaptive Scanning( ) Outbreak Filters Global Settings(Outbreak Filter ) Enable Adaptive Rules( ) Submit() .
Outbreak Filter
Outbreak Filter "Emailed Alerts( )" . Outbreak Filter Outbreak Filter . System Administration( ) Alerts() . Outbreak Filter , SNMP Outbreak Filter, 422 .
URL URL
URL . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 412
(Outbreak Filter)
: outbreakconfig URL
· URL URL · URL URL · Outbreak Filter URL CLI(command-line interface) outbreakconfig .
· : outbreakconfig URL , 413 · Outbreak Filter , 414 · : outbreakconfig URL , 413
: outbreakconfig URL outbreakconfig URL .
mail.example.com> outbreakconfig Outbreak Filters: Enabled Choose the operation you want to perform: - SETUP - Change Outbreak Filters settings. []> setup Outbreak Filters: Enabled Would you like to use Outbreak Filters? [Y]> Outbreak Filters enabled. Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or back down below), meaning that new messages of certain types could be quarantined or will no longer be quarantined, respectively. Would you like to receive Outbreak Filter alerts? [N]> What is the largest size message Outbreak Filters should scan? [524288]> Do you want to use adaptive rules to compute the threat level of messages? [Y]> Logging of URLs is currently disabled. Do you wish to enable logging of URL's? [N]> Y Logging of URLs has been enabled. The Outbreak Filters feature is now globally enabled on the system. You must use the 'policyconfig' command in the CLI or the Email Security Manager in the GUI to enable Outbreak Filters for the desired Incoming and Outgoing
Mail Policies. Choose the operation you want to perform:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 413
Outbreak Filter
(Outbreak Filter)
- SETUP - Change Outbreak Filters settings. []>
Outbreak Filter
Outbreak Cisco Security Intelligence Operations , Outbreak 5 . . , 949 .
· Outbreak Filter , 414
Outbreak Filter
Outbreak Filters Rules(Outbreak Filter ) . Cisco (, ). . Update Rules Now( ) Cisco Outbreak .
Update Rules Now( ) Outbreak "" . Outbreak . Cisco Outbreak .
· Outbreak Filter , 414
Outbreak Filter 5 Outbreak Filter . Security Services( ) > Service Updates( ) . , 945 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 414
(Outbreak Filter)
Outbreak Filter
Outbreak Filter
Outbreak Filter . Outbreak Filter . Outbreak Filter . Policyconfig CLI (AsyncOS for Cisco Email Security Appliance CLI ).
Outbreak Filter Anti-Spam Intelligent Multi-Scan .
Outbreak Filter Outbreak Filters . Outbreak Filter Enable Outbreak Filtering (Customize Settings)(Outbreak Filtering ( )) . Outbreak Filter .
· · · · · · Outbreak Filter (: $threat_verdict, $threat_category, $threat_type,
$threat_description $threat_level) · :
· X-IronPort-Outbreak-Status · X-IronPort-Outbreak-Description
· Email Security Appliance Exchange Server · URL ·
Outbreak Filters Enable Outbreak Filtering (Inherit Default mail policy settings)(Outbreak Filtering ( )) . Outbreak Filter ( ) Outbreak Filter . .
· , 416 · , 416 · , 416 · , 417
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 415
(Outbreak Filter)
Quarantine Threat Level( ) . , . Cisco 3 . , 406 .
Outbreak . . Deliver messages without adding them to quarantine( ) .
Message Modification( ) .
CASE . Email Security Appliance CASE .
. CASE . . Bypass Attachment Scanning( ) Add Extension( ) . AsyncOS File Extensions to Bypass( ) . File Extensions to Bypass( ) .
· : , 416
: , (: .zip .doc ) . .doc , .doc .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 416
(Outbreak Filter)
Message Modification( ) .
AsyncOS Cisco URL . .
.
· , 417 · , 417 · Outbreak Filter , 417 · , 418 · URL , 418 · , 419
Message Modification Threat Level( ) . CASE . , . Cisco 3 .
, . , Outbreak Filter( ) (: $threat_verdict, $threat_category, $threat_type, $threat_description, $threat_level) . Insert Variables( ) .
Message Subject( ) . ( ) ( ) . [MODIFIED FOR PROTECTION] .
Message Subject( ) US-ASCII .
Outbreak Filter .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 417
(Outbreak Filter)
X-IronPortOutbreakStatus
X-IronPort-Outbreak-Status: X-IronPort-Outbreak-
$threat_verdict, level Status: Yes, level
$threat_level,
4, Phish - Password
$threat_category -
$threat_type
· ·
·
X-IronPortOutbreakDescription
X-IronPort-OutbreakDescription: $threat_description
X-IronPort-Outbreak-Description: It may trick victims into submitting their username and password on a fake website.
· Enable() ·
Outbreak Filter Email Security Appliance ( ), .
Outbreak Filter , Email Security Appliance Outbreak Filter . Outbreak Filter .
IP (IPv4 IPv6) FQDN Alternate Destination Mail Host( ) .
URL
, Outbreak Filter URL Cisco URL . ( URL , 403 .) . TOC . CASE SIO Outbreak . .
AsyncOS URL URL .
URL .
· Enable only for unsigned messages( ). AsyncOS URL , URL . Cisco URL .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 418
(Outbreak Filter)
Email Security Appliance DomainKeys/DKIM URL , Email Security Appliance DomainKeys/DKIM .
S/MIME S/MIME .
· Enable for all messages( ). AsyncOS URL . AsyncOS .
· Disable(). Outbreak Filter URL .
URL . Bypass Domain Scanning( ) IPv4 , IPv6 , CIDR , , . .
URL ( ). URL , 430 .
Email Security Appliance . HTML .
Threat Disclaimer( ) , Mail Policies( ) > Text Resources( ) Disclaimer Template( ) . . Preview Disclaimer( ) . , . , 622 .
Outbreak Filter Outbreak
Outbreak Filter Outbreak . "" ( , , , 847 ). (: Outbreak Outbreak ID , ) . Outbreak , 421 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 419
Outbreak
(Outbreak Filter)
· Outbreak , 420 · Outbreak , 421
Outbreak
, Outbreak .
Outbreak .
· Default Action( ) Release() . , , X-Header . , 851 .
· Default Action( ) Delete() .
· . ( ) . , , X-Header .
, Outbreak .
Default Action( ) Delete() Outbreak . Delete() . Outbreak Outbreak , 851 .
, Outbreak . .
( ), , .
Outbreak Filters . Outbreak Filter .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 420
(Outbreak Filter)
Outbreak
Outbreak
GUI Monitor() Outbreak . Outbreak Outbreak Quarantine Manage by Rule Summary Link( Outbreak ) .
31: Outbreak
· ID Outbreak , 421
ID Outbreak ID Outbreak Manage by Rule Summary( ) .
32: Outbreak
Outbreak ( ) , . . quarantineconfig -> outbreakmanage CLI . AsyncOS for Cisco Email Security Appliance CLI .
Outbreak Filter
Outbreak Filter .
· Outbreak Filter , 422 · Outbreak Filter , 422
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 421
Outbreak Filter
(Outbreak Filter)
· , 422 · , SNMP Outbreak Filter, 422
Outbreak Filter
Outbreak Filter Outbreak Filter Outbreak Filter . Monitor( ) > Outbreak Filters . " " .
Outbreak Filter
Outbreak Filter . Security Services( ) > Outbreak Filters .
Outbreak Filter Outbreak . . Outbreak , 421 , , , 847 .
, SNMP Outbreak Filter
Outbreak Filter AsyncOS SNMP . SNMP . AsyncOS SNMP "CLI " . AsyncOS Outbreak Filter ( ) . Outbreak 5, 50, 75 95 AsyncOS . 95% CRITICAL WARNING. . . , 962 . , , CASE .
Outbreak Filter
Outbreak Filter .
· Cisco , 423
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 422
(Outbreak Filter)
Cisco
· , 423 · , 423
Cisco
Cisco Outbreak Manage Quarantine( ) .
, , . .
Outbreak Filter . Outbreak Filter .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 423
(Outbreak Filter)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 424
18
URL
. · URL , 425 · URL , 426 · URL , 432 · URL , 436 · URL URL , 437 · URL , 438 · URL , 440 · URL , 441 · URL , 441 · URL , 441 · URL , 446
URL
, , . .
· URL URL Outbreak Filter . Cisco Web Security Appliance , . URL WBRS(Web Based Reputation Score) . Cisco Web Security Proxy URL .
·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 425
URL
URL
. , . · URL (: ) . · URL .
· URL , 426 · Web Interaction Tracking( ) , 819
URL
( ) URL . URL .
· http, https www · IP · (:) · URL , .
URL
· URL , 426 · URL , 427 · Cisco Web Security Services , 428 · , 429 · URL , 429 · URL , 430 · , 431
URL
URL , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 426
URL
URL
· , . IronPort Anti-Spam Intelligent Multi-Scan . .
· Outbreak Filter , . Outbreak Filter . URL
· Outbreak Filter . Outbreak Filter .
URL
Security Services( ) > URL Filtering(URL ) CLI websecurityconfig URL .
· URL . URL , 426 .
· ( ) URL URL . URL , 430 .
1 Security Services( ) > URL Filtering(URL ) . 2 Enable() . 3 Enable URL Category and Reputation Filters(URL ) . 4 ( ) URL
URL . Outbreak Filter .
5 ( ) . , 429 . 6 .
Outbreak Filters , URL .
· URL URL , 432 .
· URL URL , 432 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 427
Cisco Web Security Services
URL
· URL Cisco Web Security URL Cisco Web Security : , 366 .
· ( ) , 431 .
· . URL , 459 , AsyncOS , 964 .
Cisco Web Security Services
URL Cisco Web Security Services . Email Security Appliance , 1227 URL Cisco Web Security Services . HTTPS . ( , 945 ). URL , 428 . Security Services( ) > Service Updates( ) HTTP HTTPS Email Security Appliance Cisco Web Security Services . , 949 .
.
· URL , 428 · : SDS: , 442 · : SDS: , 442
URL
AsyncOS URL . . (System , Warning ) . , 962 . Cisco TAC . Cisco Web Security Services , 445 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 428
URL
URL (, ) . Web Interaction Tracking( ) URL, URL . Web Interaction Tracking( ) Web Interaction Tracking( ) , 819 . Cisco Aggregator Server .
· , 429 · Cisco Aggregator Server , 429
. · Outbreak Filter. Outbreak Filter URL . Outbreak Filter , 411 . · URL Filtering(URL ). ( ) URL . URL , 427 .
Cisco Aggregator Server
Email Security Appliance , 1227 URL 30 Cisco Aggregator Server ( ). HTTPS . ( , 945 ). Security Services( ) > Service Updates( ) HTTP HTTPS Email Security Appliance Cisco Aggregator Server . , 949 .
.
URL
· , URL . · URL , URL
, .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 429
URL
URL
· URL , URL .
· URL , URL .
· .
URL
URL URL , , Outbreak Filter, . URL Outbreak Filter . URL () URL URL . Outbreak Filter URL Mail Policies( ) > Outbreak Filters Bypass Domain Scanning( ) . URL URL . URL , 418 . URL SBRS . URL . URL , 431 .
1 Mail Policies( ) > URL Lists(URL ) . 2 Add URL List(URL ) .
URL . URL .
3 . URL URLs (;) Submit() . more( )... . URL, IP .
4 .
· URL URL , 427 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 430
URL
URL
· URL () URL , 432 , 293 . URL , 228 URL Category(URL ) , 189 .
· URL , 431
URL
URL URL .
1 . · URL . · URL .
2 /configuration . 3 CLI urllistconfig > new .
Outbreak Filtering( ) ( ) URL , Cisco Web Security Proxy . . Outbreak Filtering( ) URL 10 Cisco Web Security Proxy . (: , ) .
Cisco .
· URL . URL , 427 .
1 Security Services( ) > Block Page Customization( ) . 2 Enable() . 3 Enable Block Page customization( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 431
URL
URL
· URL. . · ·
4 . . . AsyncOS , .
5 ( ) Preview Block Page Customization( ) .
6 .
URL . · Outbreak Filter . URL , 403 . · URL , 432 .
URL
URL .
Outbreak Filter URL , URL .
URL .
· ( URL ) Neutral URL Cisco Cloud Web Security .
· Malicious() URL .
URL .
· (: ) URL .
· ( ) . ( URL ) Unclassified() URL Cisco Cloud Web Security .
· URL () , 433 · URL URL : , 433
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 432
URL
URL ()
· URL : URL URL , 434 · URL: , 436
URL ()
URL URL
.
.
, URL URL
.
: URL .
( URL URL URL URL
) URL URL . URL
.
.
.
, .
· URL URL : , 433 · URL : URL URL , 434
URL URL :
URL . URL URL URL URL .
Adult() URL Drop (Final Action)(( )) , Adult() URL Category(URL ) .
.
URL, URL URL URL . . . -8 ~ -10 -8 ~ -10 . URL "No Score( )" .
URL URL . URL , . , Cisco Web Security .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 433
URL : URL URL
URL
URL URL URL . URL . URL URL URL . URL URL .
URL .
URL URL URL , 459 .
· URL , 430 · , 283 · URL Reputation(URL ) , 188 · URL Category(URL ) , 189
URL : URL URL
URL URL URL URL . URL URL . , URL URL . URL . URL . . URL, URL URL URL . . . -8 ~ -10 -8 ~ -10 . URL "No Score( )" .
URL URL . URL , . , Cisco Web Security .
URL URL .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 434
URL
URL : URL URL
· URL . URL .
· , Cisco Web Security Proxy URL . : Uncategorized() URL Cisco Cloud Web Security Proxy Service . URL: , 436 . URL .
Cisco Cloud Web Security . .
· URL . URL $URL . : · Illegal Downloads( ) URL .
Message from your system administrator: A link to an illegal downloads web site has been removed from this message.
· URL .
WARNING! The following URL may contain malware: $URL
: WARNING: The following URL may contain malware: http://example.com. · .
http://custom_proxy/$URL
: http://custom_proxy/http://example.com
URL URL URL . URL URL . URL URL URL URL ( ) . () .
URL URL URL , 459 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 435
URL:
URL
· URL , 430 · URL Cisco Web Security : , 366 · , 283 · URL Reputation(URL ) , 188 · URL Category(URL ) , 189
URL:
Cisco Cloud Web Security : · , . · . (: , ) . , 431 . · Cisco Cloud Web Security Proxy Service . · .
· URL : URL URL , 434
URL
URL X-URL-ScanningError .
· URL · URL · URL URL
, Other Header( ) X-URL-LookUp-ScanningError .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 436
URL
URL URL
URL URL
URL URL URL URL . URL URL URL URL . URL URL 10 URL . URL 10 URL URL -10 URL . URL CLI websecurityadvancedconfig .
· URL . URL , 427 .
· URL URL .
· URL . URL HTTP .
: URL URL websecurityadvancedconfig URL URL .
mail.example.com> websecurityadvancedconfig
Enter URL lookup timeout (includes any DNS lookup time) in seconds: [5]>
Enter the URL cache size (no. of URLs): [810000]>
Do you want to disable DNS lookups? [N]>
Enter the maximum number of URLs that should be scanned: [100]>
Enter the Web security service hostname: [v2.sds.cisco.com]>
Enter the threshold value for outstanding requests: [50]>
Do you want to verify server certificate? [Y]>
Do you want to enable URL filtering for shortened URLs? [Y]> yes
For shortened URL support to work, please ensure that ESA is able to connect to the following domains:
bit.ly, tinyurl.com, ow.ly, tumblr.com, post/ly ..................
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 437
URL
URL
Enter the default time-to-live value (seconds): [30]> Do you want to rewrite both the URL text and the href in the message? Y indicates that the
full rewritten URL will appear in the email body. N indicates that the rewritten URL will only be visible in the href for HTML messages. [N]> Do you want to include additional headers? [N]> Enter the default debug log level for RPC server: [Info]> Enter the default debug log level for URL cache: [Info]> Enter the default debug log level for HTTP client: [Info]>
URL
'URL ' ETF URL . ETF 'URL ' .
· 'URL ' . · 'URL ' . · 'URL ' .
'URL ' URL .
· 'URL ' 11~20 .
· 'URL ' 4~10 .
· Cisco Email Security URL . URL Security Services > URL Filtering(URL ) . URL , 425 . · Cisco Email Security . Security Services > Outbreak Filters( ) . (Outbreak Filter), 399 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 438
URL
URL
· Cisco Email Security . Security Services > Anti-Spam() . Anti-Spam, 355 .
· ( ) URL . Mail Polices(Mail ) > URL Lists(URL ) . URL , 425 .
1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 URL Reputation(URL ) . 6 External Threat Feeds( ) . 7 URL ETF . 8 ( ) Cisco Email Security URL
. 9 / URL Check URLs within(
URL ) . 10 OK() . 11 Add Action( ) . 12 URL Reputation(URL ) . 13 External Threat Feeds( ) . 14 ETF (7). 15 ( ) 8 URL . 16 ' ' / ' ' URL Check URLs within(
URL ) . 17 / URL .
16 'Check URLs within( URL )' 'Attachments( )' .
18 . 19 OK() . 20 .
WBRS( ) ETF URL , WBRS URL ETF URL .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 439
URL
URL
URL
, ETF URL URL 'URL ' . :
defang_url_in_message: if (url-external-threat-feeds (['etf_source1'], <'URL_whitelist'>, <'message_attachments'> , <'message_body_subject'> ,)) { url-etf-defang(['etf-source1'], "", 0); } <'URL_whitelist'> , <'Preserve_signed'>)}
· `url-external-threat-feeds' URL . · `etf_source1' URL ETF . · `URL_whitelist' URL . URL "" . · `message_attachments' URL . '1' URL . · 'message_body_subject' URL . '1' URL .
"1,1" , URL .
· 'url-etf-defang' URL . URL ETF . · url-etf-strip(['etf_source1'], "None", 1) · url-etf-defang-strip(['etf_source1'], "None", 1, "Attachment removed") · url-etf-defang-strip(['etf_source1'], "None", 1) · url-etf-proxy-redirect(['etf_source1'], "None", 1) · url-etf-proxy-redirect-strip(['etf_source1'], "None", 1) · url-etf-proxy-redirect-strip(['etf_source1'], "None", 1, " Attachment removed") · url-etf-replace(['etf_source1'], "", "None", 1) · url-etf-replace(['etf_source1'], "URL removed", "None", 1)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 440
URL
URL
· url-etf-replace-strip(['etf_source1'], "URL removed ", "None", 1) · url-etf-replace-strip(['etf_source1'], "URL removed*", "None", 1, "Attachment removed")
· 'Preserve_signed' '1' '0' . '1' '0' .
URL ETF .
Strip_Malicious_URLs: if (true) {url-etf-strip(['threat_feed_source'], "", 0);}
URL
URL Monitor() > URL Filtering(URL ) . URL Filtering(URL ) , 818 .
URL
URL :
· . · URL URL /
. · URL . URL , 418
. · URL . URL URL , 412
. , 842 . , 898 .
URL
· , 442 · : SDS: , 442 · : SDS: , 442 · Cisco Web Security Services , 443
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 441
URL
· : Cisco Aggregator Server , 443 · : Cisco Aggregator Server , 444 · websecurityadvancedconfig , 444 · , 444 · URL Outbreak Filter , 444 · URL , 445 · URL , 445 · Cisco Web Security Services , 445
URL .
· (mail_logs). URL (URL ) .
· URL (web_client). URL , , .
Info() Debug() .
.
"SDS" URL .
: SDS:
.
Cisco Web Security Services(URL ) Cisco Aggregator Server( ) . . 1. . 2. URL . 3. Cisco TAC .
: SDS:
SDS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 442
URL
Cisco Web Security Services
URL Cisco Web Security Services .
Cisco Web Security Services , 445 .
Cisco Web Security Services
Security Services( ) > URL Filtering(URL ) Cisco Web Security Services .
· URL . · Cisco Web Security Services . , 966
. : SDS: , 442 : SDS: , 442 . · Security Services > Service Updates( ) , . · . · SDS URL , sent 1-12 CLI websecuritydiagnostics websecurityadvancedconfig .
· Response Time( ) DNS Lookup Time(DNS ) URL Lookup Timeout(URL ) , URL Lookup Timeout(URL ) .
· .
· URL , Cisco Web Security Services SDS URL . "SDS" Cisco Web Security Services . TAC .
: Cisco Aggregator Server
Unable to Connect to the Cisco Aggregator Server(Cisco Aggregator Server ) .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 443
: Cisco Aggregator Server
URL
1. ping Cisco Aggregator Server . CLI aggregatorconfig Cisco Aggregator Server .
2. Security Services( ) > Service Updates( ) , .
3. . 4. DNS . 5. Cisco TAC .
: Cisco Aggregator Server
Unable to retrieve web interaction tracking information from the Cisco Aggregator Server(Cisco Aggregator Server ) . . 1. Security Services > Service Updates( ) ,
. 2. . 3. DNS . 4. Cisco TAC .
websecurityadvancedconfig
TAC websecurityadvancedconfig .
URL . , 845 .
URL Outbreak Filter
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 444
URL
URL
URL Outbreak Filter .
· Outbreak Filter , . URL , . Outbreak Filter , 415 , 362 . URL .
· Email Security Appliance Cisco Web Security Services . Cisco Web Security Services , 443 .
URL
URL .
· ( ) . · Email Security Appliance Cisco Web Security Services
. Cisco Web Security Services , 443 . · URL .
URL URL , 459 . URL .
URL
URL Cisco Web Security Proxy .
. · . · , Cisco Web Security Proxy . .
Cisco Web Security Services
Cisco Web Security Services .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 445
URL
URL
1 . 2 Network() > Certificates() CLI certconfig . 3 CLI websecurityconfig . 4 Cisco Web Security Services Authentication . 5 webcacheflush .
URL
· URL , 446 · URL , 459 · URL URL , 459 · URL , 459
URL
URL Web Security Appliance AsyncOS .
URL
Category(URL
)
URL
adlt 1006 www.adultentertainmentexpo.com . www.adultnetline.com ( , , , ), , , , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 446
URL
URL
URL
Category(URL
)
URL
adv 1027 www.adforce.com , www.doubleclick.com . " " .
alc 1077 , www.samueladams.com , , www.whisky.com , , , , . " " . " " .
art 1002 , www.moma.org , , , www.nga.gov , , , , , . TV " " .
astr 1074 , , , , www.astro.com
, www.astrology.com .
auct 1088 , www.craigslist.com
www.ebay.com .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 447
URL
URL
URL
Category(URL
)
URL
busi
1019
, , , www.freightcenter.com , , , , www.staples.com , , , ( ), , , , , , : , , , , , , , , ( , , , , , , , , , , , ) .
chat
1040 www.icq.com
.
www.meebo.com
plag
1051
www.bestessays.com
www.superiorpapers.com
cprn 1064 --
.
csec 1065 www.computersecurity.com
www.symantec.com .
comp 1003
www.xml.com , www.w3.org , , , , , , , . " " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 448
URL
URL
URL
Category(URL
)
URL
date 1055 , www.eharmony.com
, www.match.com .
card 1082 e- www.all-yours.net
.
www.delivr.net
food 1061 , www.hideawaybrewpub.com
, , www.restaurantrow.com ,
.
dyn
1091
http://109.60.192.55
http://dynalink.co.jp IP . http://ipadsl.net
.
edu 1001 , , , www.education.com , , www.greatschools.org , , , , , .
ent
1093
www.eonline.com
, , TV, www.ew.com , , , . "" .
extr
1075
, www.car-accidents.com , www.crime-scene-photos.com (: , , , ), .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 449
URL
URL
URL
Category(URL
)
URL
fash 1076 , , , www.fashion.net , , , www.findabeautysalon.com , , . " " .
fts
1071
www.rapidshare.com
www.yousendit.com
.
filt 1025 www.bypassschoolfilter.com
www.filterbypass.com cgi, php, glype .
fnnc 1015 , , finance.yahoo.com , , , , www.bankofamerica.com , , , , ,
. " " .
free
1068 www.freewarehome.com
.
www.shareware.com
gamb 1049
, www.888.com , , www.gambling.com , , , . " " . "" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 450
URL
URL
URL
Category(URL
)
URL
game
1007
, , www.games.com , , www.shockwave.com , , , , , (: ) .
gov 1011 , , www.usa.gov / , www.law.com (: , , , , , , ), , , , , , , , , (: , , ), .
hack 1050 , www.hackthissite.org
www.gohacking.com .
hate 1016 , , , www.kkk.com , , , , , www.nazi.org , , , , , , , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 451
URL
URL
URL
Category(URL
)
URL
hlth 1009 , , www.health.com , , , , www.webmd.com , , , , , , ( ), /// ( ), , , , , , , ( ), .
lol 1079 , , www.humor.com . www.jokes.com
"" .
ilac 1022 , , www.ekran.no , , , www.thedisease.net , , .
ildl
1084
www.keygenguru.com www.zcrack.com , , . " " .
drug 1047 , , www.cocaine.org . www.hightimes.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 452
URL
URL
URL
Category(URL
)
URL
infr
1018
www.akamai.net , www.webstat.net .
voip 1067 www.evaphone.com
.
www.skype.com
job
1004
, www.careerbuilder.com , , www.monster.com , , .
ling
1031 www.swimsuits.com
.
www.victoriassecret.com
lotr 1034 , www.calottery.com
.
www.flalottery.com
cell 1070 SMS( ), www.cbfsms.com www.zedge.net . " " .
natr 1013 , , www.enature.com , , , , www.nature.org , , , , (, , , , , , ), (, , , , , , , , ), ( , , , , , , ), , , , , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 453
URL
URL
URL
Category(URL
)
URL
news
1058
, , , TV www.cnn.com
, , , news.bbc.co.uk .
ngo 1087 , , , www.panda.org
, www.unions.org .
nsn 1060 , , www.artenuda.com
, www.naturistsociety.com .
comm 1024
, www.igda.org , , www.ieee.org . " " " " .
osb
1066
, , www.adrive.com
www.dropbox.com
P2P(Peer-to-peer)
.
trad 1028 , www.tdameritrade.com www.scottrade.com , , , , , , , , IPO, . "" . "" .
pem 1085 -- ( Outlook Web Access ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 454
URL
URL
URL
Category(URL
)
URL
park
1092
www.domainzaar.com www.parked.com , " " . .
p2p
1056
P2P(Peer-to-Peer) www.bittorrent.com . www.limewire.com
.
pers 1081 , www.karymullis.com , www.stallman.org ,
.
img
1090
, , www.flickr.com
www.photobucket.com .
pol 1083 , , // www.politics.com
/ www.thisnation.com .
porn 1054 www.redtube.com . www.youporn.com , , , , , , , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 455
URL
URL
URL
Category(URL
)
URL
pnet
1089
www.linkedin.com
. www.europeanpwn.net " " .
rest 1045 , www.realtor.com
, (: www.zillow.com , , , )
.
ref 1017 / , , , www.wikipedia.org
, , www.yellowpages.com .
rel 1086 , www.religionfacts.com
, www.religioustolerance.org .
SaaS B2B
saas 1080 , www.netsuite.com
www.salesforce.com .
kids 1057 kids.discovery.com
www.nickjr.com .
sci
1012
www.physorg.com
, , , www.science.gov , , , , , , (, , ), (, ) .
srch
1020
www.bing.com
www.google.com .
sxed 1052 , , , www.avert.org
www.scarleteen.com .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 456
URL
URL
URL
Category(URL
)
URL
shop 1005 , , www.amazon.com
, www.shopping.com , ,
.
snet
1069 . " www.facebook.com " . www.twitter.com
socs 1014 , , , www.archaeology.org
, , , , , www.anthropology.net ,
.
scty 1010 , , , www.childcare.gov
, , www.familysearch.org .
swup
1053
www.softwarepatch.com
www.versiontracker.com .
sprt
1008
, www.espn.com , , , www.recreation.gov , , , , , , , .
aud
1073
www.live-radio.net
www.shoutcast.com .
vid
1072
TV, , www.hulu.com
www.youtube.com .
tob 1078 , www.bat.com , ( www.tobacco.org
) . " " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 457
URL
URL
URL
Category(URL
)
URL
trns 1044 , www.cars.com , www.motorcycles.com / , , / /RV( ) . , " " .
trvl 1046 , , www.expedia.com , , www.lonelyplanet.com , , , , , , , .
-- -- Cisco -- . URL .
weap
1036
, , www.coldsteel.com , , www.gunbroker.com , , , . " " .
whst 1037 , www.bluehost.com
.
www.godaddy.com
tran
1063 babelfish.yahoo.com
.
translate.google.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 458
URL
URL
URL
Category(URL
)
URL
mail
1038
mail.yahoo.com
. www.hotmail.com
" " .
URL
URL URL URL , 459 .
URL URL
URL URL . https://securityhub.cisco.com/web/submit_urls URL Status on Submitted URLs( URL ) .
URL
, URL . , , , , . , (System , Warning ) . . . , 964 . .
· . · .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 459
URL
URL
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 460
19
File Reputation Filtering and File Analysis( )
. · , 461 · , 465 · , 484 · , 487 · , 487
Advanced Malware Protection .
· · ·
. . ( ) .
· "" " "() Cisco AMP Virtual Virtual Private Cloud . , 466 .
· Cisco AMP Threat Grid . , 467 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 461
File Reputation Filtering and File Analysis( )
. . AMP . . . Low Risk( ). , . . , 463 .
· , 484 · , 487
.
MIME " " . . " " . . " " "" .
. :
· "" . · workqueue
. ·
. ·
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 462
File Reputation Filtering and File Analysis( )
· ( , 463 ) workqueue .
· ( , 463 ) ( , 479 ) . BE(Best Effort). .
· . . .
· , .
33: Advanced Malware Protection
: · : HTTPS . · . · . . · Cisco AMP Threat Grid .
, 462 .
. ID . . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 463
File Reputation Filtering and File Analysis( )
Cisco . Cisco Advanced Malware Protection (https://www.cisco.com/c/en/us/support/security/email-security-appliance/ products-user-guide-list.html) . . Cisco . https://tools.cisco.com/RPF/register/register.do . Advanced Malware Protection .
( ) . File Analysis( ) SHA-256 .
· , 468 · Advanced Malware Protection , 483 · , 464
· . , 463 .
· .
· .
· ( ).
· , .
· . ( ).
· . · 20 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 464
File Reputation Filtering and File Analysis( )
· 5 . · 200 . · 50MB . · .
MIME (: /) .
· SHA . .
· .
· "" . . Cisco AMP Threat Grid .
· . Cisco Email Security Appliance "SenderBase " AMP .
· , 466 · , 466 · , 467 · , 468 · ( ) , 475 · , 477 · , 479 · , 480 · , 482 · X- , 482 · , 482 · Advanced Malware Protection , 483 · Advanced Malware Protection , 483
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 465
File Reputation Filtering and File Analysis( )
· Advanced Malware Protection , 484
· Email Security Appliance . , Cisco AMP Threat Grid Appliance .
· .
· . Security Services( ) > File Reputation and Analysis( ) .
· .
In/Out
32137( ) 443
TCP .
443
TCP
.
Out Security Services( ) ,
> Anti-Malware and
Reputation(
),
.
Out
. Security Services( )
> Anti-Malware and
Reputation(
), Advanced()
.
Cisco AMP Virtual Private Cloud Appliance :
· http://www.cisco.com/c/en/us/support/security/fireamp-private-cloud-virtual-appliance/tsd-products-support-series-home.html FireAMP Private Cloud Cisco Advanced Malware Protection Virtual Private Cloud Appliance .
.
AMP Virtual Private Cloud Appliance Help() .
· "" "Air-Gap"(-) Cisco AMP Virtual Private Cloud Appliance .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 466
File Reputation Filtering and File Analysis( )
· Cisco AMP Virtual Private Cloud Appliance 2.2 . Cisco Email Security Appliance .
· Email Security Appliance AMP Virtual Private Cloud
· Email Security Appliance .
Email Security Appliance , 468 6 .
Cisco AMP Threat Grid :
· Cisco AMP Threat Grid Cisco AMP Threat Grid . Cisco AMP Threat Grid Appliance http://www.cisco.com/c/en/us/support/security/amp-threat-grid-appliances/products-installation-guides%20-list.html .
.
AMP Threat Grid Help() .
Cisco , CSA(Cisco Sandbox API), ESA(Email Security Appliance), .
· Cisco AMP Threat Grid . · Cisco AMP Threat Grid Appliance 1.2.1 Cisco
Email Security Appliance .
AMP Thread Grid .
· . Cisco Email Security Appliance AMP Threat Grid Appliance CLEAN .
· : Email Security Appliance Cisco AMP Threat Grid Appliance SSL . AMP Threat Grid SSL . AMP Threat Grid CN . AMP Threat Grid .
· , 468 Email Security Appliance Threat Grid Appliance . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 467
File Reputation Filtering and File Analysis( )
· . · , 466 . · . · Cisco AMP Virtual Private Cloud Appliance
, 466 . · Cisco AMP Threat Grid Appliance
, 467 .
1 2 3
Security Services( ) > File Reputation and Analysis( ) . Edit Global Settings( ) . Enable File Reputation Filtering( ) Enable File Analysis( ) .
· Enable File Reputation Filtering( ) URL File Reputation Server( )(6) .
· , Enable File Analysis( ) File Analysis Server URL( URL)(7) URL
, . .
4 5
.
File Analysis( ) (: "Microsoft ") .
. , 463
Cisco . . Other potentially malicious file types( ) . .
6 Advanced Settings for File Reputation( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 468
File Reputation Filtering and File Analysis( )
.
. .
· - Cisco AMP Virtual Private Cloud Appliance IP .
· - . . Upload File( ) .
.
AMP for Endpoints Register the Appliance with AMP for Endpoints(AMP for Endpoints ) AMP for Endpoints Console . AMP for Endpoints Console , 472 .
SSL
32137 443 Use SSL(Port 443)(SSL ( 443)) . SSH Cisco AMP Virtual Private Cloud Appliance .
32137 SSL .
. , .
Use SSL (Port 443)(SSL ( 443)) Relax Certificate Validation( ) . , .
Advanced Settings for File Reputation( ) SSL Communication for File Reputation( SSL ) Use SSL (Port 443)(SSL ( 443)) CLI certconfig > CERTAUTHORITY > CUSTOM Network() > Certificates()( ) AMP CA . (Configuration() > SSL > Cloud server( ) > download( )).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 469
File Reputation Filtering and File Analysis( )
ping ().
. .
· (60) · Enter Custom Value( ) - 60.
ID
().
().
( ) ID.
, , Suppress the retrospective verdict alerts( ) .
Cisco .
7 Advanced Settings for File Analysis( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 470
File Reputation Filtering and File Analysis( )
URL
Private analysis cloud( )(URL) .
. .
Cisco AMP Threat Grid .
· - URL.
· TG - Cisco AMP Threat Grid IPv4 . 7 Cisco AMP Threat Grid .
Cisco AMP Threat Grid . .
· Certificate Authority( ) Use Cisco Default Certificate Authority(Cisco ) Use Uploaded Certificate Authority( ) .
Use Uploaded Certificate Authority( ) Browse() . .
ID
Cisco AMP Threat Grid , Cisco AMP Threat Grid (: https://panacea.threatgrid.eu) . Cisco AMP Threat Grid Cisco TAC .
( ) ID.
8 9
( ) Cache Settings( ) .
Threshold Settings( ) . . .
· Use value from Cloud Service (95)( (95) )
· Enter Custom Value( ) - 95
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 471
AMP for Endpoints Console
File Reputation Filtering and File Analysis( )
10 . 11 Cisco AMP Threat Grid AMP Threat Grid
.
"" AMP Threat Grid .
a) ID . "" . b) AMP Threat Grid . c) Welcome...(...) > Manage Users( ) User Details( ) . d) Email Security Appliance ID "" . e) "" .
AMP for Endpoints Console
AMP for Endpoints Console AMP for Endpoints Console .
· .
· SHA .
· .
· SHA .
· .
· .
· .
· .
· .
· SHA .
AMP for Endpoints Console , . SHA SHA AMP for Endpoints Console SHA . SHA AMP for Endpoints Console SHA . Advanced Malware Protection Incoming Malware Files by Category( ) Custom Detection( ) AMP for Endpoints Console SHA . SHA Incoming Malware Threat Files( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 472
File Reputation Filtering and File Analysis( )
AMP for Endpoints Console
Simple Custom Detection( ) . More Details( ) AMP for Endpoints Console SHA .
AMP for Endpoints Console . AMP for Endpoints Console Cisco TAC . . , 468 .
1 Security Services( ) > File Reputation and Analysis( ) . 2 Edit Global Settings( ) . 3 File Reputation and File Analysis( ) Advanced Settings for File
Reputation( ) Register Appliance with AMP for Endpoints(AMP for Endpoints ) . Register the Appliance with AMP for Endpoints(AMP for Endpoints ) AMP for Endpoints Console .
4 AMP for Endpoints Console . 5 AMP for Endpoints Allow() .
Allow() File Reputation and Analysis( ) . AMP for Endpoints Console Integration(AMP for Endpoints Console ) . AMP for Endpoints Console .
:
· AMP for Endpoints Console Accounts() > Applications() AMP for Endpoints Console . AMP for Endpoints Console Applications() .
· ( ) ( ) . SHA . AMP for Endpoints SHA https://console.amp.cisco.com/docs AMP for Endpoints .
· AMP for Endpoints Console , Advanced Settings for File Reputation( ) Deregister( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 473
AMP for Endpoints
File Reputation Filtering and File Analysis( )
https://console.amp.cisco.com/ AMP for Endpoints Console . https://console.amp.cisco.com/docs AMP for Endpoints .
AMP for Endpoints Console . AMP for Endpoints Console .
SHA SHA AMP for Endpoints Console .
AMP for Endpoints
AMP for Endpoints . AMP for Endpoints .
AMP for Endpoints Console . AMP for Endpoints Console Cisco TAC .
1 2 3 4
5 6 7 8
. Security Services > File Reputation and Analysis( ) . Centralized Management Options( ) Manage Settings( ) . Copy settings to( ): ' ' . Submit() . . File Reputation and Analysi( ) Edit Global Settings( ) . File Reputation and File Analysis( ) Advanced Settings for File Reputation( ) Register Appliance with AMP for Endpoints(AMP for Endpoints ) .
Register the Appliance with AMP for Endpoints(AMP for Endpoints ) AMP for Endpoints Console .
9 AMP for Endpoints Console . 10 AMP for Endpoints Allow() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 474
File Reputation Filtering and File Analysis( )
!
Allow() File Reputation and Analysis( ) . AMP for Endpoints Console Integration(AMP for Endpoints Console ) . AMP for Endpoints .
11 File Reputation and Analysi( ) Submit() . 12 Centralized Management Options( ) Manage Settings( ) . 13 Delete settings from( ):
. 14 Submit() . 15 . 16 AMP for Endpoints 1~15 . 17 AMP for Endpoints .
AMP for Endpoints . . AMP for Endpoints .
!
.
· . .
· . AMP . .
Cisco AMP Thread Grid ( http://www.cisco.com/c/en/us/support/security/amp-threat-grid-appliances/products-installation-guides -list.html) .
( )
.
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 475
?
File Reputation Filtering and File Analysis( )
1 Security Services > File Reputation and Analysis( ) . 2 Appliance Grouping for File Analysis Cloud Reporting( )
File Analysis Group ID( ID) . · . · ID / . · ID . ID . · ID Cisco TAC . · . · . · . · .
3 Group Now( ) .
?
1 Security Services > File Reputation and Analysis( ) . 2 Appliance Grouping for File Analysis Cloud Reporting( )
View Appliances( ) . 3 ID .
ID
Email Security Appliance
Security Services( ) > File Reputation and Analysis( ) Advanced Settings for File Analysis( )
Web Security Appliance
Security Services > Anti-Malware and Reputation( ) Advanced Settings for File Analysis( )
Security Management Appliance Management Appliance( ) > Centralized Services( ) > Security Appliances( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 476
File Reputation Filtering and File Analysis( )
1 Mail Policies( ) > Incoming Mail Policies( ) Mail Policies( ) > Outgoing Mail Policies( ) .
2 Advanced Malware Protection . 3 .
· Cisco AMP Threat Grid Appliance Enable File Analysis( ) .
· . . · : · · RFC . · 200 · 5 ·
· - .
· AMP : · . · . · ·
· AMP . · · ·
· . · mbox amparchive . AMP Archive(amparchive) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 477
File Reputation Filtering and File Analysis( )
· (: [: ])
·
· Yes() .
· . Yes() .
· . · . , .
· mbox amparchive . AMP Archive(amparchive) .
· (: [: ])
·
· AsyncOS . . ·
· mbox amparchive . AMP Archive(amparchive) .
·
· (: [: ])
·
· Yes() .
· . Yes() .
· AsyncOS . . ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 478
File Reputation Filtering and File Analysis( )
· mbox amparchive . AMP Archive(amparchive) .
· (: [: ])
· · Yes()
. · . Yes()
.
· ( ) . Enable Mailbox Auto Remediation( ) . · . (: ) . · . . · . . Office 365 (: ) .
Mailbox Auto Remediation( ) . Office 365 , 561
4 .
workqueue . . .
1 Mail Policies( ) > Incoming Mail Policies( ) Mail Policies( ) > Outgoing Mail Policies( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 479
File Reputation Filtering and File Analysis( )
2 Advanced Malware Protection . 3 Messages with File Analysis Pending( ) Action Applied to Message(
) Quarantine() . . , 480 . 4 ( ) .
· mbox amparchive . AMP Archive(amparchive) .
· (: [: ])
·
4 . · . · . · .
5 .
, 480
· , 480 · , 481
1 Monitor() > Policy, Virus, and Outbreak Quarantines(, , ) . 2 File Analysis( ) . 3 .
1 . 4 AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 480
File Reputation Filtering and File Analysis( )
5 Retention Period( ) Free up space by applying default action on messages upon space overflow( ) .
6 Default Action( ) Release() .
.
, .
ASCII RFC 2047 .
X-Header
X-Header . . . : = Inappropriate-release-early Value = True
.
7 .
.
.
.
.
8 .
1 Monitor() > Policy, Virus, and Outbreak Quarantines(, , ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 481
File Reputation Filtering and File Analysis( )
2 . 3 .
· Delete · · ·
Cisco Email Security Appliance " , " .
X-
X- . X- .
/ .
(/ )
X-Amp-Result
Unscannable( )
X-Amp-Original-Verdict
. .
X-Amp-File-Uploaded
"".
X- .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 482
File Reputation Filtering and File Analysis( )
Advanced Malware Protection
Advanced Malware Protection
, Advanced Malware Protection . . .
Advanced Malware Protection
Advanced Malware Protection . .
( ) Cisco AMP Threat
Grid Appliance
.
, 468
( )
AMP .
. AMP
watchdog AMP .
.
AMP
AMP . .
AMP .
AMP .
· , 488 · , 487
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 483
Advanced Malware Protection
File Reputation Filtering and File Analysis( )
Advanced Malware Protection
Security Management Appliance Advanced Malware Protection .
· SHA-256 , 484 · , 485 · , 486 · Message() Advanced Malware Protection , 486
SHA-256
(SHA-256) . SHA-256 . SHA-256 . SHA-256 (
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 484
File Reputation Filtering and File Analysis( )
AMP(Advanced Malware Protection)
.
AMP . Advanced Malware Protection .
SHA Advanced Malware Protection .
Incoming Malware Files by Category( ) Custom Detection( ) AMP for Endpoints Console SHA .
AMP for Endpoints Console SHA Incoming Malware Threat Files( ) Simple Custom Detection( ) .
Incoming Malware Threat Files( ) Custom Threshold( ) .
More Details( ) AMP for Endpoints Console SHA .
AMP .
Advanced Malware Protection
( ) .
Cisco AMP Threat Grid "" . AMP Threat Grid .
1,000 .csv .
.
SHA Cisco AMP Threat Grid AMP Threat Grid SHA .
SHA .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 485
File Reputation Filtering and File Analysis( )
Advanced Malware Protection
. , 462 .
1,000 .csv .
SHA-256 .
SHA-256
SHA-256 SHA-256 .
. Detected by Advanced Malware Protection(Advanced Malware Protection /)" . Columns() .
Message() Advanced Malware Protection
Message() . · . Advanced( ) Message Event( ) Advanced Malware Protection Positive . · Message() . , . . · SHA-256
· Advanced Malware Protection
·
· AMP . Message() . () SHA-256 .
· . . Reporting() Monitor() > File Analysis( ) SHA-256 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 486
File Reputation Filtering and File Analysis( )
. .
Message() .
1 AMP . 2
SHA-256 . 3
. 4 SHA-256
.
, 462
· , 487 · , 488 · , 488 · API ( ) , 488 · , 489 · , 489
:
· AMP amp . · Retrospective . · VRT sandboxing .
Advanced Malware Protection AMP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 487
File Reputation Filtering and File Analysis( )
AMP . "Response received for file reputation query( )" "upload action( )" .
· 0: . · 1: · 2: . "Disposition()" . · 1: ( ) · 2: · 3:
Spyname .
. .
. ( .)
· , 466 .
· . · .
Security Services( ) > File Reputation and Analysis( ) . Advanced() .
API ( )
Email Security Appliance AMP Threat Grid API .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 488
File Reputation Filtering and File Analysis( )
AMP Threat Grid AMP Threat Grid ( ). .
· AMP Threat Grid Appliance . · Email Security Appliance . · AMP Threat Grid API . AMP Threat Grid Appliance
.
· , 468
. . .
· .
. . .
· . · .
. . · , AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 489
File Reputation Filtering and File Analysis( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 490
20
. · , 491 · , 493 · , 493 · DLP( ) , 494 · , 494 · , 512 · DLP , 517 · DLP , 518 · DLP , 519 · Data Loss Prevention , 520
DLP(Data Loss Prevention) , . DLP , .
· DLP , 492 · , 492
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 491
DLP
DLP
1.
Email Security Appliance
.
""
.
.
2.
Email Security Appliance DLP DLP
" "
.
.
DLP , 57 .
3.
DLP , 492
, .
.
4.
. ,
, 512 .
.
, Email Security Appliance .
. DLP .
( ) , , (: ) DLP .
. , ((Visa, AMEX ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 492
DLP , DLP . DLP , .
0~100 . DLP .
(: Critical Low) , DLP .
C-Series X-Series (D-Mode ).
.
1 DLP .
DLP( ) , 494
2 , 512 . .
3 DLP .
.
· ·
· DLP , 496 · DLP ,
497 · DLP () , 498
4 DLP DLP DLP , 510 DLP DLP .
5 DLP , 269 .
.
DLP /
DLP
, 509 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 493
DLP( )
6 DLP DLP DLP , 511 .
7 DLP .
· DLP , 517
· , 898
DLP( )
1 Security Services( ) > Data Loss Prevention( ) . 2 Enable() . 3 Accept() .
DLP . 4 Data Loss Prevention Global Settings( ) Enable Data Loss Prevention(
) . 5 ( ) .
. 6 .
, 493 .
· DLP , 517 · DLP , 496 · DLP , 518
· DLP , 495 · DLP , 495 · DLP , 496
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 494
DLP
· DLP , 497 · DLP () , 498 · , 499 · DLP , 509 · , 510 · DLP , 510 · DLP , 511 · DLP , 512
DLP
DLP .
· ·
.
· . , . , 499 .
· . DLP , 509 .
· . DLP , 509 .
· . , 510 .
DLP .
DLP
DLP .
.
· Regulatory Compliance( ). , .
· Acceptable Use( ). , .
· Privacy Protection( ). , ID .
· Intellectual Property Protection( ). .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 495
DLP
· Company Confidential( ). .
· Custom Policy( ). "" . , .
.
DLP
DLP DLP .
DLP DLP DLP . .
· DLP . DLP DLP .
· , , . , 503 .
1 Security Services( ) > Data Loss Prevention( ) . 2 Edit Settings( ) . 3 Enable and configure DLP using the DLP Assessment Wizard(DLP DLP )
. 4 Submit() . 5 .
. · PII(personally identifying information) (California SB-1386) . . · DLP Incident Summary . · , . . · DLP Outgoing Mail Policies( ) . DLP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 496
DLP
6 .
· ( ) DLP , , , Mail Policies( ) > DLP Policy Manager(DLP ) . DLP , 497 , DLP () , 498 , 510 . · ( ) DLP DLP , 511 .
· DLP , 497 · DLP () , 498
DLP
1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Add DLP Policy(DLP ) . 3 DLP .
Display Policy Descriptions( ) .
4 DLP Add() . 5 ( ) . 6 ,
( ) . . , 499 , 503 .
.
7 ( ) , , DLP . DLP , 509 . .
8 Severity Settings( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 497
DLP ()
· . , 510 .
· ( ) Edit Scale( ) . , 510 .
9 .
· DLP , 496 · DLP () , 498
DLP ()
. DLP .
DLP , . , DLP . : . DLP , 502 . .
1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Add DLP Policy(DLP ) . 3 Custom Policy( ) . 4 Custom Policy( ) Add() . 5 . 6 DLP .
a) . b) Add() .
· Create a Classifier( ) DLP , 502 .
· .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 498
c) ( ) . , NOT .
d) : .
7 ( ) , , DLP . DLP , 509 . .
8 Severity Settings( ) · . , 510 .
· ( ) Edit Scale( ) . , 510 .
9 .
· DLP , 496 · DLP , 497
, . . . . . . HIPAA HITECH DLP . . 123-CL456789 [0-9]{3}\-[A-Z]{2}[0-9]{6} . "Patient ID" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 499
. . "Patient ID" DLP DLP .
DLP
DLP RSA . .
DLP .
· , 500 · DLP , 502 · ( DLP ) , 503 · , 503 · DLP ( DLP ) , 505 · , 506 · , 508
.
· , 500 · US Social Security Number( ), 501 · ABA , 501 · () , 501 · NPI(National Provider ID)(), 501 · (), 502 · (), 502
DLP Credit Card Number( ) . , , . . .
:
· 378734493671000( ) · 378734493671000 VISA() · 378734493671000 : 12/2019()
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 500
US Social Security Number( )
US Social Security Number( ) US Social Security Number( ) , , SSN .
:
· 321-02-3456( ) · SSN: 132-45-6788()
ABA
ABA Routing Number(ABA ) Credit Card Number( ) .
:
· 119999992( ) · ABA No. 800000080()
()
US Drivers License( ) . , . California AB-1298 Montana HB-732 .
, .
:
· CA DL# C3452362( ) · California DL# C3452362() · DL: C3452362( ) · California C3452362( ) · OR DL# C3452362() · OR DL# 3452362(Oregon ) · WV DL# D654321(West Virginia ) · WV DL# G654321()
NPI(National Provider ID)()
US National Provider Identifier( NPI) 10 NPI(National Provider Identifier) .
:
· NPI No. 1245319599(NPI ) · NPI No. 1235678996(NPI ) · 3459872347( ) · NPI: 3459872342( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 501
()
()
FERPA(Family Educational Rights and Privacy Act) DLP Student Records( ) . Student Identification Number( ) ID .
:
· : CHEM101, ECON102, MATH103()
()
SOX(Sarbanes-Oxley) Corporate Financials( ) . : 2016 6 30 , . ()
DLP
DLP .
1 DLP .
:
· , 499
· , 500
2 Mail Policies( ) > DLP Policy
--
Customizations(DLP ) Add
Custom Classifier( ) .
.
3 .
, 506 .
4 :
.
· (
·
DLP ) , 503
·
· DLP ( DLP )
·
, 505
·
· , 503
5 ( ) Add Rule( ) Weight() Max Score( )
.
, 506
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 502
( DLP )
6 Rules() . (All) (Any) .
7 .
--
DLP . DLP () , 498 .
· , 508
( DLP )
DLP . .
· . . .
· . . . , 503 , 505 .
· . . . DLP ( DLP ) , 505 .
· . , , , ABA . Mail Policies( ) > DLP Policy Manager(DLP ) Add DLP Policy(DLP ), Privacy Protection( ), Display Policy Descriptions( ) .
. ( , ID) . Perl Compatible Regular Expression(PCRE2) DLP . DLP PCRE2 .
/ , (: [a-zA-Z]) . .
(: 8 ) 8 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 503
.
(abc)
.
ACC ACCOUNT ACCT .
[]
.
.
[a-z] a z , [a-zA-Z] A Z . [xyz] x, y z .
(\) \d
. , \$ , \^ .
\d .
: . "" 2 .
(0-9) . {} .
\d 5 55 . \d{2} 55 5 .
\D
.
{}
.
\w
(a-z, A-Z, 0-9 _).
{min,max}
.
" \d{8}" 12345678 11223344 8 .
(|)
"or" . A B "A|B" "A" "B" . .
"foo|bar" foo bar foobar .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 504
· , 505
. · 8 : \d{8} · : \d{3}-\d{4}-\d · : [a-zA-Z]\d{7} · 3 9 : \d{3}[A-Z]{9} · | : \d{3}[A-Z]{9}|\d{2}[A-Z]{9}-\d
DLP ( DLP )
AsyncOS . DLP DLP . DLP .
· DLP (Custom DLP Dictionaries) , 505 · DLP , 505 DLP , 506 · Email Security Appliance DLP , 506 DLP
, 506 .
DLP (Custom DLP Dictionaries)
1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Advanced Settings( ) Custom DLP Dictionaries( DLP ) . 3 Add Dictionary( ) . 4 . 5 ( ) .
/ ASCII . .
6 Add() . 7 .
DLP . . / ASCII .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 505
DLP
DLP
DLP .
1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Advanced Settings( ) Custom DLP Dictionaries( DLP )
. 3 Export Dictionary( ) . 4 . 5 . 6 ( ) . 7 . 8 Submit() .
DLP Email Security Appliance DLP .
1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Advanced Settings( ) Custom DLP Dictionaries( DLP ) . 3 Import Dictionary( ) . 4 . 5 . 6 Next() .
"Success()" Add Dictionary( ) . . 7 . 8 .
DLP . DLP . 0 . 100 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 506
DLP
DLP . DLP . , 510 . SOX(Sarbanes-Oxley) , "75" .
DLP
DLP .
· Proximity(). . , .
· Minimum Total Score( ). DLP . .
· Weight(). "" . . 10 2 20. .
· Maximum Score( ). .
· Minimum Score( ). DLP Policy Customizations(DLP ) Custom Classifiers Settings( ) Use recommended minimum scores for entity-based rules( ) . ( DLP ), 508 .
. . . 10~100 (10~10,000) .
39:
10
18
20
28
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 507
( DLP )
30
33
50
41
100
50
150
56
300
65
500
72
1000
82
10000 100
( DLP )
1 Mail Policies( ) > DLP Policy Customizations(DLP ) . 2 Custom Classifiers Settings( ) Use recommended minimum scores for entity-based
rules( ) .
.
, 10 5 5 10 50 . 10 .
Use recommended minimum scores for entity-based rules( ) .
3 Submit() .
. DLP , 502 .
1 Mail Policies( ) > DLP Policy Customizations(DLP ) . 2 Custom Classifiers( ) Custom Classifiers( ) Policies()
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 508
DLP
· DLP , 502
DLP
DLP .
DLP .
· : [email protected]
· : user@
· : @example.com
· : @.example.com
.
AsyncOS , DLP .
, . DLP , DLP .
DLP .
,
. AsyncOS
.
DLP .
DLP . , 293 , 137 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 509
DLP DLP DLP . (: Low Critical) . ( Ignore ). .
· , 510
. . 90~100 Critical(). . DLP Critical() 75~100 .
1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 . 3 Severity Settings( ) Edit Scale( ) . 4 . 5 Done() . 6 Severity Scale( ) . 7 Submit() .
· , 510
DLP
DLP DLP DLP .
1 DLP Policy Manager(DLP ) Edit Policy Order( ) . 2 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 510
DLP
3 .
DLP
· DLP , 511 · DLP , 511
DLP
. , 493 . DLP .
1 Mail Policies( ) > Outgoing Mail Policies( ) . 2 Default Policy( ) DLP Disabled() . 3 Enable DLP (Customize Settings)(DLP ( )) . 4 DLP . 5 .
DLP . DLP , 511 .
DLP
DLP . DLP . DLP . DLP , 511 .
1 Mail Policies( ) > Outgoing Mail Policies( ) . 2 DLP . 3 DLP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 511
DLP
4 . 5 . 6 .
, 493 .
DLP
DLP .
DLP DLP . DLP .
DLP Email Security Appliance . .
.
· · ·
.
· . ID . DLP , DLP . .
· . . .
· DLP . · . · . · (bcc). ( DLP
.) · DLP DLP .
DLP , 515 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 512
DLP ( )
. DLP . . DLP , .
· DLP ( ) , 513 · , 514 · DLP , 515
DLP ( )
· DLP ( ) . Email Security Appliance Security Management Appliance . , , , 847 .
· . Cisco Email Encryption, 521 .
· DLP Mail Policies( ) > Text Resources( ) . , 625 .
· DLP DLP . DLP , 515 .
1 Mail Policies( ) > DLP Policy Customizations(DLP ) . 2 Message Actions( ) Add Message Action( ) . 3 . 4 . 5 DLP , .
. ID .
6 Enable Encryption( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 513
· Encryption Rule( ). , TLS .
· Encryption Profile( ). Cisco IronPort Encryption Appliance .
· Encrypted Message Subject( ). . $Subject .
7 Quarantine() DLP . 8 Advanced() .
· · · · (bcc) · DLP
9 .
1 Mail Policies( ) > DLP Policy Customizations(DLP ) . 2 Message Actions( ) .
Actions( ) Policies() .
Actions( ) Description() .
.
.
DLP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 514
DLP
Duplicate()
.
,
.
3 .
DLP
. DLP DLP .
· DLP , 515 . .
1 Mail Policies( ) > Text Resources( ) . 2 Add Text Resource( ) . 3 Type() DLP Notification Template(DLP ) .
DLP .
4 . .
DLP DLP DLP .
· DLP , 515
DLP
DLP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 515
DLP
$DLPPolicy
DLP .
$DLPSeverity
. "Low," "Medium," "High" "Critical."
$DLPRiskFactor ( 0~100).
$To
To: (Envelope Recipient ).
$From
From: (Envelope Sender ).
$Subject
.
$Date
MM/DD/YYYY .
$Time
( ).
$GMTimestamp
Received: GMT .
$MID
MID(Message ID) . RFC822 "Message-Id" ( $Header ).
$Group
. ">Unknown<" .
$Reputation
SenderBase Reputation . "None" .
$filenames
.
$filetypes
.
$filesizes
.
$remotehost
Cisco .
$AllHeaders
.
$EnvelopeFrom
Envelope Sender( )(Envelope From, <MAIL FROM>) .
$Hostname
Cisco .
$bodysize
( ).
$header[`string '] . .
$remoteip
Cisco IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 516
DLP
$recvlistener
.
$dropped_filenames $filenames , .
$dropped_filename .
$recvint
.
$timestamp
Received: ( ).
$Time
( ).
$orgid
SenderBase Organization ID( ) .
$enveloperecipients Envelope Recipients( )(Envelope To, <RCPT TO>) .
$dropped_filetypes $filetypes , .
$dropped_filetype .
DLP
DLP DLP . . . . , 837 .
1 Security Services( ) > Data Loss Prevention( ) . 2 Edit Settings( ) . 3 Enable Matched Content Logging( ) . 4 .
. , 898 .
· , 842
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 517
DLP
DLP
Cisco DLP .
· DLP , 518 · DLP , 518 · ( ) , 518 · () DLP , 519
DLP
1 Security Services( ) > Data Loss Prevention( ) . 2 Current DLP Version Files( DLP ) .
dlpstatus CLI DLP . CLI Reference Guide for AsyncOS for Cisco Email Security Appliances .
DLP
.
· ( ) () DLP , 519
1 Security Services( ) > Data Loss Prevention( ) . 2 Current DLP Version Files( DLP ) Update Now( ) .
. dlpupdate CLI DLP . CLI Reference Guide
for AsyncOS for Cisco Email Security Appliances .
( )
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 518
() DLP
Cisco . DLP . DLP .
· Security Settings( ) > Service Updates( ) . · () DLP , 519 .
1 Security Services( ) > Data Loss Prevention( ) . 2 Edit Settings( ) . 3 Enable automatic updates( ) . 4 .
() DLP
. · DLP . · DLP , DLP . · DLP dlpstatus CLI .
DLP
Security Management Appliance .
DLP , , 837 . DLP , .
DLP , ,
858 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 519
Data Loss Prevention
DLP
, 793 DLP .
DLP , 793 DLP
.
· DLP , 517 · , 898
Data Loss Prevention
· DLP , 520
DLP
DLP DLP . .
· DLP .
DLP .
· DLP .
· . DLP () , 498 . · DLP . , 510 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 520
21
Cisco Email Encryption
. · Cisco Email Encryption , 521 · , 522 · Email Security Appliance , 523 · , 528 · , 531
Cisco Email Encryption
AsyncOS . . .
· Cisco Registered Envelope Service( ) · Cisco Encryption Appliance( ) , , . 1. Email Security Appliance . 2. , . 3. (, C-Series CRES ) .
TLS . TLS , 529 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 521
Cisco Email Encryption
40:
1 2 3 4 5
6 7 8
Cisco IronPort Encryption Appliance , 15 . .
.
Email Security Appliance , 524 .
.
, 524 .
, 528 . .
.
· , 529 .
· , 530 .
( ) , 531 . .
.
. , 269 .
. . , 269 .
· , 522
Cisco Email Security Appliance . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 522
Cisco Email Encryption 34:
Email Security Appliance
. 1. .
Email Security Appliance (Cisco Registered Envelope Service) . 2. . 3. ID . .
. . , .
4. .
Email Security Appliance
Email Security Appliance . encryptionconfig CLI GU Security Services( ) > Cisco IronPort Email Encryption .
PXE S/MIME AsyncOS S/MIME , PXE .
· Email Security Appliance , 524
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 523
Email Security Appliance
Cisco Email Encryption
· , 524 · , 527 · PXE , 528
Email Security Appliance
1 Security Services( ) > Cisco IronPort Email Encryption . 2 Enable() . 3 ( ) Edit Settings( ) .
· . Cisco 10MB. 25MB. 10MB . Cisco Registered Envelope Service , 10MB .
· . .
· .
. . , , . (: 'confidential') , . , DLP . DLP , . DLP . , 893 .
. PXE .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 524
Cisco Email Encryption
· . . · . , ,
, , . · . Reply All( ) . · . , HTML . , . . , 636 , 634 .
1
2 3
Email Encryption Profiles( ) Add Encryption Profile( ) .
.
Used By (Roles)(()) , OK() .
DLP .
4 Key Server Settings( ) . · Cisco Encryption Appliance() · Cisco Registered Envelope Service( )
5 Encryption Appliance( ) .
· Internal URL( URL). URL Cisco Email Security Appliance Cisco Encryption Appliance .
· External URL( URL). URL Cisco Encryption Appliance . URL HTTP HTTPS .
6 7
Cisco Registered Envelope Service URL . URL https://res.cisco.com.
Key Server Settings( ) Advanced() , HTTP HTTPS . .
· Use the Key Service with HTTP(HTTP ). HTTP . Cisco Registered Envelope Service 6 URL. Cisco Encryption Appliance 5 URL .
· HTTP HTTPS . HTTPS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 525
Cisco Email Encryption
· Use the Key Service with HTTPS(HTTPS ). HTTPS . Cisco Registered Envelope Service 6 URL. Cisco Encryption Appliance 5 URL .
· Specify a separate URL for payload transport( URL ). URL , HTTP HTTPS .
8 Envelope Settings( ) . · High Security( ). .
· Medium Security( ). Credential Credential .
· . . . , .
9 URL . . · No link( ). .
· Custom link URL( URL). URL .
10 ( ) . (receipt) .
11 ( ) Edit Settings( ) Advanced() . · () . .
· . · ARC4. ARC4 , .
· AES. AES , . AES .
· . . . .
12 Message Settings( ) . · Enable Secure Reply All( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 526
Cisco Email Encryption
· Enable Secure Message Forwarding( ) .
13 ( ) Cisco Registered Envelope Service . Notification Settings( ) Use Localized Envelope( ) . HTML . , 527 .
14 HTML . HTML . . . a) HTML . HTML . . b) . . . .
15 . .
16 . . .
17 . 18 Cisco Registered Envelope Service .
. Provision() .
. Cisco Registered Envelope Service .
· · · · · ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 527
PXE
Cisco Email Encryption
· Key Service Type( ) Cisco Registered Envelope Service . , 524 .
· Cisco Registered Envelope Service .
1 Security Services( ) > Cisco IronPort Email Encryption . 2 . 3 Notification Settings( ) Localized Envelopes( )
. 4 Submit() . 5 Commit Changes( ) .
PXE
Cisco Email Encryption Settings(Cisco Email Encryption ) PXE Domain Mappings . Email Security Appliance PXE Security Services > Service Updates( ) ( CLI updateconfig ) . , 945 . IronPort Email Encryption Settings(IronPort Email Encryption ) ( CLI encryptionupdate ) PXE Engine Updates(PXE ) Update Now( ) .
. , . Cisco Email Security Appliance . . . DLP ( ) , 513 .
· TLS , 529 · , 529 · , 530
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 528
Cisco Email Encryption
TLS
TLS
TLS , Email Security Appliance TLS . TLS (Required(), Preferred( ) None()) TLS .
TLS TLS . TLS Email Security Appliance TLS .
41: ESA TLS
TLS None
TLS TLS
TLS Preferred(TLS ) TLS
TLS Required(TLS )
TLS
/
TLS , 69 .
· , 283 .
· ( ) , 531 .
1 2 3 4
5 6
7
Mail Policies( ) > Outgoing Content Filters( ) . Add Filter( ) . Conditions() Add Condition( ) . . (: "Confidential") . OK() . , Add Action( ) Add Header( ) . Actions() Add Action( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 529
Cisco Email Encryption
8 Add Action( ) Encrypt and Deliver Now (Final Action)( ( )) .
9 , TLS .
