AsyncOS 12.0 for Cisco Email Security Appliances 사용자 가이드 - GD(일반 구축)
Unknown
AsyncOS 12.0 for Cisco Email Security Appliances 사용자 가이드 - GD(일반 구축)
Cisco Secure Email Gateway - Cisco
Not Your Device? Search For Manuals or Datasheets below:
File Info : application/pdf, 1306 Pages, 21.13MB
Document DEVICE REPORTb ESA Admin Guide 12 0 ko KRAsyncOS 12.0 for Cisco Email Security Appliances GD( ) : 2019 1 31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 . , . . . CISCO . Cisco TCP UNIX UCB University of Berkeley(UCB) . All rights reserved. Copyright © 1981, Regents of the University of California. " " . CISCO , , , , (, ) . CISCO , , , , , ( , , , ) , CISCO . IP( ) . , , , IP . . . Cisco 200 . Cisco (www.cisco.com/go/office) . Cisco Cisco Cisco Systems, Inc. / . Cisco www.cisco.com go trademarks . . `' Cisco . (1721R) © 2019 Cisco Systems, Inc. . 1 Cisco Email Security Appliance 1 Async OS 12.0 2 5 6 6 Cisco 7 7 Cisco Support Community 7 Cisco 7 8 Cisco 8 Cisco 8 Cisco Email Security Appliance 8 10 2 11 (GUI) 11 11 GUI 12 12 13 How-Tos 13 How-Tos 13 14 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) iii 3 14 14 (CLI) 14 15 15 15 Email Security Appliance 15 DNS Email Security Appliance 16 17 17 Incoming 17 Outgoing 18 18 18 18 (NAT, ) 19 Email Security Appliance 19 19 20 22 23 23 IP 24 Management Data IP 24 24 IP 25 25 25 28 GUI( ) 29 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) iv 30 30 1: 31 2: 31 3: 33 4: 37 5: 38 Active Directory 38 39 CLI(Command Line Interface) 39 40 CLI(Command Line Interface) 41 42 42 42 IP 42 43 43 DNS 43 44 Anti-Spam 51 52 52 52 Outbreak Filter SenderBase Email Traffic Monitoring Network 52 AutoSupport 53 53 53 53 54 54 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) v 4 55 55 57 57 57 / 60 HAT(Host Access Table), 61 : 61 61 61 62 RAT(Recipient Access Table) 62 62 LDAP 62 SMTP Call-Ahead 62 / 63 63 LDAP 64 LDAP 64 LDAP 64 64 ( ) 64 / 65 Anti-Spam 65 Anti-Virus 65 66 66 66 (Outbreak Filter) 66 66 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) vi 67 67 67 67 68 68 68 5 69 69 70 72 74 75 , MAIL FROM 79 CLI 80 HAT 81 Enterprise Gateway Configuration 82 6 85 85 SenderBase Reputation Service 85 SBRS(SenderBase Reputation Score) 86 SenderBase 87 87 88 SBRS 89 SenderBase Reputation Service 91 SBRS 91 7 Host Access Table 93 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) vii 93 HAT 94 95 96 , IP 97 HAT 97 SenderBase Reputation 99 DNS 100 101 HAT 102 HAT 102 HAT 103 103 106 106 107 108 108 108 114 HAT(Host Access Table) 115 HAT(Host Access Table) 115 HAT(Host Access Table) 115 116 SenderBase 117 SenderBase 118 HAT 118 HAT 118 HAT 119 119 119 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) viii : 120 : 121 , MAIL FROM 122 SMTP 122 122 - 123 SUSPECTLIST 124 124 ACCEPTED 124 125 125 125 MAIL FROM 126 126 127 127 8 129 129 RAT(Recipient Access Table) 130 GUI RAT 130 CLI RAT 130 RAT 130 131 131 132 LDAP 132 Bypass 133 Recipient Access Table 134 Recipient Access Table 134 Recipient Access Table 134 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) ix 9 137 137 138 138 138 139 140 141 141 141 142 143 143 MIME/ MIME 144 144 AND OR 145 146 146 158 160 160 ASCII 161 n 161 / 161 161 PDF 162 162 163 164 True 165 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) x 165 Subject() 165 Envelope Recipient( ) 166 Envelope Recipient in Group( ) 166 Envelope Sender( ) 167 Envelope Sender in Group( ) 167 Sender Group( ) 168 Body Size( ) 168 Remote IP( IP) 169 Receiving Listener( ) 169 Receiving IP Interface( IP ) 170 Date() 170 Header() 170 Random() 171 Recipient Count( ) 172 Address Count( ) 172 Body Scanning( ) 172 Body Scanning( ) 173 173 Attachment Type( ) 174 Attachment Filename( ) 174 DNS List(DNS ) 175 SenderBase Reputation 176 Dictionary() 177 SPF-Status 178 SPF-Passed 180 S/MIME Gateway Message(S/MIME ) 180 S/MIME Gateway Verified(S/MIME ) 181 Workqueue-count 181 SMTP 181 Signed 183 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xi Signed Certificate( ) 184 Header Repeats( ) 186 URL Reputation(URL ) 188 URL Category(URL ) 189 Corrupt Attachment( ) 189 189 190 191 192 MIME 192 193 ETF 193 SDR 194 196 196 204 206 ASCII 208 208 209 210 210 211 211 S/MIME 211 S/MIME 212 212 214 216 217 217 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xii ( ) 218 219 219 220 221 221 HTML 222 222 223 223 224 224 Outbreak Filter 224 225 225 URL 226 URL 228 229 229 Attachment Scanning( ) 229 231 232 232 233 234 235 236 236 237 237 237 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xiii 239 239 239 240 CLI 240 242 243 243 243 246 246 247 ASCII 247 247 247 247 249 250 255 256 256 256 257 257 257 "To:" 258 "From:" 258 SRBS 258 SRBS 259 Regex 259 SenderBase Reputation 259 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xiv 10 259 260 260 260 260 261 ( ) 261 ( ) 261 261 262 263 265 265 266 269 269 270 271 271 272 272 : 1: 273 : 2: 273 : 3: 273 274 275 276 276 276 277 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xv 11 12 279 280 281 281 283 283 283 284 284 293 299 301 301 303 303 GUI 304 Cisco Email Security 307 307 Cisco Email Security 308 Cisco Email Security 309 309 312 313 313 314 314 315 URL 315 URL 317 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xvi 318 319 320 320 321 321 321 322 13 323 323 SDR 324 326 Cisco Email Security 326 327 328 330 330 331 331 332 332 332 SDR 333 333 333 334 334 14 Anti-Virus 335 335 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xvii 336 336 Sophos 336 337 337 337 338 338 338 338 Sophos 338 339 McAfee Anti-Virus 339 339 339 340 340 340 341 342 342 343 344 347 348 350 351 352 HTTP 352 353 353 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xviii 353 353 15 Anti-Spam 355 355 356 356 IronPort Anti-Spam 358 358 Cisco Anti-Spam: 358 359 IronPort Anti-Spam 359 Cisco Intelligent Multi-Scan 360 Cisco Intelligent Multi-Scan 361 362 365 : 365 366 URL Cisco Web Security : 366 : 367 369 369 Cisco 370 Cisco 370 Cisco 372 Cisco Email Security 372 Cisco 373 373 374 IP 374 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xix 16 375 376 376 376 378 381 381 , HAT, SBRS 382 382 382 () 382 382 382 383 383 384 Cisco Anti-Spam 385 : SMTP 385 386 387 387 Email Security Appliance 387 388 388 390 391 391 392 392 392 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xx IronPort-PHdr 393 394 394 395 396 396 396 396 396 17 (Outbreak Filter) 399 Outbreak Filter 399 Outbreak Filter 400 , 400 400 Virus Outbreaks( ) 401 , 401 Cisco Security Intelligence Operations 402 Context Adaptive Scanning Engine 402 403 URL 403 404 : Outbreak 404 405 405 Outbreaks 405 406 406 : 407 Outbreak Filter 407 408 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxi 18 408 Outbreak 409 Outbreak Filter 410 Outbreak Filter 411 Outbreak Filter 412 412 Outbreak Filter 412 URL URL 412 Outbreak Filter 414 Outbreak Filter 414 Outbreak Filter 415 416 416 416 417 Outbreak Filter Outbreak 419 Outbreak 420 Outbreak 421 Outbreak Filter 421 Outbreak Filter 422 Outbreak Filter 422 422 , SNMP Outbreak Filter 422 Outbreak Filter 422 Cisco 423 423 423 URL 425 URL 425 URL 426 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxii URL 426 URL 426 URL 427 Cisco Web Security Services 428 URL 428 429 429 Cisco Aggregator Server 429 URL 429 URL 430 URL 431 431 URL 432 URL () 433 URL URL : 433 URL : URL URL 434 URL: 436 URL 436 URL URL 437 URL 438 URL 440 URL 441 URL 441 URL 441 442 : SDS: 442 : SDS: 442 Cisco Web Security Services 443 : Cisco Aggregator Server 443 : Cisco Aggregator Server 444 websecurityadvancedconfig 444 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxiii 19 444 URL Outbreak Filter 444 URL 445 URL 445 Cisco Web Security Services 445 URL 446 URL 446 URL 459 URL URL 459 URL 459 File Reputation Filtering and File Analysis( ) 461 461 462 462 463 464 465 465 466 466 467 468 AMP for Endpoints Console 472 AMP for Endpoints 474 ! 475 ( ) 475 ? 476 477 479 480 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxiv 480 481 482 X- 482 482 Advanced Malware Protection 483 Advanced Malware Protection 483 Advanced Malware Protection 484 484 SHA-256 484 485 486 Message() Advanced Malware Protection 486 487 487 487 488 488 API ( ) 488 489 489 20 491 491 DLP 492 492 493 493 DLP( ) 494 494 DLP 495 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxv DLP 495 DLP 496 DLP 497 DLP () 498 499 500 DLP 502 ( DLP ) 503 503 DLP ( DLP ) 505 506 ( DLP ) 508 508 DLP 509 510 510 DLP 510 DLP 511 DLP 511 DLP 511 DLP 512 512 DLP ( ) 513 514 DLP 515 DLP 515 DLP 517 DLP 518 DLP 518 DLP 518 ( ) 518 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxvi () DLP 519 DLP 519 Data Loss Prevention 520 DLP 520 21 Cisco Email Encryption 521 Cisco Email Encryption 521 522 522 Email Security Appliance 523 Email Security Appliance 524 524 527 PXE 528 528 TLS 529 529 530 531 532 534 534 JavaScript 535 535 535 22 S/MIME 537 S/MIME 537 Email Security Appliance S/MIME 537 S/MIME 538 : Business-to-Business 538 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxvii : Business-to-Consumer 539 S/MIME , 540 Email Security Appliance S/MIME 540 S/MIME 541 S/MIME 541 S/MIME , 541 S/MIME 542 S/MIME 543 S/MIME 544 S/MIME 545 S/MIME 545 S/MIME 545 546 S/MIME 547 , S/MIME 547 S/MIME 549 , 549 , 549 , 550 S/MIME , 551 Email Security Appliance S/MIME 551 S/MIME 551 S/MIME 551 S/MIME , 552 552 553 S/MIME 554 S/MIME 554 554 S/MIME 555 S/MIME 555 xxviii AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) S/MIME 556 S/MIME 556 556 557 558 558 559 559 23 Office 365 561 561 562 563 563 Azure AD 564 Cisco Email Security Office 365 566 567 568 568 568 Office 365 569 569 570 570 