10 .
, , . .
11 . 12 OK() .
ABA . .
35:
13 Submit() . 14 .
. , . , 269 .
. , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 530
Cisco Email Encryption
· , 283 .
· ( ) , 531 .
1 Mail Policies( ) > Outgoing Content Filters( ) . 2 Add Filter( ) . 3 Conditions() Add Condition( ) . 4 .
(: "Confidential") . 5 OK() . 6 , Add Action( )
Add Header( ) . 7 Actions() Add Action( ) . 8 Add Action( ) Encrypt on Delivery( ) . 9 , TLS
. 10 .
, , . .
11 . 12 OK() . 13 Submit() . 14 .
. , . , 269 .
AsyncOS SMTP . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 531
Cisco Email Encryption
Cisco Ironport Encryption Appliance .
1 Mail Policies( ) > Outgoing Content Filters( ) Incoming Content Filters( ) .
2 Filters() Add Filter( ) . 3 Actions() Add Action(
) Add Header( ) . Registered Envelope( ) 24 X-PostX-ExpirationDate, +24:00:00 .
· , 532 · , 534 ·
, 529 . ·
, 137 .
.
42:
MIME
Reply() .
X-PostX-Reply- Enabled
Reply() . true . . false.
X-PostX-Reply-AllEnabled
" " Reply All( ) Reply() . true . . false. .
X-PostX-ForwardEnabled
Forward() . Forward() true . . . false.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 532
Cisco Email Encryption
MIME
X-PostX-Send-ReturnReceipt
. . (receipt) true . false . . .
Registered Envelope( ) .
X-PostX-Expiration Date
. , , +HH:MM:SS . +D . . . .
Cisco Registered Envelope Service (http://res.cisco.com) , , .
Registered Envelope( ) " .
X-PostX-ReadNotification
" . , , +HH:MM:SS
Date
+D
. Cisco Registered . .
Envelope Service
.
.
. .
X-PostX-Suppress-Applet-
true .
For-Open
. false.
.
.
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 533
Cisco Email Encryption
MIME
X-PostX-Use-Script
JavaScript . JavaScript JavaScript . JavaScript false JavaScript . true. Registered Envelope( ). Open Online( ) Open by Forwarding( ) . JavaScript . .
.
X-PostX-Remember-Envelope
-Key-Checkbox
. "Remember the password for this envelope(
)"
"Remember the password for this envelope( . false.
)"
.
.
.
.
· JavaScript , 535 · , 534 · , 535 · , 535
.
X-PostX-Remember-Envelope-Key-Checkbox: true
"Remember the password for this envelope( )" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 534
Cisco Email Encryption
JavaScript
JavaScript
JavaScript .
X-PostX-Use-Script: false
securedoc.html Open Online( ) Open() .
24 .
X-PostX-ExpirationDate: +24:00:00
24 . .
.
X-PostX-Suppress-Applet-For-Open: true
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 535
Cisco Email Encryption
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 536
22
S/MIME
. · S/MIME , 537 · Email Security Appliance S/MIME , 537 · S/MIME , , 540 · S/MIME , , 551 · S/MIME , 556 · , 558
S/MIME
S/MIME(Secure/Multipurpose Internet Mail Extensions) . S/MIME / .
· . · ID
. S/MIME RFC .
· RFC 5750: S/MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - · RFC 5751: MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - · RFC 3369:
Email Security Appliance S/MIME
S/MIME . Email Security Aappliance S/MIME (, , ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 537
S/MIME
S/MIME
Email Security Aappliance B2B(Business-to-Business) B2C(Business-to-Consumer) S/MIME .
· S/MIME , S/MIME , , 540 .
· S/MIME , S/MIME , , 551 .
· S/MIME , 538
S/MIME
· : Business-to-Business, 538 · : Business-to-Consumer, 539
: Business-to-Business
A B S/MIME . A S/MIME Email Security Appliance . A S/MIME .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 538
S/MIME
: Business-to-Consumer
B S/MIME . S/MIME (Email Security Appliance ) .
A B . 1. Bob( A) Dave( B)
. 2. A Email Security Appliance B . 3. B . 4. Dave .
B A . 1. Dave( B) Bob( A)
. 2. B A
. 3. A Email Security Appliance . 4. Bob .
: Business-to-Consumer
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 539
S/MIME ,
S/MIME
A B S/MIME . A S/MIME Email Security Appliance . B S/MIME .
A B . 1. Alice( A) Erin( B)
. 2. A Email Security Appliance B . 3. B Erin .
B A . 1. Erin( B) Alice( A)
. 2. A Email Security Appliance . 3. Alice .
S/MIME ,
· Email Security Appliance S/MIME , 540 · S/MIME , , 541 · S/MIME , 542 · S/MIME , 545 · S/MIME , 547 · , , 549 · , , 549 · , , 550
Email Security Appliance , , .
Email Security Appliance S/MIME
· S/MIME , 541 · S/MIME , 541
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 540
S/MIME
S/MIME
S/MIME
Email Security Appliance S/MIME .
1. MD(Message Digest) . 2. S/MIME MD . 3. S/MIME MD PKCS7 . 4. PKCS7 . 5. .
S/MIME
Email Security Appliance S/MIME .
1. . 2. . 3. ( ) S/MIME . 4. . 5. .
PXE S/MIME Email Security Appliance S/MIME , PXE .
S/MIME ,
1 2
3
S/MIME
S/MIME , 556 .
. :
· S/MIME S/MIME .
· S/MIME S/MIME .
· S/MIME S/MIME S/MIME .
· S/MIME , 542
· S/MIME , 545
, ,
.
S/MIME ,
547 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 541
S/MIME
S/MIME
4 5
6 7
, , , 549 . .
, : . ·
, , 549 · , , 550
.
.
, 269 .
.
.
, 269 .
CLI S/MIME , smimeconfig . AsyncOS for Cisco Email Security Appliances CLI .
S/MIME
S/MIME . Email Security Appliance S/MIME .
· S/MIME . S/MIME , 543 .
· S/MIME . S/MIME , 544 .
S/MIME . CA S/MIME .
S/MIME S/MIME , 556 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 542
S/MIME
S/MIME
S/MIME
CLI RFC 5750(S/MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - ) S/MIME .
S/MIME .
1 Network() > Certificates() . 2 Add Certificate( ) . 3 Create Self-Signed S/MIME Certificate( S/MIME ) . 4 .
/ /:
/ 2 ISO
() ()
.
. domain.com *.domain.net . .
.
(: [email protected]). .
CSR(Certificate Signing Request)
() () . 5 Next() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 543
S/MIME
S/MIME
6 . · . · CSR CA Download Certificate Signing Request( ) CSR PEM .
7 .
CLI S/MIME certconfig .
S/MIME
S/MIME . S/MIME S/MIME , 556 .
1 Network() > Certificates() . 2 Add Certificate( ) . 3 Import Certificate( ) . 4 . 5 . 6 Next() . 7 . 8 .
CLI S/MIME certconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 544
S/MIME
S/MIME
S/MIME
S/MIME . .
· (: ) . CLI . S/MIME , 545 .
· CLI . Email Security Appliance . , 546 .
S/MIME
· S/MIME , 556 . · EM .
1 Mail Policies( ) > Public Keys( ) . 2 Add Public Key( ) . 3 . 4 . 5 .
smimeconfig CLI .
S/MIME
S/MIME () ( ) Email Security Appliance .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 545
S/MIME
. S/MIME Harvested Public Keys(S/MIME ) .
· , 546
S/MIME () ( ) Email Security Appliance .
S/MIME .
S/MIME S/MIME , 556 .
1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) . 4 S/MIME Public Key Harvesting(S/MIME ) .
· S/MIME . · ( ) . · ( ) . 48
.
5 .
512MB. Email Security Appliance . CLI listenerconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 546
S/MIME
S/MIME
Email Security Appliance . Email Security Appliance Mail Policies( ) > Harvested Public Keys( ) .
· S/MIME , 545
S/MIME
S/MIME . · S/MIME (: , ) · S/MIME · S/MIME (: opaque detached) · S/MIME
, . ( , ) . CLI S/MIME , , , , .
· , S/MIME , 547 · S/MIME , 549
, S/MIME
1 Mail Policies( ) > Sending Profiles( ) . 2 Add Profile( ) . 3 .
S/MIME Profile
.
Name(S/MIME
)
S/MIME Mode(S/MIME )
S/MIME . .
· Sign · Encrypt · Sign/Encrypt. · Triple. ,
S/MIME Sign, Sign/Encrypt Triple .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 547
, S/MIME
S/MIME
S/MIME Profile
.
Name(S/MIME
)
.
S/MIME Sign, Sign/Encrypt Triple .
S/MIME Sign
S/MIME . .
Mode(S/MIME ) · Opaque. (opaque-signed)
.
· Detached. . MIME
multipart/signed MIME application/(x-)pkcs7-signature
.
S/MIME Sign, Sign/Encrypt Triple .
S/MIME Action(S/MIME Email Security Appliance
)
. .
· Bounce. .
· Drop. . · Split. .
, .
: [email protected] [email protected] , [email protected] . Split Email Security Appliance .
· [email protected] . · [email protected] .
S/MIME Encrypt, Sign/Encrypt Triple .
4 .
CLI smimeconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 548
S/MIME
S/MIME
S/MIME
1 Mail Policies( ) > Sending Profiles( ) . 2 . 3 , S/MIME , 547
. 4 .
,
, . , . Email Security Appliance , .
· , 301
,
. , 283 .
1 2 3 4
5 6 7
8 9
Mail Policies( ) > Outgoing Content Filters( ) . Add Filter( ) . Conditions() Add Condition( ) . , . (: "Confidential") . OK() . Actions() Add Action( ) . Add Action( ) S/MIME Sign/Encrypt (Final Action)(S/MIME /( )) . . OK() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 549
,
S/MIME
10 .
. , . , 269 .
,
, . , , .
· . , 283 .
1 Mail Policies( ) > Outgoing Content Filters( ) . 2 Add Filter( ) . 3 Conditions() Add Condition( ) . 4 , .
(: "Confidential") . 5 OK() . 6 Actions() Add Action( ) . 7 Add Action( ) S/MIME Sign/Encrypt on Delivery( S/MIME /) . 8 . 9 OK() . 10 .
. , . , 269 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 550
S/MIME
S/MIME ,
S/MIME ,
· Email Security Appliance S/MIME , 551 · S/MIME , , 552 · , 552 · , 553 · S/MIME , 555 · S/MIME , 556
, Email Security Appliance S/MIME .
Email Security Appliance S/MIME
· S/MIME , 551 · S/MIME , 551
S/MIME
Email Security Appliance S/MIME . 1. MD(Message Digest) . 2. S/MIME PKCS7
, MD(Message Digest) . 3. MD MD . MD
. 4. S/MIME .
S/MIME
Email Security Appliance S/MIME . 1. S/MIME . 2. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 551
S/MIME ,
S/MIME
S/MIME ,
1
2
S/MIME
S/MIME , 556 .
. :
· S/MIME S/MIME ( ) .
· S/MIME , S/MIME .
· S/MIME .
· , 552
· , 553
· , 663
· S/MIME ( )
· .
· S/MIME
3 4
S/MIME , S/MIME , 555 . .
( ) Email S/MIME
Security Appliance , 556
.
.
CLI S/MIME , listenerconfig > hostaccess . CLI .
S/MIME ( ) .
· S/MIME .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 552
S/MIME
· (: ) . · . .
B2C S/MIME , (: Microsoft Outlook) S/MIME . .
· S/MIME S/MIME , 556 .
1 Network() > Certificates() . 2 Add Certificate( ) . 3 Import Certificate( ) . 4 . 5 . 6 Next() . 7 . 8 .
CLI S/MIME certconfig .
S/MIME . .
· (: ) . CLI . S/MIME , 545 .
· . , 546 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 553
S/MIME
S/MIME
S/MIME
· S/MIME , 556 . · EM .
1 Mail Policies( ) > Public Keys( ) . 2 Add Public Key( ) . 3 . 4 . 5 .
smimeconfig CLI .
S/MIME
S/MIME () ( ) Email Security Appliance .
S/MIME . 1. CLI . , 554 . 2. . 3. . S/MIME , 555 . .
1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 554
S/MIME
S/MIME
4 S/MIME Public Key Harvesting(S/MIME ) . · S/MIME . · ( ) . · ( ) .
48 .
5 .
512MB. Email Security Appliance . CLI listenerconfig .
S/MIME
1 Mail Policies( ) > Harvested Public Keys( ) . 2 . 3 . S/MIME , 554 . 4 .
S/MIME
1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) . 4 S/MIME Decryption/Verification(S/MIME /) .
· S/MIME . · S/MIME . S/MIME
Remove() . (triple wrapped) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 555
S/MIME
S/MIME
5 .
S/MIME S/MIME . S/MIME smime-gateway-verified smime-gateway . S/MIME , 556 .
S/MIME
Email Security Appliance S/MIME , , . , smime-gateway-verified smime-gateway . , 137 .
, S/MIME Gateway Message S/MIME Gateway Verified . , 283 .
: , S/MIME S/MIME , S/MIME .
quarantine_smime_messages:if (smime-gateway-message and not smime-gateway-verified) { quarantine("Policy"); }
S/MIME
· , 556 · , 557
S/MIME .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 556
S/MIME
/ /: ()
()
/
2 ISO
. domain.com *.domain.net . .
(: [email protected]). .
CSR
. digitalSignature nonRepudiation . digitalSignature nonRepudiation .
S/MIME RFC 5750: S/MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - .
S/MIME .
/
/:
/
2 ISO
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 557
S/MIME
()
()
domain.com *.domain.net . .
SAN Domain .
(: [email protected]). .
CSR
. keyEncipherment .
S/MIME RFC 5750: S/MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - .
Email Security Appliance . · S/MIME · S/MIME
. · PEM CLI . , 558 . · , /configuration CLI . , 559 .
Email Security Appliance ( ). S/MIME , 545 .
· S/MIME , 556 . · EM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 558
S/MIME
1 Mail Policies( ) > Public Keys( ) . 2 Add Public Key( ) . 3 . 4 . 5 .
smimeconfig CLI .
/configuration . , 559 .
1 Mail Policies > Public Keys( > ) . 2 Import Public Keys( ) . 3 Submit() .
. CLI .
4 .
/configuration .
1 Mail Policies( ) > Public Keys( ) . 2 Export Public Keys( ) . 3 Submit() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 559
S/MIME
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 560
23
Office 365
. · , 561 · , 568 · , 568 · , 568
. AMP . . Office 365 . .
· , 562 ·
, 563
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 561
36:
Office 365
1. . 2. AMP . 3. AMP . . 4. . 5. AMP .
. 6. ( )
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 562
Office 365
1 2
3 4
.
, 563
Azure AD(Azure ) Azure AD Email Security Appliance , 564 .
Office 365 Cisco Email Security Office
.
365 , 566
, 567 .
. · . · . File Reputation Filtering and File Analysis( ), 461 .
Office 365 Azure AD . · Office 365 · Office 365 Azure AD Office 365 .
Office 365 . CA . . · .crt . p12 . emailAddress Office 365 (<admin_username>@<domain>.com) . · pem ( 2048 ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 563
Azure AD
Office 365
.
Azure AD
Office 365 Azure AD(Azure Active Directory) . Office 365 Azure AD . Azure AD . Microsoft (https://msdn.microsoft.com/en-us/office/office365/howto/add-common-consent-manually) .
, 563 .
1 Office 365 Azure . 2 Office 365 .
. · / API . · . · URL. URL URL(: https://<company_domain>/ManualRegistration). · ID URI. Microsoft Azure AD URI(: https://<company_domain>).
3 . Configure () Office 365 Exchange Online . ·
· · · · Exchange Web Services
·
· · · · Exchange Web Services
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 564
Office 365
Azure AD
4 Office 365 . . a) Windows PowerShell $base64Thumbprint, $base64Value $keyid . .
Windows PowerShell .
:
$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cer.Import(".\mycer.cer") $bin = $cer.GetRawCertData() $base64Value = [System.Convert]::ToBase64String($bin) $bin = $cer.GetCertHash() $base64Thumbprint = [System.Convert]::ToBase64String($bin) $keyid = [System.Guid]::NewGuid().ToString()
.
· $keyid · $base 64value · $base 64thumbprint
b) Azure . c) keycredentials JSON
.
:
"keyCredentials": [ { "customKeyIdentifier" : "$base64Thumbprint_from_step_1", "keyId": "$keyid_from_step1", "type": "AsymmetricX509Cert", "usage": "Verify", "value": "$base64Value_from_step1" }
],
JSON $base 64thumbprint $base 64thumbprint, $keyid a . .
d) Azure .
5 Azure AD Azure .
· Configure() ID. · View Endpoints( ) > App Endpoints( ) ID. ID
URL . URL .
· https://login.microsoftonline.com/abcd1234-bcdd-469d-8545-a0662708cbc3/ federationmetadata/2007-06/federationmetadata.xml
· https://login.microsoftonline.com/abcd1234-bcdd-469d-8545-a0662708cbc3/wsfed · https://login.microsoftonline.com/abcd1234-bcdd-469d-8545-a0662708cbc3/saml2
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 565
Cisco Email Security Office 365
Office 365
ID abcd1234-bcdd-469d-8545-a0662708cbc3.
Cisco Email Security Office 365 , 566
Cisco Email Security Office 365
.
· . File Reputation Filtering and File Analysis( ), 461 .
· pem . , 563 .
· : · Azure ID ID. Azure AD , 564 5 . · ($base 64thumbprint). Azure AD , 564 4 .
1 . 2 System Administration( ) > Mailbox Settings( ) . 3 Enable() . 4 Enable Office 365 Mailbox Settings(Office 365 ) . 5 .
· Azure ID ID. · (base64Thumbprint ).
6 . Choose File( ) .pem . 7 . 8 Office 365 .
1. Check Connection( ) . 2. Office 365 . Office 365 . 3. Test Connection( ) . Office 365 . .
· ID, ID .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 566
Office 365
· .
, 567
Office 365 . Cisco Email Security Office 365 , 566 .
1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Advanced Malware Protection . 3 Enable Mailbox Auto Remediation( ) . 4 .
. · . (: ) . · . . · . .
Office 365 (: ) .
5 .
· , 568 · , 568 · , 568
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 567
Office 365
Mailbox Auto Remediation( ) (Monitor() > Mailbox Auto Remediation( )) . .
· · · SHA-256 Recipients for whom remediation was unsuccessful( ) . · Office 365 Office 365
. · . ,
. · Office 365
. SHA-256 .
· . , 837 . · Office 365 (System Administration( ) > Mailbox Settings( ))
. Cisco Email Security Office 365 , 566 . · (Security Services > Mailbox Auto Remediation( )) . , 567 . , 842 .
· Office 365 , 569 · , 569 · , 570 · , 570
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 568
Office 365
Office 365
Office 365
Mailbox Settings( ) (System Administration( ) > Mailbox Settings( )) Office 365 Connection Unsuccessful( ) .
.
Office 365 .
The SMTP address has no mailbox
associated with it
.
Application with identifier
ID .
'<client_id>' was not found in ID
the
directory <tenant_id>
.
No service namespace named
ID .
'<tenant_id>' was found in the ID
data store.
.
Error validating credentials. Credential validation failed
.
.
Error validating credentials.
Client assertion
.
contains an invalid signature.
.
· . · . · . ·
.
.
· (mail_logs). . · (mar). , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 569
Office 365
: Office 365 Office 365 . .
· Office 365 . . , 986 .
· . , 1227 . · Office 365 .
AMP Office 365 . .
· Office 365 . Cisco Email Security Office 365 , 566 8 .
· Office 365 . , 570 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 570
24
. · , 571 · DomainKeys DKIM , 574 · DKIM , 586 · SPF SIDF , 591 · SPF/SDIF , 593 · SPF SIDF , 594 · SPF/SIDF , 598 · SPF/SIDF , 601 · DMARC , 602 · , 610
AsyncOS . AsyncOS SPF(Sender Policy Framework), SIDF(Sender ID Framework), DKIM(DomainKeys Identified Mail), DMARC(Domain-based Message Authentication, Reporting and Conformance) . AsyncOS DomainKeys DKIM .
· DomainKeys DKIM , 572 · SPF SIDF , 591 · DMARC , 602 · , 610
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 571
DomainKeys DKIM
DomainKeys DKIM
DomainKeys DKIM . From:( Sender:) . DomainKeys DKIM . AsyncOS DomainKeys "" , DKIM . DomainKeys DKIM .
· DomainKeys DKIM , 572 · AsyncOS DomainKeys DKIM , 572
DomainKeys DKIM
37:
1. ( ) DNS . 2. MTA(Mail Transfer Agent) . 3.
. DomainKey DKIM . 4. MTA DomainKeys DKIM
(Sender: From: ) . DomainKeys DKIM . 5. DomainKeys DKIM . DomainKeys Yahoo! Gmail . DomainKeys .
AsyncOS DomainKeys DKIM
AsyncOS DomainKeys DKIM ( "" ) . " " . . ( ) . DomainKeys . DKIM DomainKeys
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 572
AsyncOS DomainKeys DKIM
DKIM . CLI domainkeysconfig GUI Mail Policies( ) > Domain Profiles( ) Mail Policies( ) > Signing Keys( ) DomainKeys DKIM .
DomainKeys DKIM . . DNS (DNS TXT ), . ( ) .
() . ( ) Sender: From: . Sender: dkim , From: DKIM . Sender: DomainKeys DKIM . From: .
· Sender: .
· DKIM Global Setting(DKIM ) Use From Header for DKIM Signing(DKIM From ) .
Async0S 10.0 DKIM Global Setting(DKIM ) DKIM From: . DMARC DKIM From: .
mail_logs .
DomainKey DKIM ( ) AsyncOS DomainKeys DKIM .
. . . DomainKeys("DomainKey-Signature:" ) , . DKIM DKIM . AsyncOS ( ) . . DomainKeys DKIM , DKIM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 573
DomainKeys DKIM
Domain Key Profile( ) Signing Key( ) . , .
DomainKeys DKIM
· , 574 · , 575 · , 575 · , 576 · , 576 · DomainKeys/DKIM (GUI), 577 · DomainKeys , 586
. . . . 512 2048 . 768~1024. 2048 . , 580 .
. . , 581 .
, Signing Key( ) .
· , 574
. . , 581 .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 574
. , 581 .
DNS . DNS Text Record(DNS ) Generate() ( CLI domainkeysconfig -> profiles -> dnstxt ) .
DNS DNS , 583 .
Signing Keys( ) View() .
38: Signing Keys( )
. · . · ("d=" ). · ( . DNS "_domainkey." .) · (canonicalization) ( ) AsyncOS DomainKeys "simple" "nofws" , DKIM "relaxed" "simple" . · ( , 574 ). · (DKIM ). · (DKIM ). . · (: ) ID. · . · . · ( ). · , (|) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 575
· (DKIM ). · ( ).
Domain() .
. , 585 . .
· DKIM · DKIM From
DKIM , 585 .
· , 576
. . , 584 . . . , 584 .
DomainKeys DKIM . " " .
1 Mail Policies( ) Mail Flow Policies( ) RELAYED ( ) .
2 Security Features( ) On() DomainKeys/DKIM Signing(DomainKeys/DKIM ) .
3 .
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 576
DomainKeys/DKIM (GUI)
DomainKeys DKIM , DomainKeys/DKIM .
1 Hard Bounce and Delay Warning Messages( ) .
2 "Use Domain Key Signing for Bounce and Delay Messages( DomainKeys )" .
DomainKeys/DKIM (GUI), 577 .
From: . (System Administration( ) > Return Addresses( )), Profile Users( ) . [email protected] , [email protected] .
DomainKeys/DKIM (GUI)
1 . , 574 .
2 . , 575 .
3 DNS . DNS DNS , 583 .
4 , DomainKeys/DKIM ( , 576 ).
5 , DomainKeys/DKIM . , 576 .
6 . DomainKeys/DKIM . . DomainKey DKIM ( ) AsyncOS DomainKeys DKIM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 577
DomainKeys
· DomainKeys , 578 · DKIM , 578 · , 580 · , 581 · , 583 · DKIM , 585
DomainKeys
1 2 3 4
Mail Policies( ) > Signing Profiles( ) . Domain Signing Profiles( ) Add Profile( ) . . Domain Key Type( ) Domain Keys( ) .
.
5 .
6
. "_domainkey" , . DNS .
7 (no forwarding whitespaces simple).
8
. . ( ) . , 580 .
9 ( , ) .
10 .
11 DomainKeys/DKIM ( , 576 ).
DomainKeys DKIM AsyncOS DomainKeys DKIM .
DKIM
1 2 3 4
Mail Policies( ) > Signing Profiles( ) . Domain Signing Profiles( ) Add Profile( ) . . Domain Key Type( ) DKIM .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 578
DKIM
5 6
7
.
. "_domainkey." , . DNS .
. .
· Relaxed. "relaxed" . , , , .
· Simple. .
8 . . · Relaxed. "relaxed" . , , .
· Simple. .
9
. . ( ) . , 580 .
10 . .
· All. AsyncOS . .
· Standard. . AsyncOS ( DKIM null ).
· From
· Sender, Reply To-
· Subject
· Date, Message-ID
· To, Cc
· MIME-Version
· Content-Type, Content-Transfer-Encoding, Content-ID, Content-Description
· Resent-Date, Resent-From, Resent-Sender, Resent-To, Resent-cc, Resent-Message-ID
· In-Reply-To, References
· List-Id, List-Help, List-Unsubscribe, LIst-Subscribe, List-Post, List-Owner, List-Archive
"Standard" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 579
11 . , . .
· Whole Body Implied( ). "l=" . .
· Whole Body Auto-determined( ). , .
· Sign first _ bytes( _ ). .
12 . . .
· "i" . (: ) ID. @ (: @example.com).
· "q" . . dns/txt. · "t" . . · "x" . . () . 31536000
. · "z" . , (|) .
. .
z=From:[email protected]|To:[email protected]| Subject:test%20message|Date:Date:August%2026,%202011%205:30:02%20PM%20-0700
13 ( , ) .
, . example.com [email protected] . [email protected] [email protected] . [email protected] example.com .
14 . 15 DomainKeys/DKIM (
, 576 ).
DomainKeys DKIM AsyncOS DomainKeys DKIM .
· , 580 · , 581
DomainKeys DKIM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 580
1 Mail Policies( ) > Signing Keys( ) . 2 Add Key( ) . 3 . 4 Generate() . 5 .
, .
1 Mail Policies( ) > Signing Keys( ) . 2 . 3 , 580 . 4 .
.
1 Mail Policies( ) > Signing Keys( ) . 2 Export Keys( ) . 3 Submit() .
· , 581 · , 582
1 Mail Policies( ) > Signing Keys( ) . 2 Add Key( ) . 3 Paste Key( ) (PEM RSA ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 581
4 .
, 581 .
1 Mail Policies( ) > Signing Keys( ) . 2 Import Keys( ) . 3 . 4 Submit() . .
. 5 Import() .
· , 582 · , 582
1 Mail Policies( ) > Signing Keys( ) . 2 . 3 Delete() . 4 .
1 Mail Policies( ) > Signing Keys( ) . 2 Signing Keys( ) Clear All Keys( ) . 3 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 582
DNS
DNS
1 Mail Policies( ) > Signing Profiles( ) . 2 Domain Signing Profiles( ) DNS Text Record(DNS )
Generate() . 3 DNS . 4 Generate Again( ) . 5 DNS ( ).
DNS . DNS , 583 . 6 Done() .
· DNS , 583
DNS DNS 1024 DNS . DNS 255 . DNS DNS DKIM . DNS 255 . .
s._domainkey.domain.com. IN TXT "v=DKIM1;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE" "A4Vbhjq2n/3DbEk6EHdeVXlIXFT7OEl81amoZLbvwMX+bej" "CdxcsFV3uS7G8oOJSWBP0z++nTQmy9ZDWfaiopU6k7tzoi" "+oRDlKkhCQrM4oP2B2F5sTDkYwPY3Pen2jgC2OgbPnbo3o" "m3c1wMWgSoZxoZUE4ly5kPuK9fTtpeJHNiZAqkFICiev4yrkL" "R+SmFsJn9MYH5+lchyZ74BVm+16Xq2mptWXEwpiwOxWI" "YHXsZo2zRjedrQ45vmgb8xUx5ioYY9/yBLHudGc+GUKTj1i4" "mQg48yCD/HVNfsSRXaPinliEkypH9cSnvgvWuIYUQz0dHU;"
DKIM , DNS .
DNS DNS .
1 Mail Policies( ) > Signing Profiles( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 583
2 Domain Signing Profiles( ) Test Profile( ) Test() .
3 . .
.
1 Mail Policies( ) > Signing Profiles( ) . 2 Export Domain Profiles( ) . 3 Submit() .
1 Mail Policies( ) > Signing Profiles( ) . 2 Import Domain Profiles( ) . 3 . 4 Submit() . .
. 5 Import() .
· , 584 · , 585
1 Mail Policies( ) > Signing Profiles( ) . 2 . 3 Delete() . 4 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 584
1 Mail Policies( ) > Signing Profiles( ) . 2 Clear All Profiles( ) . 3 .
1 Mail Policies( ) > Signing Profiles( ) . 2 Find Domain Profiles( ) . 3 Find Profiles( ) . 4 , , .
.
DKIM
DKIM . · DKIM . · Cisco IronPort Spam Quarantine · · · · DKIM From
1 Mail Policies( ) > Signing Profiles( ) . 2 DKIM Edit Settings( ) . 3 .
· DKIM · DKIM From DKIM From From Sender .
DKIM DMARC DKIM From . 4 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 585
DomainKeys
DomainKeys
DomainKeys .
Tue Aug 28 15:29:30 2007 Info: MID 371 DomainKeys: signing with dk-profile - matches [email protected] Tue Aug 28 15:34:15 2007 Info: MID 373 DomainKeys: cannot sign - no profile matches [email protected]
DKIM .
Tue Aug 28 15:29:54 2007 Info: MID 372 DKIM: signing with dkim-profile - matches [email protected] Tue Aug 28 15:34:15 2007 Info: MID 373 DKIM: cannot sign - no profile matches [email protected]
DKIM
DKIM
1
DKIM DKIM , 588 .
2
( ) DKIM , 108 .
3
DKIM DKIM ,
.
590
4
Email Security Appliance DKIM , 591
.
5
, 276 .
· AsyncOS DKIM , 587 · DKIM , 587 · DKIM , 590 · DKIM , 591
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 586
AsyncOS DKIM
AsyncOS DKIM
DKIM AsyncOS .
1 AsyncOS DKIM-Signature , , . AsyncOS permfail .
2 DNS TXT . AsyncOS permfail . DNS tempfail .
3 AsyncOS . AsyncOS permfail .
4 AsyncOS pass . AsyncOS .
dkim = pass (partially verified [x bytes])
X . Authentication-Results . .
Authentication-Results: example1.com
header.from=From:[email protected]; dkim=pass (signature verified)
Authentication-Results: example1.com
header.from=From:[email protected]; dkim=pass (partially verified [1000 bytes])
Authentication-Results: example1.com
header.from=From:[email protected]; dkim=permfail (body hash did not verify)
DKIM . . . DNS TXT DKIM (t = y) , DKIM .
DKIM
DKIM Email Security Appliance DKIM . . 30 , 3 . DDoS Throttled . .
· .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 587
DKIM
· / . 512 2048. · .
. 5. · ().
05:00:00 05:00:30 , 60 10 . 60 . · . · SMTP . · SMTP .
.
DKIM configuration . . DKIM , 589 .
DKIM . DKIM DKIM . DKIM , 589 .
· DKIM , 588 · DKIM , 589 · DKIM , 589 · DKIM , 589 · DKIM , 590
DKIM
1 Mail Policies( ) > Verification Profiles( ) . 2 Add Profile( ) . 3 . 4 . 5 . 6 . 5. 7 ( ) . 10. 8 () . 60. 9 body-length . 10 Email Security Appliance
. , 451 SMTP SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 588
DKIM
11 Email Security Appliance . , 451 SMTP SMTP .
12 . DKIM Verification Profiles(DKIM ) .
13 . 14 DKIM .
DKIM
DKIM configuration .
1 Mail Policies( ) > Verification Profiles( ) . 2 Export Profiles( ) . 3 Submit() .
DKIM
1 Mail Policies( ) > Verification Profiles( ) . 2 Import Profiles( ) . 3 DKIM . 4 Submit() . DKIM
. 5 Import() .
DKIM
· DKIM , 589 · DKIM , 590
DKIM
1 Mail Policies( ) > Verification Profiles( ) . 2 DKIM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 589
DKIM
3 Delete() . 4 .
DKIM
1 Mail Policies( ) > Verification Profiles( ) . 2 Clear All Profiles( ) . 3 .
DKIM
DKIM
1 Mail Policies( ) > Verification Profiles( ) . 2 Search DKIM Verification Profiles(DKIM ) . 3 Find Profiles( ) .
DKIM . DKIM .
DKIM
DKIM .
1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) On() DKIM Verification(DKIM )
. 4 DKIM . 5 .
· DKIM , 591
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 590
DKIM
DKIM
DKIM .
mail.current:Mon Aug 6 13:35:38 2007 Info: MID 17 DKIM: no signature mail.current:Mon Aug 6 15:00:37 2007 Info: MID 18 DKIM: verified pass
DKIM
DKIM Authentication-Results , . DKIM . DKIM . .
1 Mail Policies() > Incoming Content Filters( ) . 2 Add Filter( ) . 3 Conditions() Add Condition( ) . 4 DKIM Authentication(DKIM ) . 5 DKIM . .
· Pass. . · Neutral. . · Temperror. . · Permerror. . · Hardfail. . · None. .
6 . DKIM . DKIM .
7 . 8 . 9 .
SPF SIDF
AsyncOS SPF(Sender Policy Framework) SIDF(Sender ID Framework) . SPF SIDF DNS . SPF SIDF DNS TXT ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 591
SPF
. SPF MTA(Mail Transfer Agent) ID . SPF/SIDF SPF , SPF MTA(Mail Transfer Agent) ID .
SPF AsyncOS . SPF DNS .
SPF SIDF SIDF SPF . SIDF SPF RFC 4406 . .
AsyncOS SPF .
· SPF , 592
SPF
SPF SIDF RFC 4406, 4408 7208 SPF . PRA ID RFC 4407 . SPF SIDF . http://www.openspf.org/FAQ/Common_mistakes
· SPF , 592 · SIDF , 593 · SPF , 593
SPF
SPF HELO MTA( ) "v=spf1 a all" SPF . HELO HELO ID None . SPF None MTA "v=spf1 a all" SPF .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 592
SIDF
SIDF
SIDF "v=spf1" "spf2.0" . DNS .
example.com. TXT "v=spf1 +mx a:colo.example.com/28 -all" smtp-out.example.com TXT "v=spf1 a -all" example.com. TXT "spf2.0/mfrom,pra +mx a:colo.example.com/28 -all"
SIDF HELO ID MTA SPF v2.0 .
SIDF "spf2.0/pra ~all" .
SPF
RFC Email Security Appliance SPF SPF . openspf.org . http://www.openspf.org/Tools
SPF . http://www.openspf.org/Why
SPF Cisco trace CLI ( GUI ) SPF . IP .
SPF/SDIF
1
2 3 4 5
( ) SPF/SDIF , 108 .
SPF/SDIF SPF SIDF , 594 .
Email Security Appliance SPF/SIDF
.
, 598
, 276 .
( ) . SPF/SIDF , 601
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 593
SPF SIDF
Cisco , Cisco SPF/SIDF . Cisco SPF/SIDF .
AsyncOS CLI(command line interface) SPF . SPF , SMTP . listenerconfig Host Access Table SPF . CLI SPF SIDF , 595 .
SPF SIDF
SPF/SIDF SPF/SIDF . SPF/SIDF , .
1 Mail Policies( ) > Mail Flow Policy( ) . 2 Default Policy Parameters( ) . 3 Security Features( ) . 4 SPF/SIDF Verification(SPF/SIDF ) On() . 5 ( SIDF-compatible). SPF SIDF
. SIDF , SPF SIDF SIDF-compatible .
SPF/SIDF
SPF
SPF/SIDF RFC4408 RFC7208 .
- PRA(purported responsible address) ID .
: HELO ID .
SIDF
SPF/SIDF RFC4406 . - PRA ID . - SPF v1.0 spf2.0/mfrom,pra . - ID Fail .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 594
CLI SPF SIDF
SIDF Compatible(SIDF SPF/SIDF RFC4406 .
)
- SPF v1.0 spf2.0/mfrom .
- ID None .
: OpenSPF (www.openspf.org) .
CLI . CLI SPF SIDF , 595 .
6 SIDF Compatible(SIDF ) , Resent-Sender: Resent-From: PRA ID Pass None . .
7 SPF , HELO ID . HELO . spf-passed PRA MAIL FROM ID . SPF HELO .
· Received-SPF , 598
· CLI SPF SIDF , 595
CLI SPF SIDF
AsyncOS CLI SPF/SIDF . Host Access Table , SPF/SIDF SPF/SIDF SMTP (ACCEPT REJECT) . SMTP . HELO ID, MAIL FROM ID PRA ID . ID SPF/SIDF (ACCEPT) (REJECT) .
· None(). .
· Neutral. ID .
· SoftFail. ID .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 595
CLI SPF SIDF
· Fail. ID .
· TempError. .
· PermError. .
Resent-Sender: Resent-From: , PRA ID Pass None SIDF Compatible Pass . PRA None SMTP .
ID SMTP Fail .
ID ID REJECT . Fail HELO ID , MAIL FROM ID Fail . HELO ID . MAIL FROM ID REJECT STMP .
SMTP SPF/SIDF . TempError SMTP . TempError 451 #4.4.3 Temporary error occurred during SPF verification. 550 #5.7.1 SPF unauthorized mail is prohibited. TempError .
, Neutral, SoftFail Fail REJECT SPF . .
550-#5.7.1 SPF unauthorized mail is prohibited.
550-The domain example.com explains:
550 <Response text from SPF domain publisher>
SPF/SIDF listenerconfig -> edit . hostaccess -> default Host Access Table .
Host Access Table SPF .
CLI SPF
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 596
CLI SPF SIDF
SPF
SPF · HELO ID · ID SMTP · HELO identity (if enabled) · MAIL FROM Identity
· REJECT SMTP · ()
SIDF Compatible(SIDF )
· HELO ID · Resent-Sender: Resent-From:
PRA ID Pass None · ID SMTP
· HELO identity (if enabled) · MAIL FROM Identity · PRA Identity
· REJECT SMTP · ()
SIDF Strict
· ID SMTP · MAIL FROM Identity · PRA Identity
· SPF REJECT SMTP · ()
HELO ID , None Neutral . SMTP CLI ID . MAIL FROM ID SMTP . ID . REJECT .
CLI listenerconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 597
Received-SPF
Received-SPF
SPF/SIDF AsyncOS SPF/SIDF (Received-SPF) . Received-SPF .
· - SPF ( , 599 ). · ID - SPF ID: HELO, MAIL FROM PRA. · receiver - · IP - SMTP IP . · ENVELOPE FROM - . (MAIL FROM ID MAIL
FROM ID .) · x-sender - HELO, MAIL FROM PRA ID . · x-conformance - ( - SPF/SIDF ) PRA
.
SPF/SIDF .
Received-SPF: Pass identity=pra; receiver=box.example.com;
client-ip=1.2.3.4; envelope-from="[email protected]";
x-sender="[email protected]"; x-conformance=sidf_compatible
spf-status spf-passed received-SPF SPF/SIDF .
SPF/SIDF
SPF/SIDF SPF/SIDF . SPF/SIDF , .
· spf-status. SPF/SIDF . SPF/SIDF .
· spf-passed. SPF/SIDF .
spf-passed .
spf-status , spf-passed .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 598
· , 599 · CLI spf-status , 599 · GUI spf-status , 601 · spf-passed , 601
spf-status SPF/SIDF .
if (spf-status == "Pass")
.
if (spf-status == "PermError, TempError")
HELO, MAIL FROM PRA ID .
if (spf-status("pra") == "Fail")
HELO, MAIL FROM PRA ID spf-status . ID spf-status . spf-status PRA ID .
. · None - . · Pass - ID . · Neutral - ID . · SoftFail - ID . · Fail - ID . · TempError - . · PermError - .
CLI spf-status
spf-status .
skip-spam-check-for-verified-senders:
if (sendergroup == "TRUSTED" and spf-status == "Pass"){
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 599
CLI spf-status
skip-spamcheck(); } quarantine-spf-failed-mail: if (spf-status("pra") == "Fail") { if (spf-status("mailfrom") == "Fail"){ # completely malicious mail quarantine("Policy"); } else { if(spf-status("mailfrom") == "SoftFail") { # malicious mail, but tempting quarantine("Policy"); } } } else { if(spf-status("pra") == "SoftFail"){ if (spf-status("mailfrom") == "Fail" or spf-status("mailfrom") == "SoftFail"){ # malicious mail, but tempting quarantine("Policy"); } } } stamp-mail-with-spf-verification-error: if (spf-status("pra") == "PermError, TempError" or spf-status("mailfrom") == "PermError, TempError" or spf-status("helo") == "PermError, TempError"){ # permanent error - stamp message subject strip-header("Subject"); insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); } .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 600
GUI spf-status
GUI spf-status
GUI spf-status . spf-status HELO, MAIL FROM PRA ID . GUI spf-status Mail Policies( ) > Incoming Content Filters( ) . Add Condition( ) SPF Verification(SPF ) . . SPF Verification(SPF ) SPF . SPF SoftFail .
spf-passed
spf-passed SPF . spf-passed spf-passed .
quarantine-spf-unauthorized-mail: if (not spf-passed) {
quarantine("Policy"); }
spf-status spf-passed SPF/SIDF . None, Neutral, Softfail, TempError, PermError Fail spf-passed . spf-status .
SPF/SIDF
SPF/SIDF SPF/SIDF . SPF/SIDF . SPF/SIDF , , Email Security Monitor - Content Filters( - ) . SPF/SIDF SPF/SIDF .
· SPF/SIDF , 602 · SPF/SIDF , 602
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 601
SPF/SIDF
SPF/SIDF
SPF/SIDF Email Security Monitor - Content Filters( - ) . SPF/SIDF .
1 SPF/SIDF , . SPF/SIDF SPF SIDF , 594 .
2 SPF/SIDF spf-status . . SPF/SIDF "SPF-Passed" , "SPF-TempErr" . spf-status GUI spf-status , 601 .
3 SPF/SIDF Monitor() > Content Filters( ) SPF/SIDF .
SPF/SIDF
SPF/SIDF , SPF/SIDF , . SPF/SIDF . SPF/SIDF , 602 . , SPF/SIDF .
1 SPF/SIDF . SPF/SIDF . SPF/SIDF SPF SIDF , 594 .
2 SPF/SIDF SPF/SIDF . " " .
3 SPF/SIDF spf-status . . SPF/SIDF "SPF-Passed" , "SPF-TempErr" . spf-status GUI spf-status , 601 .
4 SPF/SIDF Monitor() > Content Filters( ) SPF/SIDF .
DMARC
DMARC(Domain-based Message Authentication, Reporting and Conformance) . DMARC SPF DKIM
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 602
DMARC
. DMARC RFC 5322 . Email Security Appliance .
· DMARC · (, ) · · DMARC 10MB DMARC RUA
AsyncOS 2013 3 31 IETF(Internet Engineering Task Force) DMARC . http://tools.ietf.org/html/draft-kucherawy-dmarc-base-02 .
Email Security Appliance DMARC DMARC . .
· DMARC , 603 · DMARC , 604
DMARC
AsyncOS DMARC . 1. AsyncOS SMTP . 2. AsyncOS SPF DKIM . 3. AsyncOS DNS DMARC .
· AsyncOS DMARC . · DNS AsyncOS DMARC
. 4. DKIM SPF AsyncOS DMARC .
DKIM SPF , DMARC DKIM SPF .
5. DMARC DMARC , AsyncOS , . DMARC , AsyncOS .
6. AsyncOS SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 603
DMARC
7. AsyncOS DMARC , . DMARC DMARC , 609 .
10MB DMARC RUA AsyncOS .
DMARC
DMARC
1
DMARC DMARC , 605 DMARC DMARC , 606 .
2
( ) DMARC DMARC , 607 .
3
DMARC DMARC , . 608
4
( ) DMARC DMARC ,
.
609
5
( ) .
· DMARC · DMARC
· DMARC Verification(DMARC ) , 815
· Incoming Mail( ) , 802
· , 838
· DMARC , 605 · DMARC , 609 · DMARC , 607 · DMARC , 608 · DMARC , 609
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 604
DMARC
DMARC
DMARC Email Security Appliance DMARC . . DMARC .
· . · DMARC '' · DMARC '' · ·
· DMARC , 605 · DMARC , 606 · DMARC , 606 · DMARC , 606 · DKIM , 589
DMARC DMARC .
AsyncOS DMARC . DMARC DMARC . DMARC Mail Policies( ) > DMARC . DMARC DMARC , 606 .
1 Mail Policies( ) > DMARC . 2 Add Profile( ) . 3 . 4 DMARC '' AsyncOS . .
· No Action( ). AsyncOS DMARC . · Quarantine(). AsyncOS DMARC . · Reject(). AsyncOS DMARC SMTP
. 550 #5.7.1 DMARC unauthenticated mail is prohibited.
5 DMARC '' AsyncOS . . · No Action( ). AsyncOS DMARC .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 605
DMARC
· Quarantine(). AsyncOS DMARC . 6 DMARC AsyncOS .
. · Accept(). AsyncOS DMARC . · Reject(). AsyncOS DMARC SMTP . 451 #4.7.1 Unable to perform DMARC verification.
7 DMARC AsyncOS . . · Accept(). AsyncOS DMARC . · Reject(). AsyncOS DMARC SMTP . 550 #5.7.1 DMARC verification failed.
8 .
DMARC
1 Mail Policies( ) > DMARC . 2 . 3 DMARC , 605 . 4 .
DMARC DMARC configuration .
1 Mail Policies( ) > DMARC . 2 Export Profiles( ) . 3 . 4 .
DMARC
1 Mail Policies( ) > DMARC . 2 Import Profiles( ) . 3 DMARC .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 606
DMARC
4 Submit() . DMARC .
5 Import() . 6 .
DMARC
1 Mail Policies( ) > DMARC . 2 . 3 Delete() . 4 .
DMARC
1 Mail Policies( ) > DMARC . 2 Edit Global Settings( ) . 3 .
DMARC
Specific senders bypass address list( DMARC .
)
.
DMARC . , 116 .
Bypass verification for messages with DMARC .
headers( DMARC
)
.
.
Schedule for report generation( AsyncOS DMARC .
)
.
Entity generating reports( DMARC . DMARC
)
.
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 607
DMARC
Additional contact information for DMARC reports( ) (:
).
Send copy of all aggregate reports DMARC (:
to( ) .
)
.
Error Reports( )
DMARC 10MB DMARC RUA .
.
4 .
DMARC
1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) On() DMARC Verification(DMARC )
. 4 DMARC . 5 ( ) DMARC RUA DMARC
. .
6 .
· DMARC , 608
DMARC
DMARC .
· DMARC · DMARC · DKIM SPF DMARC
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 608
DMARC
· DMARC · DMARC DNS · DMARC · · ·
DMARC
1 System Administration( ) > Return Addresses( ) . 2 Edit Settings( ) . 3 DMARC . 4 .
DMARC
DMARC . . AsyncOS DMARC , AsyncOS . XML GZip .
AsyncOS DMARC DMARC .
DMARC . · ID · DMARC · IP DMARC · · DMARC
· DMARC , 609
DMARC
<?xml version="1.0" encoding="UTF-8" ?> <feedback>
<version>1.0</version> <report_metadata>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 609
<org_name>cisco.com</org_name> <email>[email protected]</email> <extra_contact_info>http://cisco.com/dmarc/support</extra_contact_info> <report_id>[email protected]</report_id> <date_range>
<begin>1335571200</begin> <end>1335657599</end> </date_range> </report_metadata> <policy_published> <domain>example.com</domain> <adkim>r</adkim> <aspf>r</aspf> <p>none</p> <sp>none</sp> <pct>100</pct> </policy_published> <record> <row> <source_ip>1.1.1.1</source_ip> <count>2</count> <policy_evaluated>
<disposition>none</disposition> <dkim>fail</dkim> <spf>pass</spf> </policy_evaluated> </row> <identifiers> <envelope_from>example.com</envelope_from> <header_from>example.com</header_from> </identifiers> <auth_results> <dkim> <domain>example.com</domain> <selector>ny</selector> <result>fail</result> </dkim> <dkim> <domain>example.net</domain> <selector></selector> <result>pass</result> </dkim> <spf> <domain>example.com</domain> <scope>mfrom</scope> <result>pass</result> </spf> </auth_results> </record> </feedback>
(, CEO ) . PII( ) . PII . PII .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 610
Cisco Email Security Appliance (From: ) . , From: . () .
· , 611 · , 612 · , 612
1. (: ) . .
· . , "[email protected]" "Olivia Smith" .
· . · . · . .
39:
, 617 . 2.
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 611
· /: ( , 284 , 138 )
· : . ( , 284 , 138 )
3. . , 270 .
Forged Email Matches( ) (Monitor() > Forged Email Matches( )) . .
· Top Forged Email Matches( ) From( ): 10 .
· Forged Email Matches( ): Details( ) From( ): , . Message Tracking( ) .
.
· . , 837 . · .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 612
25
. · , 613 · , 615 · , 619 · , 621 · , 622 · , 625
, , .
· , 613 · , 614 · , 614 · DLP ( DLP ) , 505
Body Scanning( ) . , . , , . AsyncOS GUI(Mail Policies( ) > Dictionaries()) CLI dictionaryconfig 100
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 613
. , , .
. , , . / . , . "" .
ASCII .
.
· · 0-9, A-Z, a-z, , , @ · 0-9, A-Z, a-z, , , @
([email protected]) .
· , 615 · , 616 · , 617 · , 618 · , 618 · , 619
, , . AsyncOS . .
. , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 614
Body Scanning( ) . , . , , . AsyncOS GUI(Mail Policies( ) > Dictionaries()) CLI dictionaryconfig 100 . , , . . , , . / . , . "" . ASCII . .
· · 0-9, A-Z, a-z, , , @ · 0-9, A-Z, a-z, , , @ ([email protected]) .
· , 615 · , 616 · , 617 · , 618 · , 618 · , 619
, . ASCII . ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 615
. Python Python Regular Expression HOWTO . http://www.python.org/doc/howto/
# [#] .
"" . AsyncOS "" . 3 6. AsyncOS , . . , ABA . . " " " " . " " " " .
ASCII CLI . ASCII , , . , 616 .
· , 616
( ) / . (regex "\w" ) . .
configuration .
· config.dtd · profanity.txt · proprietary_content.txt
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 616
· sexual_content.txt . .
Match Whole Words( ) Case Sensitive(/ ) . .
FTP, SSH SCP , 1199 . . ASCII , . , 618 . , 619 .
. , .
1 Mail Policies( ) > Dictionaries() . 2 Add Dictionary( ) . 3 . 4 ( ) Advanced Matching( ) .
Match Whole Words( ) Case Sensitive(/ ) . .
5 ( ) . , ABA . " " .
6 . . ".*" "word" MIME . ".*" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 617
7 .
"" . " " " " .
8 Add() . 9 .
· , 615 .
AsyncOS . AsyncOS , .
1 Mail Policies( ) > Dictionaries() . 2 .
.
3 Delete() . 4 .
configuration .
1 Mail Policies( ) > Dictionaries() . 2 Import Dictionary( ) . 3 . 4 . 5 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 618
AsyncOS . . 6 . 7 Next() . 8 . 9 .
1 Mail Policies( ) > Dictionaries() . 2 Export Dictionary( ) . 3 . 4 .
configuration . 5 . 6 . 7 .
dictionary-match() .
· , 619
dictionary_name dictionary-match(<dictionary_name>) ( ) . . dictionary-match() body-contains() . . *-dictionary-match() . subject-dictionary-match() , header-dictionary-match() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 619
. " " " " .
43:
Syntax
dictionary-match (<dictionary_name>)
?
"secret_words" ( ) dictionary-match() . / "codename" true .
bcc_codenames:
if (dictionary-match ('secret_words'))
{
bcc('[email protected]');
}
Policy() .
quarantine_codenames:
if (dictionary-match ('secret_words'))
{
quarantine('Policy');
}
· , 620 · , 621
44:
: foo $ : ^ foo
( [email protected], @example.com
)
example.com$ (ends with)@example.*
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 620
( ^ "RE:" "FW:" .)
trace dictionary-match() . : , 1149 . quarantine_codenames quarantine() .
. .
· - . , 625 .
· - notify() notify-bcc() . , 631 .
· - . ( ) . , 631 .
· - . , 634 .
· - . . , 636 .
CLI(textconfig) GUI , , , , . GUI , 622 .
ASCII .
ASCII CLI . ASCII , , . , 616 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 621
· , 616
configuration . configuration . configuration . configuration FTP, SSH SCP , 1199 . ASCII , . , 623 . , 624 .
GUI CLI . GUI . textconfig CLI . .
· · · · · HTML
· , 622 · , 623 · , 624 · , 623 · HTML , 624 .
1 Mail Policies( ) > Text Resources( ) . 2 Add Text Resource( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 622
3 Name() . 4 Type() . 5 Text() HTML and Plain Text(HTML ) .
Text() . HTML HTML and Plain Text(HTML ) . 6 .
· HTML , 624 .
· . ·
.
1 Mail Policies( ) > Text Resources( ) Delete() . .
2 Delete() . 3 .
configuration .
1 Mail Policies( ) > Text Resources( ) Import Text Resource( ) .
2 . 3 . 4 Next() . 5 , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 623
6 .
configuration .
1 Mail Policies( ) > Text Resources( ) Export Text Resource( ) .
2 . 3 . 4 . 5 Submit() configuration .
HTML
HTML . HTML HTML text/html , text/plain . HTML GUI HTML . HTML .
· HTML , .
· Code View( ) HTML .
· GUI HTML HTML . <img src> HTML .
· HTML , 624
HTML
HTML . HTML .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 624
· [html_version] · [text_version]
.
.
[html_version] <p>Sample <i>message.</i></p> [text_version] Sample message.
HTML .
· HTML HTML [text_version] .
· , HTML [html_version] HTML HTML . [text_version] .
· [html_version] HTML [text_version] HTML .
Text Resource( ) textconfig CLI . . , .
· , 625 · , 628 · , 631 · , 631 · , 634 · , 636
( ) . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 625
· , GUI listenerconfig ( , 626 ).
· , Add Disclaimer Text ( , 293 ). · , add-footer() (" " ). · ( , 491 ). · Outbreak Filter
( , 404 ). .
, .
. GUI Text Resources( ) ( , 622 ) textconfig (AsyncOS for Cisco Email Security Appliance CLI ) .
· , 626 · , 626 · , 627
. . ( ) () .
HTML (Microsoft Outlook " " ) . , . "Content-Disposition inline attachment" . " " " " .
add-footer() "Add Disclaimer Text" . LDAP "Legal" legal.disclaimer .
Add-Disclaimer-For-Legal-Team:
if (mail-from-group == 'Legal')
{
add-footer('legal.disclaimer');
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 626
}
( " " " " ). .
45:
$To $From $Subject $Date $Time $GMTimestamp
$MID
$Group
$Policy
$Reputation
$filenames $filetypes $filesizes $remotehost
$AllHeaders $EnvelopeFrom
To: (Envelope Recipient ).
From: (Envelope Sender ).
.
MM/DD/YYYY .
( ).
Received: GMT .
MID(Message ID) . RFC822 "Message-Id" ( $Header ).
. ">Unknown<" .
HAT . ">Unknown<" .
SenderBase Reputation . "None" .
.
.
.
Email Security Appliance .
.
Envelope Sender( )(Envelope From, <MAIL FROM>) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 627
$Hostname
Email Security Appliance .
$header[`string ']
. .
$enveloperecipients Envelope Recipients( )(Envelope To, <RCPT TO>) .
$bodysize
( ).
$FilterName
.
$MatchedContent
(body-contains ).
$DLPPolicy
DLP .
$DLPSeverity
. "Low," "Medium," "High" "Critical."
$DLPRiskFactor
( 0~100).
$threat_category
, , , Outbreak Filter .
$threat_type
Outbreak Filter . , , .
$threat_description Outbreak Filter .
$threat_level
( 0~5).
$threat_verdict
Message Modification Threat Level( ) Yes() No() . Yes() .
GUI Text Resource( ) textconfig .
add-footer() , UTF-8, QP(quoted printable) ASCII .
AsyncOS . AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 628
localeconfig . .
To: [email protected]
From: [email protected]
: !
< >
!
.
Example.zip
MIME . " " "" , " " .
() .
To: [email protected]
From: [email protected]
: !
< >
!
.
Example.zip
AsyncOS ("inline"()) . , . US-ASCII , ISO-8859-1 . "" .
localeconfig , AsyncOS .
example.com> localeconfig Behavior when modifying headers: Use encoding of message body
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 629
Behavior for untagged non-ASCII headers: Impose encoding of message body Behavior for mismatched footer or heading encoding: Try both body and footer or heading encodings Behavior when decoding errors found: Disclaimer is displayed as inline content and the message body is added as an attachment.
Choose the operation you want to perform: - SETUP - Configure multi-lingual settings. []> setup
If a header is modified, encode the new header in the same encoding as the message body? (Some MUAs incorrectly handle headers encoded in a different encoding than the body. However, encoding a modified header in the same encoding as the message body may cause certain characters in the modified header to be lost.) [Y]>
If a non-ASCII header is not properly tagged with a character set and is being used or modified, impose the encoding of the body on the header during processing and final representation of the message? (Many MUAs create non-RFC-compliant headers that are then handled in an undefined way. Some MUAs handle headers encoded in character sets that differ from that of the main body in an incorrect way. Imposing the encoding of the body on the header may encode the header more precisely. This will be used to interpret the content of headers for processing, it will not modify or rewrite the header unless that is done explicitly as part of the processing.) [Y]>
Disclaimers (as either footers or headings) are added in-line with the message body whenever possible.
However, if the disclaimer is encoded differently than the message body, and if imposing a single encoding
will cause loss of characters, it will be added as an attachment. The system will always try to use the message body's encoding for the disclaimer. If that fails, the system can try to edit the message body to use an encoding that is compatible with the message body as well as the disclaimer. Should
the system try to re-encode the message body in such a case? [Y]>
If the disclaimer that is added to the footer or header of the message generates an error when decoding the message body, it is added at the top of the message body. This prevents you to rewrite a new message content that must merge with the original message content and the header/footer-stamp. The disclaimer is now added as an additional MIME part that displays only the header disclaimer as an inline content, and the rest of the message
content is split into separate email attachments. Should the system try to ignore such errors when decoding the message body? [N]>
Behavior when modifying headers: Use encoding of message body Behavior for untagged non-ASCII headers: Impose encoding of message body Behavior for mismatched footer or heading encoding: Try both body and footer or heading encodings Behavior when decoding errors found: Disclaimer is displayed as inline content and the message body is added as an attachment.
Choose the operation you want to perform: - SETUP - Configure multi-lingual settings. []>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 630
localeconfig " " .
notify() notify-copy() . ascii (" " " " ). $Allheaders . From: , 960 .
. notify-copy() "grape_text" "[email protected]" .
40:
. · . . · . .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 631
. From: . , 960 .
· , 632
.
41:
· , 632
.
46:
$To $From $Subject $AV_VIRUSES
To: (Envelope Recipient ). From: (Envelope Sender ). . . "Unix/Apache.Trojan", "W32/Bagel-F"
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 632
$AV_VIRUS_TABLE
MIME-Part/Attachment . "HELLO.SCR" : "W32/Bagel-F" <unnamed part of the message> : "Unix/Apache.Trojan"
$AV_VERDICT
.
$AV_DROPPED_TABLE . , .
"HELLO.SCR" : "W32/Bagel-f", "W32/Bagel-d" "Love.SCR" : "Netsky-c", "W32/Bagel-d"
$AV_REPAIRED_VIRUSES .
$AV_REPAIRED_TABLE . "HELLO.SCR" : "W32/Bagel-F"
$AV_DROPPED_PARTS . "HELLO.SCR", "CheckThisOut.exe"
$AV_REPAIRED_PARTS .
$AV_ENCRYPTED_PARTS .
$AV_INFECTED_PARTS .
$AV_UNSCANNABLE_PARTS .
$Date
MM/DD/YYYY .
$Time
( ).
$GMTimestamp
Received: GMT .
$MID
MID(Message ID) . RFC822 "Message-Id" ( $Header ).
$Group
. ">Unknown<" .
$Policy
HAT . ">Unknown<" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 633
$Reputation
$filenames $filetypes $filesizes $remotehost
$AllHeaders $EnvelopeFrom
$Hostname
SenderBase Reputation . "None" . . . . Email Security Appliance . . Envelope Sender( )(Envelope From, <MAIL FROM>) . Email Security Appliance .
/ . "$to" "$To" . "AV_" <None> .
Mail Policies( ( > Incoming/Outgoing Mail Policies(/ ) > Edit Anti-Virus Settings( ) policyconfig -> edit -> antivirus , Repaired, Unscannable, Encrypted Virus Positive RFC 822 . , 347 .
. , .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 634
42:
RFC-1891 DSN .
.
43:
· , 635
.
47:
$Subject $Date $Time $GMTimeStamp
$MID
. MM/DD/YYYY . ( ). Received: GMT . MID(Message ID) . RFC822 "Message-Id" ( $Header ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 635
$BouncedRecipient $BounceReason $remotehost
Email Security Appliance .
Cisco Email Encryption . . . HTML . HTML .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 636
26
SMTP
. · SMTP Call-Ahead , 637 · SMTP Call-Ahead , 637 · SMTP , 639 · SMTP , 642 · LDAP , 642 · SMTP Call-Ahead , 643 · SMTP Call-Ahead , 644
SMTP Call-Ahead
SMTP call-ahead SMTP . LDAP RAT(Recipient Access Table) . , , LDAP LDAP . Email Security Appliance SMTP , SMTP . SMTP call-ahead . . .
SMTP Call-Ahead
SMTP call-ahead Email Security Appliance MTA SMTP SMTP " (call ahead)". SMTP SMTP Email Security Appliance , . SMTP call-head .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 637
SMTP Call-Ahead 44: SMTP Call Ahead
SMTP
1. MTA SMTP . 2. Email Security Appliance SMTP [email protected]
SMTP .
SMTP LDAP SMTP . 3. SMTP Email Security Appliance . 4. Email Security Appliance SMTP MTA , SMTP ( SMTP Call-Ahead ) . , RAT SMTP call-ahead . example.com RAT , [email protected] SMTP call-ahead .
HAT DHAP(Directory Harvest Attack Prevention) SMTP call-ahead . SMTP . DHAP " " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 638
SMTP
SMTP
SMTP
1 2 3 4
SMTP Call-Ahead , 639
.
SMTP SMTP
.
,
642
( ) LDAP , SMTP LDAP 642 .
( ) call-ahead
.
SMTP Call-Ahead , 644
· Call-Ahead , 639
Call-Ahead
SMTP Call-Ahead Email Security Appliance SMTP SMTP .
1 Network() > SMTP Call-Ahead . 2 Add Profile( ) . 3 . - SMTP Call-Ahead . 4 . - SMTP Call-Ahead . 5 .
· SMTP Call-Ahead , 640 · Call Ahead , 641
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 639
SMTP Call-Ahead
SMTP
SMTP Call-Ahead
SMTP Call-Ahead Email Security Appliance SMTP .
48: SMTP Call-Ahead
Profile Name( ) Call-Ahead .
Call-Ahead Server
Call-Ahead .
Type(Call-Ahead ) · Use Delivery Host( ).
SMTP call-ahead . [email protected]
example.com SMTP SMTP
. SMTP LDAP
SMTP . LDAP LDAP ,
642 .
· Static Call-Ahead Server( Call-Ahead ). call-ahead . Call-ahead
. Email Security Appliance call-ahead
.
call-ahead SMTP . call-ahead IP MX A .
Static Call-Ahead Servers( call-ahead
Call-Ahead )
.
.
ironport.com:25
.
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 640
SMTP
Call Ahead
49: SMTP Call-Ahead
SMTP SMTP .
Management Auto . Auto Email Security Appliance . Cisco IronPort SMTP .
· call-ahead .
· SMTP . ·
.
MAIL FROM Address(MAIL SMTP SMTP MAIL FROM: . FROM )
Validation Request Timeout( SMTP ().
)
call-ahead
. Call Ahead , 641 .
Validation Failure Action( ( , ,
)
). Email Security Appliance
. Call Ahead
, 641 .
Temporary Failure Action( ( SMTP
)
4xx ) . ,
.
Call Ahead , 641 .
Max. Recipients per Session( SMTP .
)
1~25,000 .
Max. Connections per
call-ahead SMTP .
Server( ) 1~100 .
SMTP . 100~1,000,000 .
Cache TTL( TTL)
TTL(time-to-live) . 900 . 60~86,400 .
Call Ahead
SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 641
SMTP
SMTP
· 2xx: Call-ahead 2 SMTP . 250 .
· 4xx: 4 SMTP SMTP . . 451 .
· 5xx: 5 SMTP SMTP . 550 .
· Timeout( ). Call-ahead .
· Connection error( ). Call-ahead .
· . SMTP ( ) .
SMTP
SMTP Call-Ahead , SMTP . SMTP call-ahead .
1 Network() > Listeners() . 2 SMTP call-ahead . 3 SMTP Call Ahead Profile(SMTP Call Ahead ) SMTP Call-Ahead . 4 .
LDAP
LDAP AsyncOS Alternate Mailhost Attribute SMTP . . (mailHost) SMTP call-ahead SMTP (callAhead) .
dn: mail=cisco.com, ou=domains mail: cisco.com mailHost: smtp.mydomain.com policy: ASAV callAhead: smtp2.mydomain.com,smtp3.mydomain.com:9025
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 642
SMTP
SMTP Call-Ahead
SMTP Call-Ahead , SMTP call-ahead callAhead . .
45: SMTP Call-Ahead LDAP
{d} SMTP Call-Ahead Server Attribute call-ahead ( 9025 smtp2.mydomain.com, smtp3.mydomain.com).
LDAP SMTP call-ahead SMTP . LDAP .
SMTP Call-Ahead
SMTP call-ahead AsyncOS . 1. . 2. LDAP . 3. SMTP . 4. DNS (MX A ). LDAP SMTP . SMTP DNS . SMTP call-ahead LDAP SMTP .
· LDAP SMTP call-ahead SMTP . SMTP SMTP IP DNS .
· LDAP SMTP , SMTP LDAP . SMTP SMTP IP DNS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 643
SMTP Call-Ahead
SMTP
· LDAP SMTP , SMTP LDAP . SMTP SMTP IP DNS .
SMTP Call-Ahead
SMTP call-ahead SMTP call-ahead .
SMTP call-ahead SMTP call-ahead . RAT .
GUI SMTP call-ahead RAT Bypass SMTP Call-Ahead(SMTP Call-Ahead )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 644
27
MTA
. · MTA , 645 · , 646 · HAT TLS , 651 · TLS , 654 · DNS , 658 · , 661 · HTTPS , 664
MTA
( Message Transfer Agent, MTA) " " . , . . . TLS(Transport Layer Security) SSL(Secure Socket Layer) , SMTP . AsyncOS RFC 3207(RFC 2487 ) , SMTP(Secure SMTP over TLS) STARTTLS . AsyncOS TLS . X.509 . AsyncOS TLS , HTTP(HTTPS) , LDAP , TLS .
· TLS SMTP , 645
TLS SMTP
TLS SMTP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 645
MTA
1 X.509 , 646 .
2 Email Security Appliance .
· , 648
· , 650
3 , TLS .
· HAT TLS , 651
· TLS , 654
4 ( ) , 661 .
5 ( ) TLS TLS , 657 Email Security Appliance .
TLS Email Security Appliance X.509 . SMTP , HTTPS , LDAP TLS . .
Network() > Certificates() CLI certconfig print . print .
TLS HTTPS , . CLI .
· , 647 · , 647
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 646
MTA
Email Security Appliance (: ) . .
1 . , 648
2 CSR(Certificate Signing Request) .
, 648
3 CSR(Certificate Signing
.
Request) , 649
4 .
, 650
5 , 661 .
6 .
, 648
. .
1 , 648 .
2 Email Security Appliance , 648 .
3 .
, 651
4 Email Security Appliance . .
5 . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 647
MTA
6 Email Security Appliance , 650
.
.
Cisco AMP Threat Grid Appliance , 467 .
CN . Email Security Appliance ( SAN(Subject Alternative Name) ). .
AsyncOS . , . godaddy.com . godaddy.com godaddy.com .
.
· TLS MTA SMTP ( )
· HTTPS GUI HTTPS
· LDAP LDAPS
· Cisco AMP Threat Grid Appliance
CLI certconfig .
1 Network() > Certificates() . 2 Add Certificate( ) . 3 Create Self-Signed Certificate( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 648
MTA
CSR(Certificate Signing Request)
4 .
/
/:
/
2 ISO
CSR 2048 1024 .
5 Next() . 6 . AsyncOS CN . 7 CSR(Certificate Signing Request) Download Certificate Signing Request(
) CSR PEM . 8 .
.
· , 647 · , 647
CSR(Certificate Signing Request)
ID . . . Cisco .
Email Security Appliance , CSR(Certificate Signing Request) . . , CSR , Network() > Certificates() CLI certconfig .
"certificate authority services SSL Server Certificates( SSL )" . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 649
MTA
, 647 .
. , IP HTTPS , LDAP TLS .
1 , PEM PEM . ( http://www.openssl.org OpenSSL .)
2 . . a) Network() > Certificates() . b) . c) .
3 .
· , 647
AsyncOS PKCS #12 . CLI certconfig .
. , 650 .
1 Network() > Certificates() . 2 Add Certificate( ) . 3 Import Certificate( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 650
MTA
4 . 5 . 6 Next() . 7 .
AsyncOS CN . 8 .
· , 647 .
AsyncOS PKCS #12 .
CSR(Certificate Signing Request) . , 647 .
1 Network() > Certificates() . 2 Export Certificate( ) . 3 . 4 . 5 . 6 Export() . 7 . 8 , Cancel() Network() > Certificates()
.
· , 647 .
HAT TLS
TLS . (, ) TLS (, ) . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 651
GUI TLS
MTA
TLS .
50: TLS
TLS
1.
2. Preferred 3.
TLS . SMTP . .
MTA TLS .
MTA TLS , STARTTLS NOOP, EHLO QUIT . Transport Layer Security SMTP SMTP Service Extension RFC 3207 . TLS "" , TLS . .
TLS . () () TLS HAT TLS . tls "off" .
TLS . , 75 .
· GUI TLS , 652 · CLI TLS , 653 · , 657 · GUI : HAT TLS , 653 · CLI : HAT TLS , 653
GUI TLS
1 Network() > Listeners() . 2 . 3 Certificate() . 4 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 652
MTA
CLI TLS
CLI TLS
1 listenerconfig -> edit . 2 certificate . 3 . 4 commit .
Email Security Appliance TLS . .
· TLS "required()" · Email Security Appliance "Must issue a STARTTLS command first(STARTTLS
)" ·
TLS .
GUI : HAT TLS
1 Mail Policies( ) > Mail Flow Policies( ) . 2 . (
.) 3 "Encryption and Authentication( )" "TLS:" TLS
. 4 .
TLS .
CLI : HAT TLS
1 listenerconfig -> edit . 2 hostaccess -> default HAT . 3 TLS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 653
TLS
MTA
Do you want to allow encrypted TLS connections? 1. No 2. Preferred 3. Required [1]> 3 You have chosen to enable TLS. Please use the 'certconfig' command to ensure that there is a valid certificate configured.
4 certconfig . . TLS , . listenerconfig -> edit -> certificate . TLS , CLI .
Name: Inboundmail Type: Public Interface: PublicNet (192.168.2.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 1000 (TCP Queue: 50) Domain map: disabled TLS: Required
5 commit .
TLS
Destination Controls( ) destconfig TLS . TLS , . . .
· SMTP CA( ) .
· CN(Common Name) DNS . --
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 654
MTA
TLS
RFC 2459 , subjectAltName(Subject Alternative Name) DNS . RFC 2818 3.1 , .
CA ID . .
TLS Email Security Appliance . "Cisco Email Encryption" .
TLS . Destination Controls( ) Edit Global Settings( ) CLI destconfig -> setup . .
Destination Controls( ) destconfig TLS 5 . TLS (required) (preferred) , . .
51: TLS
TLS
1. No 2. Preferred
3. Required
Destination Controls( ) destconfig -> default , MTA TLS .
"Do you wish to apply a specific TLS setting for this domain?( TLS ?)" "no()" "Default( )" .
MTA TLS .
Email Security Appliance MTA TLS . TLS (220 ) SMTP " "( ) . . 220 SMTP .
Email Security Appliance MTA TLS . . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 655
TLS
MTA
TLS
4. Preferred (Verify)( ())
Email Security Appliance MTA TLS . .
.
· TLS . .
· TLS . .
· TLS , . .
5. Required (Verify)( ())
MTA TLS . . .
· TLS . .
· TLS , CA( ) . .
· TLS . .
6. - ID TLS Required - Verify(TLS - ) TLS Required - Verify
Hosted Domain(TLS - ) .
ID
.
ID dNSName subjectAltName . dNSName ID(REF ID) CN ID . CN dNSName subjectAltName .
TLS , Destination Controls( ) destconfig -> default ("No," "Preferred," "Required," "Preferred (Verify)" "Required (Verify)") .
· TLS , 657 · , 657 · , 661
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 656
MTA
TLS
TLS
TLS TLS Email Security Appliance . TLS . Email Security Appliance Warning() . GUI System Administration( ) > Alerts() ( CLI alertconfig ) .
· TLS , 657
TLS
1 Mail Policies Destination Controls( ) . 2 Edit Global Settings( ) . 3 "Send an alert when a required TLS connection fails( TLS )" Enable()
. . Monitor() > Message Tracking( ) .
4 .
CLI destconfig -> setup TLS .
Email Security Appliance TLS . TLS . .
· MTA ESMTP ( Email Security Appliance EHLO )
· MTA ESMTP , EHLO "STARTTLS" · MTA "STARTTLS" , Email Security Appliance STARTTLS
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 657
DNS
MTA
DNS
· SMTP DNS , 658 · DANE TLS , 660 · DANE , 661
SMTP DNS
TLS . · CA( ) . · MITM( ) TLS . · DNS DNSSEC DNS MX DNS DNS . · MTA(Mail Transfer Agent) , (CA) .
SMTP DANE( DNS ) DNS DNSSEC(Domain Name System Security) TLSA DNS DNS x.509 . TLSA CA( ), RFC 6698 DNS . TLSA , 659 . DNSSEC(Domain Name System Security) DNS DNS . DNSSEC . TLS SMTP DANE .
· MITM( ) , DNS .
· DNSSEC TLS DNS .
· SMTP DANE , 659 · TLSA , 659 · DANE TLS , 660
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 658
MTA
SMTP DANE
· DANE , 661
SMTP DANE
TLS DANE .
46: DANE TLS
1. (Alice) (Bob) . 2. Email Security . 3. Email Security DNS (DNS DNS TLSA
) . 4. TLSA DNSSEC DNS . 5. STARTTLS SMTP . 6. x.509 TLSA .
MTA(Mail Transfer Agent) . . 7. MTA .
TLSA
DNSSEC DNS CA( ) TLSA . FQDN(Fully Qualified Domain Name) www.example.com TLSA .
_443. _tcp. .com. IN TLSA (0 0 1 91751cee0a1ab8414400238a761411daa29643ab4b8243e9a91649e25be53ada)
TLSA . · Certificate Usage( ): . · '0' RFC 6698 PKIX CA .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 659
DANE TLS
MTA
· '1' , TLS .
· '2' , TLS .
· '3' TLS .
· Selector Field( ): TLS . · '0' . · '1' 'SubjectPublicKeyInfo' .
· Matching Type( ): . · '1' SHA-256 . · '0' . · '2' SHA-512 .
DANE TLS
· TLSA DNSSEC . · DANE TLS . TLS , 654 .
1 Mail Policies( ) > Destination Controls( ) . 2 Add Destination Controls( ) . 3 TLS Support(TLS ) DANE Preferred(), Required()
Mandatory() . 4 DANE Support(DANE ) TLS DANE .
DANE
Destination Controls( ) DANE MTA TLS .
"Default" DANE TLS . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 660
MTA
DANE
DANE None
5 .
MTA DANE "None" .
"Opportunistic" DANE SMTP TLS . "Opportunistic" DANE SMTP .
"Mandatory" DANE . "Mandatory" DANE SMTP .
DANE
DANE TLS MX DANE Email Security Appliance . Email Security Appliance Warning() .
DANE
1 System Administration( ) > Alerts() . 2 . 3 Message Delivery( ) . 4 .
. .
· . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 661
MTA
· . .
, . GUI Network() > Certificates() > Edit Certificate Authorities( ) CLI certconfig > certauthority . Network() > Certificates() > Edit Certificate Authorities( ) .
· ( ) . , 662 .
· . . , 662 .
· . . , 663 .
· . . , 663 .
· , 662 · , 662 · , 663 · , 663
1 Network() > Certificates() . 2 Certificate Authorities( ) Edit Settings( ) . 3 View System Certificate Authorities( ) .
, . .
1 Network() > Certificates() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 662
MTA
2 Certificate Authorities( ) Edit Settings( ) . 3 System List( ) Disable() . 4 .
. PEM , .
1 Network() > Certificates() . 2 Certificate Authorities( ) Edit Settings( ) . 3 Custom List( ) Enable() . 4 . 5 .
, .txt . .
1 Network() > Certificates() . 2 Certificate Authorities( ) Edit Settings( ) . 3 Export List( ) .
AsyncOS Export Certificate Authority List( ) . 4 . 5 . 6 Export() .
AsyncOS .txt .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 663
HTTPS
MTA
HTTPS
GUI Network() > IP Interfaces(IP ) CLI interfaceconfig IP HTTPS .
1 Network() > IP Interfaces(IP ) . 2 HTTPS . 3 Appliance Management( ) HTTPS . 4 .
. HTTPS , . GUI HTTPS . , 15 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 664
28
. · , 665 · , 670 · , 671 · , 678 · , 688 · , 694 · , 703 · , 711 · , 715 · Virtual GatewayTM , 718 · , 727 · : , 730
, 69 , SMTP . (HAT ) ( RAT ) . Network() > SMTP Routes(SMTP ) ( smtproutes ) , . sendmail mailertable .
" " GUI ( systemsetup ) , RAT SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 665
SMTP
· SMTP , 666 · SMTP , 667 · SMTP , 667 · SMTP , 668 · SMTP DNS, 668 · SMTP , 668 · SMTP , , 668 · SMTP SMTP , 668 · GUI SMTP , 669
SMTP
SMTP MX(mail exchange) . example.com groupware.example.com . @example.com groupware.example.com . groupware.example.com "MX" , "A" . MX DNS MX , . AsyncOS 40,000 SMTP . (SMTP , 668 )
"(globbing)" . example.com example.com . [email protected] [email protected] .
SMTP DNS MX . SMTP . foo.domain DNS MX bar.domain , foo.domain bar.domain . bar.domain foo.domain .
, . b.domain a.domain b.domain a.domain , . a.domain b.domain MX , b.domain a.domain MX .
SMTP . . SMTP host1.example.com .example.com , .example.com host1.example.com . MX .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 666
SMTP
SMTP
ALL SMTP . SMTP , ALL MX .
SMTP SMTP ALL: . SMTP . .
Network() > SMTP Routes(SMTP ) smtproutes SMTP .
SMTP
Network() > SMTP Routes(SMTP ) ( smtproutes ) . , . . IP . IP IPv4(Internet Protocol version 4) IPv6(version 6) .
IPv6 AsyncOS .
· 2620:101:2004:4202::0-2620:101:2004:4202::ff · 2620:101:2004:4202:: · 2620:101:2004:4202::23 · 2620:101:2004:4202::/64
/dev/null . ( /dev/null .)
, MX . . .
"" . SMTP . . , . (MX ).
CLI smtproutes , IP /pri= 0~65535 (0 ). host1.example.com/pri=0 host2.example.com/pri=10 . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 667
SMTP
SMTP
40,000 . ALL . 39,999 ALL .
SMTP DNS
MX (hop) USEDNS . . example.com Exchange SMTP . example.com exchange.example.com (foo.example.com) SMTP . .example.com USEDNS
SMTP
System Administration( ) > Alerts() ( alertconfig ) SMTP .
SMTP ,
: 10 Exchange , AsyncOS TCP 10 . : , 10 10 AsyncOS 10 MTA 10 . : 10 ( 10), 10 Exchange . TCP 10 .
SMTP SMTP
SMTP SMTP . . SMTP SMTP , 772 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 668
GUI SMTP
GUI SMTP
SMTP Network() > SMTP Routes(SMTP ) . , . SMTP .
· SMTP , 669 · SMTP , 669 · SMTP , 669
SMTP
1 Network() > SMTP Routes(SMTP ) Add Route( ) . 2 . , , IPv4 IPv6 . 3 . , IPv4 IPv6 . Add Row( )
. ":<port number>" example.com:25 . 4 0~65535 . 0 . SMTP , 667 . 5 .
SMTP
HAT(Host Access Table) RAT(Recipient Access Table) SMTP . SMTP
1 SMTP Routes(SMTP ) Export SMTP Routes(SMTP ) . 2 Submit() .
SMTP
HAT(Host Access Table) RAT(Recipient Access Table) SMTP . SMTP
1 SMTP Routes(SMTP ) Import SMTP Routes(SMTP ) . 2 SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 669
3 Submit() . SMTP . SMTP .
4 Import() .
"" . '#' AsyncOS . .
# this is a comment, but the next line is not
ALL:
.
47: SMTP
AsyncOS . (" ") . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 670
52:
*@anydomain
user@domain
*@olddomain *@newdomain *@olddomain *@newdomain
( , 671 )
· · ·
( , 688 )
· ·
( , 678 )
· To:, From: / CC:
·
. Unix sendmail /etc/mail/aliases .
Envelope Recipient( )(Envelope To RCPT TO ) .
, RAT . " " .
. smtproutes ( , 694 ) .
· , 672 · , 673 · , 673
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 671
. , .
('[' ']') . RFC 1035, 2.3.1., "Preferred name syntax" , , . .example.com . . .example.com mars.example.com venus.example.com . , . .
53:
LHS(Left-hand Side)
RHS(Right-hand Side)
(":")
LHS(Left-hand Side) .
username
. "domains" . .
user@domain
.
LHS(Left-hand Side) .
RHS(Right-hand Side) user@domain .
"" ( ) , , .
""( ) , .
sendmail , /dev/null . /dev/null (dropped) . ( "CLI " .) .
· , 673 · aliasconfig , 675
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 672
FTP, SSH SCP , 1199 . aliasconfig export . /configuration . CLI . ( .) /configuration , aliasconfig import . (#) . commit .
CLI(command line interface) . , "ALL (any domain)" . .
.
# sample Alias Table file # copyright (c) 2001-2005, IronPort Systems, Inc. # # Incoming Envelope To addresses are evaluated against each # entry in this file from top to bottom. The first entry that # matches will be used, and the Envelope To will be rewritten. # # Separate multiple entries with commas. # # Global aliases should appear before the first domain # context. For example: # # [email protected]: [email protected]
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 673
# [email protected]: [email protected] # # This alias has no implied domain because it appears # before a domain context: # # [email protected]: [email protected] # # The following aliases apply to recipients @ironport.com and # any subdomain within .example.com because the domain context # is specified. # # Email to [email protected] or [email protected] will # be delivered to [email protected]. # # Similarly, email to [email protected] will be # delivered to [email protected] # # [ironport.com, .example.com] # # joe, fred: [email protected] # # In this example, email to partygoers will be sent to # three addresses: # # partygoers: [email protected], [email protected], [email protected] # # In this example, mail to [email protected] will be delivered to # [email protected]. Note that mail to [email protected] will # NOT be processed by the alias table because the domain context # overrides the previous domain context. # # [example.com]
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 674
aliasconfig
# # help: [email protected] # # In this example, mail to [email protected] is dropped. # # [email protected]: /dev/null # # "Chains" may be created, but they must end in an email address. # For example, email to "all" will be sent to 9 addresses: # # [example.com] # # all: sales, marketing, engineering # sales: [email protected], [email protected], [email protected] # marketing:[email protected], advertising # engineering:[email protected], [email protected], [email protected] # advertising:[email protected], [email protected]
aliasconfig
aliasconfig . example.com . [email protected] [email protected], [email protected] [email protected] customercare . admin [email protected] admin . . admin example.com .
mail3.example.com> aliasconfig No aliases in table. Choose the operation you want to perform: - NEW - Create a new entry. - IMPORT - Import aliases from a file. []> new
How do you want your aliases to apply? 1. Globally
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 675
aliasconfig
2. Add a new domain context
[1]> 2 Enter new domain context. Separate multiple domains with commas. Partial domains such as .example.com are allowed. []> example.com
Enter the alias(es) to match on. Separate multiple aliases with commas. Allowed aliases: - "user" - This user in this domain context. - "user@domain" - This email address. []> customercare
Enter address(es) for "customercare". Separate multiple addresses with commas. []> [email protected], [email protected], [email protected]
Adding alias customercare: [email protected],[email protected],[email protected] Do you want to add another alias? [N]> n There are currently 1 mappings defined. Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display the table. - IMPORT - Import aliases from a file. - EXPORT - Export table to a file. - CLEAR - Clear the table. []> new How do you want your aliases to apply? 1. Globally 2. Add a new domain context
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 676
aliasconfig
3. example.com [1]> 1 Enter the alias(es) to match on. Separate multiple aliases with commas. Allowed aliases: - "user@domain" - This email address. - "user" - This user for any domain - "@domain" - All users in this domain. - "@.partialdomain" - All users in this domain, or any of its sub domains. []> admin Enter address(es) for "admin". Separate multiple addresses with commas. []> [email protected] Adding alias admin: [email protected] Do you want to add another alias? [N]> n
There are currently 2 mappings defined. Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display the table. - IMPORT - Import aliases from a file. - EXPORT - Export table to a file. - CLEAR - Clear the table. []> print admin: [email protected] [ example.com ] customercare: [email protected], [email protected], [email protected] There are currently 2 mappings defined. Choose the operation you want to perform: - NEW - Create a new entry.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 677
- EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display the table. - IMPORT - Import aliases from a file. - EXPORT - Export table to a file. - CLEAR - Clear the table. []>
(Email Gateway) .
48:
Masquerading() Envelope Sender( )( MAIL FROM ) To:, From:, / CC: . " ". "" " ". .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 678
altsrchost
. , LDAP , LDAP . " " .
To:, From:, CC: . .
· · LDAP . Unix sendmail /etc/mail/genericstable . LDAP LDAP , 735 .
· altsrchost, 679
altsrchost
, "". CLI altscrchost ( ) altsrchost . Virtual GatewayTM , 718 : , 730 .
· , 679 · , 681 · , 681 · , 681
listenerconfig edit -> masquerade . . , 681 . , . LDAP LDAP , 735 . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 679
.
54:
LHS(Left-hand Side)
RHS(Right-hand Side)
( / / )
.
LHS(Left-hand Side)
RHS(Right-hand Side)
username
username@domain
. LHS(Left-hand Side) RHS(Right-hand Side) . RHS(Right-hand Side) .
user@domain
username@domain
. LHS(Left-hand Side) RHS(Right-hand Side) . RHS(Right-hand Side) .
@domain
@domain
. LHS(Left-hand Side) RHS(Right-hand Side) .
@.partialdomain
@domain
. LHS(Left-hand Side) RHS(Right-hand Side) .
ALL
@domain
ALL (bare) RHS(Right-hand Side) . RHS(Right-hand Side) "@" . .
ALL .
· . · From:, To: CC: .
. config . · (#) . # .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 680
· new , 400,000 .
# sample Masquerading file @.example.com @example.com # Hides local subdomains in the header sales [email protected] @techsupport [email protected] user@localdomain [email protected] ALL @bigsender.com
sendmail /etc/mail/genericstable . genericstable FTP, SSH SCP , 1199 .
genericstable configuration , masquerade import . .
listenerconfig -> edit -> listener_number -> masquerade -> import
export . configuration . CLI .
import . (: right-hand side left-hand side) CLI . .
genericstable commit .
listenerconfig masquerade PrivateNet "OutboundMail" .
, LDAP . (LDAP LDAP , 735 .)
, .example.com example.com @.example.com @example.com . joe [email protected] . masquerade.txt . config CC: , .
mail3.example.com> listenerconfig
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 681
Currently configured listeners: 1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public 2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> edit Enter the name or number of the listener you wish to edit. []> 2 Name: OutboundMail Type: Private Interface: PrivateNet (192.168.1.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 600 (TCP Queue: 50) Domain Map: Disabled TLS: No SMTP Authentication: Disabled Bounce Profile: Default Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 682
- LDAPACCEPT - Configure an LDAP query to determine whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure an LDAP query to reroute messages. - LDAPGROUP - Configure an LDAP query to determine whether a sender or recipient is in a specified group. - SMTPAUTH - Configure an SMTP authentication. []> masquerade Do you want to use LDAP for masquerading? [N]> n Domain Masquerading Table There are currently 0 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> new
Enter the source address or domain to masquerade. Usernames like "joe" are allowed. Full addresses like "[email protected]" are allowed. Full addresses with subdomain wildcards such as "[email protected]" are allowed. Domains like @example.com and @.example.com are allowed. Hosts like @training and @.sales are allowed. []> @.example.com Enter the masqueraded address or domain. Domains like @example.com are allowed. Full addresses such as [email protected] are allowed. []> @example.com Entry mapping @.example.com to @example.com created.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 683
Domain Masquerading Table There are currently 1 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> new
Enter the source address or domain to masquerade. Usernames like "joe" are allowed. Full addresses like "[email protected]" are allowed. Full addresses with subdomain wildcards such as "[email protected]" are allowed. Domains like @example.com and @.example.com are allowed. Hosts like @training and @.sales are allowed. []> joe Enter the masqueraded address. Only full addresses such as [email protected] are allowed. []> [email protected] Entry mapping joe to [email protected] created. Domain Masquerading Table There are currently 2 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 684
- EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> print @.example.com @example.com
joe [email protected] Domain Masquerading Table There are currently 2 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> export Enter a name for the exported file: []> masquerade.txt Export completed. Domain Masquerading Table There are currently 2 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 685
[]> config Do you wish to masquerade Envelope Sender? [N]> y Do you wish to masquerade From headers? [Y]> y Do you wish to masquerade To headers? [Y]> y Do you wish to masquerade CC headers? [Y]> n Do you wish to masquerade Reply-To headers? [Y]> n Domain Masquerading Table There are currently 2 entries. - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> Name: OutboundMail Type: Private Interface: PrivateNet (192.168.1.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 600 (TCP Queue: 50) Domain Map: Disabled TLS: No SMTP Authentication: Disabled Bounce Profile: Default
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 686
Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings. - LDAPACCEPT - Configure an LDAP query to determine whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure an LDAP query to reroute messages. - LDAPGROUP - Configure an LDAP query to determine whether a sender or recipient is in a specified group. - SMTPAUTH - Configure an SMTP authentication.
[]> Currently configured listeners: 1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public 2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings.
[]>
( Enterprise Gateway) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 687
49:
" " . . . sendmail " " Postfix " " . "To:" .
RAT . " " . . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 688
20,000 .
55:
Left Side
Right Side
[email protected] [email protected]
[email protected] [email protected]
@example.com
[email protected] @example.net
@.example.com
[email protected] @example.net
Right Side
"InboundMail" listenerconfig domainmap . oldcompanyname.com example.com . . RAT . [email protected] [email protected] . oldcompanyname.com RAT [email protected] . . , " @domain" " @newdomain" .
mail3.example.com> listenerconfig
Currently configured listeners: 1. Inboundmail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public 2. Outboundmail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> edit Enter the name or number of the listener you wish to edit. []> 1
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 689
Name: InboundMail Type: Public Interface: PublicNet (192.168.2.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 1000 (TCP Queue: 50) Domain Map: Disabled TLS: No SMTP Authentication: Disabled Bounce Profile: Default Use SenderBase For Reputation Filters and IP Profiling: Yes Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - RCPTACCESS - Modify the Recipient Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings. []> domainmap Domain Map Table There are currently 0 Domain Mappings. Domain Mapping is: disabled Choose the operation you want to perform: - NEW - Create a new entry. - IMPORT - Import domain mappings from a file. []> new
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 690
Enter the original domain for this entry. Domains such as "@example.com" are allowed. Partial hostnames such as "@.example.com" are allowed. Email addresses such as "[email protected]" and "[email protected]" are also allowed. []> @.oldcompanyname.com Enter the new domain for this entry. The new domain may be a fully qualified such as "@example.domain.com" or a complete email address such as "[email protected]" []> @example.com Domain Map Table There are currently 1 Domain Mappings. Domain Mapping is: enabled Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display all domain mappings. - IMPORT - Import domain mappings from a file. - EXPORT - Export domain mappings to a file. - CLEAR - Clear all domain mappings. []> print @.oldcompanyname.com --> @example.com Domain Map Table There are currently 1 Domain Mappings. Domain Mapping is: enabled Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display all domain mappings.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 691
- IMPORT - Import domain mappings from a file. - EXPORT - Export domain mappings to a file. - CLEAR - Clear all domain mappings. []> Name: InboundMail Type: Public Interface: PublicNet (192.168.2.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 1000 (TCP Queue: 50) Domain Map: Enabled TLS: No SMTP Authentication: Disabled Bounce Profile: Default Use SenderBase For Reputation Filters and IP Profiling: Yes Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - RCPTACCESS - Modify the Recipient Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings. []>
· , 693
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 692
FTP, SSH SCP , 1199 .
. ( ) . (#) .
configuration , domain import . .
listenerconfig -> edit -> inejctor_number -> domainmap -> import
export . configuration . CLI .
import . (: right-hand side left-hand side) CLI . .
commit .
( Enterprise Gateway) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 693
50:
. . . ( , 703 ).
· , 695 · , 701 · , 702
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 694
" " .
"" : SMTP .
. . . (: SMTP 4XX .)
. . . (: SMTP 5XX .)
""( "") : , .
. . . (: SMTP 4XX .)
. . . (: SMTP 5XX .)
AsyncOS GUI Network() Bounce Profiles( ) ( bounceconfig ) . Network() > Listeners() ( listenerconfig ) . . ( , 137 .)
· , 695 · , 696 · status , 699 · SMTP , 700 · , 700 · , 700 · , 701 · , 701
· , . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 695
Bounce Profiles( ) bounceconfig . ( , 696 .) · . Envelope Sender( ) . Envelope Sender( ) Envelope From . , . ("" .) · ( ) .
.
56:
Maximum number ,
of retries( .
)
100.
Maximum number ,
of seconds in
queue( . 259,200(72),
)
Initial number of seconds to wait . 60. before retrying a . , message( .
)
Maximum number
of seconds to wait . 3,600(1). before retrying a , message( . . , . )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 696
.
.
DSN (RFC 1894) .
( ) . , , .
Notification Template( ) Add Row( ) .
(Default() Message Language( )) . .
.
· . · Cisco Email Security Appliance . · . · ( ) 50 .
( , ) .
DSN . "Yes()" DSN (RFC 3436) , Status() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 697
Send Delay Warning Messages( )
. ( ) . , , .
Notification Template( ) Add Row( ) .
(Default() Message Language( )) . .
.
· . · Cisco Email Security Appliance . · . · ( ) 50 .
( , ) .
.
Specify Recipient Envelope Sender( ) for Bounces( . )
Use DomainKeys DomainKeys .
signing for bounce DomainKeys DomainKeys DKIM , 572
and delay
.
messages(
DomainKeys
)
Bounce Profiles( ) Edit Global Settings( ) CLI bounceconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 698
status
Initial number of seconds to wait before retrying an . 60. unreachable host( )
Max interval allowed between retries to an unreachable host(
. 3,600(1). , ( ) .
)
status
status status detail .
Counters:
Reset
Uptime
Lifetime
Receiving
Messages Received
0
0
0
Recipients Received
0
0
0
Gen. Bounce Recipients
0
0
0
"CLI " . .
Envelope Sender( ) From: . AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 699
SMTP
SMTP
SMTP SMTP . SMTP . , SMTP .
.
57: 1:
Max number of retries( )
2
Max number of seconds in queue( )
259,200(72)
Initial number of seconds before retrying( )
60
Max number of seconds to wait before retrying( 60 )
1 t=0 . 60 1 t=60 . , 60 . t=120 . 2 .
58: 2:
Max number of retries( )
100
Max number of seconds in queue( )
100
Initial number of seconds before retrying( )
60
Max number of seconds to wait before retrying( ) 120
2 t=0, t=60 . (t=120 ) . 100 .
DSN(Delivery Status Notification) . DSN RFC 1894(see http://www.faqs.org/rfcs/rfc1894.html )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 700
, " MTA(message transfer agent) MIME content-type ." , 10k . 10k . 10k . DSN 10k ( ) bounceconfig max_bounce_copy ( CLI ).
( ) DSN . / Network() Bounce Profiles( ) ( bounceconfig ) .
· ·
"Maximum Time in Queue( )" "Send Delay Warning Messages( )" . Systems .
15 .
Bounce Profiles( ) bouncepr1 . , [email protected] . . , 4(14400) .
· , 701 · Minimalist , 702
Bounce Profiles( ) . . maximum number of seconds to wait before retrying unreachable hosts( ()) 3600(1) 10800(3) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 701
Minimalist
Minimalist
minimalist . ( 0), . , .
Network() > Listeners() listenerconfig . OutgoingMail bouncepr1 . .
51:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 702
. AsyncOS .
Destination Controls( ) (GUI Mail Policies( ) > Destination Controls( ) CLI destconfig ) .
· , 703 · TLS, 703 · , 703 · , 703
TLS
· Concurrent Connections( ): .
· Maximum Messages Per Connection( ): .
· Recipients(): . · Limits(): MGA .
· TLS , (TLS , 707 ).
· TLS TLS . .
· TLS TLS .
· ( , 711 ).
· ( Network() > Bounce Profiles( ) ).
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 703
· , 704 · , 704 · , 704
deliveryconfig (alt-src-host) , AsyncOS . "auto" AsyncOS . , IP . Network() > Interfaces() interfaceconfig ( ) . . . (Network() > Routing() setgateway ). IP . . AsyncOS IP IP . Network() > Routing() ( routeconfig command) . . .
. Destination Controls( ) . Destination Controls( ) "" .
Destination Control( ) GUI Policies() > Destination Controls( ) CLI destconfig .
· , 705 · , , 705 · TLS , 707 · , 707 · , 707 · , 707
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 704
· , 708 · CLI, 711
. Email Security Appliance IPv4(Internet Protocol version 4) IPv6(Internet Protocol version 6) . . Pv4 IPv6 "Required()" . IP . Pv4 IPv6 "Preferred( )" , .
,
. , . "good neighbor" Destination Controls( ) (Mail Policies( ) > Destination Controls( ) destconfig - setgoodtable ) . .
domain.com
.domain.com
AsyncOS sample.server.domain.com . , . ( IP . .) .
500 50.
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 705
,
59:
. ( .)
Maximum Messages Per Connection( )
.
Recipients( . "None()"
)
.
1 60 . "0" .
AsyncOS . .
Apply Limits( .
)
, .
.
IP , . . Virtual GatewayTM , 718 .
, . 4 yahoo.com 100 25 .
delivernow ( ) destconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 706
TLS
TLS
TLS(Transport Layer Security) . "Required()" TLS MTA . . TLS , 654 .
TLS TLS . TLS . Warning() . GUI System Administration( ) > Alerts() ( CLI alertconfig ) .
TLS Destination Controls( ) Edit Global Settings( ) destconfig -> setup . . Monitor( ) > Message Tracking( ) .
TLS . Destination Controls( ) Edit Global Settings( ) destconfig -> setup . , 646 .
" " .
. . Cisco . , 711 .
. destconfig . . , 701 .
1 Add Destination( ) . 2 . 3 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 707
. Windows INI . . example.com [example.com] . . [DEFAULT] .
, [DEFAULT] , . .
. bounce_profile [DEFAULT] .
60:
ip_sort_pref
.
.
· "IPv6 Preferred" PREFER_V6 · "IPv6 Required" REQUIRE_v6 · "IPv4 Preferred" PREFER_V4 · "IPv4 Required" REQUIRE_v4
max_host_concurrency .
limit_type limit_apply .
max_messages_per_connection .
recipient_minutes
1 60 . .
recipient_limit
. .
recipient_minutes, limit_type limit_apply .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 708
limit_type
MX IP .
.
· 0( host) · MX IP 1( MXIP)
limit_apply
.
.
· 0( system) · 1( VG)
bounce_validation
. .
· 0( off) · 1( on)
table_tls
TLS . TLS , 654 .
.
· 0( off ) · "Preferred( )" 1( on) · "Required() 2( required) · "Preferred (Verify)( ())" 3( on_verify) · "Required (Verify)(())" 4( require_verify)
/ .
bounce_profile
. [DEFAULT] .
send_tls_req_alert TLS . . · 0( off) · 1( on)
[DEFAULT] .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 709
certificate
TLS . [DEFAULT] .
AsyncOS . .
example1.com example2.com .
[DEFAULT] ip_sort_pref = PREFER_V6 max_host_concurrency = 500 max_messages_per_connection = 50 recipient_minutes = 60 recipient_limit = 300 limit_type = host limit_apply = VG table_tls = off bounce_validation = 0 send_tls_req_alert = 0 certificate = example.com [example1.com] ip_sort_pref = PREFER_V6 recipient_minutes = 60 recipient_limit = 100 table_tls = require_verify limit_apply = VG bounce_profile = tls_failed limit_type = host [example2.com] table_tls = on bounce_profile = tls_failed
example1.com and example2.com .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 710
CLI
example1.com
IP Address Preference: IPv6 Preferred Maximum messages per connection: 50 Rate Limiting: 500 concurrent connections 100 recipients per 60 minutes Limits applied to entire domain, across all virtual gateways TLS: Required (Verify)
Bounce Profile: tls_failed
example2.com
IP Address Preference: IPv6 Preferred Maximum messages per connection: Default Rate Limiting: Default TLS: Preferred Bounce Profile: tls_failed
Destination Controls( ) Import Table( ) destconfig -> import . Destination Controls( ) Export Table( ) destconfig -> export INI . AsyncOS INI [Default] .
CLI
CLI destconfig . AsyncOS for Cisco Email Security Appliances CLI .
"" Envelope Sender( ) Envelope Recipient( ) MTA . ( ) (MAIL FROM: < >) () . . . ""
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 711
:
( ) . ( "Joe Job" ).
, ( ) ( ) . " " ( ) . .
AsyncOS . , . . ( ) . .
. , 694 .
· : , 712 · , 714 · , 713
:
. MAIL FROM: [email protected] MAIL FROM: [email protected] . 123... " ". Bounce Verification( ) ( Address Tagging , 713 ). , .
. . , Destination Controls( ) ( , 704 ).
AsyncOS ( DMZ ).
· , 713 · Address Tagging , 713
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 712
. . . ( ) . , 715 .
, , 7 .
.
Fri Jul 21 16:02:19 2006 Info: Start MID 26603 ICID 125192
Fri Jul 21 16:02:19 2006 Info: MID 26603 ICID 125192 From: <>
Fri Jul 21 16:02:40 2006 Info: MID 26603 ICID 125192 invalid bounce, rcpt address <[email protected]> rejected by bounce verification. Fri Jul 21 16:03:51 2006 Info: Message aborted MID 26603 Receiving aborted by sender
Fri Jul 21 16:03:51 2006 Info: Message finished MID 26603 aborted
(: Exchange) .
AsyncOS null Mail From (<>) . AsyncOS . AsyncOS 7 .
Address Tagging
. . , .
7. 7 . 7 .
AsyncOS HAT . "No()". , , Mail Policies( ) > Bounce Verification( ) . "Yes()" . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 713
. . ( ).
1 . .
2 ( ), "Accept()" Consider Untagged Bounces to be Valid( ) .
1 . , 714 . 2 . , 715 . 3 . , 704 .
· , 714 · , 715 · CLI , 715 · , 715
. .
1 Mail Policies( ) > Bounce Verification( ) New Key( ) . 2 Submit() . 3 Commit().
· , 715
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 714
Purge() .
.
1 Mail Policies( ) > Bounce Verification( ) . 2 Edit Settings( ) . 3 , .
. 4 , .
( ). 5 .
CLI
CLI bvconfig destconfig . AsyncOS for Cisco Email Security Appliances CLI .
" " . . / .
deliveryconfig . (SMTP QMQP) . SMTP . deliveryconfig .
. " IP " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 715
IP
· IP , 716 · Possible Delivery( ) , 716 · , 716 · deliveryconfig , 717
IP
IP IP . IP IP . AsyncOS SMTP HELO . IP interfaceconfig . Auto() .
· .
· auto-select routeconfig . · . IP
.
Possible Delivery( )
. RFC 5321 . http://tools.ietf.org/html/ rfc5321#section-6.1. .
Possible Delivery( ) AsyncOS , "possible delivery( )" . . AsyncOS .
. ( 10,000.) ( 600, 1,000). . , DoS(Denial of Service) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 716
deliveryconfig
deliveryconfig
deliveryconfig "Possible Delivery( )" "Auto()" . 9,000 .
mail3.example.com> deliveryconfig
Choose the operation you want to perform: - SETUP - Configure mail delivery. []> setup Choose the default interface to deliver mail. 1. Auto 2. PublicNet2 (192.168.3.1/24: mail4.example.com) 3. Management (192.168.42.42/24: mail3.example.com) 4. PrivateNet (192.168.1.1/24: mail3.example.com) 5. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 1 Enable "Possible Delivery" (recommended)? [Y]> y Please enter the default system wide maximum outbound message delivery concurrency [10000]> 9000 mail3.example.com>
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 717
Virtual GatewayTM 52:
Virtual GatewayTM
Cisco Virtual GatewayTM , , . Cisco ( IP , ), ( ). Email Security Appliance 255.
· , 719 · , 719 · , 726 · , 726
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 718
Cisco . . IP , .
IP , . SMTP HELO . ISP(Internet Service Provider) DNS , IP . ISP DNS . DNS IP IP , ISP . Cisco DNS IP , .
. . ( ) . , .
Cisco IP . ( " IP " .) IP DNS . DNS DNS IP/ .
· IP , 719 · IP , 722 · altsrchost , 723 · altsrchost , 723 · altsrchost , 723 · CLI altsrchost , 724
IP
IP GUI Network( ) > IP Interfaces(IP ) CLI interfaceconfig IP/ IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 719
IP
IP IP . "" .
IP IP .
· altsrchost IP IP ( ) .
· , IP ( ) . ( ) , 218 . ( .)
IP " " .
, .
53:
IP Interfaces(IP ) Management (PrivateNet PublicNet) .
54: IP Interfaces(IP )
Data2 PublicNet2 Add IP Interface(IP ) . IP 192.168.2.2 mail4.example.com . FTP( 21) SSH( 22) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 720
IP
55: Add IP Interface(IP )
.
56:
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 721
IP 57:
IP , .
IP
altsrchost IP ( ) . . , 137 .
altsrchost IP .
· IP ·
IP , IP IP ( ) .
AsyncOS IP . IP IP . .
.
IP
IP . : 192.168.1.5
.
: [email protected]
@ . @ . : username@
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 722
altsrchost
@ . @ . : @example.com
altsrchost , .
CLI altsrchost .
Syntax
new
.
print
.
delete
.
altsrchost
HAT, RAT, smtproutes, altsrchost .
1 altsrchost export ( ) . 2 CLI . ( FTP, SSH SCP , 1199 .) 3 . altsrchost . 4 , "altsrchost" . ( FTP, SSH
SCP , 1199 .) 5 altsrchost import .
altsrchost
1,000 altsrchost .
altsrchost
# Comments to describe the file @example.com DemoInterface paul@ PublicInterface joe@ PublicInterface 192.168.1.5, DemoInterface
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 723
CLI altsrchost
[email protected] PublicNet
import export IP . , (,) ( ) . (#) .
CLI altsrchost
altsrchost . . · @exchange.example.com PublicNet . · IP 192.168.35.35 (: ) PublicNe2t .
altsrchost .
mail3.example.com> altsrchost There are currently no mappings configured. Choose the operation you want to perform: - NEW - Create a new mapping. - IMPORT - Load new mappings from a file. []> new Enter the Envelope From address or client IP address for which you want to set up a Virtual Gateway mapping. Partial addresses such as "@example.com" or "user@" are allowed. []> @exchange.example.com Which interface do you want to send messages for @exchange.example.com from? 1. PublicNet2 (192.168.2.2/24: mail4.example.com) 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail4.example.com) [1]> 4 Mapping for @exchange.example.com on interface PublicNet created. Choose the operation you want to perform: - NEW - Create a new mapping. - EDIT - Modify a mapping. - DELETE - Remove a mapping. - IMPORT - Load new mappings from a file.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 724
CLI altsrchost
- EXPORT - Export all mappings to a file. - PRINT - Display all mappings. - CLEAR - Remove all mappings.
[]> new
Enter the Envelope From address or client IP address for which you want to set up a Virtual Gateway mapping. Partial addresses such as "@example.com" or "user@" are allowed.
[]> 192.168.35.35 Which interface do you want to send messages for 192.168.35.35 from? 1. PublicNet2 (192.168.2.2/24: mail4.example.com) 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail4.example.com) [1]> 1
Mapping for 192.168.35.35 on interface PublicNet2 created. Choose the operation you want to perform: - NEW - Create a new mapping. - EDIT - Modify a mapping. - DELETE - Remove a mapping. - IMPORT - Load new mappings from a file. - EXPORT - Export all mappings to a file. - PRINT - Display all mappings. - CLEAR - Remove all mappings. []> print 1. 192.168.35.35 -> PublicNet2 2. @exchange.example.com -> PublicNet Choose the operation you want to perform: - NEW - Create a new mapping. - EDIT - Modify a mapping. - DELETE - Remove a mapping. - IMPORT - Load new mappings from a file.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 725
- EXPORT - Export all mappings to a file. - PRINT - Display all mappings. - CLEAR - Remove all mappings. []> mail3.example.com> commit Please enter some comments describing your changes:
[]> Added 2 altsrchost mappings Do you want to save the current configuration for rollback? [Y]> n Changes committed: Fri May 23 11:42:12 2014 GMT
.
58: : IP
, . hoststatus hostrate . "CLI " " " . hoststatus . . . AsyncOS DNS . resetcounters . . , MX 5XX .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 726
ISP . ISP .
destconfig , 703 .
"" , 254 IP good neighbor .
"" 254 IP , small-isp.com good neighbor 100, 10 . 254 IP 10 . .
, IP AsyncOS Global Unsubscribe( ) . unsubscribe , . AsyncOS " " , , IP . , GUS(Global Unsubscribe) . ( , .) GUS .
. .
10,000. .
61:
[email protected] username@
.
. @ .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 727
CLI
@example.com @.example.com 10.1.28.12
. @ .
.
IP
IP IP . IP . IP .
· CLI , 728 · , 730
CLI
[email protected] , . . .
mail3.example.com> unsubscribe
Global Unsubscribe is enabled. Action: drop. Choose the operation you want to perform: - NEW - Create a new entry. - IMPORT - Import entries from a file. - SETUP - Configure general settings. []> new Enter the unsubscribe key to add. Partial addresses such as "@example.com" or "user@" are allowed, as are IP addresses. Partial hostnames such as "@.example.com" are allowed. []> [email protected]
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 728
CLI
Email Address '[email protected]' added. Global Unsubscribe is enabled. Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import entries from a file. - EXPORT - Export all entries to a file. - SETUP - Configure general settings. - CLEAR - Remove all entries. []> setup Do you want to enable the Global Unsubscribe feature? [Y]> y Would you like matching messages to be dropped or bounced? 1. Drop 2. Bounce [1]> 2 Global Unsubscribe is enabled. Action: bounce. Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import entries from a file. - EXPORT - Export all entries to a file. - SETUP - Configure general settings. - CLEAR - Remove all entries. []>
mail3.example.com> commit Please enter some comments describing your changes: []> Added username "[email protected]" to global unsubscribe Do you want to save the current configuration for rollback? [Y]> n Changes committed: Fri May 23 11:42:12 2014 GMT
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 729
HAT, RAT, smtproutes, , , altsrchost .
1 unsubscribe export ( ) . 2 CLI . ( FTP, SSH SCP , 1199 .) 3 .
. (<CR>, <LF> <CR><LF>). (#) . ([email protected]), (@testdomain.com), (testuser@), IP (11.12.13.14) .
# this is an example of the global_unsubscribe.txt file [email protected] @testdomain.com testuser@ 11.12.13.14
4 , configuration . ( FTP, SSH SCP , 1199 .)
5 unsubscribe import .
:
, . ( ) . - Email Security Appliance : . trace . " : " .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 730
:
62: Email Security Appliance :
HAT(Host Access Table) ACCEPT, REJECT, RELAY TCPREFUSE DNS
IP
TCP
TLS: no/preferred/required(/ /)
SMTP AUTH: no/preferred/required(/ /)
FROM
.
SenderBase /(IP profiling/)
Received
Received (on/off).
"(bare)"
.
.
Recipient Access Table(RAT)
( ) RCPT TO SMTP (ACCEPT) (REJECT). (throttling) .
. ( . aliasconfig listenerconfig .)
LDAP
LDAP SMTP . LDAP . LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 731
:
63: Email Security Appliance :
LDAP
LDAP . LDAP . LDAP SMTP .
LDAP
, LDAP , To:, From: / CC: .
LDAP
LDAP . LDAP mail-from-group rcpt-to-group .
*
"" . * .
**
.
*
. . * .
AMP(Advanced Malware Protection)
Advanced Malware Protection .
*
. * .
*
. * .
IP IP .
1. . 2. .
. , , TLS : no/preferred/required( / /)
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 732
:
( ).
. ,
* .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 733
:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 734
29
LDAP
. · LDAP , 735 · LDAP , 745 · , 752 · , 754 · , 755 · LDAP , 756 · , 760 · LDAP , 761 · LDAP , 763 · SMTP AsyncOS , 765 · LDAP , 773 · , 776 · , 778 · DN , 779 · LDAP AsyncOS , 780 · , 780
LDAP
LDAP (: Microsoft Active Directory, SunONE Directory Server OpenLDAP ) , LDAP . LDAP . LDAP , , LDAP , LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 735
LDAP
LDAP
· LDAP , 736 · LDAP AsyncOS , 737 · LDAP Cisco IronPort , 738 · LDAP LDAP , 739 · LDAP , 740 · LDAP , 740 · Microsoft Exchange 5.5 , 743
LDAP
LDAP LDAP .
· . LDAP ( ) . , 752 .
· ( ). LDAP / . , 754 .
· . Email Security Appliance SMTP . , 785 .
· . ( ) (To:, Reply To:, From: CC: ) (masquerade) . , 755 .
· . LDAP . . LDAP . LDAP , 756 .
· . . Email Security Appliance , LDAP .
· . . , LDAP . , .
· . LDAP . SMTP . LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 736
LDAP
LDAP AsyncOS
. LDAP , 763 . · SMTP . AsyncOS SMTP . SMTP SMTP . ( ) . SMTP AsyncOS , 765 . · . LDAP . LDAP , 773 . · . . , 776 . · . . , 778 .
LDAP AsyncOS
LDAP , / LDAP . LDAP , .
LDAP .
59: LDAP
1. MTA SMTP "A" . 2. System Administration( ) > LDAP ( ldapconfig
) LDAP . 3. LDAP , System Administration( ) > LDAP (
ldapconfig ) . · . · . · From:, To: CC: .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 737
LDAP Cisco IronPort
LDAP
· rcpt-to-group mail-from-group ( ).
LDAP . LDAP . LDAP LDAP AsyncOS , 780 .
LDAP Cisco IronPort
LDAP AsyncOS , , .
1 LDAP . AsyncOS LDAP . · · DN · LDAP LDAP , 739 . LDAP LDAP AsyncOS . AsyncOS LDAP AsyncOS , 780 .
2 LDAP . LDAP LDAP . LDAP . LDAP LDAP , 736 . LDAP , 745 .
3 LDAP . , LDAP LDAP . LDAP , 740 . AsyncOS LDAP . LDAP , 756 . LDAP . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 738
LDAP
LDAP LDAP
LDAP LDAP
AsyncOS LDAP LDAP LDAP .
1
2 3
System Administration( ) > LDAP Add LDAP Server Profile(LDAP ) . . LDAP .
LDAP . . LDAP AsyncOS , 780 .
4 5 6
. . LDAP (Active Directory, OpenLDAP, Unknown Other) . .
Active Directory Unknown( )/Other() SSL 3268 SSL 3269.
Open LDAP SSL 389 SSL 636.
7 LDAP DN(distinguishing name) .
, DN . [email protected]. .
uid=joe, ou=marketing, dc=example dc=com
8 LDAP SSL . 9 Advanced() TTL(time-to-live) . . 10 .
LDAP . LDAP LDAP . .
11 .
LDAP LDAP . 10 3 AsyncOS 10 30 .
LDAP LDAP . LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 739
LDAP
LDAP
12 Test Server(s)( ) . LDAP . Connection Status( ) . LDAP , 740 .
13 . Accept(), Routing(), Masquerade(), Group( ), SMTP Authentication(SMTP ), External Authentication( ), Spam Quarantine End-User Authentication( ) Spam Quarantine Alias Consolidation( ) .
LDAP LDAP . LDAP , 740 .
14 Test Query( ) .
Run Test( ) . Connection Status( ) . Update() . LDAP , 740 .
LDAP .
15 .
, , .
LDAP
LDAP Add/Edit LDAP Server Profile(LDAP /) Test Server(s)( ) ( CLI ldapconfig test ) . AsyncOS . LDAP AsyncOS .
LDAP
LDAP LDAP .
· LDAP , 741 · LDAP , 741 · LDAP , 742 · LDAP , 743
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 740
LDAP
LDAP
LDAP
LDAP LDAP .
1 System Administration( ) > LDAP Edit Settings( ) . 2 LDAP IP .
. 3 LDAP TLS . Network() > Certificates() CLI
certconfig TLS . MTA , 645 . 4 LDAP . 5 .
LDAP
System Administration( ) > LDAP LDAP , .
LDAP 60 ( DNS , , ). AsyncOS ( ). AsyncOS .
60: LDAP (1/2)
myldapserver.example.com LDAP "PublicLDAP" . 10( ) , LDAP () . . Queries are directed to port 3268 (the
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 741
LDAP
LDAP
default). SSL . example.com DN (dc=example,dc=com). TTL(time-to-live) 900, 10000, passphrase .
, . / .
61: LDAP (2/2)
LDAP
"InboundMail" LDAP . , SMTP ( , 752 ).
62:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 742
LDAP
LDAP
LDAP
OutboundMail" LDAP . From, To, CC Reply-To .
63:
Microsoft Exchange 5.5
AsyncOS Microsoft Exchange 5.5 . Microsoft Exchange . LDAP ldapconfig -> edit -> server -> compatibility "y" Microsoft Exchange 5.5 (CLI ).
mail3.example.com> ldapconfig Current LDAP server configurations: 1. PublicLDAP: (ldapexample.com:389)
Choose the operation you want to perform: - NEW - Create a new server configuration. - EDIT - Modify a server configuration. - DELETE - Remove a server configuration.
[]> edit Enter the name or number of the server configuration you wish to edit. []> 1 Name: PublicLDAP Hostname: ldapexample.com Port 389 Authentication Type: anonymous Base: dc=ldapexample,dc=com Choose the operation you want to perform: - SERVER - Change the server for the query.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 743
Microsoft Exchange 5.5
LDAP
- LDAPACCEPT - Configure whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure message routing. - MASQUERADE - Configure domain masquerading. - LDAPGROUP - Configure whether a sender or recipient is in a specified group. - SMTPAUTH - Configure SMTP authentication. []> server Name: PublicLDAP Hostname: ldapexample.com Port 389 Authentication Type: anonymous Base: dc=ldapexample,dc=com
Microsoft Exchange 5.5 Compatibility Mode: Disabled Choose the operation you want to perform: - NAME - Change the name of this configuration. - HOSTNAME - Change the hostname used for this query. - PORT - Configure the port. - AUTHTYPE - Choose the authentication type. - BASE - Configure the query base. - COMPATIBILITY - Set LDAP protocol compatibility options. []> compatibility Would you like to enable Microsoft Exchange 5.5 LDAP compatibility mode? (This is not recommended for versions of Microsoft Exchange later than 5.5, or other LDAP servers.)
[N]> y Do you want to configure advanced LDAP compatibility settings? (Typically not required) [N]> Name: PublicLDAP Hostname: ldapexample.com Port 389 Authentication Type: anonymous Base: dc=ldapexample,dc=com Microsoft Exchange 5.5 Compatibility Mode: Enabled (attribute "objectClass") Choose the operation you want to perform: - NAME - Change the name of this configuration. - HOSTNAME - Change the hostname used for this query.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 744
LDAP
LDAP
- PORT - Configure the port.
- AUTHTYPE - Choose the authentication type.
- BASE - Configure the query base.
- COMPATIBILITY - Set LDAP protocol compatibility options.
[]>
LDAP
LDAP LDAP . LDAP LDAP . LDAP .
· LDAP , 745 · DN(Distinguishing Name), 746 · LDAP , 746 · LDAP(SSL), 747 · , 747 · LDAP , 747 · LDAP , 750 · LDAP , 752
LDAP
· . , 752 . · . , 754
. · . , 785 . · . , 755
. · . LDAP , 756
. · . , 760
. · . LDAP , 761
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 745
DN(Distinguishing Name)
LDAP
· . LDAP , 736 . · SMTP . SMTP AsyncOS , 765 . · . LDAP , 773 . · . , 776
. · . , 778 .
.
DN(Distinguishing Name)
(base) . (base) DN(distinguishing name) . Active Directory DN ( RFC 2247 ) (dc=) DNS . example.com DN dc=example, dc=com . DNS . LDAP .
BASE . LDAP BASE NONE . .
LDAP
LDAP . CN DC / .
Cn=First Last,oU=user,dc=domain,DC=COM
/ , LDAP . mailLocalAddress maillocaladdress .
· :, 746
:
LDAP .
· {a} username@domainname · {d} domainname · {dn} distinguished name · {g} groupname · {u} username · {f} MAIL FROM: address
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 746
LDAP
LDAP(SSL)
{f} .
Active Directory LDAP . (|(mail={a})(proxyAddresses=smtp:{a}))
Cisco LDAP Test() ( ldapconfig test ) , LDAP . LDAP , 750 .
LDAP(SSL)
AsyncOS LDAP SSL . SSL LDAP
· AsyncOS CLI certconfig LDAPS ( , 648 ). LDAPS LDAP .
· LDAPS AsyncOS .
LDAP . . AsyncOS .
LDAP
LDAP . (, .) Active Directory URL "Microsoft Knowledge Base Article - 320528" .
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B320528
LDAP "user()" . , .
· "anonymous()" Microsoft Exchange 2000 . · "anonymous bind( )" Microsoft Exchange 2000 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 747
LDAP
· "anonymous bind( )" "anonymous()" Microsoft Exchange 2000 LDAP AsyncOS .
"anonymous()" "anonymous bind( )" Microsoft Exchange 2000 . SMTP LDAP .
· , 748 · Active Directory , 749 · Active Directory , 750
Microsoft Windows Active Directory Active Directory Exchange 2000 . Active Directory " " Active Directory , 749 .
1 Active Directory .
ADSI Edit LDP Active Directory .
· · OU CN .
.
Inheritance
OU(Organizational Unit)
2 Active Directory
· Windows 2000 Support Tools ADSIEdit . · Domain Naming Context( ) . LDAP
. · Domain Naming Context( ) Properties()
. · Security() . · Advanced() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 748
LDAP
Active Directory
· Add() . · User Object( ) Everyone OK() . · Permission Type( ) . · Apply onto( ) Inheritance() . · Permission() Allow() .
3 Cisco Messaging Gateway
CLI(Command Line Interface) ldapconfig LDAP .
· Active Directory Exchange · 3268 · DN ·
Active Directory
Microsoft Windows Active Directory Active Directory Exchange 2000 . Active Directory anonymous .
Active Directory .
1 Active Directory . ADSI Edit LDP Active Directory . · · OU CN . .
Inheritance
ANONYMOUS LOGON
ANONYMOUS LOGON
OU(Organizational Unit)
ANONYMOUS LOGON
ANONYMOUS LOGON
2 Active Directory
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 749
Active Directory
LDAP
· Windows 2000 Support Tools ADSIEdit . · Domain Naming Context( ) . LDAP
. · Domain Naming Context( ) Properties()
. · Security() . · Advanced() . · Add() . · User Object( ) ANONYMOUS LOGON OK() . · Permission Type( ) . · Apply onto( ) Inheritance() . · Permission() Allow() .
3 Cisco Messaging Gateway
System Administration( ) > LDAP ( CLI ldapconfig) LDAP .
· Active Directory Exchange · 3268 · DN · cn=anonymous
Active Directory
· Active Directory 3268 389 LDAP . 3268.
· Active Directory 636 3269 LDAPS . Microsoft Windows Server 2003 LDAPS .
· (base) , .
· Active Directory "Everyone" . .
· Active Directory mail "ProxyAddresses" .
· Microsoft Exchange MTA .
LDAP
LDAP Add/Edit LDAP Server Profile(LDAP /) Test Query( ) ( CLI test )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 750
LDAP
LDAP
. AsyncOS . . ldaptest . .
ldaptest LDAP.ldapaccept [email protected]
LDAP Host Name( ) , LDAP .
64: LDAP
(PASS)... (FAIL)...
(Accept, ldapaccept)
.
: . DHAP: Drop.
.
(Routing, ldaprouting) .
(Masquerade, masquerade)
. .
(Group, ldapgroup)
true" false"
.
.
SMTP
(SMTP Authentication, smtpauth)
LDAP
. SMTP . SMTP
.
.
(externalauth) , , "match positive" . "match negative" .
"match
(isqauth)
positive" .
. .
(isqalias)
.
.
/ , LDAP . mailLocalAddress maillocaladdress . Systems ldapconfig test , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 751
LDAP
LDAP
LDAP
LDAP . · Error: LDAP authentication failed: <LDAP Error "invalidCredentials" [0x31]> · Error: Server unreachable: unable to connect · Error: Server unreachable: DNS lookup failure
. LDAP 3268 389 . Active Directory 3268 ( " " ). AsyncOS 4.0 SSL LDAP ( 636) . LDAP(SSL), 747 . . LDAP Add/Edit LDAP Server Profile(LDAP /) Test Server(s)( )( CLI ldapconfig test ) . LDAP , 740 . LDAP :
· LDAP Accept(), Masquerading() Routing() .
· LDAP Accept() ( ) , false .
LDAP ( ) . . .
(: [email protected]) LDAP . RAT(Recipient Access Table) . " " .
· , 753 · Lotus Notes , 753
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 752
LDAP
.
65: LDAP LDAP :
:
OpenLDAP
(mailLocalAddress={a}) (mail={a}) (mailAlternateAddress={a})
Microsoft Active Directory Address Book (|(mail={a})(proxyAddresses=smtp:{a})) Microsoft Exchange
SunONE Directory Server
(mail={a}) (mailAlternateAddress={a}) (mailEquivalentAddress={a}) (mailForwardingAddress={a}) (mailRoutingAddress={a})
Lotus NotesLotus Domino
(|(|(mail={a})(uid={u}))(cn={u})) (|(ShortName={u})(InternetAddress={a})(FullName={u}))
(Left Hand Side). . Accept() (uid={u}) .
Lotus Notes
LDAPACCEPT Lotus Notes . Notes LDAP
[email protected]
cn=Joe User
uid=juser
cn=123456
location=New Jersey
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 753
LDAP
Lotus LDAP "[email protected]" , . AsyncOS .
. Lotus Notes .
AsyncOS ( LDAP ). AsyncOS (: [email protected] [email protected] [email protected] ). .
· , 754
66: LDAP LDAP :
:
OpenLDAP
(mailLocalAddress={a})
Microsoft Active Directory Address Book
Microsoft Exchange
SunONE Directory Server
(mail={a}) (mailForwardingAddress={a}) (mailEquivalentAddress={a}) (mailRoutingAddress={a}) (otherMailbox={a}) (rfc822Mailbox={a})
Active Directory proxyAddresses AD smtp:[email protected] , LDAP / . attribute:value . Microsoft Exchange MTA .
· : MAILHOST MAILROUTINGADDRESS, 755
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 754
LDAP
: MAILHOST MAILROUTINGADDRESS
: MAILHOST MAILROUTINGADDRESS
Routing() MAILHOST IP , . DNSconfig .
MAILHOST . MAILHOST MAILROUTINGADDRESS .
Masquerading() Envelope Sender( )( MAIL FROM ) To:, From:, / CC: . " ". "" " ".
· , 755 · " " , 755
67: LDAP LDAP :
:
Masquerade
OpenLDAP
(mailRoutingAddress={a})
Microsoft Active Directory Address Book
(proxyaddresses=smtp:{a})
SunONE Directory Server
(mail={a}) (mailAlternateAddress={a}) (mailEquivalentAddress={a}) (mailForwardingAddress={a}) (mailRoutingAddress={a})
" "
LDAP " " . (: , ) , AsyncOS ( ) (To:, Reply To:, From:, CC: ) " " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 755
LDAP
LDAP
LDAP LDAP . user@domain ( ).
LDAP , LDAP (0 ) .
LDAP (LDAP ldapconfig ) "y" .
Do you want the results of the returned attribute to replace the entire friendly portion of the original recipient? [N]
LDAP .
mailRoutingAddress
admin\@example.com
mailLocalAddress
joe.smith\@example.com
mailFriendlyAddress "Administrator for example.com," <joe.smith\@example.com>
(mailRoutingAddress={a}) LDAP (mailLocalAddress) .
(From, To, CC, Reply-to)
[email protected]
From: "Administrator for example.com," <[email protected]>
MAIL FROM: <[email protected]>
LDAP
LDAP LDAP .
1 rcpt-to-group mail-from-group . 2 System Administration( ) > LDAP ( ldapconfig ) ,
LDAP . 3 Network() > Listeners() ( listenerconfig -> edit -> ldapgroup )
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 756
LDAP
· , 757 · , 757
68: LDAP LDAP :
: OpenLDAP
Microsoft Active Directory SunONE Directory Server
OpenLDAP memberOf . LDAP .
(&(memberOf={g})(proxyAddresses=smtp:{a}))
(&(memberOf={g})(mailLocalAddress={a}))
LDAP "Marketing" ou=Marketing . . 1 , 2 3 LDAP .
Marketing (LDAP "Marketing" ) marketingfolks.example.com .
1 . mail-from-group . LDAP "marketing-group1" ( alt-mailhost ) . (groupName) 2 . "groupName" marketing-group1 .
mail3.example.com> filters
Choose the operation you want to perform: - NEW - Create a new filter. - IMPORT - Import a filter script from a file. []> new Enter filter script. Enter '.' on its own line to end.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 757
LDAP
MarketingGroupfilter: if (mail-from-group == "marketing-group1") { alt-mailhost ('marketingfolks.example.com');} . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []>
mail-from-group rcpt-to-group , 138 . 2 Add LDAP Server Profile(LDAP ) LDAP , . 3 "InboundMail" LDAP . LDAP Edit Listener( ) . , LDAP . System Administration( ) > LDAP PublicLDAP2.group .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 758
LDAP 64:
:
4 .