24 571 571 DomainKeys DKIM 572 DomainKeys DKIM 572 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxix AsyncOS DomainKeys DKIM 572 DomainKeys DKIM 574 574 574 575 575 576 576 576 DomainKeys/DKIM (GUI) 577 DomainKeys 578 DKIM 578 580 581 581 582 DNS 583 583 584 584 584 585 DKIM 585 DomainKeys 586 DKIM 586 AsyncOS DKIM 587 DKIM 587 DKIM 588 DKIM 589 DKIM 589 DKIM 589 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxx DKIM 590 DKIM 590 DKIM 591 DKIM 591 SPF SIDF 591 SPF 592 SPF 592 SIDF 593 SPF 593 SPF/SDIF 593 SPF SIDF 594 CLI SPF SIDF 595 Received-SPF 598 SPF/SIDF 598 599 CLI spf-status 599 GUI spf-status 601 spf-passed 601 SPF/SIDF 601 SPF/SIDF 602 SPF/SIDF 602 DMARC 602 DMARC 603 DMARC 604 DMARC 605 DMARC 607 DMARC 608 DMARC 609 DMARC 609 610 611 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxxi 25 612 612 613 613 613 614 614 615 615 616 616 617 618 618 619 619 619 620 621 621 622 622 622 623 623 624 HTML 624 HTML 624 625 625 xxxii AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 626 626 627 628 631 631 632 634 635 636 26 SMTP 637 SMTP Call-Ahead 637 SMTP Call-Ahead 637 SMTP 639 Call-Ahead 639 SMTP Call-Ahead 640 Call Ahead 641 SMTP 642 LDAP 642 SMTP Call-Ahead 643 SMTP Call-Ahead 644 27 MTA 645 MTA 645 TLS SMTP 645 646 647 647 648 648 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxxiii 28 648 CSR(Certificate Signing Request) 649 650 650 651 HAT TLS 651 GUI TLS 652 CLI TLS 653 653 GUI : HAT TLS 653 CLI : HAT TLS 653 TLS 654 TLS 657 TLS 657 657 DNS 658 SMTP DNS 658 SMTP DANE 659 TLSA 659 DANE TLS 660 DANE 661 DANE 661 661 662 662 663 663 HTTPS 664 665 665 xxxiv AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) SMTP 666 SMTP 667 SMTP 667 SMTP 668 SMTP DNS 668 SMTP 668 SMTP , 668 SMTP SMTP 668 GUI SMTP 669 SMTP 669 SMTP 669 SMTP 669 670 671 672 673 673 673 aliasconfig 675 678 altsrchost 679 679 681 681 681 688 693 694 695 695 696 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxxv status 699 SMTP 700 700 700 701 701 701 701 Minimalist 702 702 703 703 TLS 703 703 703 704 704 704 705 , 705 TLS 707 707 707 707 708 CLI 711 711 : 712 713 Address Tagging 713 713 xxxvi AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 714 714 715 CLI 715 715 715 IP 716 Possible Delivery( ) 716 716 deliveryconfig 717 Virtual GatewayTM 718 719 719 IP 719 IP 722 altsrchost 723 altsrchost 723 altsrchost 723 CLI altsrchost 724 726 726 727 CLI 728 730 : 730 29 LDAP 735 LDAP 735 LDAP 736 LDAP AsyncOS 737 LDAP Cisco IronPort 738 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxxvii LDAP LDAP 739 LDAP 740 LDAP 740 LDAP 741 LDAP 741 LDAP 742 LDAP 743 Microsoft Exchange 5.5 743 LDAP 745 LDAP 745 DN(Distinguishing Name) 746 LDAP 746 : 746 LDAP(SSL) 747 747 LDAP 747 748 Active Directory 749 Active Directory 750 LDAP 750 LDAP 752 752 753 Lotus Notes 753 754 754 : MAILHOST MAILROUTINGADDRESS 755 755 755 " " 755 LDAP 756 xxxviii AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 757 757 : 759 760 761 LDAP 761 762 LDAP 763 SMTP 763 764 765 SMTP AsyncOS 765 SMTP 766 766 SMTP 767 SMTP SMTP ( SMTP ) 768 LDAP SMTP 769 SMTP 769 SMTP 772 SMTP 772 SMTP 773 LDAP 773 774 775 776 Active Directory 777 OpenLDAP 777 778 Active Directory 778 OpenLDAP 779 DN 779 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xxxix 30 31 LDAP AsyncOS 780 780 781 LDAP 781 782 782 SMTP 783 SMTP 783 784 SMTP LDAP 784 LDAP SMTP 785 785 LDAP Directory 786 TLS SMTP 786 TLS 787 788 SMTP 789 SMTP AUTH SMTP 789 SMTP AUTH SMTP 790 793 793 794 794 796 797 My Dashboard( ) 797 Overview() 799 799 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xl 800 801 802 Incoming Mail( ) 802 Incoming Mail( ) 804 804 : 806 808 Sender Domain Reputation( ) 808 Outgoing Destinations( ) 809 Outgoing Senders( ) 809 Geo Distribution( ) 810 Delivery Status( ) 810 811 Delivery Status Details( ) 811 Internal Users( ) 811 812 813 DLP Incidents(DLP ) 813 DLP 813 DLP 814 Content Filters( ) 814 814 DMARC Verification(DMARC ) 815 Macro Detection( ) 815 External Threat Feeds( ) 815 Outbreak Filters 816 Virus Types( ) 817 URL Filtering(URL ) 818 Web Interaction Tracking( ) 819 820 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xli 820 820 TLS Connections(TLS ) 821 Inbound SMTP Authentication( SMTP ) 821 Rate Limits( ) 822 System Capacity( ) 823 - 824 - 824 - 825 - 825 826 - 826 System Status( ) 826 System Status 826 827 827 827 High Volume Mail( ) 828 Message Filters( ) 828 CSV 829 CSV 829 831 831 832 832 832 833 833 834 834 Archived Reports( ) 834 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlii 32 33 835 835 836 836 837 837 837 838 841 842 844 845 845 845 845 , , 847 , Outbreak 847 848 , Outbreak 849 , Outbreak 850 850 851 851 , , Outbreak 852 , Outbreak 854 854 854 , 855 856 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xliii 34 856 856 856 , 857 , Outbreak 857 , Outbreak 857 , 858 858 859 859 859 860 860 861 861 862 863 863 863 Outbreak 864 Outbreak 864 Manage by Rule Summary( ) 865 Cisco Systems 865 867 867 868 868 869 IP 871 871 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xliv 872 872 872 873 873 873 874 875 / 875 () 876 877 878 878 ( ) 878 ( ) 879 Email Security Appliance (Security Management Appliance ) 879 / 880 880 881 881 882 LDAP 882 IMAP/POP 883 883 884 URL 885 885 886 887 888 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlv 35 888 889 ( ) 890 ( ) 890 890 890 891 891 891 892 892 892 893 893 894 896 897 897 897 898 898 899 900 900 901 DLP 902 903 Message Tracking( ) 904 Trace 904 904 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlvi 905 905 905 906 906 906 907 907 907 908 908 909 LDAP 909 RADIUS 910 912 912 913 Email Security Appliance 913 IP 913 914 914 914 915 916 UI 916 CLI 917 917 917 918 SSH(Secure Shell) 918 : 919 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlvii 36 : SSH 919 SSH 920 921 923 924 924 924 925 925 926 AsyncOS 926 Cisco Email Security Appliance 926 926 926 927 928 Smart Software Licensing 928 928 Smart Software Licensing 930 Cisco Smart Software Manager 931 931 Smart Cisco Software Manager 932 Smart Cisco Software Manager 932 932 933 933 Smart Agent 934 Smart Licensing 934 Cisco Email Security Virtual Appliance 934 935 xlviii AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 935 XML 935 936 936 937 937 940 940 Configuration File( ) 941 941 ( ) 941 942 942 943 943 Security Services 943 944 944 944 945 945 946 Cisco 946 946 947 948 948 949 949 951 951 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) xlix 952 AsyncOS 953 953 953 953 954 AsyncOS 954 955 , 957 958 AsyncOS 959 959 AsyncOS 959 AsyncOS 959 960 961 Email Security Appliance 962 962 963 AutoSupport 963 963 964 964 965 965 966 966 967 967 DHAP(Directory Harvest Attack Prevention) 968 968 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) l 969 / 971 971 981 982 983 986 986 DNS(Domain Name System) 986 DNS 986 987 987 DNS 988 DNS 988 DNS 988 DNS 988 TCP/IP 989 989 SSL 990 SSLv3 990 991 991 GMT 991 992 ( ) NTP(Network Time Protocol) 992 992 993 993 993 Internet Explorer 994 HTTP 994 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) li 37 995 CLI 997 CLI 997 998 998 1000 1002 CLI 1003 1004 1004 1005 1005 1006 1007 1008 1009 1009 1010 1010 1011 1011 1012 DNS 1012 1013 1013 1014 TCP/IP 1014 1014 1014 1014 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lii 38 1015 1016 1016 1017 1017 1017 1018 1018 1018 1018 1019 Syntax 1019 1019 Syntax 1019 1020 Syntax 1020 1020 Syntax 1020 1020 1021 Syntax 1022 Syntax 1022 1022 SNMP 1023 MIB 1024 1024 1024 SNMP 1025 : snmpconfig 1025 SenderBase 1029 SenderBase 1029 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) liii 39 40 SenderBase 1029 FAQ( ) 1030 1030 1030 Cisco 1034 Cisco ? 1034 1034 GUI 1035 (GUI) 1035 GUI 1035 GUI 1036 GUI XML 1036 1039 1039 etherconfig 1039 1040 NIC(Network Interface Card) / 1040 NIC VLAN 1041 NIC 1041 NIC 1041 etherconfig NIC 1041 VLAN(Virtual Local Area Network) 1043 VLAN 1043 VLAN 1044 etherconfig VLAN 1044 interfaceconfig VLAN IP 1046 VLAN 1047 Direct Server Return 1047 DSR(Direct Server Return) 1047 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) liv etherconfig 1048 interfaceconfig IP 1049 IP 1051 1051 ARP 1052 41 1053 1053 1053 1053 1057 1059 1060 1061 1061 1061 1062 1062 1063 1064 1070 URL URL 1071 URL URL 1071 URL Cisco 1071 URL 1071 URL 1072 Unscannable( ) 1072 RFC Unscannable( ) 1072 1072 1073 1073 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lv SDR 1073 1075 1077 1077 1078 1079 1079 1082 1082 1083 1083 1084 1084 CLI 1085 CLI 1085 FTP 1085 FTP 1085 HTTP 1086 HTTP 1086 NTP 1087 NTP 1087 1087 1088 1088 1088 1089 1089 1089 1089 AMP 1090 AMP 1090 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lvi 1095 1095 GUI 1095 GUI 1095 LDAP 1096 LDAP 1096 / 1097 / 1098 1098 1098 1099 1099 1100 1100 1101 1101 1102 1102 1102 1102 1103 1103 1103 1104 1104 1105 1105 1106 GUI 1107 1107 1107 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lvii 42 1108 GUI 1109 1109 Rollover By File Size( ) 1110 Rollover By Time( ) 1110 1111 GUI 1112 CLI (tail ) 1112 1112 1113 1117 1117 1118 1119 1119 1120 clusterconfig 1120 1122 SSH 1122 CCS 1123 SSH 1125 1127 1127 CLI 1127 1128 1128 () 1129 1129 CLI 1130 1130 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lviii 43 commit clearchanges 1130 1130 1131 GUI 1132 1135 DNS 1135 , 1135 CCS(Cluster Communication Security) 1136 1136 / 1137 1138 1139 FAQ 1141 1141 1141 CM 1141 1142 : 1142 CM GUI 1144 1145 1145 1145 1146 1149 : 1149 1156 1157 1159 1160 1161 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lix 44 1165 1166 1168 1169 1169 : C380 C680 (RAID ) 1169 1170 1170 