:
. IT . LDAP DN . DN . cn=IT, ou=groups, o=sample.com LDAP . (&(memberOf={g})(proxyAddresses=smtp:{a})) , . IT LDAP .
[]> - NEW - Create a new filter. - IMPORT - Import a filter script from a file. []> new Enter filter script. Enter '.' on its own line to end. IT_Group_Filter: if (rcpt-to-group == "cn=IT, ou=groups, o=sample.com"){ skip-spamcheck();
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 759
LDAP
skip-viruscheck();
deliver();
}
. 1 filters added.
rcpt-to-group DN (cn=IT, ou=groups, o=sample.com). LDAP .
LDAP . IT . LDAP LDAP LDAP LDAP .
, , LDAP . LDAP LDAP . "MyCompany" "HisCompany" "HerCompany" . MyCompany MyCompany.example.com HisCompany.example.com HerCompany.example.com , LDAP . MyCompany . MyCompany.example.com Mycompany.example.com, HisCompany.example.com HerCompany.example.com .
1 . (, ). LDAP LDAP , 739 .
2 . , Envelope To . , 761 .
3 . " " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 760
LDAP
LDAP . .
· , 761
System Administration( ) > LDAP > LDAP Server Profiles(LDAP ) .
1 2 3 4
LDAP Server Profiles(LDAP ) Advanced() . Add Domain Assignments( ) . . .
. .
5 Domain Assignments( ) . 6 . 7 . 8 . None(
) . 9 Test Query( ) Test Parameters( )
. Connection Status( ) . 10 , {f} .
.
11 .
LDAP
LDAP . LDAP ( "" ) "" . , . LDAP ( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 761
LDAP
. maillocaladdress mail . .
1 . . LDAP LDAP , 739 .
2 . , 762 . 3 . "
" .
LDAP . .
· , 762
System Administration( ) > LDAP > LDAP Server Profiles(LDAP ) .
1 LDAP Server Profiles(LDAP ) Advanced() . 2 Add Chain Query( ) . 3 . 4 .
. .
5 . . .
6 Test Query( ) Test Parameters( ) . Connection Status( ) .
7 , {f} . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 762
LDAP
LDAP
8 .
LDAP
, . "" . Email Security Appliance LDAP DHA(Directory Harvest Attack) . SMTP LDAP .
· SMTP , 763 · , 764
SMTP
RAT(Recipient Access Table) SMTP LDAP DHA . SMTP LDAP LDAP . SMTP LDAP .
65: SMTP
LDAP LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 763
66: SMTP
LDAP
DHAP(Directory Harvest Attack Prevention) .
· Max. Invalid Recipients Per hour( ). . RAT SMTP LDAP . 5 , 2 RAT 3 LDAP . . 25. . "Unlimited()" DHAP .
· Drop Connection if DHAP Threshold is reached within an SMTP conversation(SMTP DHAP ). DHAP(Directory Harvest Attack Prevention) .
· Max. Recipients Per Hour Code( ). . 550.
· Max. Recipients Per Hour Text( ). . "Too many invalid recipients( )".
, .
RAT(Recipient Access Table) LDAP DHA . SMTP . ( LDAP .) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 764
LDAP
· , 765
LDAP (LDAP . LDAP , . IP . DHA . .
LDAP: Potential Directory Harvest Attack from host=('IP-address', 'domain_name '), dhap_limit=n, sender_group=sender_group,
listener=listener_name, reverse_dns=(reverse_IP_address, 'domain_name ', 1), sender=envelope_sender, rcpt=envelope_recipients
, . AsyncOS . HAT (HAT ). CLI listenerconfig . LDAP , GUI . DHAP . 25. . "Unlimited()" DHAP .
SMTP AsyncOS
AsyncOS SMTP . SMTP SMTP . ( ) . MUA(Mail User Agent) (challenge/response) . SMTP . . AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 765
SMTP
LDAP
· LDAP . · SMTP (SMTP SMTP ) .
67: SMTP : LDAP SMTP
SMTP smtpauthconfig HAT SMTP ( SMTP , 769 ).
· SMTP , 766 · SMTP , 767 · SMTP SMTP ( SMTP ), 768 · LDAP SMTP , 769 · SMTP , 772 · SMTP , 772 · SMTP , 773
SMTP
LDAP , Add/Edit LDAP Server Profile(LDAP /) ( ldapconfig ) SMTPAUTH SMTP . LDAP SMTP SMTPAUTH . SMTP , LDAP bind(LDAP ) passphrase as attribute( ) . LDAP . , , . LDAP LDAP .
· , 766
RFC 2307 OpenLDAP (: "{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ="). SHA base64 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 766
LDAP
SMTP
SASL MUA . MUA (LOGIN, PLAIN, MD5, SHA, SSHA, CRYPT SASL ). LDAP . LDAP .
· LDAP . · , MUA /
, . RFC 2307 SHA1 MD5 . · LDAP (: OpenWave LDAP ) . LDAP . SMTP SMTP AUTH .
SMTP LDAP . SMTP LDAP ( ). SMTP . .
SMTP
69: SMTP LDAP
.
Query String( LDAP
)
.
Bind(): LDAP ( LDAP ).
SMTP . LDAP . ( SMTP ). . LDAP .
: SMTP AUTH .
LDAP . Active Directory : (&(samaccountname={u})(objectCategory=person)(objectClass=user))
SMTP Auth Passphrase "Authenticate by fetching the password as an attribute( )" Attribute(SMTP . )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 767
SMTP SMTP ( SMTP )
LDAP
System Administration( ) > LDAP , SMTPAUTH "PublicLDAP" LDAP . userPassword (uid={u}) .
68: SMTP
SMTPAUTH , SMTP .
SMTP SMTP ( SMTP )
SMTP SMTP . , SMTP . SMTP . SMTP ( "") " SMTP " .
1 Network() > SMTP Authentication(SMTP ) . 2 Add Profile( ) .. 3 SMTP . 4 Profile Type( ) Forward() . 5 Next() . 6 /IP . .
. TLS . SASL (PLAIN LOGIN) . . 7 . 8 . SMTP , 769 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 768
LDAP
LDAP SMTP
LDAP SMTP
System Administration( ) > LDAP LDAP SMTP LDAP SMTP . SMTP . LDAP LDAP , 736 .
1 Network() > SMTP Authentication(SMTP ) .
2 Add Profile( ) .
3 SMTP .
4 Profile Type( ) LDAP .
5 Next() .
6 LDAP .
7
. SHA, Salted SHA, Crypt, Plain MD5 . LDAP 'None()' . LDAP (: OpenWave LDAP ) . LDAP .
8 Finish() .
9 .
10 . SMTP , 769 .
· SMTP , 769
SMTP
Network() > SMTP Authentication(SMTP ) SMTP SMTP "" (LDAP SMTP ), Network( ) > Listeners() ( listenerconfig ) .
RELAY .
. SASL CRAM-MD5 DIGEST-MD5 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 769
SMTP HAT
LDAP
Edit Listener( ) SMTPAUTH "InboundMail" .
69: Edit Listener( ) SMTP
, SMTP , Host Access Table .
70: SMTP
1.
2.
SMTP SMTP . "No" SMTP .
(SMTP Authentication:) "Required" , TLS ( EHLO ) AUTH .
· SMTP HAT , 770 · HAT , 771
SMTP HAT
SMTP HAT(Host Access Table) . . SUSPECTLIST MTA "suspicious.com" , "suspicious.com's" SMTPAUTH THROTTLE .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 770
LDAP
HAT
HAT
SMTPAUTH "" . SMTPAUTH "RELAY" , RAT(Recipient Access Table) LDAPACCEPT . . , Rate Limiting( ) (throttling) .
HAT HAT RELAY . HAT . HAT SMTP . HAT "Reject()" AsyncOS SMTP (RCPT TO) . , AsyncOS . . HAT MTA . HAT .
· MAIL FROM . · RCPT TO
. · MTA SMTP AUTH RELAY
. listenerconfig --> setup CLI . . HAT .
example.com> listenerconfig
Currently configured listeners:
1. listener1 (on main, 172.22.138.17) QMQP TCP Port 628 Private
2. listener2 (on main, 172.22.138.17) SMTP TCP Port 25 Private
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> setup
Enter the global limit for concurrent connections to be allowed across all listeners.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 771
SMTP
LDAP
[300]>
[...]
By default HAT rejected connections will be closed with a banner message at the start of the SMTP conversation. Would you like to do the rejection at the message recipient level instead for more detailed logging of rejected mail? [N]> y Do you want to modify the SMTP RCPT TO reject response in this case? [N]> y Enter the SMTP code to use in the response. 550 is the standard code. [550]> 551 Enter your custom SMTP response. Press Enter on a blank line to finish. Sender rejected due to local mail policy. Contact your mail admin for assistance.
SMTP
Email Security Appliance Email Security Appliance SMTP . SMTP LDAP . Email Security Appliance SMTP AUTH . SMTP , .
SMTP
SMTP . '' SMTP SMTP . . SMTP PLAIN LOGIN .
1 SMTP . 1. Network() > SMTP Authentication(SMTP ) . 2. Add Profile( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 772
LDAP
SMTP
3. SMTP . 4. Profile Type( ) Outgoing() . 5. Next() . 6. . 7. Finish() .
2 1 SMTP SMPT .
1. Network() > SMTP Routes(SMTP ) . 2. Receiving Domain( ) All Other Domains( ) . 3. SMTP Destination Host( ) .
. 4. SMTP . 5. .
SMTP
SMTP (LDAP , SMTP SMTP ) .
· [] SMTP - . .
· [] SMTP - . · [] - . · [] (, )
.
LDAP
LDAP LDAP . LDAP , GUI System Administration( ) > Users() ( CLI userconfig ) .
1 . LDAP LDAP .
2 . . 3 LDAP . LDAP LDAP
. " " " " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 773
LDAP
LDAP Test Query( ) ( ldaptest ) . LDAP , 750 .
· , 774 · , 775
AsyncOS LDAP . AsyncOS . RFC 2307, LDAP (shadowLastChange, shadowMax shadowExpire) . DN .
AsyncOS Active Directory .
70: : Active Directory
Active Directory
DN
[ ] ( DN .)
(&(objectClass=user)(sAMAccountName={u}))
displayName
AsyncOS OpenLDAP .
71: : OpenLDAP
OpenLDAP
DN
[ ] ( DN .)
(&(objectClass=posixAccount)(uid={u}))
gecos
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 774
LDAP
AsyncOS . . GUI System Administration( ) > Users() ( CLI userconfig) LDAP . , . IT Administrator Support Help Desk User .
LDAP AsyncOS . Operator Help Desk User AsyncOS Help Desk User .
LDAP DN, . LDAP , AysncOS .
Active Directory (&(objectClass=group)(member={u})). LDAP "memberof" DN {u} {dn} .
AsyncOS Active Directory .
72: : Active Directory
Active Directory
DN
[ ] ( DN .)
(&(objectClass=group)(member={u}))
LDAP memberOf
DN {u} {dn}
.
member ( DN)
cn
AsyncOS OpenLDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 775
LDAP
73: : OpenLDAP
OpenLDAP
DN
[ ] ( DN .)
(&(objectClass=posixGroup)(memberUid={u}))
memberUid ( DN)
cn
. {u} ( ). {a} . LDAP "SMTP:" . AsyncOS .
LDAP "Designate as the active query( )" . ( ) . System Administration( ) > LDAP (*) .
AsyncOS .
· Active Directory: (sAMAccountName={u}) · OpenLDAP: (uid={u}) · : [ ]
Active Directory proxyAddresses, OpenLDAP mail. . CLI ldapconfig isqauth .
Query String( ) (mail=smtp:{a}) .
· Active Directory , 777 · OpenLDAP , 779 · , 884
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 776
LDAP
Active Directory
Active Directory
Active Directory . Active Directory , mail proxyAddresses , Active Directory .
74: LDAP : Active Directory
( ) Active Directory
3268
DN
[] [] (sAMAccountName={u}) mail,proxyAddresses
OpenLDAP
OpenLDAP . OpenLDAP , mail mailLocalAddress , OpenLDAP .
75: LDAP : OpenLDAP
Anonymous
OpenLDAP
389
DN
[ ] ( DN .)
[] (uid={u})
mail,mailLocalAddress
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 777
LDAP
. [email protected], [email protected] [email protected] . .
, Email Attribute( ) .
LDAP "Designate as the active query( )" . ( ) . System Administration( ) > LDAP (*) .
Active Directory (|(proxyAddresses={a})(proxyAddresses=smtp:{a})) mail. OpenLDAP (mail={a}) mail. , . proxyAddresses mail .
CLI ldapconfig isqalias .
· Active Directory , 778 · OpenLDAP , 779
Active Directory
Active Directory . Active Directory , Active Directory , mail .
76: LDAP : Active Directory
Anonymous
Active Directory
3268
DN
[]
SSL
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 778
LDAP
OpenLDAP
Anonymous
( |(mail={a})(mail=smtp:{a}) )
mail
. OU .
OpenLDAP
OpenLDAP . OpenLDAP , OpenLDAP , mail .
77: LDAP : OpenLDAP
Anonymous OpenLDAP
389
DN
[ ] ( DN .)
SSL (mail={a})
mail
. OU .
DN
Active Directory DN . Active Directory Active Directory DN .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 779
LDAP AsyncOS
LDAP
78: LDAP : Active Directory
Anonymous Active Directory 3268
DN
[]
SSL
(proxyAddresses=smtp:{a})
. OU .
LDAP AsyncOS
LDAP LDAP . LDAP , , LDAP . ( .) LDAP LDAP . LDAP .
· . LDAP , LDAP LDAP .
· . LDAP , LDAP LDAP .
System Administration( ) > LDAP CLI ldapconfig LDAP .
LDAP Add/Edit LDAP Server Profile(LDAP /) Test Server(s)( ) ( CLI test ) . LDAP AsyncOS . AsyncOS LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 780
LDAP
· , 781 · , 782
LDAP LDAP . LDAP (: Unavailable Busy) LDAP .
LDAP . LDAP (: Unavailable Busy) LDAP . , . LDAP LDAP .
LDAP . .
LDAP . LDAP .
· LDAP , 781
LDAP
LDAP GUI .
1 System Administration( ) > LDAP LDAP . 2 LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 781
LDAP
1 2
LDAP
3 LDAP .
LDAP LDAP LDAP .
LDAP LDAP . LDAP . .
LDAP LDAP .
· , 782
1 System Administration( ) > LDAP LDAP . 2 LDAP .
1 2
LDAP
3 LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 782
30
SMTP
. · SMTP , 783 · , 785 · LDAP Directory , 786 · TLS SMTP , 786 · TLS , 787 · , 788
SMTP
Email Security Appliance Email Security Appliance SMTP . Email Security Appliance . , , . Email Security Appliance TLS SMTP . CAC(Common Access Card) CAC ActivClient Email Security Appliance . Email Security Appliance . SMTP LDAP . (TLS) .
· , 784
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 783
SMTP
· SMTP LDAP , 784 · LDAP SMTP , 785
79:
1 2 3 4
LDAP .
, 785
SMTP .
TLS SMTP , 786
SMTP . , 75
TLS, SMTP RELAYED TLS , 787
.
SMTP LDAP
80: SMTP LDAP
1 2 3
4
SMTP LDAP Directory , 786 .
LDAP SMTP .
SMTP AsyncOS , 765
LDAP SMTP LDAP SMTP
.
,
.
TLS SMTP RELAYED TLS , 787 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 784
SMTP
LDAP SMTP
LDAP SMTP
81: LDAP SMTP
1 2 3 4 5 6
SMTP LDAP Directory , 786 .
LDAP .
, 785
SMTP .
TLS SMTP , 786
LDAP SMTP .
SMTP AsyncOS , 765
SMTP
.
, 75
1. RELAYED TLS , 787 .
2. TLS Preferred(TLS ) 3. SMTP authentication required( SMTP ) 4. Require TLS for SMTP authentication(SMTP
TLS )
Certificate Authentication LDAP Email Security Appliance SMTP . , ID ( uid), . , CN (&(objectClass-posixAccount)(caccn={cn})(cacserial={sn}) . SMTP . LDAP OpenLDAP, Active Directory Oracle Directory . LDAP LDAP , 735 .
1 System Administration( ) > LDAP . 2 LDAP . LDAP LDAP , 739
. 3 Certificate Authentication Query( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 785
LDAP Directory
SMTP
4 . 5 . : (&(objectClass=user)(cn={cn})) 6 sAMAccountName ID . 7 .
LDAP Directory
SMTP LDAP (Allowance Query String) . Email Security Appliance LDAP . , . . (&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t}))) true .
· CAC (caccn=*) · CAC exempt(cacexempt=*) · CAC (cacemergency>={t}) SMTP SMTP AsyncOS , 765 .
1 System Administration( ) > LDAP . 2 LDAP . LDAP LDAP , 739
. 3 LDAP SMTP . 4 SMTP Authentication Query(SMTP ) . 5 . 6 ID . : (uid={u}) 7 LDAP BIND . 8 . : (&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t}))) 9 .
TLS SMTP
SMTP Email Security Appliance TLS SMTP . LDAP . Email Security Appliance SMTP AUTH .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 786
SMTP
TLS
LDAP SMTP SMTP AsyncOS , 765 .
1 Network() > SMTP Authentication(SMTP ) . 2 Add Profile( ) . 3 SMTP . 4 Profile Type( ) Certificate() . 5 Next() . 6 . 7 SMTP LDAP .
SMTP AUTH .
8 Finish . 9 .
TLS
RELAYED Verify Client Certificate( ) TLS Email Security Appliance . TLS Preferred(TLS ) , TLS . TLS Required(TLS ) , . SMTP .
· TLS - Required(TLS - ) · Verify Client Certificate( ) · Require SMTP Authentication(SMTP )
SMTP Email Security Appliance SMTP LDAP .
SMTP SMTP RELAYED .
· TLS - Required(TLS - ) · Require SMTP Authentication(SMTP )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 787
SMTP
Email Security Appliance LDAP SMTP RELAYED .
· TLS - Preferred(TLS - ) · Require SMTP Authentication(SMTP ) · Require TLS to Offer SMTP Authentication(TLS SMTP )
Email Security Appliance ( Certificate Revocation List) . Email Security Appliance .
1 2
Network() > CRL Sources(CRL ) . SMTP TLS CRL . a) Global Settings( ) Edit Settings( ) . b) ( ) Global Settings( ) .
· SMTP TLS CRL
· SMTP TLS CRL
· CRL
c) 'CRL check for inbound SMTP TLS( SMTP TLS CRL )', 'CRL check for outbound SMTP TLS( SMTP TLS CRL )' 'CRL Check for Web Interface( CRL )' .
d) .
3 Add CRL Source(CRL ) . 4 CRL . 5 . ASN.1 PEM . 6 URL . : https://crl.example.com/certs.crl 7 , URL . 8 CRL . 9 CRL . 10 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 788
SMTP
SMTP
SMTP
1 System Administration( ) > LDAP LDAP . 2 LDAP .
a) . b) . c) . : (&(caccn={cn})(cacserial={sn})) d) uid ID . e) . 3 Network > SMTP Authentication( > SMTP ) Certificate SMTP . a) . b) LDAP . c) SMTP AUTH . d) . 4 Network > Listeners( > ) , SMTP . 5 TLS, SMTP RELAYED . SMTP Email Security Appliance SMTP AUTH
. Email Security Appliance .
6 .
SMTP AUTH SMTP
Email Security Appliance SMTP SMTP AUTH . SMTP AUTH , .
1 System Administration( ) > LDAP LDAP . 2 LDAP SMTP .
a) . b) . : (uid={u}) c) LDAP BIND . d) . :
(&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t}))).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 789
SMTP AUTH SMTP
SMTP
e) . 3 Network > SMTP Authentication( > SMTP ) LDAP SMTP .
a) . b) SMTP LDAP . c) SMTP AUTH Check with LDAP(LDAP ) ,
. d) . 4 Network > Listeners( > ) , LDAP SMTP . 5 TLS SMTP RELAYED . 6 .
SMTP AUTH SMTP
Email Security Appliance , SMTP AUTH . SMTP AUTH .
1 System Administration( ) > LDAP LDAP . 2 SMTP .
a) . b) . : (uid={u}) c) LDAP BIND . d) . :
(&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t}))).
3 LDAP . a) . b) . c) . : (&(caccn={cn})(cacserial={sn})) d) ID (: uid). e) .
4 Network > SMTP Authentication( > SMTP ) LDAP SMTP . a) . b) SMTP LDAP . c) SMTP AUTH Check with LDAP(LDAP )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 790
SMTP
SMTP AUTH SMTP
d) SMTP AUTH . . 525, "Dear user, please use your CAC to send email."
e) .
5 SMTP . a) . b) LDAP . c) SMTP AUTH . d) LDAP SMTP . e) .
6 Network > Listeners( > ) , SMTP .
7 RELAYED .
· TLS
· SMTP
· SMTP TLS
8 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 791
SMTP AUTH SMTP
SMTP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 792
31
. · , 793 · , 794 · , 831 · , 832 · , 835
Email Security Monitor( ) . IP , SenderBase Reputation Service . . , , " " . .
· .
· SBRS(SenderBase Reputation Score) (, ). , IP .
· , , . .
· · · · (throttle)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 793
· · · Anti-Spam, 355 , Anti-Virus, 335 . ( ) . GUI , ( , ) . . . AsyncOS . , (Delivery Status Details( ) , 811 ).
.
· , 794
Cisco Content Security Management Appliance . . . , . Archived Reports( ) . . "Generate Report( )" . Scheduled Reports( ) , . , . "Preview This Report( )" .
Quarantines() Monitor() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 794
GUI . " " , , , ""( ) . (SBRS , ). , SenderBase Reputation Service, , , , Outbreak Filter . Printable PDF( PDF) .PDF . PDF , 832 . Export() CSV(comma separated values) . CSV Email Security Appliance GMT . GMT .
CSV . . File() > Open() . .
CSV , 829 .
· My Dashboard( ) , 797
· Overview() , 799
· Incoming Mail( ) , 802
· Outgoing Destinations( ), 809
· Outgoing Senders( ), 809
· Delivery Status( ) , 810
· Internal Users( ) , 811
· DLP Incidents(DLP ) , 813
· Content Filters( ) , 814
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 795
· DMARC Verification(DMARC ) , 815 · Outbreak Filters , 816 · Virus Types( ) , 817 · URL Filtering(URL ) , 818 · Web Interaction Tracking( ) , 819 · , 820 · TLS Connections(TLS ) , 821 · Inbound SMTP Authentication( SMTP ) , 821 · Rate Limits( ) , 822 · System Capacity( ) , 823 · System Status( ) , 826 · High Volume Mail( ) , 828 · Message Filters( ) , 828 · Geo Distribution( ) , 810
. .
· IP (IPv4 IPv6) · · · · · · IP · , (: "ex" "example.com" ) . IPv4 , 4 IP . "17" 17.0.0.0~17.255.255.255 , 17.0.0.1 172.0.0.1 . . IP CIDR (17.16.0.0/12) . IPv6 , AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 796
· 2001:db8:2004:4202::0-2001:db8:2004:4202::ff · 2001:db8:2004:4202:: · 2001:db8:2004:4202::23 · 2001:db8:2004:4202::/64 .
(Cisco Content Security Management Appliance ).
1 . ( .) Message Tracking( ) .
2 .
· , 841
My Dashboard( )
() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 797
My Dashboard( )
1. Monitor() > Email or Web( ) > Reporting()
> My Dashboard( ) ,
[X] .
2. .
· Monitor() [+] .
· Monitor() > Email or Web( ) > Reporting( ) > My Dashboard( ) , [+] , . + Report Module in( +) .
3. . (: , ), . .
4. (: Overview() ) . , .
:
· . .
· . , .
1. Monitor() > Email or Web( ) > Reporting()
> My Dashboard( ) .
2. Time Range( ) :
My Dashboard( )
. .
.
.
[X] .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 798
Overview()
Overview()
Overview() Outbreak Filter ( System Overview( ) ) . . .
Overview() SenderBase Reputation Service (: ). Overview() .
· "" . · , (SBRS) , ,
, , . · . · TOC(Threat Operations Center) .
Overview() System Overview( ) Incoming and Outgoing Mail( ) .
· , 799 · , 800 · , 801 · , 802
Overview() System Overview( ) , , .
Status()
· Status(), 799 · , 800 · , 800
. System Status( ):
· · (conservation) ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 799
· · ·
CLI , 997 . Incoming Messages( ): . Work Queue( ): . System Status( ) System Status Details( ) .
3 , , ( ), .
Local Quarantines( ) Local Quarantines( ) .
TOC(Threat Operations Center) Outbreak( ) . ( ), Outbreak . Outbreak Filters Outbreak .
Threat Level( ) 80 "downloads.ironport.com" . Threat Level( ) . Service Updates( ) . , 945 .
TOC(Threat Operations Center) Outbreak Details(Outbreak ) . . Separate Window( ) . .
. Outgoing Mail Graphs( ) Mail Summaries( ) . Time Range( ) . Email Security Monitor( ) . ( , 801 ).
, . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 800
.
· , 801
. example.com 3 . , . . Cisco .
Overview and Incoming Mail( ) .
· Stopped by Reputation Filtering( ): HAT ( , 801 ) (throttling)
· Invalid Recipients( ): LDAP RAT
· Spam Messages Detected( ):
· Virus Messages Detected( ):
. .
· Detected by Advanced Malware Protection(AMP ): . .
· Messages with Malicious URLs( URL ): URL URL.
· Stopped by Content Filter( ): . · Stopped by DMARC(DMARC ): DMARC . · S/MIME Verification/Decryption Failed(S/MIME / ): S/MIME ,
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 801
· S/MIME Verification/Decryption Successful(S/MIME / ): S/MIME , , .
· Clean Messages( ): . (: ) . .
·
· Marketing Messages( ): (: Amazon.com) .
· Social Networking Messages( ): , , . LinkedIn CNET .
· Bulk Messages( ): (: TechTarget) .
Message Tracking( ) .
. .
. , , , . Outbreak ( , ), , , .
, , . , . , .
Incoming Mail( )
Incoming Mail( ) . IP , ( ) . IP , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 802
Incoming Mail( )
Incoming Mail( ) Domain(), IP Address(IP ), Network Owner( ) , .
( IP ) ( ) . . /IP/ Sender Profile( ) . /IP/ Incoming Mail( ) .
, . Columns() . , "Detected by Advanced Malware Protection(AMP )" .
Incoming Mail( ) Incoming Mail( ), Sender Profiles( ), Sender Group Report( ) . Incoming Mail( ) .
· IP , ( ) . ·
. , 808 . · , , ,
, . ·
. · SenderBase Reputation Service IP ,
. · SenderBase Reputation Service SBRS(SenderBase Reputation Score)
. . · . · , IP "Add to Sender Group( )" IP , ( ). , 69 .
· Incoming Mail( ), 804 · , 804 · : , 806 · , 808
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 803
Incoming Mail( )
Incoming Mail( )
Incoming Mail( ) . ( , , ) .
, 804 .
, 804
. 60 , 120 . . , .
.
82:
GUI 30 90
60 + 5 24 + 60 7 + 30 + 90 + 00:00 ~ 23:59(~11:59 PM) 00:00 23:59 / /
Centralized Reporting( ) . Cisco Content(M-Series) Security Management Appliance , 1187 .
, Incoming Mail( ) External Domains Received listing( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 804
. . , 801 .
DNS IP (, ) . DNS , 69 .
Sender Detail listing( ) Summary() All() .
Sender Detail( ) , (Overview() Incoming Mail Summary( ) ).
Stopped by Reputation Filtering( ) .
· "(throttled)" · TCP ( ) ·
. . "(floor)" . , .
Overview() Stopped by Reputation Filtering( ) . .
.
Connections Rejected( ): HAT . . .
Connections Accepted( ):
Stopped by Recipient Throttling( ): Stopped by Reputation Filtering( ) . , HAT . TCP Stopped by Reputation Filtering( ) .
Detected by Advanced Malware Protection(AMP ): . .
Total Threat( ): ( , , ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 805
"No Domain Information( )"
Column() .
. .
· "No Domain Information( )", 806 · , 806
"No Domain Information( )"
DNS "No Domain Information( )" . Sender Verification( ) . , 69 .
Items Displayed( ) .
( "No Domain Information( )" ) . SenderBase Reputation Service Sender Profile( ) . Sender Profile( ) IP ( : , 806 ).
Incoming Mail( ) Sender Groups report( ) . , 808 .
:
Incoming Mail( ) Incoming Mail Details( ) IP , ( ) Sender Profile( ) . . Incoming Mail( ) , IP Sender Profile( ) . , IP . SenderBase Reputation Service , 69 .
IP , . . IP ( IP ) SenderBase, .
· IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 806
:
· IP . · IP IP .
Current Information( ) .
· SenderBase Reputation Service :
· IP , / · ( ) · CIDR (IP ) · IP , / · · DNS (IP )
24 . SenderBase 10 . 10 , 100% ( 100 ). , 1 10 .
, 30 .
· (IP ) · /30 (IP ) · Bonded Sender (IP ) · SenderBase Reputation Score(IP ) · ( ) · ( ) · IP ( ) · IP ( )
SenderBase Reputation Service "More from SenderBase(SenderBase )" .
· Mail Flow Statistics( ) .
· IP . IP .
IP . Columns() IP Addresses(IP ) DNS Verified(DNS ) , SBRS(SenderBase Reputation Score) Last Sender Group( ) . .
Columns() Domains( ) Connections Rejected( ), Connections Accepted(
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 807
), Stopped by Recipient Throttling( ), Detected by Advanced Malware Protection(AMP ) . . ( ) Add to Sender Group( ) , IP . Current Information( ) Sender Group Information( ) Add to Sender Group( ) Add to Sender Group( ) . , 69 . , .
· , 808
Quick Search( ) IP , . . : , 806 .
Sender Groups( ) , SMTP . Mail Flow by Sender Group( ) . Connections by Mail Flow Policy Action( ) . HAT(Host Access Table) . HAT , 69 .
Sender Domain Reputation( )
Sender Domain Reputation( ) . · SDR .
· SDR .
· SDR .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 808
Outgoing Destinations( )
SDR ' ' '' '', '' SDR .
· SDR .
SDR , .
Outgoing Destinations( )
Outgoing Destinations( ) . . . ( ). (: , ) . Export() CSV . Outgoing Destinations( ) .
· ? · ? · , , ,
? · ?
Outgoing Senders( )
Outgoing Senders( ) IP . IP . . IP IP . . . , . . ( ).
. Delivery Status( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 809
Geo Distribution( )
(: , ) . Export() CSV . Outgoing Senders( ) .
· , IP ? · IP ? · ?
Geo Distribution( )
Geo Distribution( ) . · . · .
. "Total Messages( )" SMTP .
: · IP " IP " . · SBRS 'No Country Info( )' .
Delivery Status( )
, Monitor() > Delivery Status( ) . Delivery Status( ) CLI tophosts . ( CLI , 997 " " .) 3 20, 50 100 . , (), , , , .
· Domain Name( ): Search() .
· .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 810
Delivery Status Details( ) .
"active()" . .
· , 811 · Delivery Status Details( ) , 811
Retry All Delivery( ) . Retry All Delivery( ) . "Down()" .
. Delivery Status Details( ) Retry Delivery( ) .
CLI delivernow . , 1020 .
Delivery Status Details( )
Delivery Status Details( ) . Mail Status( ), Counters() Gauges() CLI hoststatus . ( CLI , 997 ) Domain Name( ): Search() . altsrchost .
Internal Users( )
Internal Users( ) ( , ).
.
· / .
·
(, , ) . Export() CSV .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 811
Columns() .
User Mail Flow Details( ) , ( ), , , ( ) . .
Internal Users( ) .
· ? · ? · ? · ? · ? · ?
Inbound Internal Users( ) Rcpt To: . Outbound Internal Users( ) Mail From: .
(: ) null . "unknown( )" .
Internal User detail( ) .
Incoming Detected by Advanced Malware Protection(Advanced Malware Protection ) Outgoing Detected by Advanced Malware Protection(Advanced Malware Protection ) Columns() .
· , 812 · , 813
Internal User detail( ) ( , , AMP , , , ) , . , Columns() Incoming Detected by Advanced Malware Protection(AMP ) . . . DLP .
(Content Filters( ) , 814 ). .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 812
Internal Users( ) Internal User detail( ) ( ) . (: "ex" "example.com" ) .
DLP Incidents(DLP )
DLP Incidents(DLP ) DLP(data loss prevention) . Outgoing Mail Policies( ) DLP . DLP .
DLP Incidents(DLP ) .
· ? · DLP ? · ? · ? · ?
DLP Incidents(DLP ) .
· (Low, Medium, High, Critical) DLP DLP
· DLP Incidents Details(DLP )
(: , ) . Export() CSV Printable (PDF)( (PDF)) PDF . PDF , 832 .
DLP DLP . .
· DLP , 813 · DLP , 814
DLP
DLP DLP Incidents(DLP ) DLP Incidents Details(DLP ) . DLP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 813
DLP
DLP Incident Details(DLP ) DLP . . .
DLP
DLP Incidents Details(DLP ) DLP DLP Policy Detail(DLP ) DLP . DLP .
DLP Incidents by Sender( ) . DLP , . Incidents by Sender( ) .
Internal Users( ) . Internal Users( ) , 811 .
Content Filters( )
Content Filters( ) ( ) . Content Filters( ) .
· ? · ?
Content Filter detail( ) .
· , 814
Content Filter detail( ) .
Matches by Internal User( ) ( ) Internal User details( ) ( , 812 ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 814
DMARC Verification(DMARC )
DMARC Verification(DMARC )
DMARC Verification(DMARC ) DMARC DMARC AsyncOS . DMARC .
· DMARC ? · , DMARC AsyncOS ? DMARC Verification(DMARC ) . · DMARC . · .
· . .
· DMARC . · DMARC .
(: , ) . Export() CSV Printable (PDF)( (PDF)) PDF .
Macro Detection( )
Macro Detection( ) . · . · .
.
: · 1 . . · 1 . .
External Threat Feeds( )
External Threat Feeds( ) . · ETF
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 815
Outbreak Filters
· ETF
· IOC
· ETF
· ETF
'Summary of External Threat Feed Sources( )' .
· ETF .
· IOC ETF .
`Summary of Indicator of Compromise (IOC) Matches(IOC(Indicator of Compromise) )' .
· ETF IOC .
· IOC ETF IOC .
Outbreak Filters
Outbreak Filters Outbreak Filter Outbreak Filter . , .
Threats By Type( ) .
Threat Summary( ) Malware(), Phish(), Scam() Virus() . Message Tracking( ) .
Past Year Outbreak Summary( Outbreak ) , . ( ) , . . Outbreak , Threat Operations Center . Outbreak , . Total Local Protection Time( ) Threat Operations Center . . "--" , ( ). (0) , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 816
Virus Types( )
Outbreak Filter Quarantined Messages( ) Outbreak Filter . . . . Outbreak ( ) . ( ) .
Threat Details( ) (, ), , , . , Past Year Virus Outbreaks( Outbreaks) Outbreak ID, , Outbreak Filter . . . Message Tracking( ) .
First Seen Globally( ) SenderBase Threat Operations Center . Threat Operations Center .
"--" , ( ). (0) . .
Hit Messages from Incoming Messages( ) , ( ) .
Hit Messages by Threat Level( ) ( 1~5) ( ) .
Messages resided in Outbreak Quarantine(Outbreak ) Outbreak .
Top URL's Rewritten( URL) 10 URL . URL Items Displayed( ) . Message Tracking( ) URL .
Outbreak Filters .
· ? · Outbreak Filter ? · ?
Virus Types( )
Virus Types( ) . Virus Types( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 817
URL Filtering(URL )
. PDF PDF .
Virus Types( ) . . .
Virus Types( ) . Top Incoming Virus Detected( ) . Top Outgoing Virus Detected( ) .
Incoming Mail( ) , , . , IP Outgoing Senders( ) .
VirusTypes Details( ) . . , . Incoming Messages( ), Outgoing Messages( ) Total Infected Messages( ) Virus Type details( ) .
URL Filtering(URL )
· URL Filtering(URL ) URL . · URL Filtering(URL ) . · URL (/Outbreak Filter /
) . URL . · Top URL Categories( URL ) ( ) . · URL . URL URL . · Security Services( ) > URL Filtering(URL ) URL .
URL .
· URL Outbreak Filter URL. URL Outbreak Filter URL. URL Cisco Web Security .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 818
Web Interaction Tracking( )
· URL . · Cisco Web Security URL .
Web Interaction Tracking( )
· Web Interaction Tracking( ) .
· Web Interaction Tracking( ) 30 . URL Web Interaction Tracking( ) 2 .
· Web Interaction Tracking( ) . URL Web Interaction Tracking( ) 2 .
· Web Interaction Tracking( ) .
· , URL( Outbreak Filter ) .
· Web Interaction Tracking( ) .
Top Rewritten Malicious URLs clicked by End Users( URL). URL .
· URL . · URL . · URL Outbreak Filter . · URL (, ). URL Outbreak Filter
unknown( ) .
Top End Users who clicked on Rewritten Malicious URLs( URL )
Web Interaction Tracking Details( ). .
· URL( URL URL) . URL .
· URL (, ).
.
· Incoming Mail Policies( ) > Outbreak Filters URL .
· Cisco Security Proxy .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 819
URL( URL URL) unknown( ) . URL .
· URL . URL .
· Web Interaction Tracking( ) . · URL (: ) , URL . · URL (: ) , ( ) URL . · (UTC) .
, 612 .
, 484 .
· AMP(Advanced Malware Protection) · · AMP
Mailbox Auto Remediation( ) (Monitor() > Mailbox Auto Remediation( )) . .
· · · SHA-256 SHA-256 . Office 365 , 561 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 820
TLS Connections(TLS )
TLS Connections(TLS )
TLS Connections(TLS ) TLS . TLS . TLS Connections(TLS ) .
· TLS ?
· TLS ?
· TLS ?
· DANE TLS ?
· DANE TLS ?
· TLS ?
· TLS ?
· DANE TLS ?
· DANE ?
TLS Connections(TLS ) . , , . TLS / . , / , / TLS , / DANE . TLS TLS . . / TLS , TLS ( ), DANE ( ) . TLS (TLS ) . Column() .
Inbound SMTP Authentication( SMTP )
Inbound SMTP authentication( SMTP ) ESA SMTP SMTP AUTH . SMTP AUTH TLS . . , IP SMTP . .
· SMTP ?
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 821
Rate Limits( )
· ? · SMTP AUTH ? · SMTP ? · SMTP ?
Inbound SMTP Authentication( SMTP ) , SMTP , .
Received Connections( ) SMTP . , SMTP , / , SMTP AUTH / .
Received Recipients( ) SMTP ESA . .
SMTP Authentication details(SMTP ) ESA . , SMTP AUTH , SMTP AUTH . IP .
Rate Limits( )
mail-from . Rate Limits( ) .
.
· . · , . · . · .
Internal Users( ) Outgoing Senders( ) . .
Top Offenders by Incident( ) . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 822
System Capacity( )
Top Offenders by Rejected Recipients( ) . .
, 108 .
System Capacity( )
System Capacity( ) , , / (, ), CPU , CPU , .
System Capacity( ) .
· .
· . · ,
.
. , . , .
· Volume(): "" "" . . Incoming Mail( ) Outgoing Mail( ) . - , 824 - , 825 .
· Work Queue( ): ham " " . , . WorkQueue( ) . - , 824 .
· Resource Conservation Mode( ): RCM(Resource Conservation Mode) CRITICAL . . RCM , . RCM . - , 825 .
· - , 824
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 823
-
· - , 824 · - , 825 · - , 825 · , 826 · - , 826
-
Workqueue( ) ( , , ). 1 1 . .
" " . .
, . . . . . , 961 .
10,000 .
-
Incoming Mail( ) , , . . . Incoming Mail( ) . Incoming Mail( ) Sender Profile( ) .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 824
-
-
Outgoing Mail( ) , , . . . Outgoing Mail( ) . IP Outgoing Mail( ) Outgoing Destinations( ) .
-
. · CPU · ·
CPU Email Security Appliance CPU . CPU . CPU .
CPU . System Administration( ) > System Health( ) CLI healthconfig . , 961 .
, , , CPU . CPU . .
. . System Administration( ) > System Health( ) CLI healthconfig . , 961 .
RCM(Resource Conservation Mode) . n RCM n n-1 RCM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 825
RCM , . RCS , .
, . ( C170 C190 ). .
-
All() . , . . PDF ( ) . PDF , 832 .
System Status( )
System Status( ) DNS . CLI status detail dnsstatus . CLI , 997 status detail " " dnsstatus "DNS " .
System Status( ) System Status( ), Gauges(), Rates() Counters() .
· System Status, 826 · , 827 · , 827 · , 827
System Status
System Status( ) Mail System Status( ) Version Information( ) .
· , 827 · , 827
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 826
Mail System Status( ) .
· ( Status(), 799 ) · · · ,
Version Information( ) .
· · AsyncOS · AsyncOS ·
Cisco . ( , 1171 .)
Gauges() .
· · · · CPU
Mail Gateway Appliance AsyncOS CPU . CASE Outbreak Filter .
· ·
Rates() . · ·
. . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 827
High Volume Mail( )
. . , 893 .
Reset Counters( ) . CLI resetcounters . , 1013 .
· · · · DNS
High Volume Mail( )
High Volume Mail( ) Header Repeats( ) .
High Volume Mail( ) . · Top Subjects( ). AsyncOS . · Top Envelope Senders( ). AsyncOS . · Top Message Filters by Number of Matches( ). ( ) .
High Volume Mail( ) . Message Tracking( ) . (: , ) . Export() CSV Printable (PDF)( (PDF)) PDF .
Message Filters( )
Message Filters( ) ( ) . . . Message
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 828
CSV
Tracking( ) .
(: , ) . Export() CSV Printable (PDF)( (PDF)) PDF .
CSV
Email Security Monitor( ) CSV . CSV .
· CSV . CSV . Email Security Monitor( ) CSV .
CSV(comma-separated values) ASCII . CSV 100 . CSV . CSV .zip , .
, 831 .
· HTTP CSV . Email Security Monitor( ) HTTP . . , , .
· CSV , 829
CSV
HTTP . Export() . URL. URL , ( ).
URL ( HTTP ) . HTTP . CSV .
· URL ( , , ). "Past Day( )" CSV URL URL
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 829
URL
, URL "Past Day( )" . CSV (: date_range=current_day). · . . (: Outbreaks( ) "Global / Local" ). · CVS . · CSV . (: ). · . ( , 830 ) (, 831 ) .
· URL, 830 · HTTP , 830 · , 830 · , 830 · , 831 · , 831
URL
http://example.com/monitor/content_filters?format=csv&sort_col_ss_0_0_0= MAIL_CONTENT_FILTER_INCOMING.RECIPIENTS_MATCHED§ion=ss_0_0_0 &date_range=current_day&sort_order_ss_0_0_0=desc&report_def_id=mga_content_filters
HTTP URL HTTP http://example.com/monitor/ : http://username:[email protected]/monitor/
CSV .csv. , .
"" . . . GMT . .
. Outbreak Details(Outbreak )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 830
TOC(Threat Operations Center) , .
( ). , . "key0," "key1" .
. . (: Outbreak ).
AsyncOS . · , . · ("" ). · ( ).
Monitor() > Scheduled Reports( ) . Monitor() > Archived Reports( ) . ( 1,000) . 0 . . . 12 . /saved_reports . ( FTP, SSH SCP , 1199 .)
· , 831 · , 832
. · Content Filters( ) · · DLP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 831
· Executive Summary · · · Outgoing Destinations( ) · · Outgoing Senders: Domains( : ) · · · TLS · Outbreak Filters · Virus Types( ) Email Security Monitor( ) . Content Filters( ) Monitor() > Content Filters( ) . Executive Summary( ) Monitor() > Overview() .
· , 832
PDF Content Filter( ) 40 . CSV .
Windows , PDF Adobe.com .
, 960 . CLI addressconfig .
. ( ). Content Filters( ), DLP Incident Summary(DLP ), Executive Summary( ), Incoming Mail Summary( ), Internal Users Summary( ), Outgoing Mail Summary( ), Sender Groups( ) Outbreak Filters . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 832
. .
Monitor() > Scheduled Reports( ) .
· , 833 · Archived Reports( ), 834
, . . , (: 3 ) . 1 . , .
· , 833 · , 834 · , 834
1 Monitor() > Scheduled Reports( ) Add Scheduled Report( ) .
2 . . , 831 .
3 . AsyncOS . .
4 . (Outbreak Filters .) 5 .
· PDF. , PDF . Preview PDF Report(PDF ) PDF . PDF , 832 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 833
· CSV. ASCII . CSV 100 . CSV .
6 . . 7 .
. (: Yahoo, Gmail ) ,
. 8 Submit() . .
1 Services() > Centralized Reporting( ) . 2 . 3 .
1 Services() > Centralized Reporting( ) . All() .
2 . 3 .
.
Archived Reports( )
Monitor() > Archived Reports( ) . Report Title( ) . Generate Report Now( ) .
Show() . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 834
. 30 , 1,000 . 30 .
· , 835
. .
1 Archived Reports( ) Generate Report Now( ) . 2 . AsyncOS .
. , 831 . 3 . (Virus Outbreak .) . . 4 .
· PDF. , PDF . Preview PDF Report(PDF ) PDF . PDF , 832 .
· CSV. ASCII . CSV 100 . CSV . .
5 . Archived Reports( ) . 6 . 7 Deliver this Report( ) . 8 .
· , 836 · , 836
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 835
.
, , (Security Management Appliance ) . ( ) , ( ) , . .
Email Security Appliance .
. ( ) , 475 . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 836
32
. · , 837 · , 837 · , 838 · , 841 · , 844 · , 845
. , . .
.
. · , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 837
· . , 1053 .
· : Email Security Appliance Security Management Appliance . Cisco Content Security Management Appliance .
1 Services() > Centralized Services( ) > Message Tracking( ) . .
2 Enable Message Tracking Service( ) . 3 Accept(
) . 4 .
.
Security Management Appliance Email Security Appliance .
5 ( ) . .
6 .
Local Tracking( )
· DLP . , 898 .
· ( ) . , 941 .
1 Email() > Message Tracking( ) > Message Tracking( ) . 2 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 838
· Advanced() .
· .
· / .
· "AND" . , . , (and) .
· .
Envelope Sender( )
Begins With, Is Contains , .
. .
Envelope Recipient( )
Begins With, Is Contains , .
. .
Begins With, Is Contains .
: .
Message Received( )
.
. .
Email Security Appliance .
:
Sender IP Address/Domain/Network IP , .
Owner( IP //
)
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 839
Begins With, Is Contains ASCII . . .
·
·
· AMP(Advanced Malware Protection)
SHA-256 SHA-256 , 484 .
Advanced Malware Protection . Threat Name( ) Simple_Custom_ Detection Custom_Threshold Custom Detection( ) Custom Threshold( ) . Advanced Malware Protection .
. .
"OR" . .
ID
SMTP ID .
RFC 822 , .
Cisco IronPort MID
. IronPort MID Email Security Appliance .
Cisco IronPort Host(Cisco IronPort Email Security Appliance
)
, .
3 Search() . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 840
· , 841
. · Email Security Appliance Security Management Appliance . .
· Advanced Malware Protection( ) Message() Advanced Malware Protection , 486 .
. · Advanced() , Query Settings( ) 1000 250 . · . · . · . . . , ( ) . · 1,000 Export All( )( ) 50,000 . · Show Details( ) . . · , .
Message Tracking( ) , .
· , 842
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 841
Envelope and Header Summary( )
Received Time( )
Email Security Appliance .
Email Security Appliance .
MID
IronPort ID.
.
.
"(No Subject)" . , 1053 .
Envelope Sender( ) SMTP .
Envelope Recipients( ) . " " " " .
.
ID
RFC 822 .
SMTP ID
SMTP SMTP . N/A".
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 842
.
.
. , , DLP, . . ( ).
· ,
·
(OLE .ZIP ) .
Sending Host Summary( )
DNS
DNS(PTR) .
IP
IP .
SBRS
SenderBase Reputation . 10( ) ~ -10( ). .
SBRS , 85 .
Processing Details( )
Summary()
Summary()
( .
.
(:
Summary() ) (:
.)
) .
.
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 843
DLP Matched Content(DLP DLP .
)
DLP
.
. DLP , 517 .
, 898 .
URL Details(URL )
URL URL , .
.
· URL · URL (, ) · URL
URL
. URL , 441 .
, 898 .
· , 838
, .
1 Monitor() > Message Tracking( ) . 2 Search() Data in time range( ): . 3 Data in time range( ): .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 844
· , 845
. . .
· , 845 · , 845
. , 837 . , 842 .
.
· , . URL , URL . Email Security Appliance . , , .
· , 835 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 845
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 846
33
, ,
. · , Outbreak , 847 · , Outbreak , 849 · , , 858
, Outbreak
", " File Analysis( ) . Email Security Appliance . Email Security Appliance Cisco Content Security Management Appliance , . .
· . , .
· . .
· Outbreak . Outbreak Filter .
· File Analysis( ) . , .
· , 867
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 847
, ,
AMP(Advanced
Malware Protection)
.
, .
· , Outbreak
· ,
Outbreak
Outbreak
Outbreak Filter .
Policy
, DLP .
Policy() .
, DLP .
.
( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 848
, ,
, Outbreak
, DLP Policy() .
, 867
.
, .
, Outbreak
· , Outbreak , 850 · , 850 · , 851 · , 851 · , , Outbreak , 852 · , Outbreak , 854 · , 854 · , 854 · , , 855 · , 856 · , 856 · , 856 · , 856 · , Outbreak , 857 · , Outbreak , 857
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 849
, Outbreak
, ,
, Outbreak
, , 941 . , Email Security Appliance . . Outbreak Filter Centralized Quarantines( )
· , , Email Security Appliance .
·
· , , 855 · , 856 · , 850
. · - . . , . .
Outbreak Filter Outbreak Filter .
· - . . · , Outbreak , 850 . , . FIFO(First In First Out) . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 850
, ,
( ) . . . , 856 .
· . . , 851 .
( (Outbreak Filter) ) .
· . · . · , . · .
, 850 , . .
· - . · - . . , 863 . X-Header . , , Outbreak , 852 .
Unclassified() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 851
, , Outbreak
, ,
· , , Outbreak , 852
, , Outbreak
· , Outbreak , 854 . · . , 850 , 851 . · , . , , 857 .
1 Monitor() > Policy, Virus, and Outbreak Quarantines(, ) .
2 . · Add Policy Quarantine( ) . · .
3 . . · 1 . · Retention Period( ) Free up space by applying default action on messages upon space overflow( ) . . . · Release() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 852
, ,
, , Outbreak
X-Header
. . ASCII RFC 2047
.
X-Header . . . : = Inappropriate-release-early Value = True
.
4 .
.
.
.
.
5 .
, DLP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 853
, Outbreak
, ,
, Outbreak
· . · , 850 .
Monitor() > Policy, Virus, and Outbreak Quarantines .
, , DLP(Data Loss Prevention) DMARC , .
1 Monitor() > Policy, Virus, and Outbreak Quarantines . 2 . 3 Associated Message Filters/Content Filters/DLP Message Actions( /
/DLP ) .
· . , 854 .
· . · ,
. , 851 . · Unclassified() . Unclassified() . · Unclassified() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 854
, ,
,
,
Monitor() > Policy, Virus, and Outbreak Quarantines(, ) .
, 941 .
Monitor() > Policy, Virus, and Outbreak Quarantines
) .
Monitor() > System Status( ) Queue Space Used by Quarantine( ) .
Monitor() > Policy, Virus, and Outbreak Quarantines , , .
Monitor() > System Status( ) Active Messages in Quarantine( ) .
Monitor() > Policy, Virus, and Outbreak Quarantines .
CPU
Monitor() > System Status( ) CPU Utilization(CPU ) .
Monitor() > Policy, Virus, and Outbreak Quarantines
( )
.
Monitor() > Policy, Virus, and Outbreak Quarantines , , .
.
, 854
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 855
, ,
. . , , . Email Security Appliance 20,000 . , , 855 .
, , 75%, 85%, 95% . . , 75% . , 962 .
AsyncOS . Info: MID 482 quarantined to "Policy" (message filter:policy_violation) Outbreak Filter . . AsyncOS . Info: MID 483 released from quarantine "Policy" (queue full) Info: MID 484 deleted from quarantine "Anti-Virus" (expired) . . Info: MID 483 released from all quarantines Info: MID 484 deleted from all quarantines MID(Message ID) Message . MID "byline" . . Info: MID 483 rewritten to 513 by Policy Quarantine
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 856
, ,
,
· Policy Quarantine( ) . · Confidential Material Quarantine( ) . . . . GUI CLI .
· , , 857 · , 893
,
.
· .
· Operators, Guests, Read-Only Operators, Help Desk Users , . .
· Technicians . (: Message Tracking Data Loss Prevention) Quarantine() . Message Tracking( ) . , .
, Outbreak
, .
, Outbreak
Cisco Content Security Management Appliance , . , Outbreak .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 857
,
, ,
,
· , 858 · , 859 · , 859 · , 861 · , 861 · , 863 · Outbreak , 864
Monitor() > Policy, Virus, and Outbreak Quarantines .
Messages() .
Outbreak Monitor() > Policy, Virus, and Outbreak Quarantines
.
Messages() .
[ ] Manage by Rule Summary( ) , 865 .
Previous(), Next(),
. (<<)
(>>) .
( "In other
quarantines( )" ).
.
, 862 .
· , 859
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 858
, ,
( , , ASCII ) Policy Quarantine( ) ASCII .
· . · , Outbreak .
1 Monitor() > Policy, Virus, and Outbreak Quarantines(, ) .
2 Search Across Quarantines( ) .
Outbreak , . Outbreak(
) Manage by Rule Summary( )
.
3 ( ) .
· Envelope Sender( ) Envelope Recipient( ) : . .
· . Envelope Recipient( ) Subject() Envelope Recipient( ) Subject() .
. , 859 .
Message Actions( ) Message Action( ) . .
· · Release · Delay Scheduled Exit( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 859
, ,
· ·
. .
· Monitor() > Policy, Virus, and Outbreak Quarantines .
· Search Across Quarantines( ) . · .
. · . · . · . . .
. .
· , 860 · , 860 · , 861 · , 851
Administrators . Send Copy To:( :) Submit() . .
.
· . . · .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 860
, ,
· , .
, "In other quarantines( )" "Yes()" .
· . .
· .
.
· . · Deleted() ,
. ( .)
· . · GUI . (
.) · . · . · . · ,
( " " ) .
Quarantined Message( ) .
Quarantined Message( ) Quarantine Details( ) Message Details( ) .
Quarantined Message( ) , Message Action( ) , . Encrypt on Delivery( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 861
, ,
Message Details( ) , . 100K . 100K (...) . . . Message Details( ) Message Parts( ) [message body] . .
, . .
Message Tracking( ) .
Outbreak . Outbreak , 864 .
· , 862 · , 863 · , 863
Attachment Content( ) , Message Body or Attachment( ) , Message Body( ) , Attachment Content( ) . DLP , . $MatchedContent .
DLP , , , Image Analysis( ) .
, GUI . GUI , . GUI . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 862
, , 71:
Message Parts( ) Matched Content( ) . AsyncOS . . Message Parts( ) [message body] .
Start Test( ) . . . Quarantines() .
, .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 863
Outbreak
, ,
· , AMP(Advanced Malware Protection) .
· Outbreak . .)
· File Analysis( ) . · Policy(), Virus() Outbreak
. , . , . . , Virus() . . . . Virus() .
Outbreak
Outbreak Filter Outbreak . Outbreak Filter Outbreak . . Outbreak . , .
· Standard()
·
Manage by Rule Summary( ) , Send to Cisco(Cisco ) , Scheduled Exit( ) . Outbreak Filter Outbreak . Outbreak GUI Quarantines() .
· Outbreak , 864
· Manage by Rule Summary( ) , 865
· Cisco Systems , 865
Outbreak
Outbreak .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 864
, ,
Manage by Rule Summary( )
, Outbreak .
Manage by Rule Summary( )
Manage by Rule Summary( ) Outbreak Manage by Rule Summary( ) . (Release, Delete, Delay Exit) . Outbreak . Outbreak Quarantine( ) Manage by Rule Summary( ) .
Cisco Systems
Outbreak Cisco .
1 Outbreak . 2 Message Details( ) Send a Copy to Cisco Systems(Cisco Systems )
. 3 Send() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 865
Cisco Systems
, ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 866
34
. · , 867 · , 868 · , 868 · , 873 · , 881 · , 889 · , 892 · , 892 · , 892
(ISQ ) (EUQ ) "" . , . . Email Security Appliance . ( ) . , .
· Anti-Spam, 355 · , , , 847
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 867
Email Security Appliance . Cisco Content Security Management Appliance . .
· Email Security Appliance . · Email Security Appliance . ·
· , 892 · , 1188
.
1 Anti-Spam() Anti-Spam, 355 . .
2 .
, 869 .
3 .
, 941 .
4 .
IP , 871 .
5 Email Security Appliance .
.
· , 872
· , 872
6
.
, 872 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 868
· IP , 871 · , 871 · , 872 · , 872 · , 872 · , 873
Security Management Appliance .
1 Monitor() >Spam Quarantine( ) . 2 Enable Spam Quarantine( ) .
Spam Quarantine( ) Quarantine Name( ) Spam Quarantine( ) .
3 .
Deliver Messages Via( )
(: ) .
SMTP , Email Security Appliance ( Data 2 ) .
.
Email Security Appliance , Email Security Appliance . (Data 1 Data 2) .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 869
When storage space is full, automatically delete oldest messages first( ) . () .
, 941 .
Schedule Delete After( )
.
, .
Notify Cisco Upon Message Release( -- Cisco )
Spam Quarantine Appearance(
)
Cisco .
. 50() X 500() .jpg, .gif .png .
( ) . .
.
Enter your login information below. If you are unsure what to enter, please contact your administrator.( . .)
, 871 .
4 .
· . , 868
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 870
IP
IP
.
1 Network() > IP Interfaces(IP ) . 2 ( Management ). 3 Spam Quarantine( ) .
· HTTP 82 HTTPS 83 . · URL .
Security Management Appliance .
4 .
DNS .
. . .
· · Read-only operator · Help desk user · · .
. , 893 .
1 a) Monitor() > Spam Quarantine( ) . b) Edit Settings( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 871
2 (, ) . .
3 . .
4 OK() . 5 .
, 884
. .
1 Mail Policies( ) > Incoming Mail Policies( ) Anti-Spam( ) .
2 Anti-Spam Settings( ) Use IronPort Anti-Spam service(IronPort ) .
3 Positively-Identified Spam Settings( ) Apply This Action to Message( ) Spam Quarantine( ) .
4 . 5 .
Email Security Appliance (Mail Policies( ) > Incoming Mail Policy( )) . 'Deliver()' 'Drop()' .
AsyncOS . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 872
.
· , 873
, . . . . . (ISO-2022-JP) , Scan Behavior( ) Japanese (ISO-2022-JP) .
1 Security Services( ) > Scan Behavior( ) . 2 Global Settings( ) Edit Global Settings( ) . 3 Encoding to use when none is specified( )
. 4 Submit() . 5 Commit Changes( ) .
Options() .
. . . ( ) . , . . ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 873
. .
.
· , 874 · , 875 · / , 875 · () , 876 · , 878 · Email Security Appliance (Security Management Appliance
) , 879 · / , 880 · , 880
, . .
/ . , ( / ) . A B , A B . ID . A X-SLBL-Result-Safelist , B . ( , ) .
, / . , / . . . / .
. HAT(Host Access Table) "Accept()" , . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 874
· , 875 · / , 875
· . , 868 . · / Email Security Appliance . Email Security Appliance .
1 Monitor() > Spam Quarantine( ) . 2 End-User Safelist/Blocklist (Spam Quarantine)( / ( )) Enable(
) . 3 Enable End User Safelist/Blocklist Feature( / ) . 4 Blocklist Action( ) Quarantine() Delete() . 5 Maximum List Items Per User( ) .
. .
6 . AsyncOS Email Security Appliance / . / , 875 .
7 .
/
Security Management Appliance / . . Email Security Appliance , Security Management Appliance Email Security Appliance . Security Management Appliance / . Security Management Appliance Cisco Content Security Management Appliance .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 875
()
()
.
( ) .
.
· . ( ), 890 .
· / . , 875 .
· ( ) / / , 880 .
· . , 877 .
1 . 2 . 3 Options() . 4 Safelist( ) Blocklist( ) . 5 ( ) . 6 .
1. View by: Recipient( : ) . 2. Add() , Edit() . 3. . 4. . , . 5. Submit() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 876
1. View by: Sender( : ) . 2. Add() , Edit() . 3. . 4. . , . 5. Submit() .
1. View by( ) .
2. .
1. View by( ) . 2. Edit() . 3. .
. 4. Submit() .
· , 877 · , 878
.
· [email protected] · server.domain.com · domain.com · [10.1.1.0] · [ipv6:2001:DB8:1::1] · user@[1.2.3.4] · user@[ipv6:2001:db8::1]
(: ) . ( ) , . example.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 877
[email protected] . example.com , [email protected] . .domain.com . server.domain.com .
/ , 880 .
. , 883 . URL ( ) .
· ( ) , 878 · ( ) , 879
( )
. , 874 .
. · , 878 · , 879
.
1 Spam Quarantine( ) . 2 Safelist( ) Release and Add to Safelist( )
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 878
from , .
1 . 2 Options() . 3 Safelist( ) . 4 Safelist( ) .
. 5 Add to List( ) .
( )
/ .
.
1 . 2 Options() Blocklist( ) . 3 .
. 4 Add to List( ) .
Email Security Appliance (Security Management Appliance )
Security Management Appliance Email Security Appliance Email Security Appliance / . / , 880 .csv , FTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 879
/
/
/ . / XML .
Email Security Appliance / .
1 System Administration( ) > Configuration File( ) . 2 End-User Safelist/Blocklist Database (Spam Quarantine)( / (
)) .
/ .csv .
Backup Now( ) .
.csv /configuration .
slbl<serial number><timestamp>.csv
/
.
Select File to Restore( ) . configuration . / . Restore() .
.
/ ISQ_log antispam . X-SLBL-Result-Safelist . X-SLBL-Result-Blocklist .
/ .
, 962 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 880
, 1053 .
· , 881
.
· . , 874 .
· , / . / , 875 Email Security Appliance (Security Management Appliance ) , 879 .
.
, 884
.
, 882
.
, 886
.
, 873 .
· , 882 · , 883 · , 886
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 881
.
, 1. End User Quarantine Access( )
LDAP, SAML 2.0 Mailbox (IMAP/POP)(
,
(IMAP/POP)) .
2. Spam Notifications( ) Enable login without credentials for quarantine access(
) .
, 1. End User Quarantine Access( )
LDAP, SAML 2.0 Mailbox (IMAP/POP)(
(IMAP/POP)) .
2. Spam Notifications( ) Enable login without
, credentials for quarantine access(
) .
, End User Quarantine Access( )
None() .
End User Quarantine Access( ) Enable End-User Quarantine Access( ) .
· LDAP , 882 · , 884 · , 886 · , 882 · , 878
LDAP
1. UI . 2. " " DN
LDAP . Active Directory " "(6000s ) , LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 882
IMAP/POP
3. BaseDN . LDAP DN , DN . , .
4. . LDAP LDAP " " . " " , .
· , 882
IMAP/POP
1. UI (joe) ([email protected]) . ( , 884 ).
2. IMAP POP , ( ) IMAP/POP . , IMAP/POP .
3. .
· (bare) (: joe) .
· .
IMAP University of Washington .
http://www.washington.edu/imap/
1 Cisco Content Security Management Appliance
.
SAML 2.0 SSO .
2 LDAP System Administration( ) > LDAP > LDAP Server Profile(LDAP ) Spam Quarantine
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 883
End-User Authentication Query( ) LDAP .
:
If you will authenticate end users using SAML 2.0 (SSO), configure the settings on the
System Administration > SAML page.
3 . , 884
4 URL URL , 885
.
· , 884 · URL , 885 · , 885
.
, 882 .
1 Monitor() >Spam Quarantine( ) . 2 Spam Quarantine( ) Quarantine Name( ) Spam Quarantine( )
. 3 End-User Quarantine Access( ) . 4 Enable End-User Quarantine Access( ) . 5 .
None
--
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 884
URL
Mailbox(IMAP/POP)
LDAP SAML 2.0
LDAP IMAP POP .
.
POP APOP (, ) Cisco APOP . APOP APOP POP .
SSL SSL . . " " .
' ' LDAP .
Single Sign-On .
Management Appliance( ) > System Administration( ) > SAML . Cisco Content Security Management Appliance SAML 2.0 SSO .
6 .
. (: Microsoft Outlook) . (: ).
7 .
URL
URL IP (HTTP/S ) . :
HTTP://mail3.example.com:82
. ( ) (LDAP IMAP/POP) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 885
LDAP Primary Email( ) LDAP () . LDAP . IMAP/POP ( ) . , 887 .
· , 884 · , 887
. . . . .
, .
· . , 884 . · . , 882 . · , 887 .
1 Monitor() >Spam Quarantine( ) . 2 Spam Quarantine( ) Quarantine Name( ) Spam Quarantine( )
. 3 Spam Notifications( ) . 4 Enable Spam Notification( ) . 5 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 886
a) ( ) . Message Variables( ) . . . · (%new_message_count%) - . · (%total_message_count%) - . · (%days_until_expire%) · URL(%quarantine_url%) - URL. · (%username%) · (%new_quarantine_messages%) - , , , . . · (%new_quarantine_messages_no_subject%) - "View Message( )" .
b) End User Quarantine Access( ) · Enable login without credentials for quarantine access( ) . "Release" . · . "Release" .
c) Preview Message( ) . 6 .
, (: Microsoft Outlook Mozilla Thunderbird) "" From: .
· , 887 · , 888 · , 888
. digest . . , LDAP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 887
. .
83: /
Sam [email protected]
--
1
Mary [email protected]
[email protected] 4 [email protected] [email protected]
Joe [email protected], [email protected] [email protected] 3
LDAP . . , 778 .
, . .
, . .
LDAP , LDAP POP/IMAP .
. . Enable Spam Notification( ) Enable End-User Quarantine Access( ) . Deliver Bounced Messages To( ) .
· , 889
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 888
· , 889 · , 889 · , 889
. · . · . , 887 .
. · "Deliver Bounce Messages To( ):" , . , 882 . · .
. .
· ( ), 890 · , 890 · , 891 · , 891 · , 891
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 889
( )
( )
.
( )
.
Monitor() > Spam Quarantine( ) Messages() .
1 . .
2 , , .
3 . . 4 From: , ,
. 5 Search() . Search() .
, 890
, . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 890
. . . . . Message Details( ) . 20K . 20K , . Message Details( ) (Delete ) (Release ). . Message Tracking( ) . .
· .
· HTML HTML . .
· Base64 .
, Release() . Submit() . . , .
. . . Delete( ) . Submit() . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 891
( , 892 ) Delete All Messages( ) . .
. .
· , 941
· . · . . · Email Security Appliance Security Management Appliance .
Email Security Appliance .
· , 880 · , 888 · , 872
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 892
35
. · , 893 · , 899 · , 907 · Email Security Appliance , 913 · , 917 · SSH(Secure Shell) , 918 · , 921
Cisco . Cisco , (LDAP RADIUS ) . GUI System Administration( ) > Users() ( CLI userconfig ) . , 909 . , .
· System Administration( ) > Users() , 912 .
· CLI userconfig > twofactorauth AsyncOS for Cisco Email Security Appliances CLI .
admin . admin , . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 893
, . "operator" "root" .
84:
admin
Administrator()
Technician
admin . , . , .
admin resetconfig revert .
. admin resetconfig revert .
AsyncOS GUI Email Security Appliance .
, , . .
· . · . · . · .
. · . · Cisco . · .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 894
Operator()
.
· . · resetconfig . · . · systemsetup . · adminaccessconfig . · ( , , ). · LDAP
LDAP .
, .
. . .
Read-Only Operator( .
)
, .
.
.
· , FTP SCP. · , , .
Help Desk User
Help Desk .
· . · .
CLI . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 895
. DLP , , , , , . . . , 899 .
CLI .
GUI Help Desk User , GUI CLI .
LDAP . . , 909 .
· , 896
Users() , . Users() .
· . , 897 .
· . , 898 .
· , . , 897 .
· . , 897 .
· . , 908 .
· LDAP RADIUS . , 909 .
· . , 912 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 896
· DLP . , 898 .
· .
· , 894 . · , 899
.
· . , 908 .
1 System Administration( ) > Users() . 2 Add User( ) . 3 . (: "operator" "root"). 4 . 5 . 6 . 7 .
.
1 System Administration( ) > Users() . 2 . 3 . 4 .
1 System Administration( ) > Users() . 2 . 3 Enforce Passphrase Change( ) . 4 , () .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 897
5 ( ) () .
6 OK() . 7 .
1 . 2 Delete() . 3 .
. · DLP( ) ( ) . . · URL Outbreak Filter URL . .
Message Tracking( ) Message Details( ) . . . . URL , 441 .
1 System Administration( ) > Users() . 2 Access to Sensitive Information in Message Tracking( ) Edit Settings(
) . 3 .
. 4 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 898
· , 842 · DLP , 517 · URL , 441
. . , Help Desk .
Email Security Appliance , ( Administrator Operator ) . . , .
(: , RSA ELP , ) GUI System Administration( ) > User Roles( ) ( CLI userconfig -> role ) . , 900 . System Administration( ) > Users() . , 905 .
. .
. , 893 . CLI .
· , 900 · , 900 · , 905 · , 905 · , 906
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 899
· , 906 · , 906 · , 907
Account Privileges( ) . Options() . . , , Account Privileges( ) .
72:
. .
· . · DLP( ) . · . · . · . · , , . · Cisco . , , DLP , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 900
DLP 2 DLP . DLP DLP . DLP . DLP .
User Roles( ) . , 906 .
· , 901 · DLP , 902 · , 903 · Message Tracking( ), 904 · Trace, 904 · , 904 · , 905
Email Security Appliance . , .
.
. . , . . , .
, AsyncOS . AsyncOS . .
, GUI Text Resources( ) Dictionaries() . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 901
DLP
DLP
DLP , DLP DLP .
.
· : Email Security Appliance .
· , : . , (Outbreak Filter) . . , . .
· , : , .
, ( ): , . , . .
Email Security Manager User Roles( ) .
, 906 .
DLP Email Security Appliance DLP DLP . DLP . DLP Data Loss Prevention Global Settings( ) DLP .
DLP . DLP DLP , DLP .
DLP .
· No access( ): Email Security Appliance DLP .
· View assigned, edit assigned( , ): DLP DLP . DLP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 902
DLP . DLP . · View all, edit assigned( , ): DLP . DLP . DLP . DLP DLP . · View all, edit all (full access)( , ( )): , DLP . DLP DLP . DLP .
DLP User Roles( ) DLP .
DLP DLP , 491 .
Custom User Roles for Delegated Administration( ) DLP , 906 .
, DLP Email Security Monitor( ) . . DLP .
.
· No access( ): Email Security Appliance . · View relevant reports( ): DLP
Email Security Monitor( ) . Email Security Monitor( ) .
· Overview() · Incoming Mail( ) · Outgoing Destinations( ) · Outgoing Senders( ) · Internal Users( ) · Content Filters( ) · Virus Outbreaks( ) · · Archived Reports( )
DLP Email Security Monitor( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 903
Message Tracking( )
· Overview() · DLP Incidents(DLP ) · Archived Reports( )
· View all reports( ): Email Security Appliance Email Security Monitor( ) .
, 793 .
Message Tracking( )
System Administration( ) > Users() DLP Tracking Policies(DLP ) DLP , DLP .
DLP DLP .
, 837 .
DLP , 898 .
Trace
. . DLP .
: , 1149 .
. ( ) . (: , ) .
Monitor() > Quarantines() User Roles( ) Custom User Roles for Delegated Administration( ) .
, 856 , 871 .
, 906 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 904
DLP . DLP . DLP . . Security Services( ) > IronPort Email Encryption .
GUI User Roles( ) ( CLI userconfig -> role ) . User Roles( ) .
1 System Administration( ) > User Roles( ) . 2 Add User Role( ) . 3 . 4 . 5 . ( , 900
.) 6 .
Email Security Appliance . , 896 .
1 2 3 4 5 6
System Administration( ) > Users() . Add User( ) . . Add Role( ) . . .
AsyncOS .
7 System Administration( > User Roles( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 905
8 . 9 . 10 . ( , 900
.) 11 .
1 System Administration( ) > User Roles( ) . 2 .
AsyncOS , , DLP . 3 , , DLP . 4 .
1 System Administration( ) > User Roles( ) . 2 . 3 . 4 .
. , Email Security Appliance , . .
1 System Administration( ) > User Roles( ) . 2 . 3 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 906
4 . 5 .
. . .
1 System Administration( ) > User Roles( ) . 2 . 3 Delete() . 4 .
· , 907 · , 908 · , 908 · , 909 · , 912
GUI Options() > Change Passphrase( ) .
.
CLI passphrase passwd . admin .
passphrase .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 907
. .
· AsyncOS Local User Account & Passphrase Settings( ) .
· System Administration( ) > Users() .
AsyncOS Edit User( ) .
Unlock Account( ) .
Users() Lock Account( ) . AsyncOS .
, . , 908 .
admin admin . admin admin . , 23 .
. Cisco . .
· . · .
. · . (: )
.
System Administration( ) > Users() Local User Account and Passphrase Settings( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 908
LDAP RADIUS Cisco . GUI System Administration( ) > Users() CLI userconfig external .
Email Security Appliance , "admin" . admin . .
LDAP , Email Security Appliance . .
RADIUS . Email Security Appliance . RADIUS (: ) .
· LDAP , 909 · RADIUS , 910
LDAP
LDAP LDAP Cisco . IT , Help Desk User . LDAP AsyncOS . Operator Help Desk User AsyncOS Help Desk User .
LDAP . .
LDAP LDAP . LDAP , 735 .
1 System Administration( ) > Users() . 2 External Authentication( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 909
RADIUS
3 Enable() . 4 Enable External Authentication( ) . 5 LDAP . 6 . 7 LDAP . 8 () 9 LDAP , . 10 , Add Row( ) .
9 10 . 11 .
RADIUS
RADIUS Cisco . RADIUS Cisco AsyncOS CLASS RADIUS . AsyncOS RADIUS 2 , PAP( ) CHAP( ) .
RADIUS Cisco RADIUS <radius-group> CLASS . Cisco . CLASS , . AsyncOS CLASS . CLASS CLASS RADIUS .
RADIUS .
RADIUS . .
1 2 3 4 5 6 7
System Administration( ) > Users() Enable() . Enable External Authentication( ) . RADIUS . RADIUS . 1812. RADIUS . () . ( ) RADIUS Add Row( ) . RADIUS 3~6 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 910
RADIUS
10 RADIUS .
8 AsyncOS RADIUS () "External Authentication Cache Timeout( )" . 0.
RADIUS (: ) 0 . 0 AsyncOS RADIUS .
9 :
AsyncOS RADIUS CLASS RADIUS
.
. CLASS :
· 3 · 253 · , · RADIUS CLASS (
AsyncOS CLASS RADIUS .)
CLASS RADIUS AsyncOS . RADIUS CLASS 2 AsyncOS RADIUS .
.
· admin · Administrator · Technician · Operator cloudadmin · · Help Desk User ·
Map all externally authenticated users to the AsyncOS RADIUS . Administrator role( Administrator )
10 , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 911
11 Group Name( ) Directory() RADIUS CLASS Role() . Add Row( ) .
, 893 .
12 .
RADIUS . RADIUS .
· PAP(Password Authentication Protocol) · CHAP(Challenge Handshake Authentication Protocol)
. · · custom
: · RSA Authentication Manager v8.2 · FreeRADIUS v1.1.7 · ISE v1.4
· , 912 · , 913
IT RADIUS .
1 System Administration( ) > Users() Two-Factor Authentication( ) Enable( ) .
2 RADIUS IP . 3 RADIUS . 4 RADIUS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 912
5 () . 6 . 7 ( ) RADIUS Add Row( ) . RADIUS 2~6
. 10 RADIUS . 8 . 9 .
.
.
1 System Administration( ) > Users() Two-Factor Authentication( ) Edit Global Settings( ) .
2 Enable Two-Factor Authentication( ) . 3 .
Email Security Appliance
AsyncOS Email Security Appliance , Web UI , IP .
· IP , 913 · , 916
IP
( ) Email Security Appliance IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 913
· , 914 · , 914 · , 914 · , 915
Email Security Appliance IP , CIDR . IP . .
Email Security Appliance AsyncOS IP .
AsyncOS IP IP . IP Email Security Appliance , x-forwarded-for HTTP .
x-forwarded-for RFC HTTP .
x-forwarded-for: client-ip, proxy1, proxy2,... CRLF .
IP , . ( .) Email Security Appliance IP IP IP .
AsyncOS x-forwarded-for IPv4 .
! .
· Only Allow Specific Connections( ) (PC, Email Security Appliance Security Management Appliance ) IP .
· Only Allow Specific Connections Through Proxy( ) , IP Origin IP IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 914
· Only Allow Specific Connections Directly or Through Proxy( ) · IP IP .
· IP IP IP .
GUI adminaccessconfig > ipaccess CLI .
. , 914 .
1 System Administration( ) > Network Access( ) . 2 Edit Settings( ) . 3 .
Allow All( )
. .
IP IP , IP CIDR .
.
· IP IP Address of Proxy Server( IP ) .
· x-forwarded-header HTTP .
· x-forwarded-header . · IP x-forwarded-header ,
IP , IP CIDR .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 915
Only Allow Specific Connections Directly or IP IP , IP
Through Proxy( CIDR
)
.
.
4 IP . IP , IP CIDR . .
5 . 1. IP . 2. IP . IP . x-forwarded-for.
6 . 7 .
· UI , 916 · CLI , 917
UI
AsyncOS Email Security Appliance UI . UI .
· · HTTP HTTPS · Cisco AsyncOS .
1 System Administration( ) > Network Access( ) . 2 Edit Settings( ) . 3 Web UI Inactivity Timeout( UI )
() . 5~1440 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 916
CLI
4 .
CLI adminaccessconfig UI . AsyncOS for Cisco Email Security Appliances CLI .
CLI
AsyncOS Email Security Appliance CLI . CLI .
· · SSH(Secure Shell), SCP
CLI . .
1 System Administration( ) > Network Access( ) . 2 Edit Settings( ) . 3 CLI Inactivity Timeout( UI )
() . 5~1440 . 4 .
CLI adminaccessconfig CLI . AsyncOS for Cisco Email Security Appliances CLI .
· , 917 · , 918
SSH, FTP UI Email Security Appliance . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 917
. , . CLI adminaccessconfig > banner . 80x25 2000. /data/pub/configuration . .
SSH, FTP UI AsyncOS . . CLI adminaccessconfig > welcome . 1,600. /data/pub/configuration . . AsyncOS for Cisco Email Security Appliance CLI .
SSH(Secure Shell)
sshconfig . · admin authorized_keys SSH(Secure Shell) . SSH . · SSH . · · · KEX · MAC ·
Cisco SCP logconfig -> hostkeyconfig . , 1053 .
hostkeyconfig Cisco .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 918
:
· : , 919 · : SSH , 919
:
.
mail.example.com> sshconfig Choose the operation you want to perform: - SSHD - Edit SSH server settings. - USERKEY - Edit SSH User Key settings []> userkey Currently installed keys for admin: Choose the operation you want to perform: - NEW - Add a new key. - USER - Switch to a different user to edit. []> new Please enter the public SSH key for authorization. Press enter on a blank line to finish. [-paste public key for user authentication here-] Choose the operation you want to perform: - SSHD - Edit SSH server settings. - USERKEY - Edit SSH User Key settings []>
: SSH
SSH .
mail.example.com> sshconfig Choose the operation you want to perform: - SSHD - Edit SSH server settings. - USERKEY - Edit SSH User Key settings []> sshd ssh server config settings: Public Key Authentication Algorithms:
rsa1 ssh-dss ssh-rsa Cipher Algorithms: aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour [email protected] MAC Methods: hmac-md5 hmac-sha1
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 919
SSH
[email protected] hmac-ripemd160 [email protected] hmac-sha1-96 hmac-md5-96 Minimum Server Key Size: 1024 KEX Algorithms: diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 Choose the operation you want to perform: - SETUP - Setup SSH server configuration settings []> setup Enter the Public Key Authentication Algorithms do you want to use [rsa1,ssh-dss,ssh-rsa]> rsa1 Enter the Cipher Algorithms do you want to use [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc, cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]]> aes192-ctr Enter the MAC Methods do you want to use [hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96, hmac-md5-96]> hmac-sha1 Enter the Minimum Server Key Size do you want to use [1024]> 2048 Enter the KEX Algorithms do you want to use [diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1, diffie-hellman-group1-sha1]> diffie-hellman-group-exchange-sha1 ssh server config settings: Public Key Authentication Algorithms: rsa1 Cipher Algorithms: aes192-ctr MAC Methods: hmac-sha1 Minimum Server Key Size: 2048 KEX Algorithms: diffie-hellman-group-exchange-sha1 Choose the operation you want to perform: - SETUP - Setup SSH server configuration settings []>
SSH
CLI SSH . Cisco admin SSH .
# ssh [email protected] status
Enter "status detail" for more information.
Status as of: Mon Jan 20 17:24:15 2003
Last counter reset: Mon Jan 20 17:08:21 2003
System status: online
[rest of command deleted]
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 920
Options() > Active
Sessions( ) .
w , whoami who .
l ast . .
IP , , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 921
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 922
.
36
. B "IP " .
· , 924 · Cisco Email Security Appliance , 926 · Cisco Email Security Virtual Appliance , 934 · , 935 · Configuration File( ) , 941 · , 941 · Security Services , 943 · , 945 · , 945 · AsyncOS , 953 · , 958 · AsyncOS , 959 · , 960 · , 961 · Email Security Appliance , 962 · , 962 · , 986 · , 991 · , 993 · Internet Explorer , 994 · HTTP , 994 · , 995
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 923
. · , 924 · , 924 · , 925
, . CLI shutdown reboot .
1 System Administration( ) > Shutdown/Suspend(/ ) . 2 System Operations( ) Operation() Shutdown() Reboot()
. 3 () .
30. 4 Commit() .
AsyncOS . . · . · .
CLI suspend .
1 System Administration( ) > Shutdown/Suspend(/ ) . 2 .
Mail Operations( ) / . . 3 . . 1. Specify Domain(s)/Subdomain(s)(/ ) ALL
Enter .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 924
2. Specify Domain(s)/Subdomain(s)( / ) / IP Enter . .
4 () . . 30.
5 Commit() .
, 925 .
Shutdown/Suspend(/ ) resume .
1 System Administration( ) > Shutdown/Suspend(/ ) . 2 Mail Operations( ) / .
. 3 .
Specify Domain(s)/Subdomain(s)(/ ) . 4 Commit() .
Serial Management Admin CLI . . , . CLI , (FTP, SSH, HTTP, HTTPS)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 925
, . .
· System Administration( ) > Configuration File( ) Reset() , System Administration( ) > System Setup Wizard( ) Reset Configuration( ) .
· CLIresetconfig .
resetconfig . .
· . , 28 .
· .
AsyncOS
AsyncOS Monitor( ) System Overview( ) (System Status, 826 ), CLI version .
Cisco Email Security Appliance
· , 926 · Smart Software Licensing, 928
· , 926 · , 927 · , 928
( ). CLI featurekey .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 926
1 System Administration( ) > Feature Keys( ) . 2 .
Feature Keys for <serial number>(< > ) .
Pending Activation( ) .
.
Pending Activation( ) Check for New Keys( ) .
.
Pending Activation( ) Activate Selected Keys( ) .
Feature Activation( ) .
· , 927 · Configuration File( ) , 941
, .
1 System Administration( ) > Feature Key Settings( ) . 2 Edit Feature Key Settings( ) . 3 (?) . 4 . 5 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 927
· , 926
90, 60, 30, 15, 5 . System Alerts( ) . , 962 . Cisco .
Smart Software Licensing
· , 928 · Smart Software Licensing , 930 · Cisco Smart Software Manager , 931 · , 931 · Smart Cisco Software Manager , 932 · Smart Cisco Software Manager , 932 · , 932 · , 933 · Smart Agent , 934 · , 933 · Smart Licensing, 934
Smart Software Licensing Cisco Email Security Appliance . Smart Software Licensing Cisco CSSM(Cisco Smart Software Manager) . Smart Licensing PAK(Product Authorization Key) .
CSSM . Smart Agent CSSM CSSM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 928
Cisco Smart Software Manager https://www.cisco.com/c/en/us/td/docs/wireless/ technology/mesh/8-2/b_Smart_Licensing_Deployment_Guide.html .
· . · Cisco Smart Software Manager (https://software.cisco.com/#module/SmartLicensing) Cisco Smart Software Manager Satellite Cisco . Cisco Smart Software Manager Cisco Smart Software Manager Satellite https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_Smart_Licensing_ Deployment_Guide.html . , Smart Software Manager Satellite CSSM . Satellite CSSM . CSSM Satellite .
Smart Software Manager Satellite Smart Software Manager Satellite Enhanced Edition 6.1.0 .
· () . https://video.cisco.com/detail/video/5841741892001/ convert-classic-licenses-to-smart-licenses?autoStart=true&q=classic .
· CSSM . CSSM Smart Licensing .
CSSM Security Services -> Service updates( ) .
PAK ( ) . PAK Smart Licensing . Smart Licensing feature keys .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 929
Smart Software Licensing
Smart Software Licensing .
1
Smart Software Licensing Smart Software Licensing , 930
2
Cisco Smart Software Manager Cisco Smart Software Manager
, 931
3
( )
, 931
Smart Software Licensing
1 System Administration( ) > Smart Software Licensing . 2 Enable Smart Software Licensing( ) .
Smart Software Licensing Smart Software Licensing .
3 Smart Software Licensing OK() . 4 .
Smart Software Licensing Smart Licensing( ) Classic Licensing( ) . Classic Licensing( ) 90 CSSM Smart Software Licensing .
(90, 60, 30, 15, 5 ) . CSSM .
Classic Licensing( ) Smart Software Licensing . Classic Licensing( ) . Cisco . .
Smart Licensing Smart Licensing Classic Licensing .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 930
Cisco Smart Software Manager
Cisco Smart Software Manager
Cisco Smart Software Manager System Administration( ) Smart Software Licensing .
1 System Administration( ) > Smart Software Licensing . 2 Transport Settings( ) Edit() . .
· : HTTP Cisco Smart Software Manager . .
· : Smart Software Manager Satellite Cisco Smart Software Manager . Smart Software Manager Satellite URL OK() . HTTP HTTPS . FIPS HTTPS . https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_Smart_Licensing_ Deployment_Guide.html . Cisco Smart Software Manager (https://software.cisco.com/#module/SmartLicensing) . Virtual Accounts( ) General() . . https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_Smart_Licensing_ Deployment_Guide.html .
3 . 4 Register() . 5 Smart Software Licensing Reregister this product instance if it is already
registered( ) . Smart Cisco Software Manager , 932 .
Smart Software Licensing .
.
1 System Administration( ) > Licenses() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 931
Smart Cisco Software Manager
2 Edit Settings( ) . 3 License Request/Release( /) . 4 Submit() .
Email Security Appliance . , , .
Email Security Appliance . .
(OOC) 30 . OOC (30, 15, 5 ) . OOC . CSSM .
Smart Cisco Software Manager
1 System Administration( ) > Smart Software Licensing . 2 Action() Deregister( ) Go() . 3 .
Smart Cisco Software Manager
1 System Administration( ) > Smart Software Licensing . 2 Action() Reregister( ) Go() .
Cisco Smart Software Manager , 931 . .
CSSM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 932
Smart Licensing . . .
Cisco Smart Software Manager .
Smart Cisco Software Manager .
.
1 System Administration( ) > Smart Software Licensing . 2 Action() .
· ·
3 Go() .
. · Smart Software Licensing · Smart Software Licensing · · ( ) · · . · · · · · ID
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 933
Smart Agent
· ID · · ID · OOC (OOC ) ·
Smart Agent
Smart Agent .
1 System Administration( ) > Smart Software Licensing . 2 Smart Agent Update Status(Smart Agent ) Update Now( )
. CLI saveconfig System Administration( ) > Configuration
Summary( ) Smart Licensing .
Smart Licensing
Smart Licensing . Smart Licensing Smart Licensing . Smart Licensing . , 1117 .
Cisco Email Security Virtual Appliance
Email Security Virtual Appliance Cisco Content Security Virtual Appliance . .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 934
180 . .
180, 150, 120, 90, 60, 30, 15, 5, 1 0 . "Critical" "System" . , 964 .
.
. .
· AsyncOS , 959
. XML(Extensible Markup Language) .
.
· . "" .
· . ( XML .) (: ) .
· . CLI "" .
· FTP , CLI .
· XML , XML DTD(document type definition) . XML DTD . ( XML .)
XML
· , . . C/X-Series M-Series .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 935
· . ( ), .
Global Unsubscribe . Global Unsubscribe( ) Global Unsubscribe( ) .
System Administration( ) > Configuration File( ) . Configuration File( ) .
· Current Configuration( ) - .
· Load Configuration( ) - .
· End-User Safelist/Blocklist Database (Spam Quarantine)( / ( )) - , 873 / , 880 .
· Reset Configuration( ) - ( ).
PEM .
· , 936 · , 937 · , 937 · , 940
System Administration( ) > Configuration File( ) Current Configuration( ) , (FTP/SCP configuration ), . .
· URL . · CCO ID ID.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 936
Mask passphrases in the Configuration Files( ) . "*****" . AsyncOS .
Encrypt passphrases in the Configuration Files( ) . .
· · RADIUS · LDAP · · SNMP · DK/DKIM · SMTP · PostX · PostX · FTP · IPMI LAN · URL
CLI saveconfig .
System Administration( ) > Configuration File( ) Email file to( ) mailconfig .
System Administration( ) > Configuration File( ) Load Configuration( ) . CLI loadconfig .
.
· configuration . · . · .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 937
. , . , 1139 . .
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE config SYSTEM "config.dtd">
<config>
... your configuration information in valid XML
</config>
</config> . configuration DTD(document type definition) XML . DTD config.dtd. loadconfig . DTD . () <config></config> , ( <config></config> ) complete unique . "Complete" DTD .
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE config SYSTEM "config.dtd"> <config> <autosupport_enabled>0</autosu
</config>
.
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE config SYSTEM "config.dtd"> <config>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 938
<autosupport_enabled>0</autosupport_enabled> </config>
. "Unique" . ( <config></config> )
<hostname>mail4.example.com</hostname>
. Recipient Access Table
<rat> <rat_entry> <rat_address>ALL</rat_address> <access>RELAY</access>
</rat_entry> </rat>
"complete" .
( ) . .
. . .
<listeners></listeners>
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 939
, CLI . , Serial Management . DTD . .
(: FTP ) loadconfig . logconfig FTP .
, XML "encoding" "ISO-8859-1" . showconfig, saveconfig mailconfig .
<?xml version="1.0" encoding="ISO-8859-1"?>
.
· , 1139
. . GUI . , 925 .
showconfig . showconfig .
mail3.example.com> showconfig
Do you want to include passphrases? Please be aware that a configuration without passphrases will fail when reloaded with loadconfig. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE config SYSTEM "config.dtd"> <!-Product: IronPort model number Messaging Gateway Appliance(tm)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 940
Configuration File( )
Model Number: model number Version: version of AsyncOS installed Serial Number: serial number Current Time: current time and date [The remainder of the configuration file is printed to the screen.]
Configuration File( )
· , 935 · , 925 · / , 880
· ( ) , 941 · , 942 · , 942 · , 943
( )
ESXi 5.5 VMFS 5 2TB . ESXi 5.1 2TB.
. VMware .
.
1 Email Security Appliance . 2 VMware .
VMware . ESXi 5.5 http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.hostclient.doc% 2FGUID-81629CAB-72FA-42F0-9F86-F8FD0DE39E57.html .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 941
3 System Administration( ) > Disk Management( ) .
.
· System Administration( ) > Disk Management( ) .
·
· .
· , . , 851 .
· , . , 942 .
. . .
System Administration( ) > Log Subscriptions( ) .
· .
· . · . · .
Help and Support( )( ) > Packet Capture( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 942
FTP /data/pub .
( FTP FTP, SSH SCP , 1199 . .)
System Administration( ) > Disk Management( ) .
Miscellaneous() 75% . . , 962 .
, .
Security Services
Services Overview( ) . · · McAfee · Sophos
Services Overview( ) . · . , 944 . · . , 944 .
Auto Update( ) . Global Settings( ) . . Security Services > Service updates( ) Alert Interval for Disabled Automatic Engine Updates( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 943
.
· , 944 · , 944 · , 944 · , 971
1 Security Services > Services Overview( ) . 2 Available Updates( ) Update(
) . Update () .
1 Security Services > Services Overview( ) . 2 Modify Versions( ) Change() . 3 Apply() .
. . Apply() . Global Settings( ) .
. · Updater Logs( ): . Info() Debug() . , 1101 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 944
. · · McAfee Anti-Virus · PXE · Sophos Anti-Virus · IronPort · · · URL (URL . URL , 459 ) · (URL . Cisco Web Security Services , 428 ) ·
DLP Security Services( ) > Data Loss Prevention( ) . DLP , 518 .
DLP , . DLP . , 945 .
· , 946 · Cisco , 946 · , 946 · , 947 · , 948 · , 948 · , 949 · , 951 · , 951 · , 952
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 945
AsyncOS . · Cisco . . · Cisco . , 947 .
, 949 .
Cisco
Cisco .
73:
Cisco IP . . , 946 . 80 443 Cisco .
Cisco IronPort IP . AsyncOS .
1 Cisco URL . 2 80 IP . 3 Security Services( ) > Service Updates( ) . 4 Edit Update Settings( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 946
5 Edit Update Settings( ) "Update Servers( )()" Local Update Servers( ) , AsyncOS McAfee Anti-Virus Base URL( URL) 1 URL .
6 "Update Servers( )()" IronPort Update Servers(IronPort ) .
7 .
Cisco AsyncOS . HTTP . AsyncOS HTTP (" ") . . AsyncOS Cisco IronPort .
AsyncOS . Cisco IronPort , .
74:
1 . 2 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 947
3 GUI Security Services( ) > Service Updates( ) CLI updateconfig .
4 System Administration( ) > System Upgrade( ) CLI upgrade .
AsyncOS .
· Cisco Systems · ( , 11 )
HTTP , IP DNS .
AsyncOS . · (: Microsoft IIS(Internet Information Services) Apache ): · 24 · · ( ) ("") · AsyncOS 350MB
http://updates.ironport.com/fetch_manifest.html ZIP . ( ) VLN( ) . . , ZIP . , Edit Update Settings( ) ( CLI updateconfig) . AsyncOS XML . "" . ZIP asyncos .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 948
ZIP Edit Update Settings( ) ( CLI updateconfig) XML URL . , Cisco .
Cisco . 80 HTTP . , . .
, . .
. AsyncOS . Cisco , . . , 945 .
1 Security Services( ) > Service Updates( ) . 2 Edit Update Settings( ) . 3 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 949
Update Servers( )( Cisco IronPort AsyncOS Cisco IronPort
)
,
. Cisco IronPort
.
.
URL . .
AsyncOS McAfee Anti-Virus Click to use different settings for AsyncOS( AsyncOS ) .
Cisco Intelligent Multi-Scan .
()
Cisco IronPort .
Cisco IronPort , .
AsyncOS . Cisco IronPort .
, HTTP XML . AsyncOS 80 . .
Sophos McAfee Anti-Virus , Cisco Anti-Spam , Cisco Intelligent Multi-Scan , PXE Engine , , ( ) .
s, m h , . (0) .
DLP Security Services( ) > Data Loss Prevention( ) . . DLP , 518 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 950
' '
.
m, h d , . 30 .
Interface()
. . .
HTTP :
GUI . .
HTTPS Proxy Server((HTTPS HTTPS . HTTPS GUI
)
.
4 .
1 Security Services( ) > Service Updates( ) Edit Update Settings( ) .
2 . 3 ( ) . m, h .
1.
Email Security Appliance Cisco . , .
updateconfig . .
mail.example.com> updateconfig
Service (images):
Update URL:
------------------------------------------------------------------------------------------
Feature Key updates
http://downloads.ironport.com/asyncos
Timezone rules
Cisco IronPort Servers
Enrollment Client Updates
Cisco IronPort Servers
Support Request updates
Cisco IronPort Servers
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 951
Cisco IronPort AsyncOS upgrades
Cisco IronPort Servers
Service (list):
Update URL:
------------------------------------------------------------------------------------------
Timezone rules
Cisco IronPort Servers
Enrollment Client Updates
Cisco IronPort Servers
Support Request updates
Cisco IronPort Servers
Service (list):
Update URL:
------------------------------------------------------------------------------------------
Cisco IronPort AsyncOS upgrades
Cisco IronPort Servers
Update interval: 5m
Proxy server: not enabled
HTTPS Proxy server: not enabled
Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> validate_certificates
Should server certificates from Cisco update servers be validated?
[Yes]>
Service (images):
Update URL:
------------------------------------------------------------------------------------------
Feature Key updates
http://downloads.ironport.com/asyncos
Timezone rules
Cisco IronPort Servers
Enrollment Client Updates
Cisco IronPort Servers
Support Request updates
Cisco IronPort Servers
Cisco IronPort AsyncOS upgrades
Cisco IronPort Servers
Service (list):
Update URL:
------------------------------------------------------------------------------------------
Timezone rules
Cisco IronPort Servers
Enrollment Client Updates
Cisco IronPort Servers
Support Request updates
Cisco IronPort Servers
Service (list):
Update URL:
------------------------------------------------------------------------------------------
Cisco IronPort AsyncOS upgrades
Cisco IronPort Servers
Update interval: 5m
Proxy server: not enabled
HTTPS Proxy server: not enabled
Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]>
, CA . .
updateconfig . .
mail.example.com> updateconfig ... ... ... Choose the operation you want to perform: - SETUP - Edit update configuration. - VALIDATE_CERTIFICATES - Validate update server certificates - TRUSTED_CERTIFICATES - Manage trusted certificates for updates []> trusted_certificates Choose the operation you want to perform:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 952
AsyncOS
- ADD - Upload a new trusted certificate for updates. []> add Paste certificates to be trusted for secure updater connections, blank to quit Trusted Certificate for Updater: Paste cert in PEM format (end with '.'): -----BEGIN CERTIFICATE----MMIICiDCCAfGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCSU4x DDAKBgNVBAgTA0tBUjENM............................................ -----END CERTIFICATE----. Choose the operation you want to perform: - ADD - Upload a new trusted certificate for updates. - LIST - List trusted certificates for updates. - DELETE - Delete a trusted certificate for updates. []>
AsyncOS
1 , , 945 , , .
2 , 953 .
3 . AsyncOS , 954
, 1129
4 .
, 955
, 1129 .
AsyncOS for Cisco Email Security Appliances CLI (http://www.cisco.com/en/US/products/ps10154/prod_command_reference_list.html) .
AsyncOS . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 953
.
.
.
Clear the notification(
) Close() .
.
( Management Appliance( ) > System
)
Administration( ) > System Upgrade(
) .
AsyncOS .
.
.
.
.
Clear the notification(
) Close() .
.
( Management Appliance( ) > System
)
Administration( ) > System Upgrade(
) .
AsyncOS
.
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 954
1 XML . .
2 / . 3 . CLI suspendlistener . GUI
. 4 . CLI workqueue ,
rate . .
, .
Cisco IronPort AsyncOS , . 10 . , Ctrl-C .
· Cisco , . . . , 945 , 949 . · AsyncOS , 954 . · , 1129 . · .
1 System Administration( ) > System Upgrade( ) . 2 Upgrade Options( ) .
( 3) , . 1
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 955
3 .
· .
· · · CPU · ·
· . .
· 4 .
4 .
Download and Install( ) .
.
Download only() . . .
Install() .
.
AsyncOS Install() .
5 AsyncOS .
6 a) configuration . b) .
GUI Configuration File( ) CLI loadconfig .
c) . .
7 Proceed() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 956
,
8 a) . . .
b) Reboot Now( ) . c) 10 .
20 .
· . · : ' ' , Install() .
· : · ( ). · . , 935 .
· .
,
1 System Administration( ) > System Upgrade( ) . 2 Upgrade Options( ) . 3 .
.
.
Cancel Download( ) . .
Delete File( ) . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 957
4 ( ) .
80- 90- . .
· RPC( ) . Hardware Installation Guide .
· . .
· IPv4 . , ipconfig .
· IPMI(Intelligent Platform Management Interface) 2.0 . .
· CLI(Command Line Interface) CLI .
1 SSH CLI . 2 . 3 .
remotepower setup
4 . 1. IP .
2. power-cycle . .
5 Commit . 6 . 7 . ,
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 958
AsyncOS
· , 1170
AsyncOS
AsyncOS AsyncOS .
revert . . . . revert , .
. .
AsyncOS
AsyncOS 9.0 for Email AsyncOS 8.5 for Email . AsyncOS 9.0 for Email AsyncOS 8.0 for Email , 180 . .
· , 935
AsyncOS
1 2
. . FTP . , 937 .
( ).
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 959
3 4 5
/ / . . CLI .
revert . . .
6 CLI revert .
. 15 20 , .
7 . 8 interfaceconfig IP
. 9 FTP HTTP . 10 XML FTP GUI . 11 XML . 12 / / . 13 .
AsyncOS .
AsyncOS . · · · DMARC · (notify() notify-copy() ) · ( "Send Copy") · ·
, . . GUI CLI addressconfig .
1 System Administration( ) > Return Addresses( ) . 2 Edit Settings( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 960
3 . 4 .
CPU , . .
CLI healthconfig . CLI AsyncOS for Cisco Email Security Appliance CLI .
.
1 System Administration( ) > System Health( ) . 2 Edit Settings( ) . 3 .
· CPU (). CPU . 15 CPU 5 . CPU .
· ( ) . . 15 150 . , 10 · 10.1% . · 15 15.1% .
· ( ). . 15 150 . 1000 · 1002 . · 15 1510 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 961
Email Security Appliance
. 4 .
. , 964 .
Email Security Appliance
Email Security Appliance . ( 3) .
1 .
· System Administration( ) > System Health( ) Run Health Check( ) .
· CLI healthconfig .
.
· · · CPU · ·
. http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118881-technote-esa-00.html .
. ( ) , . . ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 962
. GUI System Administration( ) > Alerts() ( CLI alertconfig ) .
.
· Critical(): . · Warning(): . · Information(): .
AutoSupport
Cisco , Cisco Systems . AutoSupport Cisco . AutoSupport , status AsyncOS .
Cisco . . , 965 .
Alert Recipient( ) SMTP .
AsyncOS . AsyncOS .
AsyncOS . , .
· DNS MX A .
· DNS 30 30 , DNS .
· . .
· .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 963
Date: 23 Mar 2005 21:10:19 +0000
To: [email protected] From: IronPort C60 Alert [[email protected]] Subject: Critical-example.com: (Anti-Virus) update via http://newproxy.example.com failed The Critical message is: update via http://newproxy.example.com failed Version: 4.5.0-419 Serial Number: XXXXXXXXXXXX-XXXXXXX Timestamp: Tue May 10 09:39:24 2005 For more information about this error, please see http://support.ironport.com If you desire further information, please contact your support provider.
. , System( ) Critical() .
AutoSupport , . .
1 System Administration( ) > Alerts() . 2 Add Recipient( ) . 3 . . 4 ( ) Cisco Release and Support
Notifications( ) . 5 . 6 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 964
.
alertconfig CLI .
1 Alerts() Edit Settings( ) . 2 Header From: Automatically Generated( )("alert@<
>") . 3 () . , 965
. · () .
· () .
4 IronPort AutoSupport AutoSupport . AutoSupport AutoSupport, 963 . · AutoSupport , Information() System() AutoSupport . .
5 .
. · RFC 2822 Header From:( "alert@< >" ). CLI alertconfig -> from . · () · () · AutoSupport ( ) · Information() System() AutoSupport
AsyncOS () . ( ). ()( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 965
. () . 5 5, 15 , 35, 75, 155, 315 .
. () () . 5 60 5, 15, 35, 60, 120 .
Email Security Appliance GUI CLI . .
Alerts() View Top Alerts( ) CLI displayalerts . GUI , , , .
Top Alerts( ) 50 . CLI alertconfig -> setup . 0 .
(Cisco ), , , (critical( ) information() warning()), ( ) . . "$ip" . "$ip" IP .
· , 967 · , 967 · DHAP(Directory Harvest Attack Prevention) , 968 · , 968 · , 969 · / , 971 · , 971 · , 981 · , 982 · , 983
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 966
AsyncOS .
85:
AS.SERVER.ALERT
AS.TOOL.INFO_ALERT
AS.TOOL.ALERT
$engine anti-spam - $message $tb
`engine' - .
Critical(). Sent when the anti-spam engine fails. 'message' - .
'tb' - (traceback).
Update - $engine - $message
`engine' - .
Information(). 'message' - .
Update - $engine - $message
`engine' - .
Critical(). 'message' - .
AsyncOS .
86:
AV.SERVER.ALERT /AV.SERVER.CRITICAL
AV.SERVER.ALERT.INFO
AV.SERVER.ALERT.WARN
$engine antivirus - $message $tb
`engine' - .
Critical(). 'message' - .
.
'tb' - (traceback).
$engine antivirus - $message $tb
`engine' - .
Information(). 'message' - .
.
'tb' - (traceback).
$engine antivirus - $message $tb
`engine' - .
Warning() 'message' - .
.
'tb' - (traceback).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 967
DHAP(Directory Harvest Attack Prevention)
MAIL.ANTIVIRUS.ERROR_MESSAGE MID $mid antivirus $what error $tag
`mid' - MID
Critical(). 'what' - .
.
'tag' -
.
MAIL.SCANNER. PROTOCOL_MAX_RETRY
MID $mid is malformed and cannot be scanned `mid' - MID by $engine.
'engine' - Critical(). ,
. , .
DHAP(Directory Harvest Attack Prevention)
AsyncOS DHAP .
87: Directory Harvest Attack Prevention
LDAP.DHAP_ALERT
LDAP: Potential Directory Harvest Attack detected. See the system mail logs for more information about this attack.
Warning() .
AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 968
88:
INTERFACE.ERRORS
Port $port: has detected $in_err input errors, $out_err `port' - .
output errors, $col collisions please check your media
settings.
'in_err' -
.
Warning()
.
'out_err' -
.
'col' - .
MAIL.MEASUREMENTS_FILESYSTEM The $file_system partition is at $capacity% capacity `file_system' -
. Warning()
(75%) .
'capacity' -
.
MAIL.MEASUREMENTS_FILESYSTEM. The $file_system partition is at $capacity% capacity `file_system' -
. Critical(). 90%(95%,
96%, 97% ) .
'capacity' -
.
SYSTEM.RAID_EVENT_ALERT
A RAID-event has occurred: $error
`error' - RAID
. Warning() RAID
.
SYSTEM.RAID_EVENT_ALERT_INFO
A RAID-event has occurred: $error
`error' - RAID
. Information(). RAID
.
AsyncOS .
89:
ISQ.CANNOT_CONNECT_OFF_BOX ISQ: Could not connect to off-box quarantine at $host:$port
Information(). AsyncOS () IP .
`host' -
'port' -
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 969
ISQ.CRITICAL
ISQ: $msg
'msg' -
Critical(). .
ISQ.DB_APPROACHING_FULL
ISQ: Database over $threshold% full
`threshold' -
Warning() .
ISQ.DB_FULL
ISQ: database is full
Critical(). .
ISQ.MSG_DEL_FAILED
ISQ: Failed to delete MID $mid for $rcpt: $reason
'mid' - MID
Warning() 'rcpt' - "all"
.
'reason' -
ISQ.MSG_NOTIFICATION_FAILED
ISQ: Failed to send notification message: $reason
Warning() .
'reason' -
ISQ.MSG_QUAR_FAILED
Warning() .
ISQ.MSG_RLS_FAILED
ISQ: Failed to release MID $mid to $rcpt: $reason
`mid' - MID
Warning() 'rcpt' - "all"
.
'reason' -
ISQ.MSG_RLS_FAILED_UNK_RCPTS ISQ: Failed to release MID $mid: $reason
`mid' - MID
Warning() 'reason' -
.
ISQ.NO_EU_PROPS
ISQ: Could not retrieve $user's properties. Setting defaults 'user' -
Information(). AsyncOS
.
ISQ.NO_OFF_BOX_HOST_SET
ISQ: Setting up off-box ISQ without setting host
Information(). AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 970
/
/
AsyncOS / .
90: /
SLBL.DB.RECOVERY_FAILED SLBL: Failed to recover End-User Safelist/Blocklist database: '$error'. 'error' -
Critical(). / .
SLBL.DB.SPACE_LIMIT
SLBL: End-User Safelist/Blocklist database exceeded allowed disk 'current' - (MB
space: $current of $limit.
)
Critical(). / 'limit' - (MB
.
)
AsyncOS .
91:
/ AMP.ENGINE.ALERT
AsyncOS API Alerts COMMON.APP_FAILURE
Advanced Malware Protection , 483 .
AsyncOS API for Cisco Email Security Appliances - "" .
"" Office 365 , 561
An application fault occurred: $error
Warning() .
'error' - ( ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 971
/
COMMON.ENGINE_AUTO_UPDATE_ <$level>: <$class>
'$engine' - .
ENABLED
Information: Automatic updates have been enabled .
for the particular engine <$engine>. You will now · Sophos
receive automatic engine updates for this engine.
· McAfee
· Graymail
COMMON.ENGINE_AUTO_UPDATE_ <$level>: <$class>
'$engine' - .
DISABLED
Information: Automatic updates have been disabled .
for the particular engine <$engine>. You will not · Sophos
receive any automatic updates for this engine, unless you enable automatic updates in the global · McAfee
setting page of the particular engine.
· Graymail
COMMON.KEY_EXPIRED_ ALERT
Your "$feature" key has expired. Please contact 'feature' - . your authorized Cisco sales representative.
Warning() .
COMMON.KEY_EXPIRING_ ALERT
Your "$feature" key will expire in under $days 'feature' - . day(s). Cisco .
'days' - .
Warning() .
COMMON.KEY_FINAL_EXPIRING_ This is a final notice. Your "$feature" key will 'feature' - .
ALERT
expire in under $days day(s). Cisco
.
'days' - .
Warning() .
KEYS.GRACE_EXPIRING_ ALERT
All security services licenses for this Cisco Email 'days' -
Security Appliance have expired. The appliance . will continue to deliver mail without security
services for $days days.
To renew security services licenses, Please contact , 935
your authorized Cisco sales representative.
.
Critical(). .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 972
/
KEYS.GRACE_FINAL_EXPIRING_ This is the final notice. All security services
ALERT
licenses for this Cisco Email Security
, 935
Appliancehave expired. The appliance will
.
continue to deliver mail without security services
for 1 day.
To renew security services licenses, Please contact your authorized Cisco sales representative.
Critical(). .
KEYS.GRACE_EXPIRED_ALERT Your grace period has expired. All security sevice have expired, and your appliance is non-functional. , 935 The appliance will no longer deliver mail until a . new license is applied.
To renew security services licenses, Please contact your authorized Cisco sales representative.
Critical(). .
DNS.BOOTSTRAP_FAILED
Failed to bootstrap the DNS resolver. Unable to contact root servers.
Warning() DNS .
COMMON.INVALID_FILTER
Invalid $class: $error
`class' - "Filter", "SimpleFilter" .
Warning() 'error' -
.
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 973
/
IPBLOCKD.HOST_ADDED_TO_ The host at $ip has been added to the blacklist 'ip' - IP .
WHITELIST
because of an SSH DOS attack.
IPBLOCKD.HOST_ADDED_TO_ The host at $ip has been permanently added to the
BLACKLIST
ssh whitelist.
IPBLOCKD.HOST_REMOVED_ The host at $ip has been removed from the
FROM_BLACKLIST
blacklist
Warning()
SSH IP 10 10 SSH .
IP IP .
.
.
LDAP.GROUP_QUERY_FAILED_ LDAP: Failed group query $name, comparison in 'name' - .
ALERT
filter will evaluate as false
Critical(). LDAP .
LDAP.HARD_ERROR
LDAP: work queue processing error in $name reason $why
'name' - . 'why' - .
Critical(). LDAP
( ).
LOG.ERROR.*
Critical(). .
MAIL.FILTER.RULE_MATCH_ ALERT
MID $mid matched the $rule_name rule. \n Details: $details
Information(). Header Repeats( ) true .
`mid' - . `rule_name' - . `details' - .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 974
/
MAIL.PERRCPT.LDAP_GROUP_ LDAP group query failure during per-recipient
QUERY_FAILED
scanning, possible LDAP misconfiguration or
unreachable server.
Critical(). LDAP .
MAIL.QUEUE.ERROR.*
Critical(). .
MAIL.OMH.DELIVERY_RETRY Subject - 'Alert: Message Delivery failed for
'host' - DANE
$hostname. DANE verification failed for one or
more Domain(s).'
Message - The message delivery failed due to DANE verification failure for all mail exchange (MX) hosts in $hostname. The appliance will attempt message delivery again or bounce the message.
MAIL.RES_CON_START_ ALERT.
This system (hostname: $hostname) has entered a 'hostname' - .
`resource conservation' mode in order to prevent the rapid depletion of critical system resources. 'memory_threshold_start' - RAM utilization for this system has exceeded the .
resource conservation threshold of
'memory_threshold_halt' -
$memory_threshold_start%. The allowed receiving rate for this system will be gradually decreased as
.
RAM utilization approaches
$memory_threshold_halt%.
Critical(). RAM .
MAIL.RES_CON_START_ ALERT. QUEUE_SLOW
This system (hostname: $hostname) has entered a 'hostname' - . `resource conservation' mode in order to prevent the rapid depletion of critical system resources. The queue is overloaded and is unable to maintain the current throughput.
Critical(). .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 975
/
MAIL.RES_CON_START_ ALERT. QUEUE
This system (hostname: $hostname) has entered a `hostname' - .
`resource conservation' mode in order to prevent the rapid depletion of critical system resources. `queue_threshold_start' - Queue utilization for this system has exceeded the .
resource conservation threshold of
`queue_threshold_halt' -
$queue_threshold_start%. The allowed receiving rate for this system will be gradually decreased as
.
queue utilization approaches
$queue_threshold_halt%.
Critical(). .
MAIL.RES_CON_START_ ALERT. WORKQ
This system (hostname: $hostname) has entered a `hostname' - .
`resource conservation' mode in order to prevent the rapid depletion of critical system resources. `suspend_threshold' - Listeners have been suspended because the current .
work queue size has exceeded the threshold of $suspend_threshold. Listeners will be resumed once the work queue size has dropped to
`resume_threshold' - .
$resume_threshold. These thresholds may be
altered via use of the `tarpit' command on the
system CLI.
Information(). .
MAIL.RES_CON_START_ ALERT
This system (hostname: $hostname) has entered a `hostname' - . `resource conservation' mode in order to prevent the rapid depletion of critical system resources.
Critical(). " " .
MAIL.RES_CON_STOP_ALERT
This system (hostname: $hostname) has exited `resource conservation' mode as resource utilization has dropped below the conservation threshold.
`hostname' - .
Information(). " " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 976
/
MAIL.SDS.CATEGORY_CHANGE URL , 459 -- .
MAIL.SDS.CERTIFICATE_ INVALID
URL , 441 .
MAIL.SDS.ERROR_FETCHING_ CERTIFICATE
MAIL.WORK_QUEUE_PAUSED_ work queue paused, $num msgs, $reason
`num' -
NATURAL
. Critical().
.
`reason' -
.
MAIL.WORK_QUEUE_UNPAUSED_ work queue resumed, $num msgs
`num' -
NATURAL
. Critical().
.
NTP.NOT_ROOT
Not running as root, unable to adjust system time
Warning() NTP .
QUARANTINE.ADD_DB_ERROR Unable to quarantine MID $mid - quarantine system unavailable
'mid' - MID
Critical(). .
QUARANTINE.DB_UPDATE_ FAILED
Unable to update quarantine database (current version: $version; target $target_version)
'version' - . 'target_version' - .
Critical().
.
QUARANTINE.DISK_SPACE_ The quarantine system is unavailable due to a lack 'file_system' - .
LOW
of space on the $file_system partition.
Critical(). .
QUARANTINE.THRESHOLD_ ALERT
Quarantine "$quarantine" is $full% full
Warning() 5%, 50% 75% .
'quarantine' - .
'full' - .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 977
/
QUARANTINE.THRESHOLD_ ALERT.SERIOUS
Quarantine "$quarantine" is $full% full
'quarantine' - .
Critical(). 95% 'full' -
.
.
REPORTD.DATABASE_OPEN_ FAILED_ALERT
The reporting system has encountered a critical 'err_msg' - error while opening the database. In order to prevent disruption of other services, reporting has been disabled on this machine. Please contact customer support to have reporting enabled. The error message is: $err_msg
Critical(). .
REPORTD.AGGREGATION_ DISABLED_ALERT
Processing of collected reporting data has been 'threshold' - disabled due to lack of logging disk space. Disk usage is above $threshold percent. Recording of reporting events will soon become limited and reporting data may be lost if disk space is not freed up (by removing old logs, etc.). Once disk usage drops below $threshold percent, full processing of reporting data will be restarted automatically.
Warning() . .
REPORTING.CLIENT.UPDATE_ FAILED_ALERT
Reporting Client: The reporting system has not responded for an extended period of time ($duration).
Warning() .
'duration' - . ('1h 3m 27s').
REPORTING.CLIENT.JOURNAL. Reporting Client: The reporting system is unable
FULL
to maintain the rate of data being generated. Any
new data generated will be lost.
Critical(). .
REPORTING.CLIENT.JOURNAL. Reporting Client: The reporting system is now able
to handle new data.
Information(). .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 978
/
PERIODIC_REPORTS.REPORT_ A failure occurred while building periodic report `report_title' -
TASK.BUILD_FAILURE
`$report_title'. This subscription has been removed
from the scheduler.
Critical(). .
PERIODIC_REPORTS.REPORT_ A failure occurred while emailing periodic report 'report_title' -
TASK.EMAIL_FAILURE
`$report_title'. This subscription has been removed
from the scheduler.
Critical(). .
PERIODIC_REPORTS.REPORT_ A failure occurred while archiving periodic report 'report_title' -
TASK.ARCHIVE_FAILURE
'$report_title'. This subscription has been removed
from the scheduler.
Critical(). .
SENDERBASE.ERROR
Error processing response to query $query: response was $response
'query' - . 'response' - .
Information(). SenderBase
.
SMTPAUTH.FWD_SERVER_ FAILED_ ALERT
SMTP Auth: could not reach forwarding server 'ip' - IP.
$ip with reason: $why
'why' - .
Warning() SMTP
.
SMTPAUTH.LDAP_QUERY_ FAILED
SMTP Auth: LDAP query failed, see LDAP debug logs for details.
Warning() LDAP .
SYSTEM.HERMES_SHUTDOWN_ While preparing to ${what}, failed to stop mail 'error' - .
FAILURE.
server gracefully: ${error}$what:=reboot
REBOOT
Warning() .
SYSTEM.HERMES_SHUTDOWN_ While preparing to ${what}, failed to stop mail 'error' - .
FAILURE.
server gracefully: ${error}$what:=shut down
SHUTDOWN
Warning() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 979
/
SYSTEM.LOGIN_FAILURES_LOCK_ALERT User "$user" is locked after $numlogins
'user' -
consecutive login failures. Last login attempt was
from $rhost
'numlogins' -
Information: Sent when the user account is locked 'rhost' - because of maximum number of failed login attempts
SYSTEM.RCPTVALIDATION.UPDATE_ Error updating recipient validation data: $why 'why' - . FAILED
Critical().
.
SYSTEM.SERVICE_TUNNEL. Tech support: Service tunnel has been disabled
Information(). Cisco
.
SYSTEM.SERVICE_TUNNEL. Tech support: Service tunnel has been enabled, 'port' - .
port $port
Information(). Cisco .
IPBLOCKD.HOST_ADDED_TO_ The host at $ip has been added to the blacklist 'ip' - IP .
WHITELIST
because of an SSH DOS attack.
IPBLOCKD.HOST_ADDED_TO_ The host at $ip has been permanently added to the
BLACKLIST
ssh whitelist.
IPBLOCKD.HOST_REMOVED_FROM_ The host at $ip has been removed from the
BLACKLIST
blacklist
Warning()
SSH IP 10 10 SSH .
IP IP .
.
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 980
/
WATCHDOG_RESTART_ALERT_ <$level>: <$class>, <$hostname>: $subject $text 'subject' - Watchdog
MSG
Warning()
Cisco Email Security Appliance watchdog 'text' - Watchdog
.
· Anti-Spam
· Anti-Virus
·
·
watchdog , watchdog .
MAIL.IMH.GEODB_UPDATE_ COUNTRIES'
Warning() Geolocation Update - the list of 'added' - The following countries are
supported countries has changed.
added: <iso_code1>:<country_nam
Added Countries - <$added>
e1>,<iso_code2>:<country_name2>,
Deleted Countries - <$deleted>
'deleted' - The following countries are deleted: <iso_code1>:<country_nam
Review your HAT sender groups, Message Filters, e1>:<iso_code2>:<country_name2>,
and Content Filters settings accordingly.
MAIL.UPDATED_SHORT_URL_DOMAIN_LIST Info. The list of shortened URL domains has been 'added_domains': The following domains
updated..
are added: <domains_1>, <domain_2>
Added Domains: <$added_domains> Deleted Domains - <$deleted_domains>
'deleted_domains' : The following domains are deleted: <domain_3>, <domain_4>
MAIL.DOMAINS_NOT_REACHABLE Warning() The following domains are not reachable by the appliance for shortened URL support: <$domains>
<$domains>: comma separated list of domains
Check your firewall rules to allow your appliance to connect to these domains.
AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 981
92:
UPDATER.APP.UPDATE_ ABANDONED
UPDATER.UPDATERD. ANIFEST_FAILED_ALERT
UPDATER.UPDATERD. RELEASE_NOTIFICATION UPDATER.UPDATERD. UPDATE_FAILED
$app abandoning updates until a new version `app' - . is published. The $app application tried and failed $attempts times to successfully complete `attempts' - . an update. This may be due to a network configuration issue or temporary outage
Warning() .
The updater has been unable to communicate `threshold' - with the update server for at least $threshold. .
Warning() .
$mail_text Warning() .
`mail_text' - . `notification_subject' - .
Unknown error occured: $traceback
`traceback' - (traceback).
Critical(). .
AsyncOS . ( ) .
93:
VOF.GTL_THRESHOLD_ALERT Outbreak Filters Rule Update Alert:$text All rules last updated at: 'text' -
$time on $date.
.
Information(). 'time' -
.
.
'date' - .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 982
AS.UPDATE_FAILURE
$engine update unsuccessful. This may be due to transient network `engine' -
or DNS issues, HTTP proxy configuration causing update
.
transmission errors or unavailability of downloads.ironport.com.
The specific error on the appliance for this failure is: $error
'error' - .
Warning() CASE .
AsyncOS .
94:
CLUSTER.CC_ERROR. AUTH_ERROR
Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Machine does not . appear to be in the cluster
'ip' - IP. Critical(). . 'why' - .
.
CLUSTER.CC_ERROR.DROPPED Error connecting to cluster machine $name at IP 'name' - /
$ip - $error - $why$error:=Existing connection . dropped
'ip' - IP.
Warning()
.
'why' - .
CLUSTER.CC_ERROR.FAILED
Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Connection failure .
Warning() 'ip' - IP.
.
'why' - .
CLUSTER.CC_ERROR. FORWARD_FAILED
Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Message forward . failed, no upstream connection
'ip' - IP. Critical(). 'why' - .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 983
CLUSTER.CC_ERROR.NOROUTE Error connecting to cluster machine $name at IP 'name' - /
$ip - $error - $why$error:=No route found
.
Critical(). 'ip' - IP. 'why' - . .
CLUSTER.CC_ERROR.SSH_KEY Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Invalid host key .
Critical(). SSH 'ip' - IP.
.
'why' - .
CLUSTER.CC_ERROR.TIMEOUT Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Operation timed out .
Warning() 'ip' - IP.
.
'why' - .
CLUSTER.CC_ERROR_NOIP
Error connecting to cluster machine $name - 'name' - /
$error - $why
.
Critical(). 'why' - . IP .
CLUSTER.CC_ERROR_NOIP. AUTH_ERROR
Error connecting to cluster machine $name - 'name' - / $error - $why$error:=Machine does not appear . to be in the cluster
'why' - . Critical().
.
.
CLUSTER.CC_ERROR_NOIP. DROPPED
Error connecting to cluster machine $name - 'name' - /
$error - $why$error:=Existing connection dropped
.
'why' - .
Warning()
IP
,
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 984
CLUSTER.CC_ERROR_NOIP. FAILED
Error connecting to cluster machine $name - 'name' - /
$error - $why$error:=Connection failure
.
Warning() , IP .
'why' - .
CLUSTER.CC_ERROR_NOIP. FORWARD_FAILED
Error connecting to cluster machine $name $error - $why$error:=Message forward failed, no upstream connection
'name' - / .
'why' - .
Critical().
IP
,
.
CLUSTER.CC_ERROR_NOIP. NOROUTE
Error connecting to cluster machine $name - 'name' - /
$error - $why$error:=No route found
.
Critical(). 'why' - . IP , .
CLUSTER.CC_ERROR_NOIP. SSH_KEY
Error connecting to cluster machine $name - 'name' - /
$error - $why$error:=Invalid host key
.
Critical(). 'why' - . IP , SSH .
CLUSTER.CC_ERROR_NOIP. TIMEOUT
Error connecting to cluster machine $name - 'name' - /
$error - $why$error:=Operation timed out
.
Warning() 'why' - . IP , .
CLUSTER.SYNC.PUSH_ALERT
Overwriting $sections on machine $name
Critical(). .
'name' - / .
'sections' - .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 985
. , 28 ( systemsetup ) , DNS . .
· sethostname · DNS (GUI dnsconfig ) · (GUI routeconfig setgateway ) · dnsflush · Passphrase( ) · ·
. . .
· Network() > IP Interfaces(IP ) , Management( ) , Hostname( ) .
· CLI sethostname .
.
DNS(Domain Name System)
GUI Network() DNS dnsconfig DNS . .
· DNS , · DNS · DNS () · DNS
DNS
AsyncOS DNS , DNS DNS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 986
. DNS , ( DNS ).
DNS AsyncOS DNS "" . DNS .
" DNS" in-addr.arpa(PTR) . ".eng" 1.2.3.4 .eng 172.16 , DNS "eng,16.172.in-addr.arpa" .
DNS . AsyncOS 0 DNS . DNS AsyncOS . DNS DNS . " " , . DNS . IP . , . 60. 60. 2 15, 45. 3 5, 10, 45.
4 DNS 2 0, 1, 2 .
95: DNS ,
Priority( )
0
1.2.3.4,
1.2.3.5
1
1.2.3.6
2
1.2.3.7
() 5, 5
10 45
AsyncOS 0 . 0 . 0 1 (1.2.3.6) , 2(1.2.3.7) .
0 , 1 , 2 .
AsyncOS DNS DNS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 987
DNS
DNS , .
DNS
" DNS " . , DNS IP . IP DNS(PTR) PTR DNS(A) . A PTR . A IP HAT(Host Access Table) . , 987 DNS .
DNS 20. DNS (DNS DNS ) . , DNS 8 DNS 20 , (8 * 20) = 160.
() '0' DNS . 0 , DNS . IP CN(common name) TLS .
DNS
"Failed to bootstrap the DNS cache(DNS )" . DNS . DNS . DNS .
DNS
GUI Clear Cache( ) dnsflush (dnsflush AsyncOS for Cisco Email Security Appliances CLI ) DNS . DNS . , .
DNS
1 Network() > DNS . 2 Edit Settings( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 988
TCP/IP
3 DNS DNS DNS .
4 DNS ID Add Row( ) . . DNS . DNS , 986 .
5 DNS DNS IP . Add Row( ) . DNS . IP DNS .
6 DNS . 7 DNS () . 8 Clear Cache( ) DNS . 9 .
TCP/IP
. Email Security Appliance IPv4(Internet Protocol version 4) IPv6(Internet Protocol version 6) . CLI routeconfig .
1 Network() > Routing() . 2 (IPv4 IPv6) Add Route( ) . 3 . 4 IP . 5 IP . 6 .
CLI setgateway .
1 Network() > Routing() . 2 Default Route( ) . 3 IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 989
SSL
4 .
SSL
SSL Configuration Settings(SSL ) sslconfig SSL .
1 System Administration( ) > SSL Configuration Settings(SSL ) . 2 Edit Settings( ) . 3 .
· GUI HTTPS SSL . GUI HTTPS SSL . · SMTP SSL . Inbound SMTP( SMTP) SSL
. · SMTP SSL . Outbound SMTP( SMTP) SSL
.
· SSL v2 TLS v1 . SSL v3 . · TLS v1.0 v1.1 . TLS v1.2 .
4 Submit() . 5 Commit Changes( ) .
SSLv3
SSLv3 . · Updater · URL · · LDAP
SSLv3 sslv3config . SSLv3 .
mail.example.com> sslv3config Current SSLv3 Settings:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 990
--------------------------------------------------
UPDATER
:
Enabled
WEBSECURITY
:
Enabled
EUQ
:
Enabled
LDAP
:
Enabled
--------------------------------------------------
Choose the operation you want to perform:
- SETUP - Toggle SSLv3 settings.
[]> setup
Choose the service to toggle SSLv3 settings:
1. EUQ Service
2. LDAP Service
3. Updater Service
4. Web Security Service
[1]>
Do you want to enable SSLv3 for EUQ Service ? [Y]>n
Choose the operation you want to perform:
- SETUP - Toggle SSLv3 settings.
[]>
, NTP , GUI System Administration( ) Time Zone or Time Settings( ) . CLI ntpconfig, settime settz .
System Administration( ) > Time Settings( ) tzupdate CLI AsyncOS .
GUI System Administration( ) Time Zone( ) . GMT .
1 System Administration( ) > Time Zone( ) Edit Settings( ) . 2 , . 3 .
GMT
1 System Administration( ) > Time Zone( ) Edit Settings( ) . 2 GMT Offset(GMT ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 991
3 Time Zone( ) . GMT() . ("-") . ("+") .
4 .
. · ( ) NTP(Network Time Protocol) , 992 · , 992
( ) NTP(Network Time Protocol)
. NTP .
1 System Administration( ) > Time Settings( ) . 2 Edit Settings( ) . 3 Time Keeping Method( ) Use Network Time Protocol(NTP ) . 4 NTP Add Row( ) . NTP . 5 NTP . 6 NTP . NTP IP . 7 .
. Network Time Protocol .
1 System Administration( ) > Time Settings( ) . 2 Edit Settings( ) . 3 Time Keeping Method( ) Set Time Manually( ) . 4 , , , , . 5 A.M P.M . 6 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 992
· , 993 · , 993
( ) .