1170 1171 1171 1171 Cisco 1172 1172 1173 1174 1174 1174 1174 D-Mode 1177 : D-Mode 1177 D-Mode 1177 D-Mode 1178 D-Mode 1178 1179 1179 1180 IPMM(IronPort Mail Merge) 1180 IronPort Mail Merge 1180 1180 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lx 1181 SMTP 1181 1181 1181 1 1182 1182 2, 1 1183 2, 2 1183 IPMM DomainKeys Signing 1183 1183 XMRG FROM 1183 XDFN 1183 XPRT 1184 1184 IPMM 1184 1186 45 Cisco Content(M-Series) Security Management Appliance 1187 Cisco Content Security Management Appliance Services 1187 1188 1188 1189 1189 / 1190 1191 1191 , Outbreak 1191 , , 1192 , Outbreak 1192 , Outbreak 1192 , Outbreak 1193 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lxi A: B: C: , Outbreak 1193 , Outbreak 1195 , Outbreak 1195 , Outbreak 1196 1196 Advanced Malware Protection 1196 1197 1197 1197 1198 FTP, SSH SCP 1199 IP 1199 AsyncOS IP 1200 Email Security Appliance FTP 1200 scp(Secure Copy) 1202 1203 80-Series 90-Series 1203 70-Series 1204 IP 1205 1205 IP 1205 1206 IP , 1207 1207 CSA 1207 1209 1209 1209 Enabled(), Disabled() "Not Available( )" 1210 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lxii D: E: 1211 1212 , 1215 1215 1216 1218 1218 1219 "Confidential" 1219 MP3 1220 1221 1222 1222 MP3 1222 GUI 1223 1227 1227 1233 Cisco Systems 1233 Cisco Systems Content Security 1239 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lxiii AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) lxiv 1 Cisco Email Security Appliance . · Async OS 12.0 , 2 · , 5 · Cisco Email Security Appliance , 8 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1 Async OS 12.0 Cisco Email Security Appliance Async OS 12.0 1: Async OS 12.0 TAXII STIX Cisco Email Security Appliance . Cisco Email Security Appliance . · , , . · TAXII STIX . · (: URL ) . · Cisco Email Security Appliance . Classic Licensing Cisco GLO(Global Licensing Operations) . 1. "Request for External Threat Feeds Feature Key" GLO ([email protected]) PAK(Product Authorization Key) PO( ) . 2. GLO . Smart Licensing . Cisco Email Security , 307 AsyncOS for Cisco Email Security Appliance CLI . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 2 Cisco Email Security Appliance Async OS 12.0 Cisco SDR( ) . IP , , SMTP FQDN(Fully Qualified Domain Name) . SDR https://www.talosintelligence.com Cisco Talos Security Intelligence and Research Group(Talos) . , 323 AsyncOS for Cisco Email Security Appliance CLI . How-Tos How-Tos . . · DMARC . · SPF/SIDF . · DKIM . · Email Security . · Email Security . · . . How-Tos . , 11 AsyncOS for Cisco Email Security Appliance CLI . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 3 Async OS 12.0 Cisco Email Security Appliance Cisco AMP Threat Grid Cisco AMP Threat Grid . · Security Services > File Reputation and Analysis( ) . File Reputation Filtering and File Analysis( ), 461 . · CLI ampconfig . AsyncOS for Cisco Email Security Appliances CLI . . Advanced Malware Protection Incoming Malware Threat Files( ) Custom Threshold( ) . File Reputation Filtering and File Analysis( ), 461 . AMP . , 837 . TLS DANE( TLS DANE( DNS ) DNS ) . DANE . MTA , 645 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 4 Cisco Email Security Appliance Smart Software Licensing Smart Software Licensing Cisco Email Security Appliance . Smart Software Licensing Cisco CSSM(Cisco Smart Software Manager) . Classic Licensing Smart Licensing . · PAK(Product Authorization Key) . Classic Licensing . · . · PAK . · Smart Licensing . Smart Licensing Smart Licensing Classic Licensing . , 923 AsyncOS for Cisco Email Security Appliance CLI . Cisco . · , 6 · , 6 · Cisco , 7 · , 7 · Cisco Support Community, 7 · Cisco , 7 · , 8 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 5 Cisco Email Security Appliance · Cisco , 8 · Cisco , 8 GUI Help and Support( ) . Cisco Email Security Appliance . · · Cisco Email Security Appliance · · Cisco Content Security Virtual Appliance Installation Guide · AsyncOS for Cisco Email Security Appliance ( ) · CLI Reference Guide for AsyncOS for Cisco Email Security Appliances · AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Cisco Content Security . Cisco Content Security . Cisco Email Security http://www.cisco.com/c/en/us/support/security/ email-security-appliance/tsd- products-support-series-home.html Cisco Web Security http://www.cisco.com/c/en/us/support/security/ web-security-appliance/tsd-products- support-series-home.html Cisco Content Security Management http://www.cisco.com/c/en/us/support/ security/content-security-management- appliance/tsdproducts-support-series-home.html Cisco Content Security Appliance CLI http://www.cisco.com/c/en/us/support/security/ email-security-appliance/products-command-reference-list.html Cisco IronPort Encryption http://www.cisco.com/c/en/us/support/security/ email-security-appliance/products-command-reference-list.html . · http://www.cisco.com/c/en/us/training-events/training-certifications/supplementaltraining/email-and-web-security.html · http://www.cisco.com/c/en/us/training-events/training-certifications/overview.html AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 6 Cisco Email Security Appliance Cisco Cisco , , , Cisco Content Security Appliance . , . . http://www.cisco.com/cisco/support/notifications.html . Cisco.com . Cisco , 8 . 1 (http://www.cisco.com/c/en/us/support/security/ email-security-appliance/tsd-products-support-series-home.html) . 2 TechNotes . Cisco Support Community Cisco Cisco , . Cisco . Cisco . URL . · : https://supportforums.cisco.com/community/5756/email-security · : https://supportforums.cisco.com/community/5786/web-security Cisco Cisco TAC: http://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html IronPort : http://www.cisco.com/c/en/us/services/acquisitions/ironport.html , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 7 Cisco Email Security Appliance http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html . Cisco AsyncOS FreeBSD, Inc., Stichting Mathematisch Centrum, Corporation for National Research Initiatives, Inc. , Cisco . . https://support.ironport.com/3rdparty/AsyncOS_User_Guide-1-1.html. Cisco AsyncOS Tobi Oetiker RRDtool . Dell Computer Corporation . McAfee, Inc. . Sophos Plc. . Cisco Cisco Technical Publications . . . [email protected] , , . Cisco Cisco.com Cisco . Cisco.com ID . https://tools.cisco.com/RPF/register/register.do%20 · Cisco , 7 · , 7 Cisco Email Security Appliance AsyncOSTM . · Anti-Spam( ). SenderBase Cisco Anti-Spam . · Anti-Virus(). Sophos McAfee Anti-Virus . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 8 Cisco Email Security Appliance Cisco Email Security Appliance · Outbreak Filters( )TM. , Cisco , . · Policy(), Virus() Outbreak( ) . . · Spam Quarantine( ). ( ). · Email Authentication( ). Cisco AsyncOS SPF(Sender Policy Framework), SIDF(Sender ID Framework) DKIM(DomainKeys Identified Mail) , DomainKeys DKIM . · Cisco . HIPAA, GLBA . Email Security Appliance , . · Email Security Manager( ). . Email Security Manager( ) . Cisco , , , . · (On-box) - AsyncOS for Email Email Security (On-box) . · - . · . IP , IP . · . . , , , , . , , , . · Transport Layer Security SMTP . . · Virtual Gateway( )TM. Email Security Appliance . IP . IP . · . · . AsyncOS RFC 2821 SMTP(Simple Mail Transfer Protocol) . HTTP HTTPS GUI , . SSH(Secure Shell) CLI(Command Line Interface) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 9 Cisco Email Security Appliance Security Management Appliance Email Security Appliance , . · , 10 AsyncOS GUI CLI . · · · · · · · · () · ( ) · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 10 2 . · (GUI) , 11 · , 14 · (CLI), 14 (GUI) GUI( ) CLI(Command Line Interface) . GUI . CLI GUI CLI . · , 11 · GUI , 12 UI JavaScript . , CSS(Cascading Style Sheet) HTML . Internet Explorer 11.0 Microsoft Windows 7 Safari 7.0 Mac OS X Firefox 39.0 Microsoft Windows 7, Mac OS X Chrome 44.0 Microsoft Windows 7, Mac OS X . GUI CLI . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 11 GUI . GUI GUI URL . http://192.168.42.42/ . · , 12 · , 13 · : admin · : ironport ( AsyncOS ) . IP HTTP / HTTPS . HTTP / HTTPS (" ") IP IP URL GUI . . http://192.168.1.1 https://192.168.1.1 http://mail3.example.com https://mail3.example.com HTTPS ( HTTP ), "https://" GUI . · , 897 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 12 GUI , /, / (clustermode clusterset ). GUI , 1132 . How-Tos How-Tos . AsyncOS 12.0 for Cisco Email Security Appliances Cisco Email Security Appliance AsyncOS 12.0 . How-Tos . How-Tos . How-Tos . . · Conservative Settings( ) - , · Moderate Settings( ) - , · Aggressive Settings( ) - , · admin, cloud-admin operator . · Internet Explorer 11 How-Tos . How-Tos System Administration( ) > General Settings( ) Override IE Compatibility Mode(IE ) . How-Tos How-Tos CLI adminaccessconfig > how-tos . : How-Tos mail.example.com> adminaccessconfig Choose the operation you want to perform: - BANNER - Configure login message (banner) for appliance administrator login. - WELCOME - Configure welcome message (post login message) for appliance administrator login. - IPACCESS - Configure IP-based access for appliance administrative interface. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 13 - CSRF - Configure web UI Cross-Site Request Forgeries protection. - XSS - Configure Cross-Site Scripting Attack protection. - HOSTHEADER - Configure option to use host header in HTTP requests. - TIMEOUT - Configure GUI and CLI session inactivity timeout. - MAXHTTPHEADERFIELDSIZE - Configure maximum HTTP header Field size. - HOW-TOS - Configure How-Tos feature. []> how-tos How-Tos consists of a list of generic walkthroughs to assist the users in completing a particular task (for example, "enabling and configuring a service engine on the appliance"). Would you like to enable How-Tos? [Y]> no · , 14 · , 14 . . Commit Changes( ) . Commit Changes( ) . (CLI) IP SSH . SSH . interfaceconfig . CLI AsyncOS for Cisco Email Security Appliance CLI . CLI . , 12 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 14 3 . · , 15 · Email Security Appliance , 19 · , 22 · , 28 · , 55 · , 15 · Email Security Appliance , 15 · DNS Email Security Appliance , 16 · , 17 · Email Security Appliance Cisco Content Security Virtual Appliance Installation Guide . · M-Series Cisco Content Security Management Appliance Cisco Content(M-Series) Security Management Appliance , 1187 . · , 57 . . Email Security Appliance Email Security Appliance MX(mail exchange) SMTP . , IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 15 DNS Email Security Appliance , , Outbreak Filter (SenderBase , 1029 , IronPort Anti-Spam , 358 , Sophos , 336 (Outbreak Filter), 399 ) . ( , 93 ) . Email Security Appliance , " " . MTA Email Security Appliance IP . IP , SenderBase Reputation Service SBRS(SenderBase Reputation Score) , Outbreak Filter . . IP , 374 . Email Security Appliance SMTP · ( , 793 ) . · , LDAP (LDAP , 735 ) . · ( , 671 ), ( , 688 ) ( , 678 ) MTA . DNS Email Security Appliance DNS . , Outbreak Filter, McAfee Antivirus Sophos Anti-Virus Email Security Appliance DNS . DNS IP A MX . Email Security Appliance MTA MX . MX (20) Email Security Appliance(ironport.example.com) example.com MTA. , MTA . $ host -t mx example.com example.com mail is handled (pri=10) by mail.example.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 16 example.com mail is handled (pri=20) by ironport.example.com Email Security Appliance DNS MX . MTA . , MX MTA Email Security Appliance . Email Security Appliance . . Cisco (Cisco , 7 ). · , 17 · Incoming, 17 · Outgoing, 18 · , 18 · , 18 · (NAT, ) , 19 Email Security Appliance . Incoming Email Security Appliance "DMZ" , Email Security Appliance . . · : 2 ( - /2 ) , , 22 . · . · . · Email Security Appliance , Email Security Appliance SMTP (: ExchangeTM, GroupwiseTM, DominoTM) . ( , 665 .) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 17 Outgoing Outgoing · Email Security Appliance . · Email Security Appliance Host Access Table . ( , 70 .) Email Security Appliance . 2 . IP Virtual GatewayTM , 718 IP , 1205 . . C170 C370 C670 X1070 C380 C680 C190 C390 C690 Management 0 1 1 1 1 1 0 1 1 2* 3 3 3 3 3 2* 5 5 9 9 9 9 RJ-45 RJ-45 RJ-45 RJ-45 RJ-45 RPC(Remote Power Management) * Data1 . Hardware Installation Guide( ) . · , 34 · , 1203 · , 958 /2 1 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 18 (NAT, ) · Email Security Appliance. , 1117 . · NIC Email Security Appliance 2 " (teaming)" . , 1039 . (NAT, ) SMTP DNS . . , 1227 . Email Security Appliance · , 19 Email Security Appliance . · - Email Security Appliance 3 . 2 . · ( ) - . · HAT(Host Access Table) . HAT (ACCEPT) . · RAT(Recipient Access Table) . . · SMTP . · ( ) - . · Cisco C-Series X-Series . · Email Security Appliance HAT . HAT (RELAY) . · , 20 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 19 IP . IPv4(Internet Protocol version 4) IPv6(version 6) . . · 2 IPv4 2 IPv6 2 · · IPv4 IPv6 · 1 IPv4 1 · · IPv4 IPv6 1 2 ( , 25 ). . 1: /2 : · 2 · IPv4 2 · IPv6 2 · 1 2(1 ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 20 · SMTP : "InboundMail"() · IPv4 : 1.2.3.4 · IPv6 : 2001:0db8:85a3::8a2e:0370:7334 · Data2 25 · HAT( ) · RAT( , ) : "OutboundMail"() · IP : 1.2.3.5 · IPv6 : 2001:0db8:85a3::8a2e:0370:7335 · Data2 25 · HAT( , ) DNS DNS SMTP Email Security Appliance 2: 1 : AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 21 · 1 · IP 1 · 1 · SMTP : "InboundMail"() · IP : 1.2.3.4 · Data2 25 · HAT( ) RELAYLIST · RAT( , ) DNS DNS SMTP · , 23 · IP , 24 · , 25 1 . , 23 . 2 IP . · Email , 23 Security Appliance IP IP , 24 IP . 3 . , 25 . 4 , 6 . . 5 . . , 6 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 22 6 CLI( ) CLI(Command Line Interface) , CLI . 41 7 1. ( ) . interfaceconfig HTTP / HTTPS . 2. IP . 8 Email Security Appliance . loadlicense . , 6 Cisco Content Security Virtual Appliance Installation Guide . 9 . , 28 . Email Security Appliance Email Security Appliance . · , 23 . 2: PC Management . IPv4 192.168.42.42. . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 23 IP PC Serial Console . , - . , 1203 . . : 9600 : 8 : None : 1 : . . . ( FTP, SSH SCP , 1199 .) . ( , 897 .) IP IPv4 IPv6 . · Management Data IP , 24 · , 24 · IP , 25 · , 25 Management Data IP (C170 C190 1 ) IP 192.168.42.42 . Email Security Appliance Data . · . · . Data . Management , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 24 IP IP IP . IPv4(Internet Protocol version 4) IPv6(version 6) . . · 2 IPv4 2 IPv6 2 · · IPv4 IPv6 · 1 IPv4 1 · · IPv4 IPv6 Email Security Appliance IPv4 IPv6 . . IPv4 IPv6 . . · IP (IPv4 IPv6 ) · CIDR IPv4 · CIDR IPv6 . · () IP · DNS IP ( ) · NTP IP (Cisco ) IP , 1205 . Email Security Appliance . , 1227 . , . IP IP , 1205 . Cisco Content Security Management Appliance Cisco Content(M-Series) Security Management Appliance , 1187 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 25 3: : 2 : : : : NTP : : SenderBase : / : / : DNS( ): Data 1 IPv4 /: IPv6 /: (Fully Qualified) : : : Data 2 IPv4 /: IPv6 /: (Fully Qualified) : : AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 26 : IP : : IPv6 : : (Fully Qualified) : : : SenderBase Reputation : / /IronPort McAfee / Sophos / Outbreak Filter / 4: : 1 : : : : NTP : : SenderBase : / AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 27 : / : DNS( ): Data2 IPv4 /: IPv6 /: (Fully Qualified) : : : Data1 IPv4 /: IPv6 /: (Fully Qualified) : SenderBase Reputation : / /IronPort McAfee / Sophos / Outbreak Filter / · GUI( ) , 29 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 28 GUI( ) · , 30 · Active Directory , 38 · , 39 · CLI(Command Line Interface) , 39 · CLI(Command Line Interface) , 41 · , 55 . . CLI(command line interface) . GUI( ) , 29 CLI(Command Line Interface) , 41 . , 22 . Email Security Appliance loadlicense . Cisco Content Security Virtual Appliance Installation Guide . . . Email Security Appliance Management IP 192.168.42.42 . , C170 C190 Data 1 . IP . Cisco Content Security Management Appliance Cisco Content(M-Series) Security Management Appliance , 1187 . Content Security Appliance , IP . GUI( ) GUI(Graphical User Interface) 192.168.42.42 . · , 30 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 29 . , CLI . · · Interfaceconfig · passphrase · Loadconfig · Systemsetup · loadlicense( ) · · Ping · Telnet · netstat · : admin · : ironport . login: admin passphrase: ironport . . 1 · GUI( ) , 29 GUI . · AsyncOS . · System Administration( ) System Setup Wizard( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 30 1: 2 . 1: , 31 . · . 3 . 2: , 31 . · · , AutoSupport · NTP · · SenderBase 4 . 3: , 33 . · DNS · : ( ), SMTP ( ), ( ) ( ) 5 . 4: , 37 . · SenderBase Reputation Filtering · · · · Advanced Malware Protection ( ) · Outbreak Filter 6 . 5: , 38 . · · 7 . . 1: . Begin Setup( ) . https://support.ironport.com/license/eula.html . 2: · , 32 · , 32 · , 32 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 31 · , 32 · , 32 · SenderBase , 32 · AutoSupport , 33 Email Security Appliance . . Cisco AsyncOS . . . , . DHAP(Directory Harvest Attack Prevention) , . . , 962 . . , . Email Security Appliance . GMT ( GMT , 991 ). , NTP(Network Time Protocol) . Cisco Systems (time.ironport.com) . . . Cisco AsyncOS 6 . . SenderBase SenderBase . SenderBase Cisco . Email Security Appliance . Cisco . . SenderBase Click here for more information about what AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 32 AutoSupport data is being shared( )... (FAQ( ), 1030 ). SenderBase "Allow IronPort to gather anonymous statistics on email and report them to SenderBase in order to identify and stop email-based threats(IronPort SenderBase )" Accept() . SenderBase , 1029 . AutoSupport AutoSupport ( ) Cisco . ( AutoSupport, 963 .) Next() . 3: 3 () DNS , Data 1, Data 2 Management / . · DNS , 33 · , 34 · , 34 · ( ), 35 · C170 C190 , 36 DNS () IP . IPv4 , IPv6 . , DNS(Domain Name Service) . AsyncOS DNS / . DNS . DNS IP . 4 DNS . DNS 0. DNS(Domain Name System) , 986 . DNS DNS . DNS "Use Internet Root DNS Servers( DNS )" , Management IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 33 Email Security Appliance . "Enable()" IP , . IP DNS . MX DNS . IPv4 , IPv6 . . (), (), . . , . C170 C190 . . IP . Data 1 Data 2 . C370, C670, X1070, C380, C680, C390 C690 : , . C170 C190 : 1 1 . IP , 25 . . · IP . IPv4 , IPv6 . · IPv4 : . AsyncOS CIDR . : 255.255.255.0 /24. IPv6 : CIDR . : 64 /64. · ( ) IP . IP . IP IP , 1205 . . · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 34 ( ) · (SMTP )( ) Accept Incoming Mail( ) . . Destination() . SMTP . SMTP . SMTP (RAT(Recipient Access Table) ) MX(mail exchange) . SMTP (: Microsoft Exchange) " " . , example.com .example.com exchange.example.com . . Add Row( ) . . SMTP . SMTP DNS . ( , 665 ) Recipient Access Table . (: example.com). example.net Recipient Access Table .example.net . , 132 . ( ) . Host Access Table RELAYLIST . , 96 . Relay Outgoing Mail( ) . . , SSH . IPv4 . · 192.168.42.42 Management . · 192.168.1.1 Data 1 . .example.com , SMTP exchange.example.com . · 192.168.2.1 Data 1 . exchange.example.com . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 35 C370, C670, X1070, C380, C680, C390 C690 C370, C670, X1070, C380, C680, C390 C690 3: : Management 2 ( ) C170 C190 C170 C190 , Data 1 Data 2 . IP ( ), 3 . 