, My Favorites( ) Add This Page To My Favorites( ) .
My Favorites( ) .
My Favorites( ) > View All My Favorites( ) .
My Favorites( ) > View All My Favorites( ) .
My Favorites( ) .
My Dashboard( ) , 797 .
. . , .
, .
. Options() .
1 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 993
Internet Explorer
2 Options() > Preferences( ) . . 3 Edit Preferences( ) . 4 .
Language Display( )
CLI AsyncOS for Web
Landing Page( )
Reporting Time Range Displayed( Reporting() )()
Number of Reporting Rows Displayed( )
5 . 6 Return to previous page( ) .
Internet Explorer
Internet Explorer .
.
1 System Administration( ) > General Settings( ) . 2 Override IE Compatibility Mode(IE ) . 3 .
HTTP
CLI adminaccessconfig > maxhttpheaderfieldsize HTTP HTTP . HTTP 4096(4KB) 33554432(32MB).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 994
CLI diagnostic > servicessub .
· .
· .
: DLP
services DLP .
mail.example.com> diagnostic
Choose the operation you want to perform: - RAID - Disk Verify Utility. - DISK_USAGE - Check Disk Usage. - NETWORK - Network Utilities. - REPORTING - Reporting Utilities. - TRACKING - Tracking Utilities. - RELOAD - Reset configuration to the initial manufacturer values. - SERVICES - Service Utilities. []> services
Choose one of the following services: - ANTISPAM - Anti-Spam services - ANTIVIRUS - Anti-Virus services - DLP - Cisco Data Loss Prevention services - ENCRYPTION - Encryption services - GRAYMAIL - Graymail services - REPORTING - Reporting associated services - SBRS - Reputation Engine services - TRACKING - Tracking associated services - URLFILTERING - URL Filtering - EUQWEB - End User Quarantine GUI - WEBUI - Web GUI []> dlp
Choose the operation you want to perform: - RESTART - Restart the service - STATUS - View status of the service []> status
Cisco Data Loss Prevention has been up for 3s.
:
services .
mail.example.com> diagnostic
Choose the operation you want to perform: - RAID - Disk Verify Utility. - DISK_USAGE - Check Disk Usage. - NETWORK - Network Utilities.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 995
- REPORTING - Reporting Utilities. - TRACKING - Tracking Utilities. - RELOAD - Reset configuration to the initial manufacturer values. - SERVICES - Service Utilities. []> services
Choose one of the following services: - ANTISPAM - Anti-Spam services - ANTIVIRUS - Anti-Virus services - DLP - Cisco Data Loss Prevention services - ENCRYPTION - Encryption services - GRAYMAIL - Graymail services - REPORTING - Reporting associated services - SBRS - Reputation Engine services - TRACKING - Tracking associated services - URLFILTERING - URL Filtering - EUQWEB - End User Quarantine GUI - WEBUI - Web GUI []> graymail
Choose the operation you want to perform: - RESTART - Restart the service - STATUS - View status of the service []> restart
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 996
37
CLI
. · CLI , 997 · , 998 · CLI , 1003 · , 1014 · SNMP , 1023
CLI
CLI Email Security Appliance . · . · , · 1, 5 15 · : · · · · SNMP(Simple Network Management Protocol) : · · · · . : · · ·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 997
CLI
· , ·
· , 998 · , 1000 · , 1002
. , , .
.
resetcounters
Cisco
Cisco .
. . .
96:
Receiving()
Rejection()
. . .
RAT(Recipient Access Table) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 998
CLI
(drop)
Black Hole . /dev/null . ( ) .
Queue()
Soft Bounced Events( -
)
.
Completion()
, . .
Hard Bounced Recipients( DNS , 5XX , ,
)
.
.
DNS
DNS .
5XX
"5XX" .
.
bounce . ( ) .
bouncerecipients .
Delivered Recipients( ) .
deleterecipients Global Unsubscribe Hit( ) .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 999
CLI
Current IDs( ID) ID(MID)
ICID(Injection Connection ID)
DCID(Delivery Connection ID)
ID . MID Cisco . MID 231 (0) .
Injection Connection ID. ICID 231 (0 ).
Delivery Connection ID. DCID 231 (0 ).
, , . Cisco .
. . .
97:
System Gauges( ) RAM
CPU
RAM(Random Access Memory) . CPU .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1000
CLI
I/O
I/O .
Disk I/O Utilization( I/O ) . I/O . 100% I/O ( I/O 100% ).
(conservation)
0 60 999 . 0~60 . . (0) . 999 " " . .
:
LogUsd XML log_used , .
Connections Gauges( )
.
.
Queue Gauges( )
Active Recipients( )
. Unattempted Recipients( ) Attempted Recipients( ) .
Active Recipients( ) . .
Active Recipients( ) . .
, , , , , LDAP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1001
CLI
Messages in Quarantine(
)
. Outbreak( )
(0) ,
.
Destinations in Memory( )
. . 3 . 3 (: tophosts ). "1" . ( ) "0" .
. ( 3 yahoo.com yahoo.com 3 .)
( ).
Kilobytes in Quarantine( .
)
30 , "Messages in
Quarantine( )" .
.
( ).
. 1, 5, 15 , .
Cisco 1 100 1 6,000 . 5 1,200 , 15 400 . 1 . 1 100 15 100 .
Cisco .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1002
CLI
CLI
. . .
98:
Messages Received( ) .
Recipients Received(
)
.
Soft Bounced Events( . (
)
.)
Completed Recipients( ,
)
.
.
Hard Bounced Recipients( )
DNS , 5XX , , . .
Delivered Recipients( . )
CLI
· , 1004 · , 1005 · , 1006 · , 1009 · , 1010 · , 1011 · DNS , 1012 · , 1013 · TCP/IP , 1014
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1003
CLI
Cisco . status . , . . , , . , , .
CLI , 997 .
99:
Status as of(/)
.
Last counter reset( . )
System status( )
Online(), offline(), receiving suspended( ) delivery suspended( ). "receiving suspended( )" . "offline()" .
Oldest Message( . )
Features()
featurekey .
mail3.example.com> status
Status as of: Up since: Last counter reset: System status: Oldest Message: Counters:
Receiving Messages Received Recipients Received
Rejection Rejected Recipients Dropped Messages
Queue Soft Bounced Events
Completion Completed Recipients
Thu Oct 21 14:33:27 2004 PDT
Wed Oct 20 15:47:58 2004 PDT (22h 45m 29s)
Never
Online
4 weeks 46 mins 53 secs
Reset
Uptime
Lifetime
62,049,822 62,049,823
290,920 290,920
62,049,822 62,049,823
3,949,663 11,606,037
11,921 219
3,949,663 11,606,037
2,334,552
13,598
2,334,552
50,441,741
332,625
50,441,741
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1004
CLI
Current IDs Message ID (MID) Injection Conn. ID (ICID) Delivery Conn. ID (DCID)
Gauges: Connections Current Inbound Conn. Current Outbound Conn. Queue Active Recipients Messages In Work Queue Messages In Quarantine Kilobytes Used Kilobytes In Quarantine Kilobytes Free
mail3.example.com>
Current
0 14
7,166 0
16,248 387,143 338,206 39,458,745
99524480 51180368 17550674
status detail . , . . , , . , , . . 1, 5, 15 , . CLI , 997 .
mail3.example.com> status detail
Status as of:
Thu Jun 30 13:09:18 2005 PDT
Up since:
Thu Jun 23 22:21:14 2005 PDT (6d 14h 48m 4s)
Last counter reset:
Tue Jun 29 19:30:42 2004 PDT
System status:
Online
Oldest Message:
No Messages
Feature - IronPort Anti-Spam: 17 days
Feature - Sophos:
Dormant/Perpetual
Feature - Outbreak Filters: Dormant/Perpetual
Feature - Central Mgmt:
Dormant/Perpetual
Counters:
Reset
Uptime
Lifetime
Receiving
Messages Received
2,571,967
24,760
3,113,176
Recipients Received
2,914,875
25,450
3,468,024
Gen. Bounce Recipients
2,165
0
7,451
Rejection
Rejected Recipients
1,019,453
792
1,740,603
Dropped Messages
1,209,001
66
1,209,028
Queue
Soft Bounced Events
11,236
0
11,405
Completion
Completed Recipients 2,591,740
49,095
3,145,002
Hard Bounced Recipients 2,469
0
7,875
DNS Hard Bounces
199
0
3,235
5XX Hard Bounces
2,151
0
4,520
Expired Hard Bounces
119
0
120
Filter Hard Bounces
0
0
0
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1005
CLI
Other Hard Bounces
0
0
Delivered Recipients 2,589,270
49,095
Deleted Recipients
1
0
Global Unsub. Hits
0
0
DomainKeys Signed Msgs
10
9
Current IDs
Message ID (MID)
Injection Conn. ID (ICID)
Delivery Conn. ID (DCID)
Rates (Events Per Hour):
1-Minute
5-Minutes
Receiving
Messages Received
180
300
Recipients Received
180
300
Queue
Soft Bounced Events
0
0
Completion
Completed Recipients
360
600
Hard Bounced Recipients
0
0
Delivered Recipients
360
600
Gauges:
Current
System
RAM Utilization
1%
CPU Utilization
MGA
0%
AntiSpam
0%
AntiVirus
0%
Disk I/O Utilization
0%
Resource Conservation
0
Connections
Current Inbound Conn.
0
Current Outbound Conn.
0
Queue
Active Recipients
0
Unattempted Recipients
0
Attempted Recipients
0
Messages In Work Queue
0
Messages In Quarantine
19
Destinations In Memory
3
Kilobytes Used
473
Kilobytes In Quarantine
473
Kilobytes Free
39,845,415
0 3,137,126
1 0 10
7615199 3263654 1988479 15-Minutes
188 188
0
368 0
368
, . ( ) "0" "1" . . .
, hoststatus . hoststatus . . AsyncOS DNS . resetcounters .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1006
CLI
. CLI , 997 . hoststatus .
100: hoststatus
, " " . Pending Outbound Connection( ) greeting .
Oldest Message( .
)
/
.
.
IP
IP TTL(time to live), MX . MX IP . MX . MX . MX .
Last 5XX error( 5XX "5XX"
)
. 5XX .
MX
MX IP . MX . MX . MX .
SMTP SMTP .
Last TLS Error( TLS TLS
)
TLS . TLS
.
( , 69 ).
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1007
CLI
101: hoststatus
up/down
hoststatus - .
hoststatus - .
Recipients()
hoststatus . Active Recipients( ) - .
Last 5XX error( 5XX 5XX
)
. 5XX
.
mail3.example.com> hoststatus
Recipient host:
[]> aol.com
Host mail status for: 'aol.com'
Status as of:
Tue Mar 02 15:17:32 2010
Host up/down:
up
Counters:
Queue
Soft Bounced Events
0
Completion
Completed Recipients
1
Hard Bounced Recipients
1
DNS Hard Bounces
0
5XX Hard Bounces
1
Filter Hard Bounces
0
Expired Hard Bounces
0
Other Hard Bounces
0
Delivered Recipients
0
Deleted Recipients
0
Gauges:
Queue
Active Recipients
0
Unattempted Recipients
0
Attempted Recipients
0
Connections
Current Outbound Connections
0
Pending Outbound Connections
0
Oldest Message
No Messages
Last Activity
Tue Mar 02 15:17:32 2010
Ordered IP addresses: (expiring at Tue Mar 02 16:17:32 2010)
Preference IPs
15
64.12.137.121 64.12.138.89
64.12.138.120
15
64.12.137.89
64.12.138.152 152.163.224.122
15
64.12.137.184 64.12.137.89
64.12.136.57
15
64.12.138.57
64.12.136.153 205.188.156.122
15
64.12.138.57
64.12.137.152 64.12.136.89
15
64.12.138.89
205.188.156.154 64.12.138.152
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1008
CLI
15
64.12.136.121 152.163.224.26 64.12.137.184
15
64.12.138.120 64.12.137.152 64.12.137.121
MX Records:
Preference TTL
Hostname
15
52m24s
mailin-01.mx.aol.com
15
52m24s
mailin-02.mx.aol.com
15
52m24s
mailin-03.mx.aol.com
15
52m24s
mailin-04.mx.aol.com
Last 5XX Error:
----------
550 REQUESTED ACTION NOT TAKEN: DNS FAILURE
(at Tue Mar 02 15:17:32 2010 GMT) IP: 10.10.10.10
----------
Last TLS Error:
Required - Verify
----------
TLS required, STARTTLS unavailable
(at Tue Mar 02 15:17:32 2010 GMT) IP: 10.10.10.10
Virtual gateway information:
============================================================
example.com (PublicNet_017):
Host up/down:
up
Last Activity
Wed June 22 13:47:02 2005
Recipients
0
altsrchost .
(: ) tophosts . tophosts 20 . , , , , . CLI , 997 .
mail3.example.com> tophosts
Sort results by:
1. Active Recipients
2. Connections Out
3. Delivered Recipients
4. Soft Bounced Events
5. Hard Bounced Recipients
[1]> 1
Status as of:
Mon Nov 18 22:22:23 2003
Active Conn. Deliv.
# Recipient Host Recip
Out
Recip.
1 aol.com
365
10
255
2 hotmail.com
290
7
198
3 yahoo.com
134
6
123
4 excite.com
98
3
84
5 msn.com
84
2
76
mail3.example.com>
Soft Bounced 21 28 11
9 33
Hard Bounced
8 13 19
4 29
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1009
CLI
Cisco , . rate . . Ctrl-C rate .
.
102: rate
Connections In( )
Connections Out( )
Recipients Received( )
Recipients Completed( )
/
Queue Used( )
( )
mail3.example.com> rate
Enter the number of seconds between displays.
[10]> 1
Hit Ctrl-C to return to the main prompt.
Time
Connections Recipients
Recipients
In Out Received Delta Completed
23:37:13 10
2 41708833
0 40842686
23:37:14
8
2 41708841
8 40842692
23:37:15
9
2 41708848
7 40842700
23:37:16
7
3 41708852
4 40842705
23:37:17
5
3 41708858
6 40842711
23:37:18
9
3 41708871
13 40842722
23:37:19
7
3 41708881
10 40842734
23:37:21 11
3 41708893
12 40842744
^C
Delta 0 6 8 5 6
11 12 10
Queue K-Used
64 105
76 64 64 67 64 79
hostrate . status detail . ( , 1005 .)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1010
CLI
103: hostrate
Host Status( )
: up(), down() unknown( )
Current Connections Out( )
Active Recipients in Queue( )
Active Recipients in Queue Delta(
)
Delivered Recipients Delta(
)
Hard Bounced Recipients Delta(
)
Soft Bounce Events Delta(
)
Ctrl-C hostrate .
mail3.example.com> hostrate
Recipient host:
[]> aol.com
Enter the number of seconds between displays.
[10]> 1
Time Host CrtCncOut ActvRcp ActvRcp DlvRcp HrdBncRcp SftBncEvt
Status
Delta Delta
Delta
Delta
23:38:23
up
1
0
0
4
0
0
23:38:24
up
1
0
0
4
0
0
23:38:25
up
1
0
0
12
0
0
^C
Cisco . topin , IP . IP 2 . topin .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1011
CLI
104: topin
Remote Hostname( ) DNS .
IP
IP .
Cisco .
Connections In( )
IP .
DNS , DNS . IP DNS IP . , 119 .
mail3.example.com> topin
Status as of: # Remote hostname 1 mail.remotedomain01.com 2 mail.remotedomain01.com 3 mail.remotedomain03.com 4 mail.remotedomain04.com 5 mail.remotedomain05.com 6 mail.remotedomain06.com 7 mail.remotedomain07.com 8 mail.remotedomain08.com 9 mail.remotedomain09.com 10 mail.remotedomain10.com 11 mail.remotedomain11.com 12 mail.remotedomain12.com 13 mail.remotedomain13.com 14 mail.remotedomain14.com 15 mail.remotedomain15.com 16 mail.remotedomain16.com 17 mail.remotedomain17.com 18 mail.remotedomain18.com 19 mail.remotedomain19.com 20 mail.remotedomain20.com
Sat Aug 23 21:50:54 2003
Remote IP addr. listener
172.16.0.2
Incoming01
172.16.0.2
Incoming02
172.16.0.4
Incoming01
172.16.0.5
Incoming02
172.16.0.6
Incoming01
172.16.0.7
Incoming02
172.16.0.8
Incoming01
172.16.0.9
Incoming01
172.16.0.10
Incoming01
172.16.0.11
Incoming01
172.16.0.12
Incoming01
172.16.0.13
Incoming02
172.16.0.14
Incoming01
172.16.0.15
Incoming01
172.16.0.16
Incoming01
172.16.0.17
Incoming01
172.16.0.18
Incoming01
172.16.0.19
Incoming02
172.16.0.20
Incoming01
172.16.0.21
Incoming01
Conn. In 10 10 5 4 3 3 3 3 3 2 2 2 2 2 2 2 1 1 1 1
DNS
dnsstatus DNS . , , .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1012
CLI
105: dnsstatus
DNS
DNS .
DNS ( ) .
DNS .
DNS .
DNS .
, , DNS . TTL(time to live) . . ( ) . .
mail3.example.com> dnsstatus
Status as of: Sat Aug 23 21:57:28 2003
Counters:
Reset
DNS Requests
211,735,710
Network Requests
182,026,818
Cache Hits
474,675,247
Cache Misses
624,023,089
Cache Exceptions
35,246,211
Cache Expired
418,369
mail3.example.com>
Uptime 8,269,306 6,858,332 17,934,227 24,072,819 1,568,005
7,800
Lifetime 252,177,342 206,963,542 541,605,545 704,767,877
51,445,744 429,015
resetcounters . . .
GUI . System Status( ) , 826 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1013
CLI
mail3.example.com> resetcounters Counters reset: Mon Jan 01 12:00:01 2003
TCP/IP
Email Security Appliance TCP/IP CLI tcpservices .
Cisco AsyncOS . , , . .
deleterecipients . deleterecipients . Envelope From . ( ) .
deleterecipients Cisco ( , 924 ).
, . . . deleterecipients . (IronPort ) .
mail3.example.com> deleterecipients Please select how you would like to delete messages: 1. By recipient host. 2. By Envelope From address. 3. All. [1]>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1014
CLI
Cisco . , Envelope From .
Please enter the hostname for the messages you wish to delete. []> example.com Are you sure you want to delete all messages being delivered to "example.com"? [N]> Y Deleting messages, please wait. 100 messages deleted.
Envelope From
Please enter the Envelope From address for the messages you wish to delete. []> [email protected] Are you sure you want to delete all messages with the Envelope From address of "[email protected]"? [N]> Y Deleting messages, please wait. 100 messages deleted.
Are you sure you want to delete all messages in the delivery queue (all active recipients)? [N]> Y
Deleting messages, please wait. 1000 messages deleted.
deleterecipients bouncerecipients . bounceconfig .
bouncerecipients Cisco ( , 924 ).
, .
. . bouncerecipients .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1015
CLI
bouncerecipients . ( ) , resume Cisco AsyncOS .
mail3.example.com> bouncerecipients Please select how you would like to bounce messages: 1. By recipient host. 2. By Envelope From address. 3. All. [1]>
. Envelope From . .
Please enter the hostname for the messages you wish to bounce. []> example.com Are you sure you want to bounce all messages being delivered to "example.com"? [N]> Y Bouncing messages, please wait. 100 messages bounced.
Envelope From
Please enter the Envelope From address for the messages you wish to bounce. []> [email protected] Are you sure you want to bounce all messages with the Envelope From address of "[email protected]"? [N]> Y Bouncing messages, please wait. 100 messages bounced.
Are you sure you want to bounce all messages in the queue? [N]> Y Bouncing messages, please wait. 1000 messages bounced.
redirectrecipients . SMTP IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1016
CLI
/dev/null . CLI . SMTP .
example2.com .
mail3.example.com> redirectrecipients Please enter the hostname or IP address of the machine you want to send all mail to. []> example2.com WARNING: redirecting recipients to a host or IP address that is not prepared to accept large
volumes of SMTP mail from this host will cause messages to bounce and possibly result in the loss of mail. Are you sure you want to redirect all mail in the queue to "example2.com"? [N]> y Redirecting messages, please wait. 246 recipients redirected.
Envelope From showrecipients . .
mail3.example.com> showrecipients
Please select how you would like to show messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 3
Showing messages, please wait.
MID/
Bytes/ Sender/
Subject
[RID] [Atmps] Recipient
1527
1230
[email protected] Testing
[0]
[0]
[email protected]
1522
1230
[email protected] Testing
[0]
[0]
[email protected]
1529
1230
[email protected] Testing
[0]
[0]
[email protected]
1530
1230
[email protected] Testing
[0]
[0]
[email protected]
1532
1230
[email protected] Testing
[0]
[0]
[email protected]
1531
1230
[email protected] Testing
[0]
[0]
[email protected]
1518
1230
[email protected] Testing
[0]
[0]
[email protected]
1535
1230
[email protected] Testing
[0]
[0]
[email protected]
1533
1230
[email protected] Testing
[0]
[0]
[email protected]
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1017
CLI
1536 [0]
1230 [0]
[email protected] Testing [email protected]
.
suspenddel . suspenddel Cisco AsyncOS . .
· · · · CLI
suspenddel , . suspenddel , . resumedel .
" " . suspenddel , resumedel .
mail3.example.com> suspenddel Enter the number of seconds to wait before abruptly closing connections. [30]> Waiting for outgoing deliveries to finish... Mail delivery suspended.
suspenddel resumedel Cisco AsyncOS .
resumedel
mail3.example.com> resumedel Mail delivery resumed.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1018
CLI
suspendlistener . .
AsyncOS . .
· SMTP: 421 hostname Service not available, closing transaction channel · QMQP: ZService not available
" " . suspendlistener , resumelistener .
Syntax
suspendlistener mail3.example.com> suspendlistener Choose the listener(s) you wish to suspend. Separate multiple entries with commas. 1. All 2. InboundMail 3. OutboundMail [1]> 1 Enter the number of seconds to wait before abruptly closing connections. [30]> Waiting for listeners to exit... Receiving suspended. mail3.example.com>
suspendlistener resumelistener Cisco AsyncOS .
Syntax
resumelistener
mail3.example.com> resumelistener Choose the listener(s) you wish to resume. Separate multiple entries with commas. 1. All 2. InboundMail 3. OutboundMail [1]> 1 Receiving resumed. mail3.example.com>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1019
CLI
resume .
Syntax
resume
mail3.example.com> resume Receiving resumed. Mail delivery resumed. mail3.example.com>
delivernow . delivernow . Down() . ( ) delivernow . . .
Syntax
delivernow
mail3.example.com> delivernow Please choose an option for scheduling immediate delivery. 1. By recipient host 2. All messages [1]> 1 Please enter the domain to schedule for immediate delivery. []> recipient.example.com Rescheduling all messages to recipient.example.com for immediate delivery. mail3.example.com>
LDAP , , LDAP , , " " . , 665 . " " , 1000 . workqueue . LDAP . LDAP . (antivirusupdate
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1020
CLI
) . workqueue .
.
Sun Aug 17 20:01:36 2003 Info: work queue paused, 1900 msgs S Sun Aug 17 20:01:39 2003 Info: work queue resumed, 1900 msgs
.
mail3.example.com> workqueue Status as of: Sun Aug 17 20:02:30 2003 GMT Status: Operational Messages: 1243 Choose the operation you want to perform: - STATUS - Display work queue status - PAUSE - Pause the work queue - RATE - Display work queue statistics over time []> pause Manually pause work queue? This will only affect unprocessed messages. Reason for pausing work queue: []> checking LDAP server Status as of: Sun Aug 17 20:04:21 2003 GMT Status: Paused by admin: checking LDAP server Messages: 1243
[N]> y
. "Manually paused by user( )" .
.
mail3.example.com> workqueue Status as of: Sun Aug 17 20:42:10 2003 GMT Status: Paused by admin: checking LDAP server Messages: 1243 Choose the operation you want to perform: - STATUS - Display work queue status - RESUME - Resume the work queue - RATE - Display work queue statistics over time []> resume Status: Operational Messages: 1243
. . showmessage CLI ID . oldmessage CLI . removemessage ID . , . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1021
Syntax
CLI
archivemessage[mid] CLI ID configuration mbox .
oldmessage ID . ID . , removemessage .
Cisco .
Syntax
Syntax
archivemessage
example.com> archivemessage Enter the MID to archive and remove. [0]> 47
MID 47 has been saved in file oldmessage_47.mbox in the configuration directory example.com>
oldmessage
example.com> oldmessage MID 9: 1 hour 5 mins 35 secs old Received: from example.com ([172.16.0.102])
by example.com with SMTP; 14 Feb 2007 22:11:37 -0800 From: [email protected] To: [email protected] Subject: Testing Message-Id: <[email protected]>
findevent CLI . findevent CLI , ID . . .
findevent ID ( , ). "confidential" findevent CLI .
example.com> findevent Please choose which type of search you want to perform: 1. Search by envelope FROM 2. Search by Message ID
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1022
CLI
SNMP
3. Search by Subject 4. Search by envelope TO [1]> 3 Enter the regular expression to search for. []> confidential Currently configured logs: 1. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll Enter the number of the log you wish to use for message tracking. []> 1 Please choose which set of logs to search: 1. All available log files 2. Select log files by date list 3. Current log file [3]> 3 The following matching message IDs were found. Please choose one to show additional log information: 1. MID 4 (Tue Jul 31 17:37:35 2007) sales: confidential [1]> 1 Tue Jul 31 17:37:32 2007 Info: New SMTP ICID 2 interface Data 1 (172.19.1.86) address 10.251.20.180 reverse dns host unknown verified no Tue Jul 31 17:37:32 2007 Info: ICID 2 ACCEPT SG None match ALL SBRS None Tue Jul 31 17:37:35 2007 Info: Start MID 4 ICID 2 Tue Jul 31 17:37:35 2007 Info: MID 4 ICID 2 From: <[email protected]> Tue Jul 31 17:37:35 2007 Info: MID 4 ICID 2 RID 0 To: <[email protected]> Tue Jul 31 17:37:35 2007 Info: MID 4 Subject 'sales: confidential' Tue Jul 31 17:37:35 2007 Info: MID 4 ready 4086 bytes from <[email protected]> Tue Jul 31 17:37:35 2007 Info: MID 4 matched all recipients for per-recipient policy DEFAULT
in the inbound table Tue Jul 31 17:37:35 2007 Info: ICID 2 close Tue Jul 31 17:37:37 2007 Info: MID 4 interim verdict using engine: CASE spam negative Tue Jul 31 17:37:37 2007 Info: MID 4 using engine: CASE spam negative Tue Jul 31 17:37:37 2007 Info: MID 4 interim AV verdict using Sophos CLEAN Tue Jul 31 17:37:37 2007 Info: MID 4 antivirus negative Tue Jul 31 17:37:37 2007 Info: MID 4 queued for delivery Tue Jul 31 17:37:37 2007 Info: Delivery start DCID 0 MID 4 to RID [0] Tue Jul 31 17:37:37 2007 Info: Message done DCID 0 MID 4 to RID [0] Tue Jul 31 17:37:37 2007 Info: MID 4 RID [0] Response '/null' Tue Jul 31 17:37:37 2007 Info: Message finished MID 4 done
SNMP
AsyncOS SNMP(Simple Network Management Protocol) . RFC 1213 1907 MIB-II . (SNMP RFCs 1065, 1066 1067 .) :
· SNMP off. · SNMP SET () . · AsyncOS SNMPv1, v2 v3 . · SNMPv3 .
. AES() DES . SHA-1() MD5 . snmpconfig "" . · SNMPv3 : v3get
> snmpwalk -v 3 -l AuthNoPriv -u v3get -a SHA -A ironport mail.example.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1023
MIB
CLI
· SNMPv1 SNMPv2 . public .
· SNMPv1 SNMPv2 SNMP GET . · SNMP (AsyncOS ) IP
. ( , DNS .)
SNMP snmpconfig . SNMPv3 GET . 3 . 1 2 . 1 2 .
MIB
Cisco Email Security Appliance MIB http://www.cisco.com/c/en/us/support/security/email-security-appliance/tsd-products-support-series-home.html . MIB .
· ASYNCOS-MAIL-MIB.txt - Cisco MIB SNMPv2 .
· AsyncOS-SMI.txt (IRONPORT-SMI.txt) - Cisco ASYNCOS-MAIL-MIB "SMI(Structure of Management Information)" .
IPMI(Intelligent Platform Management Interface) , .
. 10 .
. , 6 .
. 5 . . ( ). C170 .
106: C170 :
(CPU) () () () RAID
C170 90C
47C
0 RPMs
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1024
CLI
SNMP
snmpconfig .
, . .
· : snmpconfig , 1025
SNMP
SNMP ( SNMP ) . . SNMP ( Email Security Appliance) . SNMP SNMP SNMP .
SNMP snmpconfig .
, IP 10 .
: snmpconfig
161 "PublicNet" SNMP snmpconfig C690 . 1 2 GET public .
esa.example.com> snmpconfig Current SNMP settings: SNMP Disabled. Choose the operation you want to perform: - SETUP - Configure SNMP. []> SETUP Do you want to enable SNMP? [Y]> Please choose an IP interface for SNMP requests. 1. Management (198.51.100.1: esa.example.com) [1]> Which port shall the SNMP daemon listen on interface "Management"? [161]> Please select SNMPv3 authentication type: 1. MD5 2. SHA [1]> 2 Please select SNMPv3 privacy protocol: 1. DES 2. AES [1]> 2 Enter the SNMPv3 authentication passphrase. []> Please enter the SNMPv3 authentication passphrase again to confirm. []>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1025
: snmpconfig
CLI
Enter the SNMPv3 privacy passphrase.
[]>
Please enter the SNMPv3 privacy passphrase again to confirm.
[]>
Service SNMP V1/V2c requests?
[N]> Y
Enter the SNMP V1/V2c community string.
[ironport]> public
Shall SNMP V2c requests be serviced from IPv4 addresses?
[Y]>
From which IPv4 networks shall SNMP V1/V2c requests be allowed? Separate
multiple networks with commas.
[127.0.0.1/32]>
Enter the Trap target as a host name, IP address or list of IP
addresses separated by commas (IP address preferred). Enter "None" to disable traps.
[127.0.0.1]> 203.0.113.1
Enter the Trap Community string.
[ironport]> tcomm
Enterprise Trap Status
1. CPUUtilizationExceeded
Disabled
2. FIPSModeDisableFailure
Enabled
3. FIPSModeEnableFailure
Enabled
4. FailoverHealthy
Enabled
5. FailoverUnhealthy
Enabled
6. RAIDStatusChange
Enabled
7. connectivityFailure
Disabled
8. fanFailure
Enabled
9. highTemperature
Enabled
10. keyExpiration
Enabled
11. linkUpDown
Enabled
12. memoryUtilizationExceeded Disabled
13. powerSupplyStatusChange
Enabled
14. resourceConservationMode Enabled
15. updateFailure
Enabled
Do you want to change any of these settings?
[N]> Y
Do you want to disable any of these traps?
[Y]> n
Do you want to enable any of these traps?
[Y]> y
Enter number or numbers of traps to enable. Separate multiple numbers with
commas.
[]> 1,7,12
What threshold would you like to set for CPU utilization?
[95]>
What URL would you like to check for connectivity failure?
[http://downloads.ironport.com]>
What threshold would you like to set for memory utilization?
[95]>
Enter the System Location string.
[Unknown: Not Yet Configured]> Network Operations Center - west; rack #30, position 3
Enter the System Contact string.
[snmp@localhost]> [email protected]
Current SNMP settings:
Listening on interface "Management" 198.51.100.1 port 161.
SNMP v3: Enabled.
SNMP v1/v2: Enabled, accepting requests from subnet 127.0.0.1/32 .
SNMP v1/v2 Community String: public
Trap target: 203.0.113.1
Location: Network Operations Center - west; rack #30, position 3
System Contact: [email protected]
Choose the operation you want to perform:
- SETUP - Configure SNMP.
[]>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1026
CLI
esa.example.com> commit Please enter some comments describing your changes: []> Enable and configure SNMP Changes committed: Fri Nov 06 18:13:16 2015 GMT esa.example.com>
: snmpconfig
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1027
: snmpconfig
CLI
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1028
38
SenderBase
. · SenderBase , 1029 · SenderBase , 1029 · FAQ( ), 1030
SenderBase
SenderBase . SenderBase Cisco . . Cisco Cisco . Cisco . .
SenderBase
1 Security Services( ) > SenderBase . 2 Edit Global Settings( ) . 3 SenderBase Information Service .
. , CASE(Context Adaptive Scanning Engine) (Cisco ). CLI senderbaseconfig . 4 ( ) SenderBase Information Service . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1029
FAQ( )
SenderBase
, 949 . CLI updateconfig .
FAQ( )
Cisco . SenderBase Cisco . . Cisco .
SenderBase . , . .
· . .
· . .
Cisco . . , Cisco . ( Cisco , 1034 ).
" " .
107: Cisco
MGA
MGS 10012 2005 7 1, 8~ 8 5 MGA 4.7.0 102 10 500MB
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1030
SenderBase
50
3 120
30( 4 )
12
, .exe 50 30, 30
Outbreak 10
20
108: IP
: 100 : 80
2,000( )
100 A B
50 A
20 SMTP
50 10
: (a)
<one-way-hash>.pif <one-way-hash>.zip
: (b)
aaaaaaa0.aaa.pif aaaaaaa.zip
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1031
SenderBase
URL (c)
www.domain.com .
URL (d)
www.domain.com aaa000aa/aa00aaa
10 10 5 4 16 5
500, HAM 300
30K-35K 125
".exe" 300
, ".doc" ".exe"
100
zip ".exe" 50
50-55K ".exe" 30
1110 (AMP )
10
(AMP )
100
1000
37 50
(AMP )
57 50
61 1
99 9
(AMP )
example.pdf testfile.doc
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1032
SenderBase
Trojan-Test (AMP )
109:
AMP
- 10010
- 15
-5
Advanced Malware Protection
Ironport
Ironport Ironport
(a) 1 (MD5).
(b) . ASCII ([a-z]) "a" ASCII ([A-Z]) "A" , UTF-8 "x" ( ), ASCII ([0-9]) "0" , (, ) . Britney1.txt.pif Aaaaaaa0.aaa.pif .
(c) URL IP . .
(d) URL .
AsyncOS 8.5 for Email , IronPort Anti-Spam Intelligent Multi-Scan SenderBase AsyncOS .
· , , .
Cisco . . Cisco Cisco , 370 .
· SBRS , CASE . CASE . AsyncOS
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1033
Cisco
SenderBase
. .
Cisco
SenderBase : · Cisco HTTPS Cisco SenderBase Network . · Cisco . , Cisco . · Cisco Systems .
Cisco ?
Cisco . Cisco . 5 SenderBase . HTTPS 1% . , CASE(Context Adaptive Scanning Engine) (Cisco ).
SenderBase " " . . "Body Scanning( ) , 172 " .
Cisco . Cisco Support Community, 7 .
Cisco . URL . Cisco .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1034
39
GUI
. · (GUI), 1035 · GUI , 1036 · GUI XML , 1036
(GUI)
(GUI) CLI(Command Line Interface) . GUI AsyncOS . HTTP / HTTPS GUI . " " .
GUI
Management HTTP . GUI CLI interfaceconfig , , HTTP HTTP .
GUI Network() > IP Interfaces(IP ) GUI . IP , 1199 .
HTTP . "HTTPS " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1035
GUI
GUI
, . 80 HTTP 443 HTTPS . HTTP .
HTTP HTTPS GUI ( , 893 ) .
GUI commit .
Data 1 GUI . 80 HTTP 443 HTTPS interfaceconfig . (certconfig HTTP . "Cisco " .) 80 HTTP Data1 443 .
GUI
· System Overview( ) .
· . · AsyncOS . · .
· System Status( ) DNS . .
GUI XML
XML , XML .
XML . XML .
GUI URL XML .
GUI
XML URL
Mail Status( )
http:// hostname /xml/status
Host Mail Status for a Specified Host( http:// hostname /xml/hoststatus?hostname= host )
DNS Status(DNS )
http:// hostname /xml/dnsstatus
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1036
GUI
GUI XML
GUI
XML URL
Top Incoming Domains( )
http:// hostname /xml/topin
Top Outgoing Domains( )1
http:// hostname /xml/tophosts
1 . URL "?sort=order" . order conn_out, deliv_recip, soft_bounced hard_bounced .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1037
GUI XML
GUI
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1038
40
. · , 1039 · NIC(Network Interface Card) /, 1040 · VLAN(Virtual Local Area Network), 1043 · Direct Server Return, 1047 · , 1051 · ARP , 1052
etherconfig . . . , 1040 .
etherconfig
etherconfig (/) (10/100/1,000Mbps) . , .
" " GUI ( Command Line Interface systemsetup ) .
. , 2( 3 4) . ( 1, 2 ) . NIC(Network Interface Card) /, 1040 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1039
mail3.example.com> etherconfig
Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address.
[]> media Ethernet interfaces: 1. Data 1 (Autoselect: <100baseTX full-duplex>) 00:06:5b:f3:ba:6d 2. Data 2 (Autoselect: <100baseTX full-duplex>) 00:06:5b:f3:ba:6e 3. Management (Autoselect: <100baseTX full-duplex>) 00:02:b3:c7:a2:da
Choose the operation you want to perform: - EDIT - Edit an ethernet interface. []> edit Enter the name or number of the ethernet interface you wish to edit. []> 2 Please choose the Ethernet media options for the Data 2 interface. 1. Autoselect 2. 10baseT/UTP half-duplex 3. 10baseT/UTP full-duplex 4. 100baseTX half-duplex
5. 100baseTX full-duplex
6. 1000baseTX half-duplex 7. 1000baseTX full-duplex [1]> 5 Ethernet interfaces: 1. Data 1 (Autoselect: <100baseTX full-duplex>) 00:06:5b:f3:ba:6d 2. Data 2 (100baseTX full-duplex: <100baseTX full-duplex>) 00:06:5b:f3:ba:6e 3. Management (Autoselect: <100baseTX full-duplex>) 00:02:b3:c7:a2:da Choose the operation you want to perform: - EDIT - Edit an ethernet interface. []> Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []>
NIC(Network Interface Card) /
NIC NIC 2 . . (, NIC ),
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1040
NIC VLAN
. . NIC NIC .
Email Security NIC .
NIC . NIC . . 1 2 3 4 2 3 Cisco . , 2( 3 4) . ( 1, 2 ) .
NIC VLAN
VLAN(VLAN(Virtual Local Area Network), 1043 ) .
NIC
NIC . AsyncOS 4.5 NIC `Pair 1' . NIC NIC .
NIC
NIC , .
etherconfig NIC
Email Security NIC .
mail3.example.com> etherconfig
Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1041
etherconfig NIC
- PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> pairing Paired interfaces: Choose the operation you want to perform: - NEW - Create a new pairing. []> new Please enter a name for this pair (Ex: "Pair 1"): []> Pair 1 Warning: The backup (Data 2) for the NIC Pair is currently configured with one or more IP addresses. If you continue, the Data 2 interface will be deleted. Do you want to continue? [N]> y The interface you are deleting is currently used by listener "OutgoingMail". What would you like to do? 1. Delete: Remove the listener and all its settings. 2. Change: Choose a new interface. 3. Ignore: Leave the listener configured for interface "Data 2" (the listener will be disabled until you add a new interface named "Data 2" or edit the listener's settings).
[1]> Listener OutgoingMail deleted for mail3.example.com. Interface Data 2 deleted. Paired interfaces: 1. Pair 1:
Primary (Data 1) Active, Link is up Backup (Data 2) Standby, Link is up Choose the operation you want to perform: - DELETE - Delete a pairing. - STATUS - Refresh status.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1042
VLAN(Virtual Local Area Network)
[]>
VLAN(Virtual Local Area Network)
VLAN(Virtual Local Area Network) . VLAN .
· .
· "" . · ,
. : VLAN Email Security Appliance . Data 2 VLAN1 VLAN2 . Sales (VLAN1) . , VLAN2 ( ) . VLAN
75: VLAN
VLAN
"Data" "Management" VLAN . AsyncOS 30 VLAN . VLAN IP . VLAN VLAN IP . VLAN VLAN . VLAN NIC ( NIC ) DSR(Direct Server Return) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1043
VLAN
VLAN "VLAN DDDD" " " . "DDDD" ID 4 (: VLAN 2 VLAN 4094). VLAN ID .
FTP, SSH SCP , 1199
VLAN
etherconfig VLAN . VLAN Network > Interfaces( > ) CLI interfaceconfig . .
etherconfig VLAN
1 VLAN 2 (: VLAN 31 VLAN 34).
mail3.example.com> etherconfig
Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> vlan VLAN interfaces: Choose the operation you want to perform: - NEW - Create a new VLAN. []> new VLAN ID for the interface (Ex: "34"): []> 34 Enter the name or number of the ethernet interface you wish bind to: 1. Data 1 2. Data 2 3. Management [1]> 1
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1044
etherconfig VLAN
VLAN interfaces: 1. VLAN 34 (Data 1) Choose the operation you want to perform:
- NEW - Create a new VLAN. - EDIT - Edit a VLAN. - DELETE - Delete a VLAN. []> new VLAN ID for the interface (Ex: "34"): []> 31 Enter the name or number of the ethernet interface you wish bind to: 1. Data 1 2. Data 2 3. Management [1]> 1 VLAN interfaces: 1. VLAN 31 (Data 1) 2. VLAN 34 (Data 1) Choose the operation you want to perform: - NEW - Create a new VLAN. - EDIT - Edit a VLAN. - DELETE - Delete a VLAN. []> Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1045
interfaceconfig VLAN IP
interfaceconfig VLAN IP
VLAN 31 IP . .
mail3.example.com> interfaceconfig Currently configured interfaces: 1. Data 1 (10.10.1.10/24: example.com) 2. Management (10.10.0.10/24: example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []> new
Please enter a name for this IP interface (Ex: "InternalNet"):
[]> InternalVLAN31 Would you like to configure an IPv4 address for this interface (y/n)? [Y]> IPv4 Address (Ex: 10.10.10.10): []> 10.10.31.10 Netmask (Ex: "255.255.255.0" or "0xffffff00"): [255.255.255.0]> Would you like to configure an IPv6 address for this interface (y/n)? [N]> Ethernet interface: 1. Data 1 2. Data 2 3. Management 4. VLAN 31 5. VLAN 34 [1]> 4 Hostname: []> mail31.example.com Do you want to enable SSH on this interface? [N]>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1046
VLAN
Do you want to enable FTP on this interface? [N]> Do you want to enable HTTP on this interface? [N]> Do you want to enable HTTPS on this interface? [N]> Currently configured interfaces: 1. Data 1 (10.10.1.10/24: example.com) 2. InternalVLAN31 (10.10.31.10/24: mail31.example.com) 3. Management (10.10.0.10/24: example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []>
VLAN
etherconfig VLAN Network > Listeners( > ) .
Direct Server Return
DSR(Direct Server Return) VIP( IP) Email Security Appliance . DSR "" IP .
Email Security Appliance .
DSR(Direct Server Return)
"" DSR . CLI interfaceconfig GUI Network > Interfaces( > ) VIP( IP) IP . CLI listenerconfig GUI Network > Listeners( > ) IP . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1047
etherconfig
ARP .
DSR . VIP( IP) . .
76: Email Security Appliance DSR
Email Security Appliance DSR
etherconfig
, (: 1) .
mail3.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address.
[]> loopback Currently configured loopback interface: Choose the operation you want to perform:
- ENABLE - Enable Loopback Interface. []> enable Currently configured loopback interface:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1048
interfaceconfig IP
1. Loopback Choose the operation you want to perform: - DISABLE - Disable Loopback Interface. []> Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []>
interfaceconfig IP
IP .
mail3.example.com> interfaceconfig Currently configured interfaces: 1. Data 1 (10.10.1.10/24: example.com) 2. InternalV1 (10.10.31.10/24: mail31.example.com) 3. Management (10.10.0.10/24: example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []> new Please enter a name for this IP interface (Ex: "InternalNet"): []> LoopVIP Would you like to configure an IPv4 address for this interface (y/n)? [Y]> IPv4 Address (Ex: 10.10.10.10): []> 10.10.1.11
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1049
interfaceconfig IP
Netmask (Ex: "255.255.255.0" or "0xffffff00"): [255.255.255.0]> 255.255.255.255 Would you like to configure an IPv6 address for this interface (y/n)? [N]> Ethernet interface: 1. Data 1 2. Data 2 3. Loopback 4. Management 5. VLAN 31 6. VLAN 34 [1]> 3 Hostname: []> example.com Do you want to enable SSH on this interface? [N]>
Do you want to enable FTP on this interface? [N]>
Do you want to enable HTTP on this interface? [N]> Do you want to enable HTTPS on this interface? [N]>
Currently configured interfaces: 1. Data 1 (10.10.1.10/24: example.com) 2. InternalV1 (10.10.31.10/24: mail31.example.com) 3. LoopVIP (10.10.1.11/24: example.com) 4. Management (10.10.0.10/24: example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1050
IP
IP
GUI CLI IP . GUI Add Listener( ) IP .
77: IP
MTU( ) . etherconfig MTU . MTU 1,500, MTU. MTU .
mail3.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> mtu Ethernet interfaces:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1051
ARP
1. Data 1 mtu 1400
2. Data 2 default mtu 1500
3. Management default mtu 1500
Choose the operation you want to perform:
- EDIT - Edit an ethernet interface.
[]> edit
Enter the name or number of the ethernet interface you wish to edit.
[]> 2
Please enter a non-default (1500) MTU value for the Data 2 interface.
[]> 1200
Ethernet interfaces:
1. Data 1 mtu 1400
2. Data 2 mtu 1200
3. Management default mtu 1500
Choose the operation you want to perform:
- EDIT - Edit an ethernet interface.
[]>
ARP
ARP . MULTICAST . ARP .
mail.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> multicast ARP replies with a multicast address will be rejected. Choose the operation you want to perform: - ACCEPT - Accept ARP replies with a multicast address. []> accept ARP replies with a multicast address will be accepted.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1052
41
.
· , 1053 · , 1061 · , 1105
· , 1053 · , 1053 · , 1059
AsyncOS . . (: ).
(ASCII) . ASCII .
Cisco Email Security Appliance M-Series Content Security Management . Cisco .
, ( ) . .
(: , , ). . , 1105 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1053
AsyncOS .
110:
qmail Delivery Logs
Status Logs Domain Debug Logs
Injection Debug Logs
. , , , , TLS .
qmail qmail .
Email Security Appliance (: ). "(stateless)". , . . XML CSV(comma-separated values) . . https://supportforums.cisco.com/document/33721/ cisco-ironport-systems-contributed-tools
. ID, ID, Envelope From , Envelope To , , . . (0).
CLI (status detail dnsstatus ) . logconfig setup . .
Email Security Appliance SMTP . . SMTP . . .
Email Security Appliance SMTP . Email Security Appliance .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1054
CLI Audit Logs FTP GUI HTTP
NTP LDAP Anti-Spam Logs Anti-Spam Archive
Anti-Virus Logs
, , DNS , commit . .
CLI CLI .
FTP FTP . .
HTTP .
HTTP HTTP / HTTP . GUI HTTP , GUI HTTP CLI . GUI ( , ) .
SMTP (: ).
NTP NTP(Network Time Protocol) . " " "NTP(Network Time Protocol) ( )" .
LDAP LDAP . ("LDAP " .) Email Security Appliance LDAP .
. Context Adaptive Scanning Engine .
" " . mbox . "" .
, , . Info() Debug() .
( " " ) . mbox .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1055
" " . mbox . "" .
AMP
AMP Engine Advanced Malware Protection . File Reputation Filtering and File Analysis( ), 461 .
AMP
Advanced Malware Protection . mbox .
Scanning Logs
LOG COMMON (, 962 ). , , . .
.
GUI
GUI , , ( ) .
SMTP
SMTP SMTP .
/ / / .
.
.
McAfee Anti-Virus .
Tracking Logs
. .
.
Email Security Appliance . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1056
API
.
API AsyncOS API for Cisco Email Security Appliances .
· API · API ( ) · · · AsyncOS API
.
111:
Contains()
SMTP
SMTP
·
·
·
·
·· ·
·
qmail
·
·
·
··
·
·
·
·
··
·
·
·
··
·
··
·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1057
Domain · Debug Logs
Injection · Debug Logs
·
CLI ·
FTP ·
HTTP ·
NTP ·
LDAP ·
·
Anti-Spam Archive
·
·
· · · · · · · · ·
· ·
·
·
·
Contains() ·· ·
·
·
· · · · ·
· ·
·
·
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1058
AMP ·
AMP
Scanning · Logs
·
· GUI
· /
·
·
Updater Logs
Tracking · Logs
·
·
API ·
· ·
· · · ·
Contains() ·
· · · ·
·
·
·
·
·
··
·
·· ·
·
·
·
·
· ·
. GUI logconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1059
log Push , CLI .
112:
FTP Push SCP Push Syslog Push
Log Subscriptions( ) . , . HTTP(S) .
CLI , (, ) .
FTP . , , . .
SCP . SSH1 SSH2 SSH SCP . , SSH , . .
syslog . RFC 3164 . Syslog UDP TCP . 514 . (facility) . . syslog push .
AsyncOS . , . .
/LogSubscriptionName/[email protected]
.current .s(saved ) . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1060
, ( ) ( ). CLI logconfig GUI Log Subscriptions( ) . GUI Rollover Now( ) CLI rollovernow . , 1109 .
( 10) .
Email Security Appliance ( ). "Manually Download( )".
3. , error_logs 1 . , 1106 . , 1105 .
· , 1062 · , 1075 · , 1077 · , 1079 · , 1082 · , 1083 · , 1084 · CLI , 1085 · FTP , 1085 · HTTP , 1086 · NTP , 1087 · , 1087 · , 1088 · , 1089 · , 1089 · AMP , 1090 · , 1095 · GUI , 1095 · LDAP , 1096
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1061
· / , 1097 · , 1098 · , 1099 · , 1100 · , 1101 · , 1102 · , 1103 · , 1104
, AsyncOS GMT ( , ) .
· · LDAP · ·
, . . . . . , 837 , 837 . .
113:
ICID DCID
RCID MID RID
Injection Connection ID. SMTP . 1~1000 .
Delivery Connection ID. 1~1000 SMTP . RID .
RPC Connection ID. RPC . .
Message ID. .
Recipient ID. ID .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1062
New Start
. .
.
. .
114:
1
Mon Apr 17 19:56:22 2003 Info: New SMTP ICID 5 interface Management (10.1.1.1) address 10.1.1.209 reverse dns host remotehost.com verified yes
2
Mon Apr 17 19:57:20 2003 Info: Start MID 6 ICID 5
3
Mon Apr 17 19:57:20 2003 Info: MID 6 ICID 5 From: <[email protected]>
4
Mon Apr 17 19:58:06 2003 Info: MID 6 ICID 5 RID 0 To: <[email protected]>
5
Mon Apr 17 19:59:52 2003 Info: MID 6 ready 100 bytes from <[email protected]>
6
Mon Apr 17 19:59:59 2003 Info: ICID 5 close
7
Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 8 interface 192.168.42.42 address 10.5.3.25
8
Mon Mar 31 20:10:58 2003 Info: Delivery start DCID 8 MID 6 to RID [0]
9
Mon Mar 31 20:10:58 2003 Info: Message done DCID 8 MID 6 to RID [0]
10
Mon Mar 31 20:11:03 2003 Info: DCID 8 close
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1063
115:
1
ICID(Injection ID) "5" .
Management IP 10.1.1.209
.
2
MAIL FROM MID(Message ID) "6" .
3
.
4
RID(Recipient ID) "0" .
5
MID 5 .
6
.
7
. 192.168.42.42 10.5.3.25
DCID(Delivery Connection ID) "8" .
8
RID "0" .
9
MID 6 RID "0" .
10
.
.
Email Security Appliance . .
Wed Jun 16 21:42:34 2004 Info: New SMTP ICID 282204970 interface mail.example.com (1.2.3.4) address 2.3.4.5 reverse dns host unknown verified no Wed Jun 16 21:42:34 2004 Info: ICID 282204970 SBRS None Wed Jun 16 21:42:35 2004 Info: Start MID 200257070 ICID 282204970 Wed Jun 16 21:42:35 2004 Info: MID 200257070 ICID 282204970 From: <[email protected]> Wed Jun 16 21:42:36 2004 Info: MID 200257070 ICID 282204970 RID 0 To: <[email protected]> Wed Jun 16 21:42:38 2004 Info: MID 200257070 Message-ID '<[email protected]>' Wed Jun 16 21:42:38 2004 Info: MID 200257070 Subject 'Hello' Wed Jun 16 21:42:38 2004 Info: MID 200257070 ready 24663 bytes from <[email protected]> Wed Jun 16 21:42:38 2004 Info: MID 200257070 antivirus negative
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1064
Wed Jun 16 21:42:38 2004 Info: MID 200257070 queued for delivery Wed Jun 16 21:42:38 2004 Info: New SMTP DCID 2386069 interface 1.2.3.4 address 1.2.3.4 Wed Jun 16 21:42:38 2004 Info: Delivery start DCID 2386069 MID 200257070 to RID [0] Wed Jun 16 21:42:38 2004 Info: ICID 282204970 close Wed Jun 16 21:42:38 2004 Info: Message done DCID 2386069 MID 200257070 to RID [0] [('X-SBRS', 'None')] Wed Jun 16 21:42:38 2004 Info: MID 200257070 RID [0] Response 2.6.0 <[email protected]> Queued mail for delivery Wed Jun 16 21:42:43 2004 Info: DCID 2386069 close
Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 5 interface 172.19.0.11 address 63.251.108.110 Mon Mar 31 20:10:58 2003 Info: Delivery start DCID 5 MID 4 to RID [0] Mon Mar 31 20:10:58 2003 Info: Message done DCID 5 MID 4 to RID [0] Mon Mar 31 20:11:03 2003 Info: DCID 5 close
( )
2 Email Security Appliance . 5XX . .
Mon Mar 31 20:00:23 2003 Info: New SMTP DCID 3 interface 172.19.0.11 address 64.81.204.225
Mon Mar 31 20:00:23 2003 Info: Delivery start DCID 3 MID 4 to RID [0, 1] Mon Mar 31 20:00:27 2003 Info: Bounced: DCID 3 MID 4 to RID 0 - 5.1.0 - Unknown address error ('550', ['<[email protected]>... Relaying denied']) [] Mon Mar 31 20:00:27 2003 Info: Bounced: DCID 3 MID 4 to RID 1 - 5.1.0 - Unknown address error ('550', ['<[email protected]>... Relaying denied']) [] Mon Mar 31 20:00:32 2003 Info: DCID 3 close
Email Security Appliance . . .
Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 5 interface 172.19.0.11 address 63.251.108.110
Mon Mar 31 20:00:23 2003 Info: Delivery start DCID 3 MID 4 to RID [0, 1]
Mon Mar 31 20:00:23 2003 Info: Delayed: DCID 5 MID 4 to RID 0 - 4.1.0 - Unknown address error ('466', ['Mailbox temporarily full.'])[]
Mon Mar 31 20:00:23 2003 Info: Message 4 to RID [0] pending till Mon Mar 31 20:01:23 2003
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1065
scanconfig
Mon Mar 31 20:01:28 2003 Info: DCID 5 close Mon Mar 31 20:01:28 2003 Info: New SMTP DCID 16 interface PublicNet address 172.17.0.113 Mon Mar 31 20:01:28 2003 Info: Delivery start DCID 16 MID 4 to RID [0] Mon Mar 31 20:01:28 2003 Info: Message done DCID 16 MID 4 to RID [0] Mon Mar 31 20:01:33 2003 Info: DCID 16 close
scanconfig ( ) scanconfig . Deliver, Bounce Drop. scanconfig Deliver .
Tue Aug 3 16:36:29 2004 Info: MID 256 ICID 44784 From: <[email protected]> Tue Aug 3 16:36:29 2004 Info: MID 256 ICID 44784 RID 0 To: <[email protected]> Tue Aug 3 16:36:29 2004 Info: MID 256 Message-ID '<[email protected]>' Tue Aug 3 16:36:29 2004 Info: MID 256 Subject 'Virus Scanner Test #22' Tue Aug 3 16:36:29 2004 Info: MID 256 ready 1627 bytes from <[email protected]> Tue Aug 3 16:36:29 2004 Warning: MID 256, Message Scanning Problem: Continuation line seen before first header
Tue Aug 3 16:36:29 2004 Info: ICID 44784 close Tue Aug 3 16:36:29 2004 Info: MID 256 antivirus positive 'EICAR-AV-Test' Tue Aug 3 16:36:29 2004 Info: Message aborted MID 256 Dropped by antivirus Tue Aug 3 16:36:29 2004 Info: Message finished MID 256 done
scanconfig drop .
Tue Aug 3 16:38:53 2004 Info: Start MID 257 ICID 44785 Tue Aug 3 16:38:53 2004 Info: MID 257 ICID 44785 From: [email protected] Tue Aug 3 16:38:53 2004 Info: MID 257 ICID 44785 RID 0 To: <[email protected]> Tue Aug 3 16:38:53 2004 Info: MID 257 Message-ID '<[email protected]>' Tue Aug 3 16:38:53 2004 Info: MID 25781 Subject 'Virus Scanner Test #22' Tue Aug 3 16:38:53 2004 Info: MID 257 ready 1627 bytes from <[email protected]> Tue Aug 3 16:38:53 2004 Warning: MID 257, Message Scanning Problem: Continuation line seen before first header Tue Aug 3 16:38:53 2004 Info: Message aborted MID 25781 Dropped by filter 'drop_zip_c' Tue Aug 3 16:38:53 2004 Info: Message finished MID 257 done Tue Aug 3 16:38:53 2004 Info: ICID 44785 close
"Message Body Contains" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1066
DANE
Sat Apr 23 05:05:42 2011 Info: New SMTP ICID 28 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host test.com verified yes
Sat Apr 23 05:05:42 2011 Info: ICID 28 ACCEPT SG UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 0.0
Sat Apr 23 05:05:42 2011 Info: Start MID 44 ICID 28 Sat Apr 23 05:05:42 2011 Info: MID 44 ICID 28 From: <[email protected]> Sat Apr 23 05:05:42 2011 Info: MID 44 ICID 28 RID 0 To: <[email protected]> Sat Apr 23 05:05:42 2011 Info: MID 44 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Sat Apr 23 05:05:42 2011 Info: MID 44 Subject 'Message 001' Sat Apr 23 05:05:42 2011 Info: MID 44 ready 240129 bytes from <[email protected]> Sat Apr 23 05:05:42 2011 Info: MID 44 matched all recipients for per-recipient policy DEFAULT in the inbound table Sat Apr 23 05:05:42 2011 Info: ICID 28 close Sat Apr 23 05:05:42 2011 Info: MID 44 interim verdict using engine: CASE spam negative Sat Apr 23 05:05:42 2011 Info: MID 44 using engine: CASE spam negative Sat Apr 23 05:05:43 2011 Info: MID 44 attachment 'Banner.gif' Sat Apr 23 05:05:43 2011 Info: MID 44 attachment '=D1=82=D0=B5=D1=81=D1=82.rst' Sat Apr 23 05:05:43 2011 Info: MID 44 attachment 'Test=20Attachment.docx' Sat Apr 23 05:05:43 2011 Info: MID 44 queued for delivery
. QP(quoted-printable) .
DANE
. DNS DNS MX , DNS A TLSA . DANE "Mandatory" x.509 TLSA . TLSA .
Tue Nov 13 12:13:33 2018 Debug: Trying DANE MANDATORY for example.org Tue Nov 13 12:13:33 2018 Debug: SECURE MX record(mail.example.org) found for example.org Tue Nov 13 12:13:33 2018 Debug: DNS query: Q('mail.example.org', 'CNAME') Tue Nov 13 12:13:33 2018 Debug: DNS query: QN('mail.example.org', 'CNAME', 'recursive_nameserver0.parent') Tue Nov 13 12:13:33 2018 Debug: DNS query: QIP ('mail.example.org','CNAME','8.8.8.8',60) Tue Nov 13 12:13:33 2018 Debug: DNS query: Q ('mail.example.org', 'CNAME', '8.8.8.8') Tue Nov 13 12:13:34 2018 Debug: DNSSEC Response data([], , 0, 1799) Tue Nov 13 12:13:34 2018 Debug: Received NODATA for domain mail.example.org type CNAME Tue Nov 13 12:13:34 2018 Debug: No CNAME record(NoError) found for domain(mail.example.org) Tue Nov 13 12:13:34 2018 Debug: SECURE A record (4.31.198.44) found for MX(mail.example.org) in example.org Tue Nov 13 12:13:34 2018 Info: New SMTP DCID 92 interface 10.10.1.191 address 4.31.198.44 port 25 Tue Nov 13 12:13:34 2018 Info: ICID 13 lost Tue Nov 13 12:13:34 2018 Info: ICID 13 close Tue Nov 13 12:13:34 2018 Debug: DNS query: Q('_25._tcp.mail.example.org', 'TLSA') Tue Nov 13 12:13:34 2018 Debug: DNS query: QN('_25._tcp.mail.example.org', 'TLSA', 'recursive_nameserver0.parent') Tue Nov 13 12:13:34 2018 Debug: DNS query: QIP ('_25._tcp.mail.example.org','TLSA','8.8.8.8',60) Tue Nov 13 12:13:34 2018 Debug: DNS query: Q ('_25._tcp.mail.example.org', 'TLSA', '8.8.8.8') Tue Nov 13 12:13:35 2018 Debug: DNSSEC Response data(['0301010c72ac70b745ac19998811b13 1d662c9ac69dbdbe7cb23e5b514b56664c5d3d6'], secure, 0, 1799) Tue Nov 13 12:13:35 2018 Debug: DNS encache (_25._tcp.mail.example.org, TLSA, [(2550119024205761L, 0, 'SECURE', '0301010c72ac70b745ac19998811b131d662c9ac69dbdbe7cb23e5b514b56664c5d3d6')])
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1067
Tue Nov 13 12:13:35 2018 Debug: SECURE TLSA Record found for MX(mail.example.org) in example.org Tue Nov 13 12:13:36 2018 Info: DCID 92 Certificate verification successful Tue Nov 13 12:13:36 2018 Info: DCID 92 TLS success protocol TLSv1.2 cipher Tue Nov 13 12:13:36 2018 Info: DCID 92 TLS success protocol TLSv1.2 cipher ECDHE-RSA-AES256-GCM-SHA384 for example.org Tue Nov 13 12:13:36 2018 Info: Delivery start DCID 92 MID 23 to RID [0]
. DNS DNS MX , DNS A TLSA . DANE "Mandatory" x.509 TLSA . . TLSA .
Wed Nov 14 05:52:08 2018 Debug: DNS query: QN('server1.example.net', 'CNAME', 'recursive_nameserver0.parent') Wed Nov 14 05:52:08 2018 Debug: DNS query: QIP ('server1.example.net','CNAME','10.10.2.184',60) Wed Nov 14 05:52:08 2018 Debug: DNS query: Q ('server1.example.net', 'CNAME', '10.10.2.184') Wed Nov 14 05:52:08 2018 Debug: DNSSEC Response data([], , 0, 284) Wed Nov 14 05:52:08 2018 Debug: Received NODATA for domain server1.example.net type CNAME Wed Nov 14 05:52:08 2018 Debug: No CNAME record(NoError) found for domain(server1.example.net) Wed Nov 14 05:52:08 2018 Debug: Secure CNAME(server1.example.net) found for MX(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Debug: SECURE A record (10.10.1.198) found for MX(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Info: New SMTP DCID 102 interface 10.10.1.191 address 10.10.1.198
port 25 Wed Nov 14 05:52:08 2018 Debug: Fetching TLSA records with CNAME(server1.example.net) for MX(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Debug: DNS query: Q('_25._tcp.server1.example.net', 'TLSA') Wed Nov 14 05:52:08 2018 Debug: SECURE TLSA Record found for MX(server1.example.net) in example.net Wed Nov 14 05:52:08 2018 Debug: DCID 102 All TLSA records failed for certificate not trusted Wed Nov 14 05:52:08 2018 Debug: Fetching TLSA records with initial name(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Debug: DNS query: Q('_25._tcp.someone.cs2.example.net', 'TLSA') Wed Nov 14 05:52:08 2018 Debug: SECURE TLSA Record found for MX(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Info: DCID 102 Certificate verification successful Wed Nov 14 05:52:08 2018 Info: DCID 102 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-SHA256 for example.net Wed Nov 14 05:52:08 2018 Info: Delivery start DCID 102 MID 26 to RID [0] Wed Nov 14 05:52:08 2018 Info: Message done DCID 102 MID 26 to RID [0] Wed Nov 14 05:52:08 2018 Info: MID 26 RID [0] Response 'ok: Message 31009 accepted' Wed Nov 14 05:52:08 2018 Info: Message finished MID 26 done
Wed Nov 14 06:36:22 2018 Debug: Trying DANE MANDATORY for example.net Wed Nov 14 06:36:22 2018 Debug: SECURE MX record(someone.cs2.example.net) found for example.net Wed Nov 14 06:36:22 2018 Debug: DNS query: Q('someone.cs2.example.net', 'CNAME') Wed Nov 14 06:36:22 2018 Debug: DNS query: QN('someone.cs2.example.net', 'CNAME', 'recursive_nameserver0.parent') Wed Nov 14 06:36:22 2018 Debug: DNS query: QIP ('someone.cs2.example.net','CNAME','10.10.2.184',60) Wed Nov 14 06:36:22 2018 Debug: DNS query: Q ('someone.cs2.example.net', 'CNAME', '10.10.2.184') Wed Nov 14 06:36:22 2018 Debug: DNSSEC Response data(['mail.example2.net.'], secure, 0,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1068
TLSA
3525) Wed Nov 14 06:36:22 2018 Debug: DNS encache (someone.cs2.example.net, CNAME, [(2692348132363369L, 0, 'SECURE', 'mail.example2.net')]) Wed Nov 14 06:36:22 2018 Debug: DNS query: Q('mail.example2.net', 'CNAME') Wed Nov 14 06:36:22 2018 Debug: DNS query: QN('mail.example2.net', 'CNAME', 'recursive_nameserver0.parent') Wed Nov 14 06:36:22 2018 Debug: DNS query: QIP ('mail.example2.net','CNAME','10.10.2.184',60) Wed Nov 14 06:36:22 2018 Debug: DNS query: Q ('mail.example2.net', 'CNAME', '10.10.2.184') Wed Nov 14 06:36:22 2018 Debug: DNSSEC Response data([], , 0, 225) Wed Nov 14 06:36:22 2018 Debug: Received NODATA for domain mail.example2.net type CNAME Wed Nov 14 06:36:22 2018 Debug: No CNAME record(NoError) found for domain(mail.example2.net) Wed Nov 14 06:36:22 2018 Debug: Secure CNAME(mail.example2.net) found for MX(someone.cs2.example.net) in example.net Wed Nov 14 06:36:22 2018 Debug: INSECURE A record (10.10.1.197) found for MX(someone.cs2.example.net) in example.net Wed Nov 14 06:36:22 2018 Debug: Fetching TLSA records with initial name(someone.cs2.example.net) in example.net Wed Nov 14 06:36:22 2018 Info: New SMTP DCID 104 interface 10.10.1.191 address 10.10.1.197
port 25 Wed Nov 14 06:36:36 2018 Debug: DNS query: Q('_25._tcp.someone.cs2.example.net', 'TLSA') Wed Nov 14 06:36:36 2018 Debug: SECURE TLSA Record found for MX(someone.cs2.example.net) in example.net Wed Nov 14 06:36:36 2018 Debug: DCID 104 All TLSA records failed for certificate not trusted Wed Nov 14 06:36:36 2018 Info: MID 27 DCID 104 DANE failed for the domain example.net: DANE Certificate verification failed Wed Nov 14 06:36:36 2018 Info: Failed for all MX hosts in example.net
TLSA
. DNS DNS MX , DNS A TLSA . DANE "Mandatory" x.509 TLSA . TLSA .