4: : ( ) IP 1 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 36 4: Next() . 4: 4 . SenderBase Reputation Filtering . Outbreak Filter Sophos McAfee . · SenderBase Reputation Filtering , 37 · , 37 · , 37 · Advanced Malware Protection ( ) , 38 · Outbreak Filter , 38 SenderBase Reputation Filtering SenderBase Reputation Service , Anti-Spam . SenderBase Reputation Service(http://www.senderbase.org) IP (throttle) . SenderBase Reputation Service . SenderBase Reputation Service , . Cisco SenderBase Reputation Filtering . SenderBase Reputation Filtering () . 30 . Anti-Spam . . , AsyncOS . . . Anti-Spam, 355 . , , , 847 . Sophos Anti-Virus McAfee Anti-Virus 30 . . . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 37 Advanced Malware Protection ( ) Anti-Virus, 335 . Advanced Malware Protection ( ) Advanced Malware Protection . File Reputation Filtering and File Analysis( ), 461 . Outbreak Filter Outbreak Filter 30 . Outbreak Filter "1 " . (Outbreak Filter), 399 . Next() . 5: . Previous() Edit() System Settings( ), Network Integration( ) Message Security( ) . , . . Install This Configuration( ) . . Install() . . (C370, C670, X1070, C380, C680, C390 C690 Management , C170 C190 Data 1 ) IP Install() URL(http://192.168.42.42) . IP . . , 54 . Active Directory Email Security Appliance Active Directory . Active Directory , Active Directory Active Directory LDAP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 38 . Active Directory Skip this Step( ) . System Administration( ) > Active Directory Wizard(Active Directory ) Active Directory . System Administration( ) > LDAP Active Directory LDAP . Active Directory LDAP (: , , DN, SSL ) . Active Directory LDAP LDAP . Active Directory LDAP System Administration( ) > LDAP 1 Active Directory Run Active Directory Wizard(Active Directory ) . 2 Active Directory . 3 . 4 Next() . Active Directory Active Directory . Test Directory Settings( ) . 5 Active Directory Test() . . 6 Done() . Active Directory System Setup Next Steps( ) . System Setup Next Steps( ) . CLI(Command Line Interface) CLI , 23 . . CLI . . ( , 897 .) . passphrase . : IP 192.168.42.42 SSH . SSH 22 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 39 : PC . , 23 . . . · , 30 . , CLI . · · Interfaceconfig · passphrase · Loadconfig · Systemsetup · loadlicense( ) · · Ping · Telnet · netstat · : admin · : ironport . login: admin passphrase: ironport . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 40 CLI(Command Line Interface) CLI(Command Line Interface) CLI GUI . · CLI . · CLI . · CLI Outbreak Filter . · CLI LDAP . LDAP ldapconfig . systemsetup . IronPort> systemsetup . "Yes"() . WARNING: The system setup wizard will completely delete any existing 'listeners' and all associated settings including the 'Host Access Table' mail operations may be interrupted. Are you sure you wish to continue? [Y]> Y . , 30 GUI CLI . · , 42 · , 42 · , 42 · IP , 42 · , 43 · , 43 · DNS , 43 · , 44 · Anti-Spam , 51 · , 52 · , 52 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 41 · , 52 · Outbreak Filter SenderBase Email Traffic Monitoring Network , 52 · AutoSupport , 53 · , 53 · , 53 · , 53 · , 54 · , 54 AsyncOS . . 6 . . . . Email Security Appliance . . IP Management(C370, C670, X1070, C380, C680, C390 C690 ) Data 1(C170 C190 ) IP . IP . IP . IP IP . Data 1 Data 2 IP . C370, C670, X1070, C380, C680, C390 C690 : , . C170 C190 : systemsetup 1 1 . , SSH . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 42 . · IP (). PrivateNet PublicNet . / . AsyncOS . Privatenet PrivateNet () . · IP . IPv4 IPv6 , IP IP . · . CIDR . , 255.255.255.0 /24 . IP . IP IP , 1205 . C170 C190 Data 2 . systemsetup () IP . systemsetup ( ) . HTTP(https) . HTTPS , . DNS DNS(Domain Name Service) . AsyncOS DNS / . DNS . DNS IP . DNS ( 0). , systemsetup DNS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 43 "" IP . Email Security Appliance . Cisco AsyncOS . IP ( "SMTP ") . C370, C670, X1070, C380, C680, C390 C690 : systemsetup 2 ( ) . ( , 69 .) C170 C190 : systemsetup 1 . C170 C190 , 48 . . · (). OutboundMail . · IP 1(systemsetup ) · ( ). ( smtproutes . , 665 .) · SBRS(SenderBase Reputation Score) . Conservative(), Moderate() Aggressive() . · : ( ). · ( ) ( ). ( Recipient Access Table Host Access Table . , 96 , 131 .) · , 44 · , 47 · C170 C190 , 48 C370, C670, X1070, C380, C680, C390 C690 . C170 C190 C170 C190 , 48 . systemsetup InboundMail PublicNet IP . example.com . MX AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 44 SMTP exchange.example.com . , 4500 . , . , 200 ""( ) , 10,000 Email Security Appliance 200 . 50 200 . (throttle) . Default Host Access( ) , 96 . . You are now going to configure how the appliance accepts mail by creating a "Listener". Please create a name for this listener (Ex: "InboundMail"): []> InboundMail Please choose an IP interface for this Listener. 1. Management (192.168.42.42/24: mail3.example.com) 2. PrivateNet (192.168.1.1/24: mail3.example.com) 3. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 3 Enter the domains or specific addresses you want to accept mail for. Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed. Usernames such as "postmaster@" are allowed. Full email addresses such as "[email protected]" or "joe@[1.2.3.4]" are allowed. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 45 Separate multiple addresses with commas. []> example.com Would you like to configure SMTP routes for example.com? [Y]> y Enter the destination mail server which you want mail for example.com to be delivered. Separate multiple entries with commas. []> exchange.example.com Do you want to enable rate limiting for this listener? (Rate limiting defines the maximum number of recipients per hour you are willing to receive from a remote domain.) [Y]> y Enter the maximum number of recipients per hour to accept from a remote domain. []> 4500 Default Policy Parameters ========================== Maximum Message Size: 100M Maximum Number Of Connections From A Single IP: 1,000 Maximum Number Of Messages Per Connection: 1,000 Maximum Number Of Recipients Per Message: 1,000 Maximum Number Of Recipients Per Hour: 4,500 Maximum Recipients Per Hour SMTP Response: 452 Too many recipients received this hour Use SenderBase for Flow Control: Yes Virus Detection Enabled: Yes Allow TLS Connections: No AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 46 Would you like to change the default host access policy? [N]> n Listener InboundMail created. Defaults have been set for a Public listener. Use the listenerconfig->EDIT command to customize the listener. ***** systemsetup OutboundMail PrivateNet IP . example.com . (.example.com). ( ) . . , 70 . Do you want to configure the appliance to relay mail for internal hosts? [Y]> y Please create a name for this listener (Ex: "OutboundMail"): []> OutboundMail Please choose an IP interface for this Listener. 1. Management (192.168.42.42/24: mail3.example.com) 2. PrivateNet (192.168.1.1/24: mail3.example.com) 3. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 2 Please specify the systems allowed to relay email through the appliance. Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 47 C170 C190 IP addresses, IP address ranges, and partial IP addressed are allowed. Separate multiple entries with commas. []> .example.com Do you want to enable rate limiting for this listener? (Rate limiting defines the maximum number of recipients per hour you are willing to receive from a remote domain.) [N]> n Default Policy Parameters ========================== Maximum Message Size: 100M Maximum Number Of Connections From A Single IP: 600 Maximum Number Of Messages Per Connection: 10,000 Maximum Number Of Recipients Per Message: 100,000 Maximum Number Of Recipients Per Hour: Disabled Use SenderBase for Flow Control: No Virus Detection Enabled: Yes Allow TLS Connections: No Would you like to change the default host access policy? [N]> n Listener OutboundMAil created. Defaults have been set for a Private listener. Use the listenerconfig->EDIT command to customize the listener. ***** C170 C190 C170 C190 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 48 C170 C190 systemsetup MailInterface MailNet IP . example.com . MX SMTP exchange.example.com . example.com . (.example.com). , 450 . , . , 200 ""( ) , 10,000 200 . 50 200 . (throttle) . Default Host Access( ) , 96 . . You are now going to configure how the appliance accepts mail by creating a "Listener". Please create a name for this listener (Ex: "MailInterface"): []> MailInterface Please choose an IP interface for this Listener. 1. MailNet (10.1.1.1/24: mail3.example.com) 2. Management (192.168.42.42/24: mail3.example.com) [1]> 1 Enter the domain names or specific email addresses you want to accept mail for. Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed. Usernames such as "postmaster@" are allowed. Full email addresses such as "[email protected]" or "joe@[1.2.3.4]" are allowed. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 49 C170 C190 Separate multiple addresses with commas. []> example.com Would you like to configure SMTP routes for example.com? [Y]> y Enter the destination mail server where you want mail for example.com to be delivered. Separate multiple entries with commas. []> exchange.example.com Please specify the systems allowed to relay email through the appliance. Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed. IP addresses, IP address ranges, and partial IP addresses are allowed. Separate multiple entries with commas. []> .example.com Do you want to enable rate limiting for this listener? (Rate limiting defines the maximum number of recipients per hour you are willing to receive from a remote domain.) [Y]> y Enter the maximum number of recipients per hour to accept from a remote domain. []> 450 Default Policy Parameters ========================== Maximum Message Size: 10M Maximum Number Of Connections From A Single IP: 50 Maximum Number Of Messages Per Connection: 100 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 50 Anti-Spam Maximum Number Of Recipients Per Message: 100 Maximum Number Of Recipients Per Hour: 450 Maximum Recipients Per Hour SMTP Response: 452 Too many recipients received this hour Use SenderBase for Flow Control: Yes Spam Detection Enabled: Yes Virus Detection Enabled: Yes Allow TLS Connections: No Would you like to change the default host access policy? [N]> Listener MailInterface created. Defaults have been set for a Public listener. Use the listenerconfig->EDIT command to customize the listener. ***** systemsetup C170 C190 ( ) . , 793 . Anti-Spam 30 . systemsetup , Anti-Spam . . . Anti-Spam, 355 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 51 . , . . . , 868 . 30 . systemsetup , . . , . Email Security Appliance . . Anti-Virus, 335 . Outbreak Filter SenderBase Email Traffic Monitoring Network SenderBase Outbreak Filter . Outbreak Filter 30 . · (Outbreak Filter), 52 · SenderBase , 53 (Outbreak Filter) Outbreak Filter "1 " . Outbreak Filter . Outbreak Filter Outbreak Filter . Outbreak Filter (Outbreak Filter), 399 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 52 SenderBase SenderBase SenderBase . SenderBase Email Traffic Monitoring Network Cisco . Email Security Appliance . Cisco Email Security Appliance SenderBase . AutoSupport Cisco AsyncOS . . . DHAP(Directory Harvest Attack Prevention) , . CLI alertconfig GUI System Administration( ) > Alerts() . Cisco Email Security Appliance . AutoSupport Cisco . Cisco "Yes"() . Cisco Email Security Appliance AutoSupport . . . Cisco AsyncOS NTP(Network Time Protocol) , . . Cisco Systems . Continent(), Country() Timezone( ) NTP NTP . , (commit) . "Yes"() . . Congratulations! System setup is complete. For advanced configuration, please refer to the User Guide. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 53 mail3.example.com> . CiscoAsyncOS mailconfig systemsetup . mail3.example.com> mailconfig Please enter the email address to which you want to send the configuration file. Separate multiple addresses with commas. []> [email protected] The configuration file has been sent to [email protected]. mail3.example.com> . Email Security Appliance . systemsetup , , Sophos McAfee Anti-Virus , Outbreak Filter 2: , 31 . . . Your "Receiving" key will expire in under 30 day(s). Please contact IronPort Customer Support. Your "Sophos" key will expire in under 30 day(s). Please contact IronPort Customer Support. Your "Outbreak Filters" key will expire in under 30 day(s). Please contact IronPort Customer Support. 30 Cisco . System Administration( ) > Feature Keys( ) featurekey . ( , 926 .) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 54 ( ) , , 69 . Email Security Appliance . , Outbreak Filter . . , 57 . ( ) , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 55 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 56 4 . · , 57 · , 57 · /, 60 · /, 63 · , 67 . · Receipt() - . , , . · Work Queue( ) - , / , / , , . · Delivery() - . . , . ( ) . trace . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 57 5: - AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 58 6: - AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 59 / 7: - / . , , . · HAT(Host Access Table), , 61 · : , 61 · , 61 · , 61 · , 62 · RAT(Recipient Access Table), 62 · , 62 · LDAP , 62 · SMTP Call-Ahead , 62 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 60 HAT(Host Access Table), HAT(Host Access Table), HAT (, ). , . HAT ( SMTP ) . HAT . DNS SMTP . DNS (SMTP ), DNS SMTP . . DNS Sender Verification Exception( ) . , Cisco SenderBase Reputation Service . , 103 . : listenerconfig , Received: . , 70 . . "bare()" (: "joe" "[email protected]"). , 70 . . . , 703 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 61 . . : [email protected] -> [email protected] , 688 . RAT(Recipient Access Table) , RAT . , 129 . . . Envelope Recipient( )(Envelope To RCPT TO ) . , 671 . LDAP LDAP , SMTP ( ) . , 70 . (DHAP) . SMTP LDAP . LDAP . LDAP , 745 . SMTP Call-Ahead SMTP call-ahead Email Security Appliance MTA SMTP SMTP " (call ahead)". SMTP , SMTP Email Security Appliance . Email Security Appliance SMTP MTA , SMTP ( SMTP Call-Ahead ) . SMTP , 637 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 62 / / . , , , / , / , , , . DLP(Data Loss Prevention) . DLP , 274 . · , 63 · LDAP , 62 · LDAP , 64 · LDAP , 64 · , 64 · ( ), 64 · , 66 ( , ) . . · · HAT · . , . , , . , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 63 LDAP LDAP LDAP , SMTP ( ) . , 70 . (DHAP) . SMTP LDAP . LDAP . LDAP , 745 . LDAP Masquerading() Envelope Sender( )( MAIL FROM ) To:, From:, / CC: . ( LDAP ) . , 678 . LDAP LDAP , 745 . LDAP LDAP / . LDAP , 745 . . , , , , . , , , , . , 137 . "". . ( ) · / , 65 · Anti-Spam, 65 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 64 / · Anti-Virus, 65 · , 66 · , 66 · , 66 · (Outbreak Filter), 66 / . , . , , . , 867 . Anti-Spam . . . ( ). , . Anti-Spam, 355 . Anti-Virus . " " . . · · · · X-header · · · (, 66 ) . Anti-Virus, 335 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 65 . . , 387 . . . File Reputation Filtering and File Analysis( ), 461 . . ( "" ) . . , 283 . (Outbreak Filter) Cisco Outbreak Filters( ) . Cisco , Outbreak( ) . Outbreak( ) . , 66 . (Outbreak Filter), 399 . . . . . · · · Anti-Virus · · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 66 · (Advanced Malware Protection) . · , , , 847 · , 867 , . · , 67 · , 67 · , 67 · , 68 · , 68 · , 68 . IP , . Virtual GatewayTM , 718 . IP , deliveryconfig . , 715 . . "good neighbor" Mail Policies( ) > Destination Controls( ) ( destconfig ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 67 , 703 . MX(mail exchange) Network() > SMTP Routes(SMTP ) ( smtproutes ) . , 665 . , IP Global Unsubscribe( ) . Global Unsubscribe( ) " " , , IP . . , 727 . AsyncOS Network() > Bounce Profiles( ) ( bounceconfig ) . Network() > Listeners() ( listenerconfig ) . . , 694 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 68 5 . · , 69 · , 70 · , 72 · , 75 · CLI , 80 · Enterprise Gateway Configuration, 82 , , . , . SMTP(Simple Mail Transfer Protocol) . SMTP , MX(Mail Exchanger) SMTP . SMTP . IP . , . , . IP "SMTP " . . . · . . . · . , (POP/IMAP) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 69 () . . · . . IP , . , 70 . · . . , . Host Access Table , 93 . · ( ) . . currentcompany.com oldcompany.com currentcompany.com oldcompany.com . , 129 . HAT(Host Access Table) RAT(Recipient Access Table) SMTP SMTP . . 8: , IP GUI Network() > Listeners() CLI listenerconfig . . , 72 . . · IP , . · SMTP . QMQP(Quick Mail Queuing Protocol) . listenerconfig CLI . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 70 · IPv4(Internet Protocol version 4) IPv6(version 6) . . . IPv4 IPv6 IPv6 IPv6 . IPv6 IPv4 . · . AsyncOS SBRS . · C170 C190 : . , . · , " " . , . ( " " .) . . CLI listenerconfig . - . IP , . - . IP . 9: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 71 10: .example.com Data2 PublicNet IP 25 SMTP . IP MailNet . . IPv4(Internet Protocol 4) IPv6( 6) IPv4 IPv6 . 1 Network() > Listeners() . 2 Edit Global Settings( ) . 3 . 5: . C3x0 C6x0 300 , C1x0 50. IPv4 IPv6 . 300 IPv4 IPv6 300 . Maximum Concurrent TLS TLS . 100. Connections( IPv4 IPv6 TLS TLS ) . 100 IPv4 IPv6 100 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 72 : . IP (: 60 15), . 1. 1(60) 4(14,400) . , 119 . Timeout Period for AsyncOS . Unsuccessful Inbound Connections( SMTP ESMTP ) SMTP . . "421 Timed out waiting for successful message injection, disconnecting.(421 , .)" . SMTP . 5. Total Time Limit for All AsyncOS . Inbound Connections( ) . 80% . "421 Exceeded allowable connection time, disconnecting.(421 , .)" 80% . 80% . . SMTP . 15. Maximum size of . 0 subject( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 73 HAT HAT . HAT SMTP . HAT "Reject()" AsyncOS SMTP (RCPT TO) . , AsyncOS . . HAT MTA . HAT . MAIL FROM . RCPT TO . MTA SMTP AUTH RELAY . CLI listenerconfig --> setup . 4 . · , 74 . · · ASCII · CLI localeconfig . . CLI , 628 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 74 1 Network() > Listener() . 2 Add Listener( ) . 3 . 6: . / . AsyncOS . . · . . · . () . IP TCP . IP IPv4 , IPv6 . SMTP 25 QMQP 628 . (CLI bounceconfig . , 701 ). . (Mail Policies( ) > Text Resources( ) CLI textconfig . " " .) . (Mail Policies( ) > Text Resources( ) CLI textconfig . " " .) SMTP SMTP . TLS (Network() > Certificates( ) CLI certconfig . MTA , 645 ). 4 ( ) SMTP "MAIL FROM" "RCPT TO" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 75 RFC2821 . : · RFC 2821 . / RFC 2821 . · "MAIL FROM: <[email protected]>" . · . · "MAIL FROM" RCPT TO" / . · (: RFC 2821 "J.D." ). RFC 2821 . : AsyncOS . "" . · . ( ) . · "RCPT TO" "MAIL FROM" . · ( ). 8 , 8 . 8 8 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 76 A . . . · foo · foo@ · foo@bar Default Domain( ) . Add Default Domain( ): . SMTP Address Parsing(SMTP ) Allow Partial Domains( ) . " " , . ( "bare()" ). () . , "joe" . "joe" "@yourdomain.com" [email protected] . "MAIL FROM" "RCPT TO" . '@' (: @[email protected]:[email protected]). "reject" . "strip" . . IPv4 . IPv6 , (hard bounce) . . . ( ). . (: % !) . 