Tue Aug 7 05:15:18 2018 Debug: Trying DANE MANDATORY for example-dane.net Tue Aug 7 05:15:18 2018 Debug: SECURE MX record (someone.example-dane.net) found for test-tlsabogus.net Tue Aug 7 05:15:18 2018 Debug: DNS query: Q ('someone.example-dane.net', 'CNAME') Tue Aug 7 05:15:18 2018 Debug: DNS query: QN ('someone.example-dane.net', 'CNAME', 'recursive_nameserver0.parent') Tue Aug 7 05:15:18 2018 Debug: DNS query: QIP ('someone.example-dane.net','CNAME','10.10.2.183', 60) Tue Aug 7 05:15:18 2018 Debug: DNS query: Q ('someone.example-dane.net', 'CNAME', '10.10.2.183') Tue Aug 7 05:15:18 2018 Debug: DNSSEC Response data ([], , 0, 300) Tue Aug 7 05:15:18 2018 Debug: SECURE A record (10.10.1.198) found for MX (someone.example-dane.net) in example-dane.net Tue Aug 7 05:15:18 2018 Info: ICID 32 close Tue Aug 7 05:15:18 2018 Info: New SMTP DCID 61 interface 10.10.1.194 address 10.10.1.198 port 25 Tue Aug 7 05:15:18 2018 Debug: DNS query: Q ('_25._tcp.someone.example-dane.net', 'TLSA') Tue Aug 7 05:15:18 2018 Debug: DNS query: QN ('_25._tcp.someone.example-dane.net', 'TLSA',
'recursive_nameserver0.parent') Tue Aug 7 05:15:18 2018 Debug: DNS query: QIP ('_25._tcp.someone.example-dane.net','TLSA','10.10.2.183', 60) Tue Aug 7 05:15:18 2018 Debug: DNS query: Q ('_25._tcp.someone.example-dane.net', 'TLSA', '10.10.2.183') Tue Aug 7 05:15:18 2018 Debug: DNSSEC Response data
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1069
TLSA TLS
(['03010160b3f16867357cdfef37bb6acd687af54f 225e3bfa945e1d37bfd37bd4eb6020'], bogus, 0, 60) Tue Aug 7 05:15:18 2018 Debug: DNS encache (_25._tcp.someone.example-dane.net, TLSA, [(11065394975822091L,
0, 'BOGUS', '03010160b3f16867357cdfef37bb6acd687af54f225e3bfa945e1d37bfd37bd4eb6020')]) Tue Aug 7 05:15:18 2018 Debug: BOGUS TLSA Record is found for MX (someone.example-dane.net)
in example-dane.net Tue Aug 7 05:15:18 2018 Debug: Trying next MX record in example-dane.net Tue Aug 7 05:15:18 2018 Info: MID 44 DCID 61 DANE failed: TLSA record BOGUS Tue Aug 7 05:15:18 2018 Debug: Failed for all MX hosts in example-dane.net
TLSA TLS
. DNS DNS MX , DNS A TLSA . DANE "Opportunistic" x.509 TLSA . TLSA SMTP TLS .
Wed Sep 12 06:51:32 2018 Debug: Trying DANE OPPORTUNISTIC for example-dane.com Wed Sep 12 06:51:32 2018 Debug: SECURE MX record (mx.example-dane.com) found for digitalhellion.com Wed Sep 12 06:51:32 2018 Debug: DNS query: Q ('mx.example-dane.com', 'CNAME') Wed Sep 12 06:51:32 2018 Debug: DNS query: QN ('mx.example-dane.com', 'CNAME', 'recursive_nameserver0.parent') Wed Sep 12 06:51:32 2018 Debug: DNS query: QIP ('mx.example-dane.com', 'CNAME','8.8.8.8',60) Wed Sep 12 06:51:32 2018 Debug: DNS query: Q ('mx.example-dane.com', 'CNAME', '8.8.8.8') Wed Sep 12 06:51:32 2018 Debug: DNSSEC Response data ([], , 0, 1799) Wed Sep 12 06:51:32 2018 Debug: Received NODATA for domain mx.example-dane.com type CNAME Wed Sep 12 06:51:32 2018 Debug: No CNAME record (NoError) found for domain (mx.example-dane.com) Wed Sep 12 06:51:32 2018 Debug: SECURE A record (162.213.199.115) found for MX (mx.example-dane.com) in example-dane.com Wed Sep 12 06:51:32 2018 Info: ICID 1 lost Wed Sep 12 06:51:32 2018 Info: ICID 1 close Wed Sep 12 06:51:33 2018 Info: New SMTP DCID 2 interface 10.10.1.173 address 162.213.199.115
port 25 Wed Sep 12 06:51:33 2018 Debug: DNS query: Q ('_25._tcp.mx.example-dane.com', 'TLSA') Wed Sep 12 06:51:33 2018 Debug: DNS query: QN ('_25._tcp.mx.example-dane.com', 'TLSA', 'recursive_nameserver0.parent') Wed Sep 12 06:51:33 2018 Debug: DNS query: QIP ('_25._tcp.mx.example-dane.com','TLSA','8.8.8.8', 60) Wed Sep 12 06:51:33 2018 Debug: DNS query: Q ('_25._tcp.mx.example-dane.com', 'TLSA', '8.8.8.8') Wed Sep 12 06:51:34 2018 Debug: DNSSEC Response data ([], , 3, 1798) Wed Sep 12 06:51:34 2018 Debug: Received NXDomain for domain _25._tcp.mx.example-dane.com'
type TLSA Wed Sep 12 06:51:34 2018 Debug: No TLSA record (NXDomain) found for MX (mx.example-dane.com) Wed Sep 12 06:51:34 2018 Debug: Falling back to conventional TLS for MX (mx.example-dane.com)
in example-dane.com Wed Sep 12 06:51:34 2018 Info: MID 1 DCID 2 DANE failed for the domain example-dane.com: No TLSA Record Wed Sep 12 06:51:34 2018 Info: DCID 2 TLS success protocol TLSv1.2 cipher ECDHE-RSA-AES256-GCM-SHA384 Wed Sep 12 06:51:35 2018 Info: Delivery start DCID 2 MID 1 to RID [0]
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1070
URL URL
Thu Apr 6 06:50:18 2017 Info: ICID 73 ACCEPT SG WHITELIST match country[us] SBRS -10.0 country United States
URL URL
URL URL .
Wed Nov 8 13:35:48 2017 Info: MID 976 not completely scanned by SDS. Error: The number of URLs in the message attachments exceeded the URL scan limit.
URL URL
URL URL .
Wed Nov 8 13:37:42 2017 Info: MID 976 not completely scanned by SDS. Error: The number of URLs in the message body exceeded the URL scan limit.
URL Cisco
URL -3 URl Cisco Security Proxy .
Tue Nov 7 10:42:41 2017 Info: MID 9 having URL: http://ow.ly/Sb6O30fJvVn has been expanded to http://bit.ly/2frAl1x
Tue Nov 7 10:42:42 2017 Info: MID 9 having URL: http://bit.ly/2frAl1x has been expanded to http://thebest01.wayisbetter.cn/?cMFN
Tue Nov 7 10:42:42 2017 Info: MID 9 URL http://thebest01.wayisbetter.cn/?cMFN has reputation -3.854 matched Action: URL redirected to Cisco Security proxy
Tue Nov 7 10:42:42 2017 Info: MID 9 rewritten to MID 10 by url-reputation-proxy-redirect-action filter 'aa'
URL
URL URL .
Mon Oct 30 10:58:59 2017 Info: MID 36 having URL: http://ow.ly/P0Kw30fVst3 has been expanded to http://bit.ly/2ymYWPR
Mon Oct 30 10:59:00 2017 Info: MID 36 having URL: http://bit.ly/2ymYWPR has been expanded to http://ow.ly/cTS730fVssH Mon Oct 30 10:59:01 2017 Info: MID 36 having URL: http://ow.ly/cTS730fVssH has been expanded
to http://bit.ly/2xK8PD9 Mon Oct 30 10:59:01 2017 Info: MID 36 having URL: http://bit.ly/2xK8PD9 has been expanded to http://ow.ly/lWOi30fVssl Mon Oct 30 10:59:02 2017 Info: MID 36 having URL: http://ow.ly/lWOi30fVssl has been expanded
to http://bit.ly/2ggHv9e Mon Oct 30 10:59:03 2017 Info: MID 36 having URL: http://bit.ly/2ggHv9e has been expanded to http://ow.ly/4fSO30fVsqx Mon Oct 30 10:59:04 2017 Info: MID 36 having URL: http://ow.ly/4fSO30fVsqx has been expanded
to http://bit.ly/2hKEFcW Mon Oct 30 10:59:05 2017 Info: MID 36 having URL: http://bit.ly/2hKEFcW has been expanded to http://ow.ly/NyH830fVsq6 Mon Oct 30 10:59:06 2017 Info: MID 36 having URL: http://ow.ly/NyH830fVsq6 has been expanded
to http://bit.ly/2ysnsNi Mon Oct 30 10:59:06 2017 Info: MID 36 having URL: http://bit.ly/2ysnsNi has been expanded to http://ow.ly/JhUN30fVsnL Mon Oct 30 10:59:07 2017 Info: MID 36 having URL: http://ow.ly/JhUN30fVsnL has been expanded
to http://bit.ly/2hKQmAe Mon Oct 30 10:59:07 2017 Info: MID 36 URL http://bit.ly/2hKQmAe is marked malicious due to
: URL depth exceeded Mon Oct 30 11:04:48 2017 Warning: MID 40 Failed to expand URL http://mail1.example.com/abcd
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1071
URL
Reason: Error while trying to retrieve expanded URL Mon Oct 30 11:04:48 2017 Info: MID 40 not completely scanned for URL Filtering. Error: Message has a shortened URL that could not be expanded
URL
-9.5 URL .
Mon Nov 6 06:50:18 2017 Info: MID 935 Attachment file_1.txt URL http://jrsjvysq.net has reputation -9.5 matched Condition: URL Reputation Rule
Unscannable( )
.
Tue Oct 24 08:28:58 2017 Info: Start MID 811 ICID 10 Tue Oct 24 08:28:58 2017 Info: MID 811 ICID 10 From: <[email protected]> Tue Oct 24 08:28:58 2017 Info: MID 811 ICID 10 RID 0 To: <[email protected]> Tue Oct 24 08:28:58 2017 Info: MID 811 Message-ID '<[email protected]>' Tue Oct 24 08:28:58 2017 Info: MID 811 Subject 'Test mail' Tue Oct 24 08:28:58 2017 Info: MID 811 ready 5242827 bytes from <[email protected]> Tue Oct 24 08:28:58 2017 Info: MID 811 matched all recipients for per-recipient policy DEFAULT in the inbound table Tue Oct 24 08:28:59 2017 Info: MID 811 attachment 'gzip.tar.gz' Tue Oct 24 08:28:59 2017 Info: MID 811 was marked as unscannable due to extraction failures.
Reason: Error in extraction process - Decoding Errors. Tue Oct 24 08:28:59 2017 Info: ICID 10 close Tue Oct 24 08:28:59 2017 Info: MID 811 quarantined to "Policy" (Unscannable: due to Extraction
Failure) Tue Oct 24 08:28:59 2017 Info: Message finished MID 811 done
RFC Unscannable( )
RFC .
Tue Oct 24 08:23:26 2017 Info: Start MID 807 ICID 6 Tue Oct 24 08:23:26 2017 Info: MID 807 ICID 6 From: <[email protected]> Tue Oct 24 08:23:26 2017 Info: MID 807 ICID 6 RID 0 To: <[email protected]> Tue Oct 24 08:23:26 2017 Info: MID 807 Subject `Test Mail' Tue Oct 24 08:23:26 2017 Info: MID 807 ready 427 bytes from <[email protected]> Tue Oct 24 08:23:26 2017 Info: MID 807 matched all recipients for per-recipient policy DEFAULT in the inbound table Tue Oct 24 08:23:26 2017 Info: MID 807 was marked as unscannable due to an RFC violation. Reason: A Unix-From header was found in the middle of a header block. Tue Oct 24 08:23:26 2017 Info: MID 807 queued for delivery Tue Oct 24 08:23:26 2017 Info: ICID 6 close
/ (alt-rcpt-to , rcpt , bcc() , ) . MID (DCID ). .
Tue Jun 1 20:02:16 2004 Info: MID 14 generated based on MID 13 by bcc filter 'nonetest'
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1072
Tue Jan 6 15:03:18 2004 Info: MID 2 rewritten to 3 by antispam
Fri May 14 20:44:43 2004 Info: MID 6 rewritten to 7 by alt-rcpt-to-filter filter 'testfilt'
`rewritten' , MID .
RPC RCID(RPC connection ID) . .
Wed Feb 14 12:11:40 2007 Info: Start MID 2317877 ICID 15726925
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ICID 15726925 From: <[email protected]> Wed Feb 14 12:11:40 2007 Info: MID 2317877 ICID 15726925 RID 0 To: <[email protected]> Wed Feb 14 12:11:40 2007 Info: MID 2317877 Message-ID '<W1TH05606E5811BEA0734309D4BAF0.323.14460.pimailer44.DumpShot.2@email.chase.com>' Wed Feb 14 12:11:40 2007 Info: MID 2317877 Subject 'Envision your dream home - Now make it a reality'
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ready 15731 bytes from <[email protected]>
Wed Feb 14 12:11:40 2007 Info: MID 2317877 matched all recipients for per-recipient policy DEFAULT in the inbound table
Wed Feb 14 12:11:41 2007 Info: MID 2317877 using engine: CASE spam suspect
Wed Feb 14 12:11:41 2007 Info: EUQ: Tagging MID 2317877 for quarantine Wed Feb 14 12:11:41 2007 Info: MID 2317877 antivirus negative Wed Feb 14 12:11:41 2007 Info: MID 2317877 queued for delivery Wed Feb 14 12:11:44 2007 Info: RPC Delivery start RCID 756814 MID 2317877 to local IronPort Spam Quarantine
Wed Feb 14 12:11:45 2007 Info: EUQ: Quarantined MID 2317877
Wed Feb 14 12:11:45 2007 Info: RPC Message done RCID 756814 MID 2317877
Wed Feb 14 12:11:45 2007 Info: Message finished MID 2317877 done
. Info() Debug() .
Thu Jun 7 20:48:10 2018 Info: MID 91 Threat feeds source 'S1' detected malicious URL: 'http://digimobil.mobi/' in attachment(s): malurl.txt. Action: Attachment stripped
SDR
SDR . Info() Debug() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1073
· , 333
· , 333
· , 334
· , 334
SDR SDR .
Mon Jul 2 08:57:18 2018 Info: New SMTP ICID 3 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 08:57:18 2018 Info: ICID 3 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled
country not enabled Mon Jul 2 08:57:18 2018 Info: Start MID 3 ICID 3 Mon Jul 2 08:57:18 2018 Info: MID 3 ICID 3 From: <[email protected]> Mon Jul 2 08:57:18 2018 Info: MID 3 ICID 3 RID 0 To: <[email protected]> Mon Jul 2 08:57:18 2018 Info: MID 3 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon
Jul 2 08:57:18 2018 Info: MID 3 Subject 'Message 001' Mon Jul 2 08:57:19 2018 Info: MID 3 SDR: Message was not scanned for Sender Domain Reputation.
Reason: Authentication failure.
CLI sdradvancedconfig Cisco Email Security SDR .
SDR SDR .
Mon Jul 2 09:00:13 2018 Info: New SMTP ICID 4 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 09:00:13 2018 Info: ICID 4 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled
country not enabled Mon Jul 2 09:00:13 2018 Info: Start MID 4 ICID 4 Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 From: <[email protected]> Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 RID 0 To: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:00:13 2018 Info: MID 4 Subject 'Message 001' Mon Jul 2 09:00:13 2018 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation.
Reason: Request timed out.
SDR .
SDR Cisco Email Security SDR .
Mon Jul 2 09:04:08 2018 Info: ICID 7 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1074
Mon Jul 2 09:04:08 2018 Info: Start MID 7 ICID 7 Mon Jul 2 09:04:08 2018 Info: MID 7 ICID 7 From: <[email protected] > Mon Jul 2 09:04:08 2018 Info: MID 7 ICID 7 RID 0 To: <[email protected] > Mon Jul 2 09:04:08 2018 Info: MID 7 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon
Jul 2 09:04:08 2018 Info: MID 7 Subject 'Message 001' Mon Jul 2 09:04:08 2018 Info: MID 7 SDR: Message was not scanned for Sender Domain Reputation.
Reason: Invalid host configured.
CLI sdradvancedconfig Cisco Email Security SDR .
SDR .
Mon Jul 2 09:00:13 2018 Info: New SMTP ICID 4 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 09:00:13 2018 Info: ICID 4 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled
country not enabled Mon Jul 2 09:00:13 2018 Info: Start MID 4 ICID 4 Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 From: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 RID 0 To: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:00:13 2018 Info: MID 4 Subject 'Test mail' Mon Jul 2 09:00:13 2018 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation.
Reason: Unknown error.
.
AsyncOS . " (stateless)". , .
. Cisco , . . https://supportforums.cisco.com/document/33721/ cisco-ironport-systems-contributed-tools
. .
116:
Delivery status Del_time
( ) ( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1075
Inj_time Bytes Mid Ip From Source_ip Rcpt Rid
Injection time. del_time - inj_time = ID IP. IP Envelope From(Envelope Sender MAIL FROM ) IP. IP SMTP SMTP ID. ID <0> , ID Envelope To
.
117:
SMTP RFC 1893 Enhanced Mail Status Code SMTP SMTP
logheaders ( , 1108 ) .
118:
Customer_data
XML
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1076
.
Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 5 interface 172.19.0.11 address 63.251.108.110 Mon Mar 31 20:10:58 2003 Info: Delivery start DCID 5 MID 4 to RID [0] Mon Mar 31 20:10:58 2003 Info: Message done DCID 5 MID 4 to RID [0] Mon Mar 31 20:11:03 2003 Info: DCID 5 close
<bounce del_time="Sun Jan 05 08:28:33.073 2003" inj_time="Mon Jan 05 08:28:32.929 2003" bytes="4074" mid="94157762" ip="0.0.0.0" from="[email protected]" source_ip="192.168.102.1 "reason="5.1.0 - Unknown address error" code="550" error="["Requested action not taken: mailbox unavailable"]">
<rcpt rid="0" to="[email protected]" attempts="1" /> </bounce>
Logheaders
<success del_time="Tue Jan 28 15:56:13.123 2003" inj_time="Tue Jan 28 15:55:17.696 2003" bytes="139" mid="202" ip="10.1.1.13" from="[email protected]" source_ip="192.168.102.1"
code="250" reply="sent">
<rcpt rid="0" to="[email protected]" attempts="1" /> <customer_data> <header name="xname" value="sh"/> </customer_data> </success>
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1077
119:
Log level Bounce type MID/RID From
(: ) Message ID Recipient ID Envelope From Envelope To SMTP RFC 1893 Enhanced Mail Status Code SMTP
logheaders ( , 1108 ) .
120:
Soft-Bounced Recipient (Bounce Type = Delayed)
Thu Dec 26 18:37:00 2003 Info: Delayed: 44451135:0 From:<[email protected]> To:<[email protected]>
Reason: "4.1.0 - Unknown address error" Response: "('451', ['<[email protected]> Automated block triggered by suspicious activity from your IP address (10.1.1.1). Have your system administrator send e-mail to [email protected] if you believe this block is in error'])"
Hard-Bounced Recipient (Bounce Type = Bounced)
Thu Dec 26 18:36:59 2003 Info: Bounced: 45346670:0 From:<[email protected]> To:<[email protected]>
Reason: "5.1.0 - Unknown address error" Response: "('550', ['There is no such active account.'])"
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1078
Bounce Log with Message Body and Logheaders
Bounce Log with Message Body and Logheaders
Wed Jan 29 00:06:30 2003 Info: Bounced: 203:0 From:<[email protected]> To:<[email protected]>
Reason:"5.1.2 - Bad destination host" Response: "('000', [])" Headers: ['xname: userID2333']' Message: Message-Id:
<[email protected]>\015\012xname: userID2333\015\012subject: Greetings.\015\012\015\012Hi Tom:'
\015\012 (: CRLF).
CLI status (status, status detail, dnsstatus ) . logconfig setup . .
.
121:
CPULd DskIO RAMUtil QKUsd QKFre CrtMID CrtICID CRTDCID InjBytes InjMsg InjRcp
CPU I/O RAM Queue Kilobytes Used( ) Queue Kilobytes Free( ) ID(MID) ICID(Injection Connection ID) DCID(Delivery Connection ID) () Injected Messages( ) Injected Recipients( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1079
GenBncRcp RejRcp DrpMsg SftBncEvnt CmpRcp HrdBncRcp DnsHrdBnc 5XXHrdBnc FltrHrdBnc ExpHrdBnc OtrHrdBnc DlvRcp DelRcp GlbUnsbHt ActvRcp UnatmptRcp AtmptRcp CrtCncIn CrtCncOut DnsReq NetReq CchHit CchMis CchEct CchExp CPUTTm
(drop) Soft Bounced Events Hard Bounced Recipients DNS 5XX Delivered Recipients Active Recipients DNS CPU
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1080
CPUETm MaxIO RamUsd SwIn SwOut SwPgIn SwPgOut MMLen DstInMem ResCon
WorkQ QuarMsgs
QuarQKUsd LogUsd BMLd CmrkLd SophLd McafLd CASELd TotalLd LogAvail EuQ EuqRls RptLD
I/O () (tarpit) . () . , Outbreak ( ) , Outbreak CPU Cloudmark CPU Sophos CPU McAfee CPU CASE CPU CPU CPU
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1081
QtnLd EncrQ
CPU
Fri Feb 24 15:14:39 2006 Info: Status: CPULd 0 DskIO 0 RAMUtil 2 QKUsd 0 QKFre 8388608 CrtMID 19036 CrtICID 35284 CrtDCID 4861 InjMsg 13889 InjRcp 14230 GenBncRcp 12 RejRcp 6318 DrpMsg 7437 SftBncEvnt 1816 CmpRcp 6813
HrdBncRcp 18 DnsHrdBnc 2 5XXHrdBnc 15 FltrHrdBnc 0 ExpHrdBnc 1 OtrHrdBnc 0 DlvRcp 6793 DelRcp 2 GlbUnsbHt 0 ActvRcp 0 UnatmptRcp
0 AtmptRcp 0 CrtCncIn 0 CrtCncOut 0 DnsReq 143736 NetReq 224227 CchHit 469058 CchMis 504791 CchEct 15395 CchExp 55085 CPUTTm
228 CPUETm 181380 MaxIO 350 RAMUsd 21528056 MMLen 0 DstInMem 4 ResCon 0 WorkQ 0 QuarMsgs 0 QuarQKUsd 0 LogUsd 3 AVLd 0 BMLd 0
CASELd 3 TotalLd 3 LogAvail 17G EuQ 0 EuqRls 0
Email Security Appliance SMTP . .
122:
Log level From
Envelope From Envelope To SMTP RFC 1893 Enhanced Mail Status Code SMTP
Sat Dec 21 02:37:22 2003 Info: 102503993 Sent: 'MAIL FROM:<[email protected]>' Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK' Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'RCPT TO:<[email protected]>' Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK' Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'DATA'
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1082
Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '354 START MAIL INPUT, END WITH "." ON A LINE BY ITSELF'
Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '250 OK'
Email Security Appliance SMTP . Email Security Appliance . , ("Sent to") ("Received from") .
IP , IP , . IP IP . . IP DNS . DNS PTR IP .
.
.
123:
ICID Sent/Received
IP
Injection Connection ID .
"Sent to" . "Received from" .
IP
Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '220 postman.example.com ESMTP\015\012'
Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'HELO mail.remotehost.com\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '250 postman.example.com\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'MAIL FROM:<[email protected]>\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '250 sender <[email protected]> ok\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'RCPT TO:<[email protected]>\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '250 recipient
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1083
<[email protected]> ok\015\012' Wed Apr 2 14:30:04 Info: 6216 Rcvd from '172.16.0.22': 'DATA\015\012'
Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '354 go ahead\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'To: [email protected]\015\012Date: Apr 02 2003 10:09:44\015\012Subject: Test Subject\015\012From: Sender <[email protected]>\015\012'
Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'This is the content of the message' Wed Apr 2 14:30:04 Info: 6216 Sent to '172.16.0.22': '250 ok\015\012'
Wed Apr 2 14:30:04 Info: 6216 Rcvd from '172.16.0.22': 'QUIT\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '221 postman.example.com\015\012'
124:
.
Wed Sep 8 18:02:45 2004 Info: Version: 4.0.0-206 SN: XXXXXXXXXXXX-XXX Wed Sep 8 18:02:45 2004 Info: Time offset from UTC: 0 seconds Wed Sep 8 18:02:45 2004 Info: System is coming up Wed Sep 8 18:02:49 2004 Info: bootstrapping DNS cache Wed Sep 8 18:02:49 2004 Info: DNS cache bootstrapped Wed Sep 8 18:13:30 2004 Info: PID 608: User admin commit changes: SSW:Password Wed Sep 8 18:17:23 2004 Info: PID 608: User admin commit changes: Completed Web::SSW Thu Sep 9 08:49:27 2004 Info: Time offset from UTC: -25200 seconds Thu Sep 9 08:49:27 2004 Info: PID 1237: User admin commit changes: Added a second CLI log for examples Thu Sep 9 08:51:53 2004 Info: PID 1237: User admin commit changes: Removed example CLI log.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1084
CLI
CLI
125: CLI
PID
CLI Process ID CLI , CLI (, ) .
CLI
CLI PID 16434 who, textconfig CLI .
Thu Sep 9 14:35:55 2004 Info: PID 16434: User admin entered 'who'; prompt was '\nmail3.example.com> '
Thu Sep 9 14:37:12 2004 Info: PID 16434: User admin entered 'textconfig'; prompt was '\nUsername Login Time Idle Time Remote Host What\n======== ========== ========= =========== ====\nadmin Wed 11AM 3m 45s 10.1.3.14 tail\nadmin 02:32PM 0s 10.1.3.14 cli\nmail3.example.com> '
Thu Sep 9 14:37:18 2004 Info: PID 16434: User admin entered ''; prompt was '\nThere are no text resources currently defined.\n\n\nChoose the operation you want to perform:\nNEW - Create a new text resource.\n- IMPORT - Import a text resource from a file.\n[]> '
FTP
126: FTP
ID
Connection ID. FTP ID logfile FTP (, , , ) .
FTP
FTP (ID:1) . IP , ( ) .
Wed Sep 8 18:03:06 2004 Info: Begin Logfile
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1085
HTTP
Wed Sep 8 18:03:06 2004 Info: Version: 4.0.0-206 SN: 00065BF3BA6D-9WFWC21 Wed Sep 8 18:03:06 2004 Info: Time offset from UTC: 0 seconds Wed Sep 8 18:03:06 2004 Info: System is coming up Fri Sep 10 08:07:32 2004 Info: Time offset from UTC: -25200 seconds Fri Sep 10 08:07:32 2004 Info: ID:1 Connection from 10.1.3.14 on 172.19.0.86 Fri Sep 10 08:07:38 2004 Info: ID:1 User admin login SUCCESS Fri Sep 10 08:08:46 2004 Info: ID:1 Upload wording.txt 20 bytes Fri Sep 10 08:08:57 2004 Info: ID:1 Download words.txt 1191 bytes Fri Sep 10 08:09:06 2004 Info: ID:1 User admin logout
HTTP
127: HTTP
ID req user
ID IP . GET POST , .
HTTP
HTTP GUI ( ).
Wed Sep 8 18:17:23 2004 Info: http service on 192.168.0.1:80 redirecting to https port 443
Wed Sep 8 18:17:23 2004 Info: http service listening on 192.168.0.1:80
Wed Sep 8 18:17:23 2004 Info: https service listening on 192.168.0.1:443
Wed Sep 8 11:17:24 2004 Info: Time offset from UTC: -25200 seconds
Wed Sep 8 11:17:24 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg POST /system_administration/system_setup_wizard HTTP/1.1 303
Wed Sep 8 11:17:25 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /system_administration/ssw_done HTTP/1.1 200
Wed Sep 8 11:18:45 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /monitor/incoming_mail_overview HTTP/1.1 200
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1086
NTP
Wed Sep 8 11:18:45 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /monitor/mail_flow_graph?injector=&width=365&interval=0&type=recipientsin&height=190 HTTP/1.1 200
Wed Sep 8 11:18:46 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /monitor/classification_graph?injector=&width=325&interval=0&type=recipientsin&height=19 0 HTTP/1.1 200
Wed Sep 8 11:18:49 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /monitor/quarantines HTTP/1.1 200
NTP
128: NTP
SNTP(Simple Network Time Protocol) adjust: .
NTP
NTP NTP .
Thu Sep 9 07:36:39 2004 Info: sntp query host 10.1.1.23 delay 653 offset -652 Thu Sep 9 07:36:39 2004 Info: adjust: time_const: 8 offset: -652us next_poll: 4096 Thu Sep 9 08:44:59 2004 Info: sntp query host 10.1.1.23 delay 642 offset -1152 Thu Sep 9 08:44:59 2004 Info: adjust: time_const: 8 offset: -1152us next_poll: 4096
LOG COMMON . COMMON LOG " " .
129:
, , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1087
Sophos .
Wed Feb 23 22:05:48 2011 Info: Internal SMTP system attempting to send a message to [email protected] with subject 'Warning <Anti-Virus> mail3.example.com: sophos antivirus - The Anti-Virus database on this system is...' (attempt #0).
Wed Feb 23 22:05:48 2011 Info: Internal SMTP system successfully sent a message to [email protected] with subject 'Warning <Anti-Virus> mail3.example.com: sophos antivirus - The Anti-Virus database on this system is...'.
Wed Feb 23 22:05:48 2011 Info: A Anti-Virus/Warning alert was sent to [email protected] with subject "Warning <Anti-Virus> mail3.example.com: sophos antivirus - The Anti-Virus database on this system is...".
130:
( ).
CASE .
Fri Apr 13 18:59:47 2007 Info: case antispam - engine (19103) : case-daemon: server successfully spawned child process, pid 19111
Fri Apr 13 18:59:47 2007 Info: case antispam - engine (19111) : startup: Region profile: Using profile global
Fri Apr 13 18:59:59 2007 Info: case antispam - engine (19111) : fuzzy: Fuzzy plugin v7 successfully loaded, ready to roll
Fri Apr 13 19:00:01 2007 Info: case antispam - engine (19110) : uribllocal: running URI blocklist local
Fri Apr 13 19:00:04 2007 Info: case antispam - engine (19111) : config: Finished loading configuration
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1088
, , .
Tue Mar 24 08:56:45 2015 Info: graymail [BASE] Logging at DEBUG level Tue Mar 24 08:56:45 2015 Info: graymail [HANDLER] Initializing request handler Tue Mar 24 08:56:50 2015 Info: graymail [ENGINE] Loaded graymail scanner library Tue Mar 24 08:56:50 2015 Info: graymail [ENGINE] Created graymail scanner instance Tue Mar 24 08:56:50 2015 Info: graymail [HANDLER] Debug mode disabled on graymail process Tue Mar 24 08:56:50 2015 Info: graymail [HANDLER] Starting thread WorkerThread_0
131:
( )
(IDE) Sophos .
Thu Sep 9 14:18:04 2004 Info: Checking for Sophos Update
Thu Sep 9 14:18:04 2004 Info: Current SAV engine ver=3.84. No engine update needed
Thu Sep 9 14:18:04 2004 Info: Current IDE serial=2004090902. No update needed.
DEBUG . DEBUG .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1089
AMP
AMP
AMP . · · ( ) .
AMP
AMP . · , 1090 · , 1090 · , 1090 · , 1091 · , 1092 · , 1093 · , 1093 · , 1094 · , 1094
Wed Oct 5 15:17:31 2016 Info: File reputation service initialized successfully Wed Oct 5 15:17:31 2016 Info: The following file type(s) can be sent for File Analysis: Microsoft Windows / DOS Executable, Microsoft Office 97-2004 (OLE), Microsoft Office 2007+
(Open XML), Other potentially malicious file types, Adobe Portable Document Format (PDF). To allow analysis of new file type(s), go to Security Services > File Reputation and Analysis. Wed Oct 5 15:17:31 2016 Info: File Analysis service initialized successfully
Tue Oct 4 23:15:24 2016 Warning: MID 12 reputation query failed for attachment 'Zombies.pdf' with error "Cloud query failed"
Fri Oct 7 09:44:04 2016 Info: File reputation query initiating. File Name = 'mod-6.exe', MID = 5, File Size = 1673216 bytes, File Type = application/x-dosexec
SHA-256 . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1090
MID
ID.
SHA-256 .
SHA-256 . .
· Microsoft Windows / DOS Executable · Microsoft Office 97-2004(OLE) · Microsoft Office 2007+(Open XML) · · Adobe PDF(Portable Document Format)
Fri Oct 7 09:44:06 2016 Info: Response received for file reputation query from Cloud. File Name = 'mod-6.exe', MID = 5, Disposition = MALICIOUS, Malware = W32.061DEF69B5-100.SBX.TG, Reputation Score = 73, sha256 = 061def69b5c100e9979610fa5675bd19258b19a7ff538b5c2d230b467c312f19, upload_action = 2
MID
SHA-256 . .
ID.
. · MALICIOUS · Clean · FILE UNKNOWN - 0 . · VERDICT UNKNOWN - FILE UNKNOWN 0 .
.
. VERDICT UNKNOWN .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1091
: · 0 - · 1 - . '1' . · 2 - · 3 -
Wed Sep 28 11:31:58 2016 Info: File uploaded for analysis. SHA256: e7ae35a8227b380ca761c0317e814e4aaa3d04f362c6b913300117241800f0ea
Wed Sep 28 11:36:58 2016 Info: File Analysis is running for SHA: e7ae35a8227b380ca761c0317e814e4aaa3d04f362c6b913300117241800f0ea
Fri Oct 7 07:39:13 2016 Info: File Analysis complete. SHA256: 16454aff5082c2e9df43f3e3b9cdba3c6ae1766416e548c30a971786db570bfc, Submit Timestamp: 1475825466, Update Timestamp: 1475825953, Disposition: 3 Score: 100, run_id: 194926004 Details: Analysis is completed for the File SHA256[16454aff5082c2e9df43f3e3b9cdba3c6ae1766416e548c30a971786db570bfc] Spyname:[W32.16454AFF50-100.SBX.TG]
SHA256
ID
SHA-256 .
.
.
. · 1 - · 2 - · 3 -
.
(ID) .
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1092
.
Wed Sep 14 12:27:52 2016 Info: File not uploaded for analysis. MID = 0 File SHA256[a5f28f1fed7c2fe88bcdf403710098977fa12c32d13bfbd78bbe27e95b245f82] file mime[text/plain] Reason: No active/dynamic contents exists
MID
MIME
ID .
MIME .
upload_action '1' .
· . .
· - . · . · · -
. · · · / · /
Tue Jun 20 13:22:56 2017 Info: File analysis upload skipped. SHA256: b5c7e26491983baa713c9a2910ee868efd891661c6a0553b28f17b8fdc8cc3ef,Timestamp[1454782976] details[File SHA256[b5c7e26491983baa713c9a2910ee868efd891661c6a0553b28f17b8fdc8cc3ef] file mime[application/pdf], upload priority[Low] not uploaded, re-tries[3], backoff[986] discarding ...] Tue Jun 20 13:22:56 2017 Critical: The attachment could not be uploaded to the File Analysis server because the appliance exceeded the upload limit
SHA256
SHA-256 . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1093
MIME
Retries() (x)
()
MIME .
. · High - PDF · Low - PDF
. 3 .
((x)). .
.
Sat Feb 6 13:22:56 2016 Info:SHA256: 69e17e213732da0d0cbc48ae7030a4a18e0c1289f510e8b139945787f67692a5,Timestamp[1454959409] details[Server Response HTTP code:[502]]
SHA256
SHA-256 . .
Fri Oct 7 07:39:13 2016 Info: Retrospective verdict received. SHA256: 16454aff5082c2e9df43f3e3b9cdba3c6ae1766416e548c30a971786db570bfc, Timestamp: 1475832815.7, Verdict: MALICIOUS, Reputation Score: 0, Spyname: W32.16454AFF50-100.SBX.
SHA256 Reputation Score Spyname
SHA-256 . . . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1094
132:
( , ).
[email protected] (MID 8298624) .
Mon Aug 14 21:41:47 2006 Info: ISQ: Releasing MID [8298624, 8298625] for all
Mon Aug 14 21:41:47 2006 Info: ISQ: Delivering released MID 8298624 (skipping work queue)
Mon Aug 14 21:41:47 2006 Info: ISQ: Released MID 8298624 to [email protected]
Mon Aug 14 21:41:47 2006 Info: ISQ: Delivering released MID 8298625 (skipping work queue)
Mon Aug 14 21:41:47 2006 Info: ISQ: Released MID8298625 to [email protected]
GUI
133: GUI
.
GUI
, .
Fri Aug 11 22:05:28 2006 Info: ISQ: Serving HTTP on 192.168.0.1, port 82 Fri Aug 11 22:05:29 2006 Info: ISQ: Serving HTTPS on 192.168.0.1, port 83 Fri Aug 11 22:08:35 2006 Info: Authentication OK, user admin Fri Aug 11 22:08:35 2006 Info: logout:- user:pqufOtL6vyI5StCqhCfO session:10.251.23.228 Fri Aug 11 22:08:35 2006 Info: login:admin user:pqufOtL6vyI5StCqhCfO session:10.251.23.228
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1095
LDAP
Fri Aug 11 22:08:44 2006 Info: Authentication OK, user admin
LDAP
134: LDAP
LDAP
LDAP
. .
1
Thu Sep 9 12:24:56 2004 Begin Logfile
2
Thu Sep 9 12:25:02 2004 LDAP:
Masquerade query sun.masquerade address [email protected] to [email protected]
3
Thu Sep 9 12:25:02 2004 LDAP:
Masquerade query sun.masquerade address [email protected] to [email protected]
4
Thu Sep 9 12:25:02 2004 LDAP:
Masquerade query sun.masquerade address [email protected] to [email protected]
5
Thu Sep 9 12:28:08 2004 LDAP: Clearing LDAP cache
6
Thu Sep 9 13:00:09 2004 LDAP:
Query '(&(ObjectClass={g})(mailLocalAddress={a}))' to server sun (sun.qa:389)
7
Thu Sep 9 13:00:09 2004 LDAP:
After substitute, query is '(&(ObjectClass=inetLocalMailRecipient)
([email protected]))'
8
Thu Sep 9 13:00:09 2004 LDAP: connecting to server
9
Thu Sep 9 13:00:09 2004 LDAP: connected
10
Thu Sep 9 13:00:09 2004 LDAP:
Query (&(ObjectClass=inetLocalMailRecipient)
([email protected])) returned 1
results
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1096
/
11
Thu Sep 9 13:00:09 2004 LDAP: returning: [<LDAP:>]
.
135: LDAP
1 2 3 4
5 6
7 8 9 10
.
LDAP ( "sun.masquerade" LDAP ). [email protected] LDAP , , [email protected] . / envelope from .
ldapflush .
sun.qa, 389 . (&(ObjectClass={g})(mailLocalAddress={a})). {g} rcpt-to-group mail-from-group . {a} .
. LDAP .
.
.
(empty positive). , . .
/
/ .
136: /
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1097
/
/
/ . .
Fri Sep 28 14:22:33 2007 Info: Begin Logfile Fri Sep 28 14:22:33 2007 Info: Version: 6.0.0-425 SN: XXXXXXXXXXXX-XXX Fri Sep 28 14:22:33 2007 Info: Time offset from UTC: 10800 seconds Fri Sep 28 14:22:33 2007 Info: System is coming up.
Fri Sep 28 14:22:33 2007 Info: SLBL: The database snapshot has been created. Fri Sep 28 16:22:34 2007 Info: SLBL: The database snapshot has been created. Fri Sep 28 18:22:34 2007 Info: SLBL: The database snapshot has been created. Fri Sep 28 20:22:34 2007 Info: SLBL: The database snapshot has been created. Fri Sep 28 22:22:35 2007 Info: SLBL: The database snapshot has been created. ......................... Mon Oct 1 14:16:09 2007 Info: SLBL: The database snapshot has been created. Mon Oct 1 14:37:39 2007 Info: SLBL: The database snapshot has been created. Mon Oct 1 15:31:37 2007 Warning: SLBL: Adding senders to the database failed. Mon Oct 1 15:32:31 2007 Warning: SLBL: Adding senders to the database failed. Mon Oct 1 16:37:40 2007 Info: SLBL: The database snapshot has been created.
.
137:
. .
.
Wed Oct 3 13:39:53 2007 Info: Period minute using 0 (KB) Wed Oct 3 13:39:53 2007 Info: Period month using 1328 (KB) Wed Oct 3 13:40:02 2007 Info: Update 2 registered appliance at 2007-10-03-13-40 Wed Oct 3 13:40:53 2007 Info: Pages found in cache: 1304596 (99%). Not found: 1692 Wed Oct 3 13:40:53 2007 Info: Period hour using 36800 (KB)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1098
Wed Oct 3 13:40:53 2007 Info: Period day using 2768 (KB) Wed Oct 3 13:40:53 2007 Info: Period minute using 0 (KB) Wed Oct 3 13:40:53 2007 Info: Period month using 1328 (KB) Wed Oct 3 13:40:53 2007 Info: HELPER checkpointed in 0.00580507753533 seconds Wed Oct 3 13:41:02 2007 Info: Update 2 registered appliance at 2007-10-03-13-41 Wed Oct 3 13:41:53 2007 Info: Pages found in cache: 1304704 (99%). Not found: 1692 Wed Oct 3 13:41:53 2007 Info: Period hour using 36800 (KB) Wed Oct 3 13:41:53 2007 Info: Period day using 2768 (KB) Wed Oct 3 13:41:53 2007 Info: Period minute using 0 (KB) Wed Oct 3 13:41:53 2007 Info: Period month using 1328 (KB) Wed Oct 3 13:42:03 2007 Info: Update 2 registered appliance at 2007-10-03-13-42
.
138:
. .
2007 8 29 10 10 .
Tue Oct 2 11:30:02 2007 Info: Query: Closing interval handle 811804479.
Tue Oct 2 11:30:02 2007 Info: Query: Closing interval handle 811804480.
Tue Oct 2 11:30:02 2007 Info: Query: Closing query handle 302610228.
Tue Oct 2 11:30:02 2007 Info: Query: Merge query with handle 302610229 for ['MAIL_OUTGOING_TRAFFIC_SUMMARY.
DETECTED_SPAM', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.DETECTED_VIRUS', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.THREAT_CONTENT_FILTER', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_CLEAN_RECIPIENTS', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_RECIPIENTS_PROCESSED'] for rollup period "day" with interval range 2007-08-29 to 2007-10-01 with key constraints
None sorting on ['MAIL_OUTGOING_TRAFFIC_SUMMARY.DETECTED_SPAM'] returning results from
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1099
0 to 2 sort_ascending=False.
Tue Oct 2 11:30:02 2007 Info: Query: Closing query handle 302610229.
Tue Oct 2 11:30:02 2007 Info: Query: Merge query with handle 302610230 for ['MAIL_OUTGOING_TRAFFIC_SUMMARY.
TOTAL_HARD_BOUNCES', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_RECIPIENTS_DELIVERED', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_RECIPIENTS'] for rollup period "day" with interval range 2007-08-29 to 2007-10-01 with key constraints None sorting on ['MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_HARD_BOUNCES'] returning results from 0 to 2 sort_ascending=False.
Tue Oct 2 11:30:02 2007 Info: Query: Closing query handle 302610230.
139:
.
, AsyncOS / .
McAfee Anti-Virus .
Fri Sep 19 11:07:51 2008 Info: Starting scheduled update Fri Sep 19 11:07:52 2008 Info: Acquired server manifest, starting update 11 Fri Sep 19 11:07:52 2008 Info: Server manifest specified an update for mcafee Fri Sep 19 11:07:52 2008 Info: mcafee was signalled to start a new update Fri Sep 19 11:07:52 2008 Info: mcafee processing files from the server manifest Fri Sep 19 11:07:52 2008 Info: mcafee started downloading files Fri Sep 19 11:07:52 2008 Info: mcafee downloading remote file "http://stage-updates.ironport.com/mcafee/dat/5388" Fri Sep 19 11:07:52 2008 Info: Scheduled next update to occur at Fri Sep 19 11:12:52 2008 Fri Sep 19 11:08:12 2008 Info: mcafee started decrypting files Fri Sep 19 11:08:12 2008 Info: mcafee decrypting file "mcafee/dat/5388" with method "des3_cbc" Fri Sep 19 11:08:17 2008 Info: mcafee started decompressing files Fri Sep 19 11:08:17 2008 Info: mcafee started applying files Fri Sep 19 11:08:17 2008 Info: mcafee applying file "mcafee/dat/5388"
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1100
Fri Sep 19 11:08:18 2008 Info: mcafee verifying applied files Fri Sep 19 11:08:18 2008 Info: mcafee updating the client manifest Fri Sep 19 11:08:18 2008 Info: mcafee update completed Fri Sep 19 11:08:18 2008 Info: mcafee waiting for new updates Fri Sep 19 11:12:52 2008 Info: Starting scheduled update Fri Sep 19 11:12:52 2008 Info: Scheduled next update to occur at Fri Sep 19 11:17:52 2008 Fri Sep 19 11:17:52 2008 Info: Starting scheduled update Fri Sep 19 11:17:52 2008 Info: Scheduled next update to occur at Fri Sep 19 11:22:52 2008
Sophos .
Fri Mar 10 15:05:55 2017 Debug: Skipping update request for "postx" Fri Mar 10 15:05:55 2017 Debug: postx updates disabled
Fri Mar 10 15:05:55 2017 Debug: Skipping update request for "postx" Fri Mar 10 15:05:55 2017 Trace: command session starting Fri Mar 10 15:05:55 2017 Info: Automatic updates disabled for engine Sophos engine Fri Mar 10 15:05:55 2017 Info: Sophos: Backup update applied successfully Fri Mar 10 15:05:55 2017 Info: Internal SMTP system attempting to send a message to [email protected] with subject `Automatic updates are now disabled for sophos' attempt #0). Fri Mar 10 15:05:55 2017 Debug: amp feature key disabled
Fri Mar 10 15:05:55 2017 Debug: Skipping update request for "amp" Fri Mar 10 15:05:55 2017 Debug: amp feature key disabled
AsyncOS . . . . . Cisco Security Management Email Security Appliance .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1101
.
140:
.
.
"admin," "joe" "dan" .
Wed Sep 17 15:16:25 2008 Info: Begin Logfile Wed Sep 17 15:16:25 2008 Info: Version: 6.5.0-262 SN: XXXXXXX-XXXXX Wed Sep 17 15:16:25 2008 Info: Time offset from UTC: 0 seconds Wed Sep 17 15:18:21 2008 Info: User admin was authenticated successfully. Wed Sep 17 16:26:17 2008 Info: User joe failed authentication. Wed Sep 17 16:28:28 2008 Info: User joe was authenticated successfully. Wed Sep 17 20:59:30 2008 Info: User admin was authenticated successfully. Wed Sep 17 21:37:09 2008 Info: User dan failed authentication.
.
Thu Mar 16 05:47:47 2017 Info: Trying RADIUS server example.cisco.com Thu Mar 16 05:48:18 2017 Info: Two-Factor RADIUS Authentication failed. Thu Mar 16 05:48:48 2017 Info: An authentication attempt by the user **** from 21.101.210.150 failed
.
Thu Mar 16 05:46:04 2017 Info: Trying RADIUS server example.cisco.com Thu Mar 16 05:46:59 2017 Info: RADIUS server example.cisco.com communication error. No valid responses from server (timeout). Thu Mar 16 05:46:59 2017 Info: Two-Factor Authentication RADIUS servers timed out. Authentication could fail due to this.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1102
.
Thu Mar 16 05:49:05 2017 Info: Trying RADIUS server example.cisco.com Thu Mar 16 05:49:05 2017 Info: Two-Factor RADIUS Authentication was successful. Thu Mar 16 05:49:05 2017 Info: The user admin successfully logged on from 21.101.210.150 using an HTTPS connection.
, , . .
(admin) .
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE config SYSTEM "config.dtd"> <!-XML generated by configuration change. Change comment: added guest user User: admin Configuration are described as: This table defines which local users are allowed to log into the system. Product: Cisco IronPort M160 Messaging Gateway(tm) Appliance Model Number: M160 Version: 6.7.0-231 Serial Number: 000000000ABC-D000000 Number of CPUs: 1 Memory (GB): 4 Current Time: Thu Mar 26 05:34:36 2009 Feature "Cisco IronPort Centralized Configuration Manager": Quantity = 10, Time Remaining = "25 days" Feature "Centralized Reporting": Quantity = 10, Time Remaining = "9 days" Feature "Centralized Tracking": Quantity = 10, Time Remaining = "30 days" Feature "Centralized Spam Quarantine": Quantity = 10, Time Remaining = "30 days"
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1103
Feature "Receiving": Quantity = 1, Time Remaining = "Perpetual" --> <config>
ETF ETF , , . Info() Debug() .
Thu Jun 7 04:54:15 2018 Info: THREAT_FEEDS: Job failed with exception: Invalid URL or Port Thu Jun 7 05:04:13 2018 Info: THREAT_FEEDS: A delta poll is scheduled for the source: S1
Thu Jun 7 05:04:13 2018 Info: THREAT_FEEDS: A delta poll has started for the source: S1, domain: s1.co, collection: sss Thu Jun 7 05:04:13 2018 Info: THREAT_FEEDS: Observables are being fetched from the source:
S1 between 2018-06-07 04:34:13+00:00 and 2018-06-07 05:04:13.185909+00:00 Thu Jun 7 05:04:13 2018 Info: THREAT_FEEDS: 21 observables were fetched from the source: S1 Thu Jun 7 05:19:14 2018 Info: THREAT_FEEDS: A delta poll is scheduled for the source: S1 Thu Jun 7 05:19:14 2018 Info: THREAT_FEEDS: A delta poll has started for the source: S1, domain: s1.co, collection: sss
ETF - .
Info: THREAT_FEEDS: [TaxiiClient] Failed to poll threat feeds from following source: hailataxii.com, cause of failure: Invalid Collection name
Mail Policies( ) > External Threat Feeds Manager( ) CLI threatfeedsconfig > sourceconfig .
ETF - HTTP HTTP .
Info: THREAT_FEEDS: [TaxiiClient] Failed to poll threat feeds from following source: hailataxii.com , cause of failure: HTTP Error
Mail Policies( ) > External Threat Feeds Manager( ) CLI threatfeedsconfig > sourceconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1104
ETF - URL
ETF - URL URL .
Info: THREAT_FEEDS: [TaxiiClient] Failed to poll threat feeds from following source: hailataxii.com , cause of failure: HTTP Error
Mail Policies( ) > External Threat Feeds Manager( ) CLI threatfeedsconfig > sourceconfig .
· , 1105 · GUI , 1107 · , 1107 · , 1109 · , 1113
System Administration( ) Log Subscriptions( ) ( CLI logconfig ) . AsyncOS ( ) . (). .
141:
Log type( )
. : .
Log Name( ) .
. Email Security Appliance .
Rollover by File Size( . )
Rollover by Time( . )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1105
.
10.
Log level( ) .
Retrieval method( Email Security Appliance
)
.
. . . . .
.
142:
Critical()
. . . . syslog "Alert" .
. . syslog "Warning" .
. Information() . syslog "Info" .
. . syslog "Debug" .
. . syslog "Debug" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1106
GUI
GUI
1 System Administration( ) > Log Subscriptions( ) . 2 Add Log Subscription( ) . 3 ( ) . 4 AsyncOS .
, 1109 . 5 . Critical(), Warning(), Information(), Debug()
Trace(). 6 . 7 .
1 System Administration( ) > Log Subscriptions( ) . 2 Log Settings( ) . 3 . 4 .
. System Administration( ) > Log Subscriptions( ) Global Settings( ) Edit Settings( ) ( CLI logconfig -> setup ) .
· . (). · ID . · . · . · . . 1. ID ID ( ) . ID AsyncOS . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1107
Tue Apr 6 14:38:34 2004 Info: MID 1 Message-ID Message-ID-Content
2. ( ) . .
Tue Apr 6 14:38:34 2004 Info: MID 1 RID [0] Response 'queued as 9C8B425DA7'
, SMTP DATA . "queued as 9C8B425DA7".
[...] 250 ok hostname 250 Ok: queued as 9C8B425DA7
, OK (250 ) . . Email Security Appliance "250 Ok: Message MID accepted" DATA . Email Security Appliance "Message MID accepted" . 3. .
Tue May 31 09:20:27 2005 Info: Start MID 2 ICID 2 Tue May 31 09:20:27 2005 Info: MID 2 ICID 2 From: <[email protected]> Tue May 31 09:20:27 2005 Info: MID 2 ICID 2 RID 0 To: <[email protected]> Tue May 31 09:20:27 2005 Info: MID 2 Message-ID '<[email protected]>' Tue May 31 09:20:27 2005 Info: MID 2 Subject 'Monthly Reports Due'
. Log Subscriptions Global Settings( ) ( CLI logconfig -> logheaders ) . Email Security Appliance , . . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1108
GUI
.
SMTP RFC http://www.faqs.org/rfcs/rfc2821.html .
logheaders .
143:
, "date, x-subject" .
Tue May 31 10:14:12 2005 Info: Message done DCID 0 MID 3 to RID [0] [('date', 'Tue, 31 May 2005 10:13:18 -0700'), ('x-subject', 'Logging this header')]
GUI
1 System Administration( ) > Log Subscriptions( ) . 2 Global Settings( ) . 3 Edit Settings( ) . 4 , ID , ,
. 5 . 6 .
AsyncOS "" , . . , 1059 .
AsyncOS .
· "s" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1109
Rollover By File Size( )
· "current" . · ( ). · (
). ·
( ). GUI System Administration( ) > Log Subscriptions( ) CLI logconfig . .
· ·
Rollover By File Size( )
AsyncOS . m k . 10 10m .
Rollover By Time( )
. · None(). AsyncOS . · Custom Time Interval( ). AsyncOS . d, h m , , . · Daily Rollover( ). AsyncOS . 24 (HH:MM) AsyncOS . Daily Rollover( ) GUI . CLI logconfig Weekly Rollover( ) (*) AsyncOS .
· Weekly Rollover( ). AsyncOS . AsyncOS . 24 (HH:MM) . CLI (-), (*), (,) . CLI (00:00) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1110
144: CLI
Do you want to configure time-based log files rollover? [N]> y Configure log rollover settings: 1. Custom time interval. 2. Weekly rollover. [1]> 2 1. Monday 2. Tuesday 3. Wednesday 4. Thursday 5. Friday 6. Saturday 7. Sunday Choose the day of week to roll over the log files. Separate multiple days with comma, or use "*" to specify every day of a week. Also you can use dash to specify a range like "1-5": []> 3, 5 Enter the time of day to rollover log files in 24-hour format (HH:MM). You can specify hour as "*" to match every hour, the same for minutes. Separate multiple times of day with comma: []> 00:00
GUI
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1111
GUI
1 System Administration( ) > Log Subscriptions( ) .
2 , All() . 3 Rollover Now( ) .
Rollover Now( ) .
GUI
GUI Management HTTP HTTPS .
1 System Administration( ) > Log Subscriptions( ) . 2 Log Files( ) . 3 . 4 .
CLI (tail )
AsyncOS tail . tail . tail Ctrl-C .
tail . ( commit .) tail tail mail_logs .
mail3.example.com> tail Currently configured logs:
1. "antispam" Type: "Anti-Spam Logs" Retrieval: Manual Download 2. "antivirus" Type: "Anti-Virus Logs" Retrieval: Manual Download 3. "asarchive" Type: "Anti-Spam Archive" Retrieval: Manual Download 4. "authentication" Type: "Authentication Logs" Retrieval: Manual Download 5. "avarchive" Type: "Anti-Virus Archive" Retrieval: Manual Download
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1112
6. "bounces" Type: "Bounce Logs" Retrieval: Manual Download 7. "cli_logs" Type: "CLI Audit Logs" Retrieval: Manual Download 8. "encryption" Type: "Encryption Logs" Retrieval: Manual Download 9. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: Manual Download 10. "euq_logs" Type: "IronPort Spam Quarantine Logs" Retrieval: Manual Download 11. "euqgui_logs" Type: "IronPort Spam Quarantine GUI Logs" Retrieval: Manual Download 12. "ftpd_logs" Type: "FTP Server Logs" Retrieval: Manual Download 13. "gui_logs" Type: "HTTP Logs" Retrieval: Manual Download 14. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: Manual Download 15. "reportd_logs" Type: "Reporting Logs" Retrieval: Manual Download 16. "reportqueryd_logs" Type: "Reporting Query Logs" Retrieval: Manual Download 17. "scanning" Type: "Scanning Logs" Retrieval: Manual Download 18. "slbld_logs" Type: "Safe/Block Lists Logs" Retrieval: Manual Download 19. "sntpd_logs" Type: "NTP logs" Retrieval: Manual Download 20. "status" Type: "Status Logs" Retrieval: Manual Download 21. "system_logs" Type: "System Logs" Retrieval: Manual Download 22. "trackerd_logs" Type: "Tracking Logs" Retrieval: Manual Download 23. "updater_logs" Type: "Updater Logs" Retrieval: Manual Download
Enter the number of the log you wish to tail. []> 19 Press Ctrl-C to stop. Mon Feb 21 12:25:10 2011 Info: PID 274: User system commit changes: Automated Update for Quarantine Delivery Host Mon Feb 21 23:18:10 2011 Info: PID 19626: User admin commit changes: Mon Feb 21 23:18:10 2011 Info: PID 274: User system commit changes: Updated filter logs config Mon Feb 21 23:46:06 2011 Info: PID 25696: User admin commit changes: Receiving suspended. ^Cmail3.example.com>
Email Security Appliance SSH logconfig -> hostkeyconfig . SSH (
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1113
) . SSH . SSH .
SSH(Secure Shell) , 918 .
hostkeyconfig .
145: -
Command( )
New
.
Edit
.
Delete
.
Scan
.
Print
.
Host
. `known_hosts'
.
Fingerprint .
User
. SCP
.
`authorized_keys' .
AsyncOS .
mail3.example.com> logconfig Currently configured logs: [ list of logs ] Choose the operation you want to perform: - NEW - Create a new log. - EDIT - Modify a log subscription. - DELETE - Remove a log subscription. - SETUP - General settings. - LOGHEADERS - Configure headers to log. - HOSTKEYCONFIG - Configure SSH host keys. []> hostkeyconfig
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1114
Currently installed host keys: 1. mail3.example.com ssh-dss [ key displayed ] Choose the operation you want to perform: - NEW - Add a new key. - EDIT - Modify a key. - DELETE - Remove a key. - SCAN - Automatically download a host key. - PRINT - Display a key. - HOST - Display system host keys. - FINGERPRINT - Display system host key fingerprints. - USER - Display system user keys. []> scan Please enter the host or IP address to lookup. []> mail3.example.com Choose the ssh protocol type: 1. SSH1:rsa 2. SSH2:rsa 3. SSH2:dsa 4. All [4]> SSH2:dsa mail3.example.com ssh-dss [ key displayed ] SSH2:rsa mail3.example.com ssh-rsa [ key displayed ] SSH1:rsa mail3.example.com 1024 35 [ key displayed ]
Add the preceding host key(s) for mail3.example.com? [Y]> Currently installed host keys:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1115
1. mail3.example.com ssh-dss [ key displayed ] 2. mail3.example.com ssh-rsa [ key displayed ] 3. mail3.example.com 1024 35 [ key displayed ] Choose the operation you want to perform: - NEW - Add a new key. - EDIT - Modify a key. - DELETE - Remove a key. - SCAN - Automatically download a host key. - PRINT - Display a key. - HOST - Display system host keys. - FINGERPRINT - Display system host key fingerprints. - USER - Display system user keys. []> Currently configured logs: [ list of configured logs ] Choose the operation you want to perform: - NEW - Create a new log. - EDIT - Modify a log subscription. - DELETE - Remove a log subscription. - SETUP - General settings. - LOGHEADERS - Configure headers to log. - HOSTKEYCONFIG - Configure SSH host keys. []>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1116
42
. · , 1117 · , 1118 · , 1119 · , 1120 · , 1127 · GUI , 1132 · , 1135 · , 1139 · FAQ, 1141
Cisco . . , , . (machine) . (Cisco ) . . . , , , Cisco . peer-to-peer , / . . ( . , 1131 .) . , ( ) . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1117
20 .
· DNS . IP . DNS , 1135 . DNS .
· AsyncOS . , 1129 .
· SSH( 22) CCS(Cluster Communication Service) . , 1135 .
· SSH CCS(Cluster Communication Service) . . SSH 22 CCS 2222, . CCS CCS . , 1135 .
· , CLI(Command Line Interface) clusterconfig . GUI CLI . , 1120 GUI , 1132 .
· . CLI clusterconfig > prepjoin . Email Security Appliance . , 913 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1118
3 . , , .
78:
, . . "usa" . . . 6 . . . . . . . (group-mode) (machine-mode) (cluster-mode) . Good Neighbor Table . . newyork . , newyork . . .
. . . LDAP .
Cluster (ldap queries: a, b, c)
Group
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1119
Machine
LDAP . Cluster (ldap queries: a, b, c) Group (ldap queries: None) Machine
, . LDAP . LDAP "" . LDAP . Cluster (ldap queries: a, b, c) Group (ldap queries: d) Machine
. .
GUI(Graphical User Interface) . , CLI(Command Line Interface) . GUI CLI .
. CLI clusterconfig > prepjoin . Email Security Appliance . , 913 .
clusterconfig
clusterconfig . · . "" , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1120
clusterconfig
· . , (: IP ) / . "" , .
clusterconfig . . SSH CCS .
newyork.example.com> clusterconfig Do you want to join or create a cluster? 1. No, configure as standalone. 2. Create a new cluster. 3. Join an existing cluster over SSH. 4. Join an existing cluster over CCS. [1]> 2 Enter the name of the new cluster. []> americas New cluster committed: Wed Jun 22 10:02:04 2005 PDT Creating a cluster takes effect immediately, there is no need to commit. Cluster americas Choose the operation you want to perform: - ADDGROUP - Add a cluster group. - SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. []>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1121
clusterconfig . SSH CCS(cluster communication service) .
· SSH . · IP
(: SSH CCS ). · admin .
SSH
SSH losangeles.example.com .
losangeles.example.com> clusterconfig
Do you want to join or create a cluster? 1. No, configure as standalone. 2. Create a new cluster. 3. Join an existing cluster over SSH. 4. Join an existing cluster over CCS. [1]> 3
While joining a cluster, you will need to validate the SSH host key of the remote machine to which you are joining. To get the public host key fingerprint of the remote host, connect to the cluster and run: logconfig -> hostkeyconfig -> fingerprint.
WARNING: All non-network settings will be lost. System will inherit the values set at the group or cluster mode for the non-network settings. Ensure that the cluster settings are compatible with your network settings (e.g. dnsconfig settings) Do you want to enable the Cluster Communication Service on losangeles.example.com? [N]> n Enter the IP address of a machine in the cluster. []> IP address is entered Enter the remote port to connect to. The must be the normal admin ssh port, not the CCS port. [22]> 22 Enter the admin passphrase for the cluster. The administrator passphrase for the clustered machine is entered Please verify the SSH host key for IP address:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1122
CCS
Public host key fingerprint: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx Is this a valid key for this host? [Y]> y Joining cluster group Main_Group. Joining a cluster takes effect immediately, there is no need to commit. Cluster americas Choose the operation you want to perform: - ADDGROUP - Add a cluster group. - SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. []> (Cluster americas)>
CCS
SSH SSH CCS . CCS ( , SCP ). CCS clusterconfig prepjoin . newyork prepjoin losangeles . prepjoin CLI clusterconfig prepjoin print . clusterconfig .