5 ( ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 77 TCP SMTP AsyncOS . CR LF Bare CR(Carriage Return) LF(Line Feed) . · Clean(). , Bare CR LF CRLF . · Reject(). . · Allow(). . Received(): , . Received(): . Received(): . . IP . . SenderBase IP SenderBase IP Profiling . · Timeout for Queries( ). SenderBase Reputation Service . · SenderBase Timeout per Connection( Senderbase ). SMTP SenderBase . 6 ( ) LDAP . LDAP . LDAP . . . LDAP LDAP , 735 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 78 , MAIL FROM . SMTP LDAP . LDAP , ( ). SMTP LDAP , LDAP . . , SMTP DHAP(Directory Harvest Attack Prevention) . SMTP LDAP . LDAP . LDAP , 735 . . LDAP , 735 . Masquerade() , (: From CC ). LDAP , 735 . . LDAP , 735 . 7 . , MAIL FROM, 79 , MAIL FROM (envelope sender) SMTP Address Parsing(SMTP ) , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 79 CLI CLI 7: listenerconfig . listenerconfig -> new listenerconfig -> setup bounceconfig, listenerconfig-> edit -> bounceconfig textconfig, listenerconfig -> edit -> setup -> footer SMTP smtpauthconfig, listenerconfig -> smtpauth SMTP textconfig, listenerconfig -> edit -> setup -> address listenerconfig -> edit -> setup -> defaultdomain Received listenerconfig -> edit -> setup -> received Bare CR LF CRLF listenerconfig -> edit -> setup -> cleansmtp Host Access Table listenerconfig -> edit -> hostaccess (RAT) listenerconfig -> edit -> rcptaccess ( ) (TLS) certconfig, listenerconfig -> edit (TLS) listenerconfig -> edit -> certificate listenerconfig AsyncOS for Cisco Email Security Appliance CLI . , 665 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 80 HAT HAT , 81 HAT HAT . , k M . . . 8: HAT max_msgs_per_session Maximum recipients per message( max_rcpts_per_msg ) max_message_size max_concurrency SMTP SMTP (*) SMTP MTP (*) smtp_banner_code smtp_banner_text smtp_banner_code smtp_banner_text SMTP use_override_hostname override_hostname Use TLS(TLS ) tls Use anti-spam scanning( spam_check ) virus_check max_rcpts_per_hour on | off | default on | off | required on | off on | off 1000 10000 1k 1048576 20M 1000 220 Accepted 550 Rejected default newhostname on off off 5k AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 81 Enterprise Gateway Configuration max_rcpts_per_hour_code (*) max_rcpts_per_hour_text SenderBase use_sb SenderBase Reputation sbrs[value1 :value2 ] DHAP(Directory Harvest Attack Prevention): dhap_limit on | off -10.0- 10.0 452 Too manyrecipients on sbrs[-10:-7.5] 150 Enterprise Gateway Configuration Enterprise Gateway , POP/IMAP MTA . SMTP . 11: Enterprise Gateway . · . · (POP/IMAP) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 82 Enterprise Gateway Configuration , , . , . (A) (B) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 83 Enterprise Gateway Configuration AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 84 6 . · , 85 · SenderBase Reputation Service, 85 · , 88 · SBRS , 91 , Cisco SenderBaseTM Reputation Service . (: ) . , . . . File Reputation Filtering and File Analysis( ), 461 . SenderBase Reputation Service Cisco SenderBase Reputation Service SenderBase Affiliate , , SenderBase Reputation Score . SenderBase Reputation Score . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 85 SBRS(SenderBase Reputation Score) SenderBase Security Network (www.senderbase.org) . IP , URI, . · SBRS(SenderBase Reputation Score) , 86 · SenderBase , 87 · , 87 · (Outbreak Filter), 399 · , 793 SBRS(SenderBase Reputation Score) SBRS(SenderBase Reputation Score) SenderBase Reputation Service IP . SenderBase Reputation Service 25 SenderBase -10.0 +10.0 . -10.0 0 , +10.0 () . -10.0 "" , 10.0 "". SBRS . ( SenderBase Reputation Score "" . "SenderBase Reputation , 176 " " , 223 " .) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 86 12: SenderBase Reputation Service SenderBase 1. SenderBase Affiliate 2. MTA 3. IP 4. SenderBase Reputation Service SenderBase Reputations Score 5. Cisco SenderBase Reputation Score SenderBase . ( , 57 ) . 2000 . "" . 50% . 13: , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 87 Whitelist( Blacklist( Suspectlist( Unknownlist( ) ) ) ) SenderBase Reputation Score : (0) , 7 ~ 10 -10 ~ -4 -4 ~ -2 -2 ~ 7 ( ) , SenderBase -10 ~ -3 Reputation Score . -3 ~ -1 -1 ~ +10 , 4 ~ 10 . . -10 ~ -2 -2 ~ -1 -1 ~ 4 : SBRS(SenderBase Reputation Service) . SBRS Host Access Table , 93 . · MX/MTA IP . IP , 374 . · SenderBase Reputation Score . SenderBase Reputation , 99 . · . , 87 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 88 SBRS 1 Mail Policies( ) > HAT Overview(HAT ) . 2 Sender Groups (Listener)( ()) . 3 . "SUSPECTLIST" . 4 Edit Settings( ) . 5 SenderBase Reputation Score . "WHITELIST" 7.0~10 . 6 Submit() . 7 . 8 . · SBRS , 89 · SenderBase Reputation Service , 91 · Host Access Table , 93 · , 356 SBRS "(dummy)" , SBRS . SenderBase Reputation Score HAT "" . SBRS trace . : , 1149 . GUI CLI trace . 9: ( ) $BLOCKED REJECT None AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 89 SBRS $THROTTLED ( ) ACCEPT $ACCEPTED ( ) ACCEPT $TRUSTED ACCEPT Maximum messages / session: 10 Maximum recipients / message: 20 Maximum message size: 1MB Maximum concurrent connections: 10 Use Spam Detection: ON Use TLS: OFF Maximum recipients / hour: Use SenderBase: 20() Maximum messages / session: 1,000 Maximum recipients / message: 1,000 Maximum message size: 100 MB Maximum concurrent connections: 1,000 Use Spam Detection: ON Use TLS: OFF Use SenderBase: ON Maximum messages / session: 1,000 Maximum recipients / message: 1,000 Maximum message size: 100 MB Maximum concurrent connections: 1,000 Use Spam Detection: OFF Use TLS: OFF Maximum recipients / hour: -1 () Use SenderBase: OFF $THROTTLED 20 . . . Default Host Access( ) , 103 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 90 SenderBase Reputation Service SenderBase Reputation Service SenderBase Reputation Score Service SRBS . SenderBase Network Server IP , . AsyncOS . Security Services( ) > SenderBase . Security Services( ) SenderBase SenderBase Network Status Server SenderBase Reputation Score Service . CLI sbstatus . SBRS Cisco , SenderBase Reputation Service . . reputation strip-header insert-header , SenderBase Reputation Score -2.0 {{Spam SBRS}} SenderBase Reputation Score . listener_name . (filters .) : SBRS : 1 sbrs_filter: if ((recv-inj == "listener_name " AND subject != "\\{Spam -?[0-9.]+\\}")) { insert-header("X-SBRS", "$REPUTATION"); if (reputation <= -2.0) { strip-header("Subject"); insert-header("Subject", "$Subject \\{Spam $REPUTATION\\}"); } } . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 91 SBRS · , 137 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 92 7 Host Access Table . · , 93 · , 95 · , 101 · , 103 · , 106 · HAT(Host Access Table) , 115 · , 116 · SenderBase , 117 · , 119 . , . AsyncOS HAT(Host Access Table) . HAT . HAT . HAT . , . · . . . , IP . SenderBase Reputation . , 95 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 93 HAT Host Access Table · . . . , . , 101 . Mail Policies( ) > HAT Overview(HAT ) . HAT Overview(HAT ) . 14: Mail Policies( ) > HAT Overview(HAT ) - TCP , IP . HAT Overview(HAT ) . . . AsyncOS . , . , 103 . Host Access Table Host Access Table Host Access Table . HAT(Host Access Table) , 115 . · HAT , 94 HAT , HAT . · . HAT . · . HAT . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 94 Host Access Table HAT "ALL". Mail Policies( ) > HAT Overview(HAT ) ALL . listenerconfig systemsetup " " . ( " " "" ) SMTP . . . . . . · IP (IPv4 IPv6) · IP · · SenderBase Reputation Service "" · SenderBase Reputation (SBRS) ( ) · DNS , 96 . SMTP SMTP , (: SenderBase , IP ) . DNS IP . IP DNS(PTR) PTR DNS(A) . A PTR . A , HAT IP . Mail Policies( ) > HAT Overview(HAT ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 95 Host Access Table · , 96 · , IP , 97 · SenderBase Reputation , 99 · DNS , 100 10: HAT: Syntax n:n:n:n:n:n:n:n IPv6 0 . n:n:n:n:n:n:n:n-n:n:n:n:n:n:n:n IPv6 0 . n:n:n-n:n:n:n:n:n n.n.n.n () IPv4 n.n.n. n.n.n. n.n. n.n. n. IPv4 n.n.n.n-n. n.n.n.n-n. n.n.n-n. n.n-n. n.n-n n-n. n-n IPv4 yourhost.example.com .partialhost n/c n.n/c n.n.n/c n.n.n.n/c n:n:n:n:n:n:n:n/c SBRS[n:n]SBRS[none] partialhost IPv4 CIDR IPv6 CIDR 0 . SenderBase Reputation Score. SenderBase Reputation , 99 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 96 Host Access Table , IP Syntax SBO:n SenderBase Network Owner . SenderBase Reputation , 99 . dnslist[dnsserver.domain] DNS . DNS , 100 . ALL . (, ). , IP SMTP ID . HELO , . " ?" . SenderBase Reputation Service IP ( ) ID . IP IP . Email Security Appliance IPv4(Internet Protocol version 4) IPv6(version 6) . (: yahoo.com) , IP (PTR) . (Network Owner) IP ( ) , ARIN(American Registry for Internet Numbers) IP . IP , SenderBase . , . · HAT , 97 HAT . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 97 HAT Host Access Table 11: Level 3 Communications GE The Motley Fool Macromedia Inc. AllOutDeals.com GreatOffers.com GE Appliances GE Capital GE Mortgage The Motley Fool . SenderBase Reputation Service , . , HAT(Host Access Table) "Level 3 Communications" SenderBase . Level 3 10 , Macromedia Inc., Alloutdeals.com Greatoffers.com 10 (Level 3 30). , Level 3 . "The Motley Fool" . 10 The Motley Fool 10 . . . · IP ? . SenderBase Reputation Service . SenderBase Reputation Service (SenderBase SenderBase ) . . · IP . · , ? · IP . . · ISP, NSP, . ISP, NSP IP , . IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 98 Host Access Table SenderBase Reputation IP . . Mail Flow Monitor SenderBase SenderBase SenderBase . Mail Flow Monitor " " . SenderBase Reputation SenderBase Reputation Service (SBRS) . SBRS SenderBase Reputation Service IP , . -10.0~+10.0. 