Choose the operation you want to perform:
- ADDGROUP - Add a cluster group.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1123
CCS
- SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. []> prepjoin Prepare Cluster Join Over CCS No host entries waiting to be added to the cluster. Choose the operation you want to perform: - NEW - Add a new host that will join the cluster. []> new Enter the hostname of the system you want to add. []> losangeles.example.com Enter the serial number of the host mail3.example.com. []> unique serial number is added Enter the user key of the host losangeles.example.com. This can be obtained by typing "clusterconfig prepjoin print" in the CLI on mail3.example.com. Press enter on a blank line to finish.
unique user key from output of prepjoin print is pasted Host losangeles.example.com added. Prepare Cluster Join Over CCS 1. losangeles.example.com (serial-number) Choose the operation you want to perform: - NEW - Add a new host that will join the cluster. - DELETE - Remove a host from the pending join list. []>
(Cluster Americas)> clusterconfig Cluster americas
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1124
SSH
Choose the operation you want to perform: - ADDGROUP - Add a cluster group. - SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. []>
SSH
SSH (testmachine.example.com) (test_cluster) .
testmachine.example.com> clusterconfig
Do you want to join or create a cluster? 1. No, configure as standalone. 2. Create a new cluster. 3. Join an existing cluster over SSH. 4. Join an existing cluster over CCS. [1]> 3
While joining a cluster, you will need to validate the SSH host key of the remote machine to which you are joining. To get the public host key fingerprint of the remote host, connect to the cluster and run: logconfig -> hostkeyconfig -> fingerprint.
WARNING: All non-network settings will be lost. System will inherit the values set at the group or cluster mode for the non-network settings. Ensure that the cluster settings are compatible with your network settings (e.g. dnsconfig settings) Do you want to enable the Cluster Communication Service on testmachine.example.com? [N]>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1125
SSH
Enter the IP address of a machine in the cluster.
[]> IP address entered
Enter the remote port to connect to. The must be the normal admin ssh port, not the CCS port.
[22]>
Would you like to join this appliance to a cluster using pre-shared keys? Use this option if you have enabled two-factor authentication on the appliance.) [Y]> yes
To join this appliance to a cluster using pre-shared keys, log in to the cluster machine, run the clusterconfig > prepjoin > command, enter the following details, and commit your changes. Host: pod1226-esa07.ibesa Serial Number: 42291A18D741EDB4C601-BC14E5579F34 User Key:
ssh-dss AAAAB3NzaC1kc3MAAACBAJ6Xm+ja4aau9n4DOcJs/gGwEDEUWgERYchhgWApKt6IW+s58I7knGM81rQgQbNdNCO58D EqaVGmP0Vyb0TTpgvh6f0mr80OuTgWh9bqg4uiOJvbKvlTvDt0o7//mTklm159zr2KT/qFH+9L5i+8iIMX62R5y+a 6E8JV0BrJCNAAAAFQCmK+WOu9HSribsC0f/5dVoADdxEwAAAIA5p7NR74rlSrs0JWWYItNAtE1SamAN+gqCOdUWGPPHT qdrtBIlPQ9tfFoThZElqY4Tx8lku9laasoRLruQ2Z36R3bQGzIn4jzQqujvvbxTvLK9eLoSr8yFbEE3ZvuUo0+vhDn LIDX2N65AQSQsTaOrKX+yQZ8yAVt48CsctpsDrgAAAIAVROGlWoSl8g3FFm2eRTa+/oZ+cMjv+pSZiZoiUCoaIlouc u1ZDpN413QBnf6p/3D8wVD8m5uo8O4N/HXasAMektZvGoP4Sf+shItPuISRv3lrMTEYsD0sqVcMc7vIXUeD2jpOk7MB ooVkTZB/rdTbNMfXrhDkNJ2IAPQQiUKVnw==
Before you proceed to the next step, make sure you add the `Host', Serial Number' and `User Key' details to the cluster machine.
Would you like to continue? [Y]> yes
Joining cluster group Main_Group.
Joining a cluster takes effect immediately, there is no need to commit.
Cluster test_cluster
Choose the operation you want to perform:
- ADDGROUP - Add a cluster group.
- SETGROUP - Set the group that machines are a member of.
- RENAMEGROUP - Rename a cluster group.
- DELETEGROUP - Remove a cluster group.
- REMOVEMACHINE - Remove a machine from the cluster.
- SETNAME - Set the cluster name.
- LIST - List the machines in the cluster.
- LISTDETAIL - List the machines in the cluster with detail.
- DISCONNECT - Temporarily detach machines from the cluster.
- RECONNECT - Restore connections with machines that were previously detached.
- PREPJOIN - Prepare the addition of a new machine over CCS.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1126
[]> (Cluster test_cluster)>
. Main_Group . . .
1 clusterconfig . 2 addgroup . 3 setgroup .
CLI
CLI . , . CLI . "login host" "machine" . clustermode .
146:
clustermode
clustermode group northamerica
"northamerica"
"losangeles"
clustermode machine losangeles.example.com
CLI .
(Cluster Americas)>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1127
(Machine losangeles.example.com)>
.
( , 1131 ) CLUSTERSHOW CLUSTERSET . CLUSTERSHOW ( , 1130 ). CLUSTERSET (: ) ( ) . . ( ). , . northamerica Good Neighbor Table (destconfig ) , destconfig clusterset ( ) . ( , 1128 .)
. , .
. . . . , . .
1 clustermode cluster . clustermode , CLI .
2 listenerconfig . 3 clusterset .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1128
()
4 clustermode . . clustermode machine newyork.example.com
5 listenerconfig . 6 . 7 , . 8 clusterset . 9 .
()
clusterconfig REMOVEMACHINE . "", . Global Unsubscribe , Global Unsubscribe .
AsyncOS . AsyncOS clusterconfig . clusterconfig . . GUI Upgrades() . .
, AsyncOS . Cisco Systems . .
1 clusterconfig disconnect . losangeles.example.com clusterconfig disconnectlosangeles.example.com . (commit) .
2 suspendlistener . 3 upgrade AsyncOS .
. AsyncOS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1129
CLI
4 AsyncOS . . 5 resume . 6 1~5 .
. , .
7 clusterconfig reconnect . losangeles.example.com clusterconfig reconnectlosangeles.example.com . AsyncOS .
CLI
AsyncOS CLI . . , .
commit clearchanges
commit commitdetail clearchanges
, commit .
commitdetail .
, clearchanges(clear) .
CLUSTERSHOW
CLUSTERSHOW , .
CLI . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1130
Note: Changes to these settings will not affect the following groups and machines because they are overriding the cluster-wide settings: East_Coast, West_Coast facilities_A, facilities_B, receiving_A
.
CLI GUI , , . . (GUI CLI) . .
· GUI "Change Mode( )" "Settings for this features are currently defined at( ):" .
· CLI clustermode .
147:
clusterconfig sshconfig clustercheck userconfig passwd
.
passwd . passwd , . ( ).
.
antispamstatus etherconfig
resume
suspenddel
antispamupdate featurekey
resumedel
suspendlistener
antivirusstatus hostrate
resumelistener techsupport
antivirusupdate hoststatus
rollovernow tophosts
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1131
GUI
bouncerecipients interfaceconfig routeconfig topin
deleterecipients ldapflush
sbstatus
trace
delivernow
ldaptest
setgateway version
diagnostic
nslookup
sethostname vofflush
dnsflush
quarantineconfig settime
vofstatus
dnslistflush rate
shutdown
workqueue
dnslisttest
reboot
status
dnsstatus
resetcounters suspend
. ( ) . .
148:
last resetconfig tail
upgrade
ping supportrequest (telnet) who
GUI
GUI(clusterconfig ) , , GUI , (clustermode clusterset ) .
Mail Flow Monitoring( ) Incoming Mail Overview( ) . Incoming Mail Overview( ) GUI .
URL . URL machine, group cluster . Incoming Mail Overview( ) URL .
https:// hostnamemachine/serial_number /monitor/incoming_mail_overview
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1132
GUI
Monitor() Incoming Mail Overview( ) Incoming Mail Details( ) .
Mail Policies( ), Security Services( ), Network() System Administration( ) . Mail Policies( ) GUI .
79: GUI :
. ( ) . , .
( ) . . , 1128 . Override Settings( ) . . , .
80: GUI :
- GUI : , . , "Settings for this feature are currently defined at( ):" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1133
GUI
. .
(: - GUI : Cluster: Americas ) .
81: GUI :
. "Centralized Management Options( )" . "Manage Settings( )" .
Centralized Management Options( ) .
82: GUI :
"Change Mode( )" . , (, ) .
83: Change Mode( )
"Mode --" .
. Incoming Mail Overview( ) .
84: :
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1134
Change Mode( ) . .
. . . SSH . , . "ping"(1) . NAT .
( ) . . .
DNS
DNS . DNS ( ) . . SSH CCS IP DNS . . DNS SSH CCS IP . sethostname " " . IP , IP . IP DNS .
,
DNS AsyncOS . , sethostname AsyncOS DNS .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1135
CCS(Cluster Communication Security)
CCS(Cluster Communication Security)
CCS(Cluster Communication Security) SSH . Cisco SSH CCS . SSH (admin ) . . : 22 CCS(Cluster Communication Security) . 22 SSH . CCS Yes . . CCS CLI . . interfaceconfig CSS . .
Do you want to enable SSH on this interface? [Y]>
Which port do you want to use for SSH?
[22]>
Do you want to enable Cluster Communication Service on this interface?
[N]> y
Which port do you want to use for Cluster Communication Service?
[2222]>
CCS 2222. . .
Do you want to enable Cluster Communication Service on this interface? [N]> y
Which port do you want to use for Cluster Communication Service?
[2222]>
" " . "ping" . , . . ping . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1136
/
. .
/
. (: ). (: / ). SSH . . . . . . ( ). . , . . .
(Machine mail3.example.com)> clustercheck
This command is restricted to "cluster" mode. Would you like to switch to "cluster"
mode? [Y]> y
Checking Listeners (including HAT, RAT, bounce profiles)...
Inconsistency found!
Listeners (including HAT, RAT, bounce profiles) at Cluster enterprise:
mail3.example.com was updated Mon Sep 12 10:59:17 2005 PDT by 'admin' on
mail3.example.com
test.example.com was updated Mon Sep 12 10:59:17 2005 PDT by 'admin' on
mail3.example.com
How do you want to resolve this inconsistency?
1. Force entire cluster to use test.example.com version.
2. Force entire cluster to use mail3.example.com version.
3. Ignore.
[1]>
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1137
clustercheck .
losangeles> clustercheck
Do you want to check the config consistency across all machines in the cluster? [Y]> y
Checking losangeles...
Checking newyork...
No inconsistencies found.
Cloud Email Security Appliance .
. , . , . .
. .
· LDAP · · SMTP
. ( , 1131 .) .
listenerconfig . .
. , . . Mail Flow Monitor( ) , System Overview( ) .
Scheduled Reports( ) . GUI Scheduled Reports( ) , .
System Time( ) settz, ntpconfig settime , . settime ( ), settz ntpconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1138
85:
"IncomingMail" "disclaimer" . , "buttercup.run" . .
· "disclaimer" · . .
AsyncOS . .
· ,
· ,
· ,
· .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1139
· XML . , 937 .
· . , 936 .
· . , 1120 .
. XML SSH/CCS .
1 System Administration( ) > Configuration File( ) . 2 Mode() . 3 .
·
1. Load Configuration( ) Cluster() . 2. Load() . , 937 . 3. ,
. Group Configuration( ) Appliance Configuration( ) . Appliance Configuration( ) Don't Copy( ) . 1. . Review() . 2. OK() . 3. Continue() .
·
1. Load Configuration( ) Appliance in cluster( ) .
2. Load() . , 937 . .
3. , . .
4. OK() . 5. Continue() . 6. a~e .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1140
FAQ
4 .
FAQ
, Main_Group . . , . IP , .
. . . (: HAT , SMTPROUTES , LDAP ) , .
CM . . Settings are defined: To inherit settings from a higher level: Delete Settings for this feature at this mode. You can also Manage Settings. Settings for this feature are also defined at:
Cluster: xxx
. Delete settings from:
Cluster: xxx
Machine: yyyy.domain.com
: , : ,
CM
CM (LIST) . cluster = CompanyName Group Main_Group:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1141
Machine lab1.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Machine lab2.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Group Paris: Machine lab3.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Machine lab4.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Group Rome: Machine lab5.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Machine lab6.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX)
. Main_Group London (RENAMEGROUP ) . cluster = CompanyName Group London: Machine lab1.cable.nu (Serial #: 000F1FF7B3F0-CF2SX51) ...
London .
: (: London, London). , .
, . Main_Group , . "" . CM / / , (peer) .
: , .
, CPU . .
:
clusterconfig GUI . clusterconfig . ( IP ) . clusterconfig . CLI clusterconfig(" ") .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1142
:
lab1 clusterconfig CompanyName . , lab2 , saveconfig (lab1 ). lab2 clusterconfig . .
CONNSTATUS DNS . , lab1 . , . .
. , . . , .
, . . , .
CLI clusterconfig ADDGROUP . Paris Rome .
GUI CLI ( ) . .
(: ) (: ) .
dnsconfig .
Configured at mode:
Cluster: Yes
Group Main_Group: No
Group Paris: No
Group Rome: No
Machine lab2.cable.nu: No
DNS " " .
Configured at mode:
Cluster: Yes
Group Main_Group: No
Group Paris: Yes
Group Rome: No
Machine lab2.cable.nu: No
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1143
CM GUI
Paris DNS , Paris . Paris . DNS , SMTPROUTES .
CLI CLUSTERSET (GUI ) .
, . . .
. .
, 4 clusterconfig . , . LIST CONNSTATUS . SETGROUP Main_Group Paris Rome . Paris Rome Main_Group . .
. . (: ) .
CM GUI
. SMTPROUTES .
, xxx yyy . SMTPROUTES . (SETGROUP) Cisco . . SMTPROUTES , . .
Centralized Management Options( ) . . SMTPROUTES , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1144
. SMTPROUTES , SMTPROUTES . SMTPROUTES . . , .
Q. ?
A. . , . / , .
Q. ?
A. "", . .
Global Unsubscribe , Global Unsubscribe .
Q. ?
A. . . Security Management Appliance .
Q. ?
A. Cisco . ( ) .
Q. ?
A. "" . .
Q. ?
A. .
Q. "peer-to-peer" , "/" ?
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1145
A. ( ), peer-to-peer .
Q. ? "" .
A. "" . HTTP(GUI) SSH(CLI) . clusterconfig GUI CLI (, ). , .
Q. ?
A. "" . .
Q. IP . reboot GUI/CLI ?
A. .
1. IP . 2. . 3. . 4. . 5. clusterconfig
. 6. GUI . 7. CCS (interfaceconfig Network()
> Listeners() ). 8. .
Q. , ?
A. , . 50 .
Q. ?
1.
· . · . · ,
. · .
2. . 3. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1146
listenerconfig ( ) . .
listenerconfig .
4. .
. , .
" " . .
. .
saveconfig .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1147
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1148
43
. · : , 1149 · , 1156 · , 1159 · , 1165 · , 1166 · , 1168 · , 1169 · , 1169 · , 1170 · , 1170 · , 1171
:
System Administration( ) > Trace() (CLI trace ) . Trace() ( trace CLI ) , "" ( ). . Cisco Trace() ( trace CLI ) .
.
Trace() ( trace CLI ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1149
:
149: Trace()
Value
IP
203.45.98.109 IP . IPv4(Internet 2001:0db8:85a3::8a2e:0370:7334 Protocol version 4) IPv6(version 6) .
: trace IP . IP IP trace DNS .
Fully Qualified Domain Name of the Source IP( IP )
smtp.example.com . Null IP DNS .
Listener to Trace Behavior on( )
InboundMail .
SenderBase Network SenderBase ID 34 Owner Organization , IP ID(SenderBase ID ID) . GUI
.
SenderBase Reputation SBRS -7.5
Score (SBRS
, IP
scores)(SenderBase SBRS .
Reputation (SBRS SBRS
))
.
SBRS CASE(Context Adaptive
Scanning Engine) .
, 88
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1150
:
Value
Envelope Sender( Envelope Sender( [email protected]
)
) .
Envelope
joe
Recipients( . [email protected]
)
.
To: [email protected]
. From: ralph . "" ( ) Subject: Test , this is a test message
. .
Start Trace( ) . .
. (CLI /configuration . Cisco FTP, SSH SCP , 1199 .)
. Trace() trace .
, trace . . RAT . RAT .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1151
:
150:
trace
HAT(Host Access Table) Host Access Table .
HAT IP
.
,
.
Cisco (REJECT TCPREFUSE ), trace .
HAT , 103 .
Envelope Sender( ) . (, MAIL FROM .) trace "Processing MAIL FROM:" .
.
, 69 .
. listenerconfig -> edit -> masquerade -> config .
, 665 .
Envelope Recipients( ) . (, RCPT TO .) trace "Processing Recipient List:" .
.
, 69 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1152
:
trace
. .
, 665 .
RAT(Recipient Access Table)
RAT . ( , RAT .)
, 69 .
( ) .
, 665 .
, . MTA 250 ok .
trace "Message Processing:" .
altsrchost , , IP . altsrchost .
.
, 665 .
. . . .
, 665 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1153
:
trace
. , . status status detail "Messages in Work Queue" .
To:, From: CC: ( LDAP ) . listenerconfig -> edit -> masquerade -> config .
, 665 .
LDAP
LDAP LDAP , , .
LDAP , 735 .
. , "true" . , . "false" else . .
, 137 .
, , Outbreak Filter . Email Security Manager( ) . "Message Going to" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1154
trace
Outbreak Filter
:
. , . Cisco trace .
: . .
Anti-Spam, 355 .
. , . "" Cisco . trace .
: . .
Anti-Virus, 335 .
. , "true" . , . .
, 283 .
Outbreak Filter . Outbreak Filter , . , .
(Outbreak Filter), 399 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1155
trace
. . , 613 , 614 .
. trace "Message Enqueued for Delivery" .
trace
, IP
.
, 665 .
. CLI "Would you like to see the resulting message?( ?)" y .
"" . queueing non-queueing.
· (queueing) , . .
· (non-queueing) . .
"B" "C" . . SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1156
86: Enterprise Gateway
listenerconfig Management BlackHole_1 . HAT(Host Access Table) .
· yoursystem.example.com · 10.1.2.29 · badmail.tst · .tst
.tst .tst BlackHole_1 .
mail3.example.com> listenerconfig Currently configured listeners: 1. InboundMail (on PublicNet, 192.168.2.1) SMTP Port 25 Public 2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> new Please select the type of listener you want to create. 1. Private 2. Public
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1157
3. Blackhole [2]> 3 Do you want messages to be queued onto disk? [N]> y Please create a name for this listener (Ex: "OutboundMail"): []> BlackHole_1 Please choose an IP interface for this Listener. 1. Management (192.168.42.42/24: mail3.example.com) 2. PrivateNet (192.168.1.1/24: mail3.example.com) 3. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Choose a protocol. 1. SMTP 2. QMQP [1]> 1 Please enter the IP port for this listener. [25]> 25 Please specify the systems allowed to relay email through the IronPort C60. Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed. IP addresses, IP address ranges, and partial IP addressed are allowed. Separate multiple entries with commas.
[]> yoursystem.example.com, 10.1.2.29, badmail.tst, .tst Do you want to enable rate limiting per host? (Rate limiting defines the maximum number of recipients per hour you are willing to receive from a remote domain.) [N]> n Default Policy Parameters ========================== Maximum Message Size: 100M Maximum Number Of Connections From A Single IP: 600 Maximum Number Of Messages Per Connection: 10,000 Maximum Number Of Recipients Per Message: 100,000 Maximum Number Of Recipients Per Hour: Disabled Use SenderBase for Flow Control: No
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1158
Spam Detection Enabled: No Virus Detection Enabled: Yes Allow TLS Connections: No Allow SMTP Authentication: No Require TLS To Offer SMTP authentication: No Would you like to change the default host access policy? [N]> n Listener BlackHole_1 created. Defaults have been set for a Black Hole Queuing listener. Use the listenerconfig->EDIT command to customize the listener. Currently configured listeners: 1. BlackHole_1 (on Management, 192.168.42.42) SMTP Port 25 Black Hole Queuing 2. InboundMail (on PublicNet, 192.1681.1) SMTP Port 25 Public 3. OutboundMail (on PrivateNet, 192.168.1.1) SMTP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []>
commit .
HAT , . status, status detail rate . GUI(Graphical User Interface) . .
· CLI , 1003 · GUI , 1035
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1159
1 . .
Last login: day month date hh:mm:ss from IP address Copyright (c) 2001-2003, IronPort Systems, Inc. AsyncOS x.x for Cisco
Welcome to the Cisco Messaging Gateway Appliance(tm)
2 status status detail .
mail3.example.com> status
mail3.example.com> status detail
status . . status detail . . , , . ( CLI , 1003 .) 3 mailconfig . mailconfig , . .
mail3.example.com> mailconfig
Please enter the email address to which you want to send the configuration file.
Separate multiple addresses with commas. []> [email protected] Do you want to include passphrases? Please be aware that a configuration without passphrases will fail when reloaded with loadconfig. [N]> y
The configuration file has been sent to [email protected]. mail3.example.com>
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1160
.
· netstat ( ), , . · · · · ·
· diagnostic -> network -> flush .
· diagnostic -> network -> arpshow ARP . · packetcapture TCP/IP
. packetcapture . UNIX tcpdump . start, stop . SCP FTP /pub/captures . , 1174 . · ping . ping .
mail3.example.com> ping
Which interface do you want to send the pings from? 1. Auto 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 1 Please enter the host you wish to ping. []> anotherhost.example.com Press Ctrl-C to stop.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1161
PING anotherhost.example.com (x.x.x.x): 56 data bytes 64 bytes from 10.19.0.31: icmp_seq=9 ttl=64 time=0.133 ms 64 bytes from 10.19.0.31: icmp_seq=10 ttl=64 time=0.115 ms ^C --- anotherhost.example.com ping statistics --11 packets transmitted, 11 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.115/0.242/1.421/0.373 ms
ping Ctrl-C . · traceroute
.
mail3.example.com> traceroute Which interface do you want to trace from? 1. Auto 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Please enter the host to which you want to trace the route. []> 10.1.1.1 Press Ctrl-C to stop. traceroute to 10.1.1.1 (10.1.1.1), 64 hops max, 44 byte packets 1 gateway (192.168.0.1) 0.202 ms 0.173 ms 0.161 ms 2 hostname (10.1.1.1) 0.298 ms 0.302 ms 0.291 ms mail3.example.com>
· diagnostic -> network -> smtpping SMTP . · nslookup DNS .
nslookup DNS(Domain Name Service) IP .
mail3.example.com> nslookup Please enter the host or IP to resolve.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1162
[]> example.com
Choose the query type: 1. A 2. CNAME 3. MX 4. NS 5. PTR 6. SOA 7. TXT [1]> A=192.0.34.166 TTL=2d
151: DNS :
A CNAME MX NS PTR
SOA TXT
(alias) (canonical name) , " "
· CLI GUI tophosts Active Recipients( ) . tophosts 20 . . ( " " .)
mail3.example.com> tophosts
Sort results by:
1. Active Recipients
2. Connections Out
3. Delivered Recipients
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1163
4. Soft Bounced Events
5. Hard Bounced Recipients
[1]> 1
Status as of: Mon Nov 18 22:22:23 2003
ActiveConn.Deliv.SoftHard
# Recipient HostRecipOutRecip.BouncedBounced
1 aol.com36510255218
2 hotmail.com29071982813
3 yahoo.com13461231119
4 excite.com9838494
5 msn.com8427633 29
^C
· tophosts hoststatus "" . hoststatus . AsyncOS DNS . resetcounters . ( , 1006 .) hoststatus DNS . hoststatus .
· . 20, 21, 22, 23, 25, 53, 80, 123, 443 628 . ( , 1227 .)
· [email protected] . DNS [email protected] . .
DNS PTR - IP PTR ? DNS A - PTR Envelope From IP ? HELO - SMTP HELO Envelope From DNS ? - SMTP HELO IP MX ?
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1164
. · IP listenerconfig . IP ? HAT(Host Access Table) listenerconfig . HAT .
listenerconfig -> edit -> listener_number -> hostaccess -> print
IP , IP , HAT . " " . limits .
listenerconfig -> edit -> listener_number -> limits
· FTP . .
injection_machine% telnet appliance_name
telnet .
mail3.example.com> telnet Please select which interface you want to telnet from. 1. Auto 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 3 Enter the remote hostname or IP. []> 193.168.1.1 Enter the remote port. [25]> 25 Trying 193.168.1.1... Connected to 193.168.1.1. Escape character is '^]'.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1165
Management, Data1 Data2 . FTP, SSH SCP , 1199 . 25 SMTP ( ).
· IronPort . SMTP . . , ("Sent to") ("Received from") . , 1062 , 1083 .
. · . tophosts , . "Active Recipients( )" ? Connections Out ( ) ? 600. 10,000(deliveryconfig ). .
listenerconfig -> edit -> listener_number -> limits
destconfig ( Virtual Gateway )? destconfig .
destconfig -> list
· hoststatus . tophosts hoststatus "" . ? MX ? 5XX (Permanent Negative Completion ) hoststatus "5XX" . TLS hoststatus .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1166
· , / . SMTP . . , 1082 . . , 1077 . , . . , 1062 .
· telnet .
mail3.example.com> telnet
Please select which interface you want to telnet from. 1. Auto 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Enter the remote hostname or IP. []> problemdomain.net Enter the remote port.
[25]> 25
· TLS TLS tlsverify . . AsyncOS Required (Verify) TLS TLS .
mail3.example.com> tlsverify
Enter the TLS domain to verify against: []> example.com Enter the destination host to connect to. Append the port (example.com:26) if you are not connecting on port 25:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1167
[example.com]> mxe.example.com:25 Connecting to 1.1.1.1 on port 25. Connected to 1.1.1.1 from interface 10.10.10.10. Checking TLS connection. TLS connection established: protocol TLSv1, cipher RC4-SHA. Verifying peer certificate. Verifying certificate common name mxe.example.com. TLS certificate match mxe.example.com TLS certificate verified. TLS connection to 1.1.1.1 succeeded. TLS successfully connected to mxe.example.com. TLS verification completed.
. · rate hostrate . rate . , 1010 . hostrate . · status . · status detail RAM . RAM, CPU I/O status detail .
RAM 45% . RAM 45% " " , "back-off" .
This system (hostname: hostname) has entered a 'resource conservation' mode in order to prevent the rapid depletion of critical system resources.
RAM utilization for this system has exceeded the resource conservation threshold of 45%.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1168
The allowed injection rate for this system will be gradually decreased as RAM utilization approaches 60%.
. RAM 45% (hoststatus hostrate ). . RAM Cisco . · ? tophosts , . . , , , . , 1014 . .
· deleterecipients · bouncerecipients · redirectrecipients · suspenddel / resumedel · suspendlistener / resumelistener tophosts . "Soft Bounced Events"( 4) "Hard Bounced Recipients"( 5) . .
Internet Explorer , 994 .
· : C380 C680 (RAID ) , 1169 · , 1170
: C380 C680 (RAID )
C380 C680 "Battery Relearn Timed Out" (RAID event)( (RAID )) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1169
. RAID . . 48 RAID . RAID .
. . , 942 .
/ . Cisco x90 Series Content Security Appliances (http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html) . (: ) .
IPMI(Intelligent Platform Management Interface) .
· . , 958 .
· . , 958 .
· IPMI . · status, on, off, cycle, reset, diag, soft · "insufficient privileges( )" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1170
· IPMI 2.0 . · IPMI . IPMI .
1 IPMI IP power-cycling . IPMI UNIX . ipmitool -I lan -H 192.0.2.1 -U remoteresetuser -P password chassis power reset 192.0.2.1 IP remoteresetuser password .
2 11 .
· , 1171 · , 1171 · Cisco , 1172 · , 1174
Cisco Content Security Virtual Appliance (http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html) .
· . Cisco , 7 . . · . · , 7 · Cisco Support Community, 7 · Cisco , Cisco.com ID . Cisco.com
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1171
Cisco
Cisco.com (https://sso.cisco.com/autho/forms/CDClogin.html) . Cisco.com ID , . Cisco , 8 . Cisco.com ID ID .
· Cisco . .
· .
· . · .
1 . 2 Help and Support( ) > Contact Technical Support( ) . 3 . 4 Send() .
CCO User ID Contract ID .
Cisco
Cisco . · , 1172 · , 1173 · , 1174 · , 1174 · , 1174
upgrades.ironport.com SSH . . 25. . .
1 . 2 GUI Help and Support( ) > Remote Access( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1172
3 Enable() . 4 .
Seed String( ) Cisco .
Secure Tunnel( )
. . 25, .
5 Submit() .
, 1174 .
.
· 22 .
· , 1172 .
1 CLI techsupport . 2 sshaccess . 3 .
.
· , 1174 · , 1174
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1173
techsupport 7 upgrades.ironport.com . , .
1 . 2 GUI Help and Support( ) > Remote Access( ) . 3 Disable() .
techsupport .
1 CLI techsupport . 2 sshaccess . 3 disable .
1 CLI techsupport . 2 status .
TCP/IP . .
1 Help and Support( ) > Packet Capture( ) . 2 .
a) Packet Capture Settings( ) Edit Settings( ) . b) ( ) , .
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1174
Filters() · UNIX tcpdump (: host 10.10.10.10 && port 80) .
· IP (: Email Security Appliance ) IP .
· IP (: Exchange Server) IP .
· Email Security Appliance IP .
c) Submit() . 3 Start Capture( ) .
· .
· (: ) Packet Capture( ) .
· GUI CLI GUI . CLI CLI .
· 10 . ( ) . 1/10 .
· GUI . (CLI .)
4 . Stop Capture( ) .
5 . · Manage Packet Capture Files( ) Download File( ) .
· captures FTP SCP .
.
· FTP SCP . Cisco , 1172 .
· .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1175
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1176
44
D-Mode
. · : D-Mode , 1177 · , 1179 · IPMM(IronPort Mail Merge) , 1180
: D-Mode
D-Mode Email Security Appliance , . D-Mode .
· D-Mode , 1177 · D-Mode , 1178 · D-Mode , 1178
D-Mode
· 256 (Virtual Gateway Address) - Cisco Virtual Gateway ( IP , ), ( ). , 69 "Customizing Listeners( )" .
· IPMM(IronPort Mail Merge) - IPMM(IronPort Mail Merge) . , . IPMM(IronPort Mail Merge) , 1180 .
· - D-Mode . , 1179 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1177
D-Mode
D-Mode
·
D-Mode
· IronPort Anti-Spam Scanning On/Off - IronPort Anti-Spam Scanning . .
· Outbreak Filter - Outbreak Filter D-Mode . Outbreak Filter .
· SenderBase Network Participation - SenderBase Network Participation D-Mode . SenderBase Network Participation .
· - . , .
D-Mode Email Security Monitor Overview( ) ( D-Mode ).
· Data Loss Prevention - DLP D-Mode .
D-Mode
152: D-Mode AsyncOS
Anti-Virus, 335 .
DKIM/ . , 571 .
, 1117 .
. destconfig "Good Neighbor" Table . , 703 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1178
D-Mode
. , 703 .
, 893 .
()
: , 1149 .
VLAN, NIC
, 1039 .
. , 335 .
1 . ( ) Cisco Email Security Appliance . System Administration( ) > Feature Key( ) CLI featurekey .
30 Sophos McAfee Anti-Virus .
2 . 3 (GUI CLI) .
. ( .)
D-Mode AsyncOS .
, .
. .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1179
D-Mode
mail3.example.com> bounceconfig Choose the operation you want to perform: - NEW - Create a new profile. - EDIT - Modify a profile. - DELETE - Remove a profile. - SETUP - Configure global bounce settings. []> setup Do you want to bounce all enqueued messages bound for a domain if the host is down? [N]> y
10 "" . AsyncOS 15 , 10 .
IPMM(IronPort Mail Merge)
IronPort Mail Merge D-Mode .
IronPort Mail Merge
IronPort Mail Merge . , . IPMM . . IPMM "" . ( .)
· . IPMM .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1180
D-Mode
· . , "" .
· . .
· . D-Mode .
SMTP
IPMM SMTP . . (D-Mode IPMM .) SMTP , D-Mode SMTP . IPMM listenerconfig setipmm . , 69 . IPMM (MAIL FROM DATA) (XDFN) SMTP . MAIL FROM XMRG FROM DATA XPRT . . 1. EHLO . 2. XMRG FROM: . 3. . 4. (XDFN *PART=1,2,3...) XDFN
. 5. RCPT TO: . RCPT TO: XMRG FROM
RCPT TO . 6. XPRT n , DATA (.)
. XPRT n LAST .
. HTML . , (&) (;) . (*) .
IPMM "" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1181
1
D-Mode
1
153: IPMM:
*FROM *TO *PARTS
*DATE *DK
*FROM "Envelope From" . "Envelope From" "XMRG FROM:" .
*TO "RCPT TO:" .
*PARTS . RCPT TO:" , "XPRT n" .
*DATE .
*DK DomainKeys Signing ( AsyncOS ). DomainKeys Signing , 571 .
( ) 4 5 . . &*TO; . . .
From: Mr.Spacely <[email protected]> To: &first_name;&last_name;&*TO;
Subject: Thanks for Being an Example.Com Customer Dear &first_name;, Thank you for purchasing a &color; sprocket.
. .
· · -
SMTP DATA , IPMM XPRT . . . . *PARTS . 2 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1182
D-Mode
2, 1
. .
2, 1
From: Mr. Spacely <[email protected]>
To: &first_name; &last_name; &*TO; Subject: Thanks for Being an Example.Com Customer Dear &first_name;, Thank you for purchasing a &color; sprocket.
2, 2
Please accept our offer for 10% off your next sprocket purchase.
. .
· · · -
IPMM DomainKeys Signing
IPMM DomainKeys Signing . DomainKeys *DK . .
XDFN first_name="Jane" last_name="User" color="red" *PARTS=1,2 *DK=mass_mailing_1
"mail_mailing_1" DomainKeys .
XMRG FROM
XDFN
IPMM SMTP .
:
XMRG FROM: <sender email address>
SMTP MAIL FROM: , IPMM . IPMM XMRG FROM: .
:
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1183
XPRT
D-Mode
XPRT
XDFN <KEY=VALUE> [KEY=VALUE]
XDFN . - . *PARTS XPRT ( ). *PARTS . (XPRT ) . *FROM, *TO *DATE.
:
XPRT index_number LAST Message .
XPRT SMTP DATA . . (SMTP DATA ). LAST , . LAST .
· XDFN , . D-Mode 4. . .
· - ("/") . HTML . ™ HTML . XDFN trade=foo HTML " TM " IPMM , ("foo") . GET URL "&" .
IPMM
#2() IPMM . , "Jane User" "Joe User" . bold D-Mode SMTP , monospaced type SMTP , italic type . .
220 ESMTP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1184
D-Mode
IPMM
EHLO foo
250 - ehlo responses from the listener enabled for IPMM
.
XMRG FROM:<[email protected]> [Note: This replaces the MAIL FROM: SMTP command.] 250 OK
.
XDFN first_name="Jane" last_name="User" color="red" *PARTS=1,2 [Note: This line defines three variables (first_name, last_name, and color) and then uses the *PARTS reserved variable to define that the next recipient defined will receive message parts numbers 1 and 2.] 250 OK RCPT TO:<[email protected]> 250 recipient <[email protected]> ok XDFN first_name="Joe" last_name="User" color="black" *PARTS=1 [Note: This line defines three variables (first_name, last_name, and color) and then uses the *PARTS reserved variable to define that the next recipient defined will receive message parts numbers 1 only.] RCPT TO:<[email protected]> 250 recipient <[email protected]> ok
1 .
XPRT 1 [Note: This replaces the DATA SMTP command.] 354 OK, send part From: Mr. Spacely <[email protected]> To: &first_name; &last_name; &*TO; Subject: Thanks for Being an Example.Com Customer &*DATE; Dear &first_name;, Thank you for purchasing a &color; sprocket. .
2 . LAST 2 .
XPRT 2 LAST
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1185
D-Mode
Please accept our offer for 10% off your next sprocket purchase. . 250 Ok, mailmerge message enqueued
"250 Ok, mailmerge message queued" . Jane User .
From: Mr. Spacely <[email protected]> To: Jane User <[email protected]> Subject: Thanks for Being an Example.Com Customer
message date Dear Jane,
Thank you for purchasing a red sprocket. Please accept our offer for 10% off your next sprocket purchase.
Joe User .
From: Mr. Spacely <[email protected]> To: Joe User <[email protected]> Subject: Thanks for Being an Example.Com Customer message date Dear Joe, Thank you for purchasing a black sprocket.
Cisco IPMM IPMM . IPMM Cisco . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1186
45
Cisco Content(M-Series) Security Management Appliance
. · Cisco Content Security Management Appliance Services , 1187 · , 1188 · , 1188 · , Outbreak , 1191 · , 1196 · , 1197 · , 1198
Cisco Content Security Management Appliance Services
Cisco Content Security Management Appliance(M-Series ) Email Security Appliance " " . Security Management Appliance .
· . , .
· , Outbreak . , Outbreak .
· . Email Security Appliance . · . Email Security Appliance . Cisco Content Security Management Appliance Cisco Content Security Management Appliance .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1187
Cisco Content(M-Series) Security Management Appliance
Email Security Appliance Security Management Appliance . CLI smaconfig > add . OR Email Security Appliance Security Management Appliance . , 913 .
Cisco Content Security Management Appliance (: ) DMZ . 2- DMZ . Security Management Appliance DMZ .
87: Cisco Content Security Management Appliance
Email Security Appliance Security Management Appliance . , Email Security Appliance .
· , 1189 · , 1189 · / , 1190 · , 1191 · , 1191
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1188
Cisco Content(M-Series) Security Management Appliance
, 1188 DMZ . DMZ MTA(mail transfer agent)() .
( ) Security Management Appliance . , . .
Security Management Appliance Email Security Appliance . HAT , RAT, , , , , , .
Security Management Appliance Email Security Appliance Security Management Appliance , . Security Management Appliance IP . Security Management Appliance IP Email Security Appliance . Security Management Appliance IP .
Security Management Appliance IP . Security Management Appliance Cisco Content Security Management Appliance .
Security Management Appliance (Content Security Appliance ) (Cisco Content Security Management Appliance ). Security Management Appliance Email Security Appliance , , ( Content Security Appliance) . Security Management Appliance .
Email Security Appliance Security Management Appliance .
.
· - Security Management Appliance . .
· - Schedule Delete After( ) .
· - "Delete All( )" ( ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1189
/
Cisco Content(M-Series) Security Management Appliance
891 ). . .
.
/
Email Security Appliance .
· , 1189 . · , 1189 . · / Security Management Appliance
. Security Management Appliance . · Email Security Appliance
. Email Security Appliance .
1 Security Services( ) > Centralized Services( ) > Spam Quarantine( ) .
2 Configure() . 3 Enable External Spam Quarantine( ) . 4 Name() Security Management Appliance .
. Security Management Appliance .
5 IP . Spam Quarantines Settings( ) (Management Appliance( ) > Centralized Services( ) > Spam Quarantine( )) Security Management Appliance IP .
6 ( ) External Safelist/Blocklist( / ) .
7 . 8 Email Security Appliance .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1190
Cisco Content(M-Series) Security Management Appliance
, 1191 .
· , 868 · , 867 · Anti-Spam, 355 · , 356
. / , 1190 .
1 Monitor() > Spam Quarantine( ) . 2 Spam Quarantine( ) Spam Quarantine( ) . 3 Enable Spam Quarantine( ) .
. . 4 .
Email Security Appliance : Security Management Appliance Email Security Appliance . : Security Management Appliance IP . , 1189 .
, Outbreak
· , , , 1192 · , Outbreak , 1193
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1191
, ,
Cisco Content(M-Series) Security Management Appliance
· , Outbreak , 1193 · , Outbreak , 1195 · , Outbreak , 1196
, ,
Security Management Appliance , . Email Security Appliance Security Management Appliance .
, Outbreak .
· Email Security Appliance .
· DMZ . · Security Management Appliance
.
Security Management Appliance .
, Outbreak
· Email Security Appliance , Outbreak , .
· Security Management Appliance , Outbreak .
, Outbreak
, Outbreak .
:
· (, ) EmailSecurity appliance , Outbreak , Security Management Appliance .
· DLP .
· , Outbreak .
· Security Management Appliance .
.
, Outbreak Email Security Appliance ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1192
Cisco Content(M-Series) Security Management Appliance
, Outbreak
.
, Outbreak
, Outbreak mail Security appliance , Outbreak SecurityManagement appliance . SecurityManagement appliance , Email Security Appliance , Outbreak . .
· Email Security Appliance , Outbreak . Security Management Appliance .
· Security Management Appliance . · , Outbreak .
. , 854 . · . · . . Email Security Appliance . · . .
.
, Outbreak
.
· , Security Management Appliance . Security Management Appliance " , Outbreak " ", Outbreak " .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1193
, Outbreak
Cisco Content(M-Series) Security Management Appliance
· Security Management Appliance Security Management Appliance . . , 851 .
· Email Security Appliance .
· Email Security Appliance , Outbreak , 1192 .
· . , Outbreak , 1193 .
1
2 3
Security Services( ) > Centralized Services( ) > Policy, Virus, and Outbreak Quarantines(, Outbreak ) . Enable() . SecurityManagement appliance .
SecurityManagement appliance .
Email Security Appliance .
4 5 6 7
. . . DLP .
. .
8
a) Security Management Appliance . b) .
Remove from Centralized Quarantine( ) . .
c) Security Management Appliance . d) .
! Security Services( ) > Centralized Services( ) > Policy, Virus, and Outbreak Quarantines(, Outbreak ) .
9 Submit() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1194
Cisco Content(M-Series) Security Management Appliance
, Outbreak
10 8 . 11 .
Email Security Appliance Security Management Appliance .
12 . .
Security Management Appliance ", Outbreak " .
· , , 857
, Outbreak
Email Security Appliance , : · Email Security Appliance . · , , DLP Email Security Appliance . ( ) Virus(), Outbreak( ) Unclassified() . . · . · . · . · true .
* Security Management Appliance . Security Management Appliance . * Email Security Appliance .
, Outbreak
· , Outbreak . · . · , Outbreak .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1195
, Outbreak
Cisco Content(M-Series) Security Management Appliance
· . Security Management Appliance .
1 Email Security Appliance Security Services( ) > Centralized Services( ) > Policy, Virus, and Outbreak Quarantines(, Outbreak ) .
2 , Outbreak . 3 . 4 .
, Outbreak
Cisco Content Security Management Appliance , Outbreak Security Management Appliance Email Security Appliance . Security Management Appliance Email Security Appliance . Security Management Appliance " , Outbreak " ", Outbreak " .
· Security Management Appliance . Cisco Content Security Management Appliance . · Security Management Appliance .
1 Security Services( ) > Reporting() . 2 Reporting Service( ) Centralized Reporting( ) . 3 .
Advanced Malware Protection
Security Management Appliance Advanced Malware Protection( ) Security Management Appliance
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1196
Cisco Content(M-Series) Security Management Appliance
Advanced Malware Protection .
Email Security Appliance : · Email Security Appliance Security Management Appliance . · Email Security Appliance . · Email Security Appliance . · Security Management Appliance . · Email Security Appliance . · Email Security Appliance .
Email Security Appliance Email Security Appliance , , . . . . Email Security Appliance .
Email Security Appliance .
1 Security Services( ) > Message Tracking( ) . 2 Message Tracking Service( ) Edit Settings( ) . 3 Enable Message Tracking Service( ) . 4 Centralized Tracking( ) . 5 ( ) .
Security Management Appliance . 6 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1197
Cisco Content(M-Series) Security Management Appliance
Email Security Appliance Security Management Appliance . Security Management Appliance Cisco Content Security Management Appliance .
Cisco Content Security Management Appliance .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1198
A
FTP, SSH SCP
.
· IP , 1199 · Email Security Appliance FTP , 1200 · scp(Secure Copy) , 1202 · , 1203
IP
IP . IP . IP IPv4(Internet Protocol version 4), IPv6(version 6) .
154:
Management interface2
FTP 21
SSH 22
HTTP 80
HTTPS 443
2 "Management Interface" C170 Data 1 Interface .
· GUI(graphical user interface) HTTP / HTTPS .
· FTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1199
AsyncOS IP
FTP, SSH SCP
· scp(secure copy) . IP HTTP HTTPS . Virtual Gateway IP IP Virtual Gateway . "" (CLI ), . Virtual Gateway . VLAN (CLI ). , 1039 .
· AsyncOS IP , 1200
AsyncOS IP
AsyncOS Network() > IP Interfaces(IP ) ifconfig CLI IP IP IP . IP . IP IP . IP
· 10.10.10.2/24 · 10.10.10.30/24 · 10.10.10.100/24 · 10.10.10.105/24 AsyncOS IP 10.10.10.2/24 .
Email Security Appliance FTP
1 Network() > IP Interfaces(IP ) interfaceconfig FTP . interfaceconfig , CLI . , Serial Management .
2 . 3 FTP . IP .
.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1200
FTP, SSH SCP
FTP, SSH SCP
$ ftp 192.168.42.42
FTP .
4 . FTP ("GET" PUT") . .
/configuration
:
· (altsrchost) · XML (Saveconfig, loadconfig) · HAT(Host Access Table)(hostaccess) · RAT(Recipient Access Table)(rcptaccess) · SMTP (smtproutes) · (aliasconfig) · (masquerade) · (filters) · (unsubscribe) · trace · slbl<timestamp><serial number>.csv /
/antivirus
(scan.dat) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1201
scp(Secure Copy)
FTP, SSH SCP
/configuration /system_logs /cli_logs /status /reportd_logs reportqueryd_logs /ftpd_logs /mail_logs /asarchive /bounces /error_logs /avarchive /gui_logs /sntpd_logs /RAID.output /euq_logs /scanning /antispam /antivirus /euqgui_logs /ipmitool.output
logconfig rollovernow . , 1053 . " " .
5 FTP .
scp(Secure Copy)
scp(secure copy) / . /tmp/test.txt mail3.example.com . (admin) . . scp(secure copy) .
% scp /tmp/test.txt [email protected]:configuration
The authenticity of host 'mail3.example.com (192.168.42.42)' can't be established.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1202
FTP, SSH SCP
DSA key fingerprint is 69:02:01:1d:9b:eb:eb:80:0c:a1:f5:a6:61:da:c8:db. Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mail3.example.com ' (DSA) to the list of known hosts. [email protected]'s passphrase: (type the passphrase) test.txt 100% |****************************| 1007 00:00 %
.
% scp [email protected]:configuration/text.txt . [email protected]'s passphrase: (type the passphrase) test.txt 100% |****************************| 1007 00:00 %
Cisco FTP scp(secure copy) .
Operators Administrators secure copy(scp) . , 897 .
. .
80-Series 90-Series
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1203
70-Series
FTP, SSH SCP
70-Series
, .
88:
155:
PIN
I/O
1 DCD
Data carrier detect
2 SIN
Serial input
3 SOUT
Serial output
4 DTR
5 GND
Signal ground
6 DSR
7 RTS
8 CTS
9 RI
Ring indicator
Shell
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1204
B
IP
. · , 1205 · IP , 1205 · CSA , 1207
Cisco CSA(Content Security Appliance) ( ) 4 . .
· Management · Data1 · Data2 · Data3 · Data4
IP
CSA . IP . ( IP ) . IP . IP . IP IP . . IP . IP ( ) . IP
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1205
IP
. CIDR(Classless Inter-Domain Routing) . (1-32) .
. 255.255.255.0 "/24" 255.255.240.0 "/20" . "
. Int1 Int2 . CSA 3 (Management, Data1, Data2) 2 .
Network 1: .
IP
Netmask
Int1
192.168.1.10 255.255.255.0 192.168.1.0/24
Int2
192.168.0.10 255.255.255.0 192.168.0.0/24
192.168.1.X( X 1-255 , , 10) Int1 . 192.168.0.X Int2 . ( WAN ) . .
Network 2: (IP ) .
IP
Netmask
Int1
192.168.1.10 255.255.0.0 192.168.0.0/16
Int2
192.168.0.10 255.255.0.0 192.168.0.0/16
. CSA 192.168.1.11 . . CSA .
, CSA IP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1206
IP
IP ,
IP ,
GUI CLI (: AsyncOS DNS ) ( ) .
3 CSA ( /24 ).
IP
Management 192.19.0.100
Data1
192.19.1.100
Data2
192.19.2.100
192.19.0.1.
AsyncOS ( ) Data1(192.19.1.100) IP , TCP Data1 . ( Management) , Data1 IP .
CSA . CSA IP , IP . .
CSA
.
· (CLI, , ) .
· .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1207
IP
IP
· 1000Base-T SMTP 100Base-T , .
· . , .
. . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1208
C
. · , 1209
. 1. , ,
. 2. ( ) 2
, . 3. 3 . 4.
. , , . "Policy Administrator( )" . , , .
· Anti-Spam, 355 · Anti-Virus, 335 · (Outbreak Filter), 399 · , 893
Mail Policies( ) . Anti-Spam, Sophos McAfee Anti-Virus, Outbreak Filters( ) Incoming Mail Policies( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1209
Enabled(), Disabled() "Not Available( )"
. · ( ): · : , · : , · :
· ( ): · : , · : , · :
· : , , X-header · : , · : , · : , · :
· : · · 1 ·
· :
89: Incoming Mail Policies( ) :
Incoming Mail Policy( ) .
Enabled(), Disabled() "Not Available( )"
( ) . "Enabled" . , "Disabled" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1210
"Not Available" . "Not Available" Security Services( ) . . .
90: Security Services Not Available( )
. .
· .
. . . . , . [MARKETING] .
1 . , . "Disable()" .
2 "Positively Identified Spam Settings( )" "Action to apply to this message( )" Drop() .
3 "Marketing Email Settings( )" Yes() . [MARKETING] . "Add text to message( )" US-ASCII .
4 Submit() . Incoming Mail Policies( ) . , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1211
91: Anti-Spam Settings( )
2 . (LDAP ) . Policy Administrator( ) . .
1 Add Policy() . 2 ( ).
( ) . ( ) . 3 Editable by (Roles)( ()) , . AsyncOS . , , . , ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1212
. .
, 893 .
4 .
. ( , 272 .) , .
.
· : [email protected] · : user@ · : @example.com · : @.example.com · LDAP
AsyncOS GUI CLI / . Joe@ [email protected] .
LDAP (: Microsoft Active Directory, SunONE Directory Server( "iPlanet Directory Server") OpenLDAP ) , / , , .
.
LDAP , 735 .
92:
5 Add() Current Users( ) . , LDAP . Remove() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1213
6 Submit() . .
93: -
7 Add Policy( ) . .
94:
8 Submit() . 9 .
95: -
. . . "Sales_Group" "Engineering" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1214
,
,
.
· . · () . · .
. · . ( , 1211 .) . . . Anti-Spam, 355 .
· , URL (example.com ) . "dwg" . (Outbreak Filter), 399 .
1 (Anti-Spam) . (use default).
2 "Enable Anti-Spam Scanning for this Policy( )" "Use Default Settings( )" "Use Anti-Spam service( )" . "Use Anti-Spam service( )" .
3 "Positively-Identified Spam Settings( )" "Apply This Action to Message( )" Drop() .
4 "Suspected Spam Settings( )" Yes() . 5 "Suspected Spam Settings( )" "Apply This Action to Message( )"
"Spam Quarantine( )" .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1215
.
6 "Add text to subject( )" None() . .
7 "Marketing Email Settings( )" Yes() .
8 "Apply This Action to Message( )" "Spam Quarantine( )" . 9 .
. LDAP .
Outbreak Filter( )
1 (Outbreak Filters ) . (use default).
2 "Enable Outbreak Filtering (Customize settings)( ( ))" . "(Customize settings)" . .
3 "Bypass Attachment Scanning( )" dwg . "dwg" . (.) .
4 Add Extension( ) .dwg .
5 Enable Message Modification( ) . (: , , URL) . Cisco Security . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1216
6 Enable for Unsigned Messages( ) . URL . URL . 4 .
7 Bypass Domain Scanning( ) example.com . example.com .
8 Threat Disclaimer( ) System Generated( ) . . .
96:
9 . . dwg ( ) . example.com Cisco Security .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1217
Incoming() Outgoing Mail Policies( ) "Find Policies( )" .
[email protected] Find Policies( ) .
Edit Policy( ) .
.
. , . "" , . , .
, . . "" . "" .
156: /
Anti-Spam Anti-Virus
:
:
:
: "[Suspected
: "[Marketing]" Spam]"
:
: : : :
: : : :
, ,
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1218
3 . Policy Administration( ) . . 1. "scan_for_confidential"
"confidential" . [email protected] . 2. "no_mp3s" MP3 , MP3 . 3. "ex_employee" (ex-employee) . .
, ( ) .
"Confidential"
.
1 2 3 4
Mail Policies( ) . Incoming Content Filters( ) . Add Filter( ) . Name() scan_for_confidential .
ASCII , , . .
5 Editable By (Roles)( ()) Policy Administrator( ) OK() .
Policy Administrator( ) .
6 7 8 9
Description() . : scan all incoming mail for the string `confidential'. Add Condition( ) . Message Body( ) . Contains text( ): confidential OK() .
Add Content Filter( ) .
10 Add Action( ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1219
MP3
11 Send Copy To (Bcc:)( (Bcc:)) . 12 Email Addresses( ) [email protected] . 13 Subject() [message matched confidential filter] . 14 OK() .
Add Content Filter( ) .
15 Add Action( ) . 16 Quarantine() . 17 Policy() . 18 OK() .
Add Content Filter( ) .
19 . . . .
MP3
.
1 Add Filter( ) . 2 Name() no_mp3s . 3 Editable By (Roles)( ()) Policy Administrator( ) OK()
. 4 Description() . : strip all MP3 attachments. 5 Add Action( ) . 6 Strip Attachment by File Info( ) . 7 File type is( ) . 8 -- mp3 . 9 . 10 OK() . 11 .
. . ( true() . .)
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1220
.
1 2 3
4 5 6 7 8
Add Filter( ) . Name(): ex_employee . Editable By (Roles)( ()) Policy Administrator( ) OK() . Description(): . : bounce messages intended for Doug. Add Condition( ) . Envelope Recipient( ) . Begins with doug@ . OK() .
Content Filters( ) . LDAP . .
9 Add Action( ) . 10 Notify() . 11 Sender() , Subject() message bounced for ex-employee of example.com
. 12 Use template( ) .
. , Mail Policies( ) > Dictionaries() CLI dictionaryconfig , . , 613 .
13 OK() . Add Content Filters( ) .
14 Add Action( ) . 15 Bounce (Final Action)(( )) OK() .
. GUI .
. .
16 .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1221
Incoming Content Filters( ) . Incoming Content Filters( ) Outgoing Content filters( ) " " .
97: Incoming Content Filters( ): 3
3 . · 3 . · no_mp3s . · .
.
1 Incoming Mail Policies( ) Incoming Mail Policy( ) . , 1212 . .
2 (Content Filters ) . 3 Content Filtering for Default Policy( ) "Disable
Content Filters( )" "Enable Content Filters (Customize settings)( ( ))" . ( , 283 Incoming Content Filters( ) ) . "Enable Content Filters (Customize settings)( ( ))" () . 4 Enable() . 5 Submit() . Incoming Mail Policies( ) .
MP3
"engineering" "no_mp3s"
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1222
GUI
1 (Content Filters ) . 2 Content Filtering for Policy: Engineering( : )
"Enable Content Filtering (Inherit default policy settings)( ( ))" "Enable Content Filtering (Customize settings)( ( ))" . "Use Default Settings( )" "Yes()" () .
3 "no_mp3s" . 4 Submit() .
Incoming Mail Policies( ) .
5 .
, MP3 . MP3 .
GUI
· . . ( true() . .)
· , . , 893 .
· .
· . . ^ $ * + ? { [ ] \ | ( ) '\'() . : "\*Warning\*"
· ( AND) , ( OR) .
· "benign()" . "deliver()" . . (: ) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1223
· , " " . .
· Incoming or Outgoing Content Filters( ) 1 .
· Incoming or Outgoing Mail Policies( ) .
· .
· Bcc: . ( , , , 847 .) (, ) .
· "Entire Message( )" Scan Behavior( ) scanconfig . "Entire Message( )" . "Subject()" "Header()" .
· LDAP (, ldapconfig LDAP ) LDAP GUI .
· GUI . , Text Resources( ) CLI textconfig .
· , , .
· (UTF-8) · (UTF-16) · /-1(ISO 8859-1) · /-1(Windows CP1252) · (Big 5) · (GB 2312) · (HZ GB 2312) · (ISO 2022-KR) · (KS-C-5601/EUC-KR) · (Shift-JIS (X0123)) · (ISO-2022-JP) · (EUC)
. . .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1224
98:
· Incoming or Outgoing Content Filters( ) "Description()", "Rules()" "Policies()" .
· Description() . ( .)
· Rules() . · Policies() .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1225
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1226
D
. · , 1227
Cisco Content Security Appliance .
157:
Protocol( In/Out )
20/21 TCP
In/Out
Hostname AsyncOS IP, FTP
22
TCP
22
TCP
22
TCP
25
TCP
In
AsyncOS IP
Out
SSH
Out
SCP
Out
FTP. TCP 1024 . FTP . , 7 .
CLI SSH , .
SSH .
SCP .
SMTP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1227
25
TCP
In
AsyncOS IP
SMTP.
53
UDP/TCP
Out
DNS
DNS DNS. SenderBase .
80
HTTP
In
AsyncOS IP
GUI HTTP .
80
HTTP
Out
downloads.ironport.com
McAfee
80
HTTP
Out
updates.ironport.com
AsyncOS McAfee Anti-Virus .
80
HTTP
Out
cdn-microupdates.cloudmark.com Intelligent MultiScan
.
phone home
CIDR
208.83.136.0/22
.
80
HTTP
Out
TAXII
.
82
HTTP
In
AsyncOS IP
.
83
HTTPS
In
AsyncOS IP
.
110
TCP
Out
POP
POP .
123
UDP
In Out NTP
NTP.
143
TCP
Out
IMAP
IMAP .
161
UDP
In
AsyncOS IP
SNMP .
162
UDP
Out
SNMP .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1228
389 LDAP 3268
636 LDAPS 3269
443
TCP
443
TCP
443
TCP
443
TCP
443
TCP
443
TCP
443
TCP
443
TCP
Out
LDAP
LDAP LDAP. Cisco Spam Quarantine LDAP .
Out
LDAPS
LDAPS - ActiveDirectory Global Catalog Server(SSL ).
In
AsyncOS IP
GUI HTTP(https) .
Out
res.cisco.com
.
Out
update-manifests.ironport.com
(
).
Out
update-manifests.sco.cisco.com
(
).
Out
phonehome.senderbase.org Outbreak Filter /.
Out
CLI(command-line interface) URL URL
websecurityadvancedconfig .
.
.
Out
Security Services( ,
) > File Reputation and
Analysis( ), .
Advanced Settings for File 32137. Reputation( 443
) , Cloud Server . Pool( )
.
Out
Security Services(
) > File Reputation and .
Analysis( ), 443 32137
Advanced Settings for File . Reputation(
) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1229
443
TCP
443
TCP
443
TCP
443
HTTPS
443
HTTPS
514
UDP/TCP
628
TCP
990
TCP/FTP
1024 --
2222
CCS
TCP
In Out
Security Services( AMP for Endpoints Console ) > File Reputation and . Analysis( ), Advanced Settings for File Reputation( ) , AMP for Endpoints Console .
api.amp.sourcefire.com
api.eu.amp.sourcefire.com
api.apjc.amp.sourcefire.com
api.amp.cisco.com
api.eu.amp.cisco.com
api.apjc.amp.cisco.com
In Out outlook.office365.com
Office 365
login.microsoftonline.com. .
Out
aggregator.cisco.com
Cisco Aggregator Server .
Out
logapi.ces.cisco.com
Cisco TAC .
Out
TAXII
.
Out
Syslog
Syslog .
In & In AsyncOS IP
QMQP.
Out
support-ftp.cisco.com
Cisco TAC .
--
--
21(FTP) .
In & In AsyncOS IP
( ).
Out
AsyncOS IP
Cisco Spam Quarantine.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1230
7025
TCP
In/Out AsyncOS IP
Email Security Appliance Security Management Appliance , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1231
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1232
E
. · Cisco Systems , 1233 · Cisco Systems Content Security , 1239
Cisco Systems
: . CISCO , ("" ) CISCO . . CISCO CISCO , . Cisco Systems, Inc. CISCO SYSTEMS, INC. ("CISCO") ("" ) . . , . CISCO , (A) , (B) ( CD ) , . 30 , . " " (A) CISCO (B) CISCO , CISCO (C) CISCO CISCO , / .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1233
( ) , (A) CISCO (B) "-" . (1) , (2) - , (3) . "" ( CISCO ), , , (" " ), CISCO (CISCO ) .
. Cisco . "" (CD-ROM ) ( , , ) . Cisco .
, (" ") .
, ( Cisco ) Cisco . , .
Cisco .
. Cisco . ( ) Cisco . Cisco , .
(i) (Cisco / ), Cisco Cisco . , .
(ii) .
(iii) , , . , Cisco .
(iv) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1234
(v) Cisco .
(vi) Cisco , . .
Cisco Cisco . , Cisco .
, . : (1) , . (2) , CISCO . (3) .
. , , , . , Cisco .
. . . Cisco . . , " " . " " " " .
. , Cisco . Cisco .
, , . Cisco , ( " ") . Cisco , , , , . Cisco , . , , URL .
http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_ compliance.html.
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1235
. Federal Acquisition Regulation("FAR")(48 C.F.R.) 2.101 " ", FAR 12.212 " " " " . FAR 12.212 DoD FAR Supp. 227.7202-1~227.7202-4 FAR , , . " " " " , .
: . , Cisco , readme.txt , - (: http://www.cisco.com/) (" ") , , , (" " ) . .
Cisco (a) , (b) , (Cisco Cisco 90 ) (a) 90 (b) ("") ( ) . Cisco . " " . . Cisco (i) / (ii) Cisco , , . Cisco / . Cisco . Cisco , .
. , (a) (Cisco ), (b) Cisco , , , (c) , , , , (d) , , . (e) , (f) Cisco , (g) Cisco Cisco " " , (h) , (i) .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1236
, , , , , , ( ) , , , CISCO, . , , / " " . . , . .
- . , , , , Cisco, , , , , , , ( ), , . (, ).
, , , , CISCO, , , , , , , ( ), CISCO , . (, ). (I) CISCO, , , , , , , (II) CISCO , (III) CISCO .
- . , , , CISCO CISCO , , , , , , , . .
, , CISCO, , , , , , CISCO, , , , , , , , , .
, , , CISCO, , , , , , , ( )
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1237
CISCO, , , , , , , , , , , , , . . . (I) , (II) , (III) CISCO .
Cisco , ( ), .
, . , (""), , . . , . . , , , ( ) , , . . Contracts(Rights of Third Parties) Act 1999 . , , . . , , . . , , . .
(UN Convention on Contracts for the International Sale of Goods) . , . . , , , . , .
Cisco URL .
http://www.cisco.com/go/warranty
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1238
Cisco Systems Content Security
Cisco Systems Content Security
: .
("SEULA") ( "" "" ) Cisco ("EULA")("" ) . SEULA EULA . EULA SEULA SEULA .
EULA SEULA .
, , . CISCO , (A) , (B) ( CD ) , . CISCO CISCO 30 , .
SEULA, Cisco Systems Email Security Appliance("ESA"), Cisco Systems Web Security Appliance("WSA") Cisco Systems Security Management Application("SMA")("Content Security" ) ("") .
Cisco AsyncOS for Email
Cisco AsyncOS for Web
Cisco AsyncOS for Management
Cisco Email Anti-Spam, Sophos Anti-Virus
Cisco Email Outbreak Filters
Cloudmark Anti-Spam
Cisco Image Analyzer
McAfee Anti-Virus
Cisco Intelligent Multi-Scan
Cisco Data Loss Prevention
Cisco Email Encryption
Cisco Email Delivery Mode
Cisco Web Usage Controls
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1239
Cisco Web Reputation Sophos Anti-Malware Webroot Anti-Malware McAfee Anti-Malware Cisco Email Reporting Cisco Email Message Tracking Cisco Email Centralized Quarantine Cisco Web Reporting Cisco Web Policy and Configuration Management Cisco Advanced Web Security Management with Splunk Email Encryption for Encryption Appliances Email Encryption for System Generated Bulk Email Email Encryption and Public Key Encryption for Encryption Appliances Large Attachment Handling for Encryption Appliances Secure Mailbox License for Encryption Appliances
SEULA . " " , , . " " (1) WSA SMA , SMA , , (2) ESA , , . Cisco Cisco , , , , Cisco . " " , , ( ) . "" . "" Cisco . " " . http://www.cisco.com/web/about/doing_business/legal/service_descriptions/index.html " " . , Cisco .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1240
.
"" .
" " Cisco Email Security Appliance, Web Security Appliance Security Management Appliance .
" " .
, Cisco Cisco , , . . . . EULA . Cisco, Cisco , . . .
Cisco (http://www.cisco.com/web/siteassets/legal/privacy.html) Cisco . Cisco . , Cisco Cisco . SenderBase Cisco . SenderBase .
Cisco Systems, Inc. , .
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1241
AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1242
DITA Open Toolkit XEP 4.9 build 20070312; modified using iText 2.1.7 by 1T3XT