12: SenderBase Reputation -10.0 0 +10.0 none , ( ) SBRS . -7.5 . GUI . , 106 . HAT SenderBase Reputation . 13: SenderBase Reputation SBRS[ n n SBRS[none] SenderBase Reputation Score. SenderBase Reputation Service , . SBRS ( SenderBase Reputation ). GUI HAT SBO:n . n SenderBase Reputation Service . SenderBase Reputation Service Network() > Listeners() CLI listenerconfig -> setup . SenderBase Reputation Service . GUI Mail AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 99 DNS Host Access Table Policies( ) CLI listenerconfig -> edit -> hostaccess SenderBase Reputation Service . SenderBase Reputation Score " " . "SenderBase Reputation ", " (Bypass Anti-Spam System Action)" " (Bypass Anti-Virus System Action)" . DNS HAT DNS . DNS . (" " "DNS List(DNS ) " ), . DNS List(DNS ) . . DNS IP (: "127.0.0.1" "127.0.0.2" "127.0.0.3") . DNS (" " "DNS List(DNS ) " ), . DNS HAT (, IP ). CLI . GUI DNS . , DNL , DNS CLI dnslistconfig . "" "" . query.bondedsender.org Cisco Systems Bonded SenderTM . Bonded Sender DNS ( ) WHITELIST . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 100 Host Access Table SMTP . SMTP . · (: ) · (: ) · SMTP SMTP · · · (: TLS SMTP ) · (: DKIM ) . · ACCEPT. , Recipient Access Table( ) . · REJECT. , 4XX 5XX SMTP . . SMTP (RCPT TO) AsyncOS . , AsyncOS . CLI listenerconfig > setup . CLI , 80 . · TCPREFUSE. TCP . · RELAY. . Recipient Access Table . · CONTINUE. HAT HAT . CONTINUE . CONTINUE GUI HAT . , 106 . · HAT , 102 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 101 HAT Host Access Table HAT Rate Limiting SMTP . / . , $group $Group . 14: HAT $Group $Hostname $OrgID $RemoteIP $HATEntry HAT . "None" . . IP DNS "None" . DNS (: DNS DNS ) "Unknown" . SenderBase Organization ID( ) . SenderBase Organization ID SenderBase Reputation Service "None" . IP . HAT . · HAT , 102 · HAT , 103 HAT " " smtp_banner_text max_rcpts_per_hour_text HAT . GUI $TRUSTED SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 102 Host Access Table 15: HAT HAT CLI . Would you like to specify a custom SMTP response? [Y]> y Enter the SMTP code to use in the response. 220 is the standard code. [220]> 200 Enter your custom SMTP response. Press Enter on a blank line to finish. You've connected from the hostname: $Hostname, IP address of: $RemoteIP, matched the group: $Group, $HATEntry and the SenderBase Organization: $OrgID. HAT IP $WHITELIST . . SMTP . . # telnet IP_address_of_Email_Security_Appliance port 220 hostname ESMTP 200 You've connected from the hostname: hostname , IP address of: IP-address_of_connecting_machine , matched the group: WHITELIST, 10.1.1.1 the SenderBase Organization: OrgID . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 103 Host Access Table 15: WHITELIST Whitelist $TRUSTED . $TRUSTED , . BLACKLIST Blacklist $BLOCKED ($BLOCKED ). SMTP HELO 5XX SMTP . SUSPECTLIST Suspectlist $THROTTLED (throttle) . Suspectlist . . · , , . · 20 . . . · ( ). · SenderBase Reputation Service . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 104 Host Access Table UNKNOWNLIST $ACCEPTED Unknownlist . ( ), SenderBase Reputation Service . . , 337 . SenderBase Reputation Service SenderBase Reputation Service, 85 . ALL $ACCEPTED . HAT , 94 . . 16: RELAYLIST $RELAYED Relaylist . $RELAYED , . RELAYLIST . ALL $BLOCKED . HAT , 94 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 105 Host Access Table . $RELAYED . RELAYLIST $RELAYED . Mail Policies( ) > HAT Overview(HAT ) Mail Flow Policy( ) . . · , 106 · , 107 · , 108 · , 108 · , 101 · , 114 1 2 3 4 5 6 7 Mail Policies( ) > HAT Overview(HAT ) . Listener() . Add Sender Group( ) . . . ( ) (: ). . ( ) "CONTINUE (no policy)" . 8 ( ) DNS . 9 ( ) SBRS . "none" . 10 ( ) DNS . 11 ( ) DNS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 106 Host Access Table , 124 . 12 Submit() . 13 . 14 Add Sender( ) . · IP . IP Addresses(IP ) IPv4 , IPv6 . IP . · . Geolocation() . 15 . · , 88 1 , IP Add to Sender Group( ) . 2 . 3 . GUI . Add to Sender Group( ) example.net example.net .example.net . example.net . , 96 . , . 4 Incoming Mail Overview( ) Save() . · , 369 · , 356 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 107 Host Access Table . HAT . . 1 Mail Policies( ) > HAT Overview(HAT ) . 2 Listener() . 3 Edit Order( ) . 4 HAT . RELAYLIST( ) WHITELIST, BLACKLIST, SUSPECTLIST UNKNOWNLIST . 5 . HAT Overview(HAT ) Find Senders( ) . Find() . . · "Use Default( )" " ". "On" . , 114 . · . ( DHAP(Directory Harvest Attack Prevention) LDAP .) 1 Mail Policies( ) > Mail Flow Policies( ) . 2 Add Policy( ) . 3 . 17: Connections AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 108 Host Access Table . 1. Maximum concurrent IP connections from a single IP( IP ) Maximum messages per connection( ) Maximum recipients per message( ) SMTP Custom SMTP Banner SMTP Code( SMTP ) Custom SMTP Banner SMTP Text( SMTP ) . HAT , 102 . Custom SMTP Reject SMTP Banner Code( SMTP ) Custom SMTP Reject Banner Text( SMTP ) SMTP Override SMTP Banner Host Name(SMTP ) SMTP (: 220- ESMTP). . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 109 Host Access Table Max. Recipients per . IP Hour( . . ) , IP () . . HAT , 102 . Max. Recipients per Hour SMTP Code( ) Max. Recipients Per Hour SMTP Exceeded Text( ) Max. Recipients per Time , Interval( . . ) . , . , , . Default Mail Flow Policy( ) . Default Mail Flow Policy( ) . Sender Rate Limit (envelope) Exceeded Error Code( SMTP ) Sender Rate Limit (envelope) Exceeded Error Text( SMTP ) . , 116 . Flow Control( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 110 Host Access Table Use SenderBase for Flow SenderBase Reputation Service "" . Control( SenderBase ) Group by Similarity of IP CIDR HAT(Host Access Table) IP Addresses: (significant . bits 0-32)(IP IP (0-32) , IP . "Use SenderBase(SenderBase )" ( 0-32)) . HAT , 665 . DHAP(Directory Harvest Attack Prevention) DHAP(Directory Harvest . RAT Attack Prevention): SMTP call-ahead SMTP ( LDAP ) LDAP . LDAP DHAP LDAP , 745 . Directory Harvest Attack . Prevention: Drop Connection if DHAP threshold is Reached within an SMTP Conversation(DHAP(Directory Harvest Attack Prevention): SMTP DHAP ) . 550. : . "Too many invalid recipients( : )". Drop Connection if DHAP threshold is SMTP DHAP . reached within an SMTP Conversation(SMTP DHAP ) Max. Invalid Recipients SMTP DHAP . Per Hour Code( 550. ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 111 Host Access Table SMTP DHAP . : Anti-spam scanning( . ) Anti-virus scanning( . ) TLS SMTP TLS(Transport Layer Security) Deny(), Prefer( ) Require() . Preferred( ) , Address List( ) TLS . TLS TLS . Verify Client Certificate( ) TLS Email Security Appliance . TLS Preferred(TLS ) , TLS . TLS Required(TLS ) , . , 116 . TLS TLS , 787 . SMTP SMTP . SMTP "LDAP " . TLS SMTP TLS SMTP . : Domain Key/ DKIM Signing(Domain Key/DKIM ) Domain Keys DKIM (ACCEPT RELAY). DKIM DKIM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 112 Host Access Table S/MIME S/MIME Decryption/Verification(S/MIME /) · S/MIME . · S/MIME . (triple wrapped) . S/MIME S/MIME S/MIME . (S/MIME ) Harvest Certificates on . Verification Failure( ) Store Updated . Certificate( ) SPF/SIDF Enable SPF/SIDF SPF/SIDF . , 571 Verification(SPF/SIDF . ) Conformance Level( SPF/SIDF . SPF, SIDF SIDF Compatible ) . , 571 . Downgrade PRA verification result if 'Resent-Sender:' or 'Resent-From:' were SIDF Compatible(SIDF ) , Resent-Sender: Resent-From: PRA Identity Pass None . . used:('Resent-Sender:' 'Resent-From:' PRA :) HELO Test(HELO HELO ID (SPF SIDF Compatible ) ). DMARC Enable DMARC DMARC . DMARC , 602 Verification(DMARC . ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 113 Host Access Table Use DMARC Verification DMARC . Profile(DMARC ) DMARC Feedback DMARC . Reports(DMARC ) DMARC DMARC , 609 . DMARC DMARC . DKIM SPF . Consider Untagged (" " ) Bounces to be Valid( . , Bounce Verification( ) . ) . DNS , 119 . Use Exception Table( . , ) . , 122 . HAT , . , . 4 . 1 Mail Policies( ) > Mail Flow Policies( ) . 2 Listener() . 3 Default Policy Parameters( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 114 Host Access Table HAT(Host Access Table) 4 . , 108 . 5 . HAT(Host Access Table) HAT(Host Access Table) , HAT HAT . · HAT(Host Access Table) , 115 · HAT(Host Access Table) , 115 HAT(Host Access Table) 1 Mail Policies( ) > HAT Overview(HAT ) . 2 Listener() . 3 Export HAT(HAT ) . 4 HAT . configuration . 5 . HAT(Host Access Table) HAT HAT HAT . 1 Mail Policies( ) > HAT Overview(HAT ) . 2 Listener() . 3 Import HAT(HAT ) . 4 . configuration . 5 Submit() . HAT . 6 Import() . 7 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 115 Host Access Table "" . '#' AsyncOS . . # File exported by the GUI at 20060530T215438 $BLOCKED REJECT {} [ ... ] (: TLS ) . , , IP . GUI Mail Policies( ) > Address Lists( ) CLI addresslistconfig . Address Lists( ) . 1 Mail Policies( ) > Address Lists( ) . 2 Add Address List( ) . 3 . 4 . 5 ( ) Full Email Addresses only( ) . 6 . · Full Email Addresses only( ) . · Domains only() . · IP Addresses only(IP ) . 7 . . · : [email protected] · : user@ Allow only full Email Addresses( ) . · IP : @[1.2.3.4] · : @example.com · : @.example.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 116 Host Access Table SenderBase IP @ . . AsyncOS . 8 . SenderBase ( ) . Classification() -> Sender Group( ) -> Mail Flow Policy( ) -> Rate Limiting( ) , IP , 97 . "" IP SMTP ( ) . . ( , , / .) . , . . · SenderBase Reputation Service . ( /24 CIDR ). · HAT Significant Bits(HAT ) . . Mail Flow Policy( ) -> Rate Limiting( ) . IP "network/bits" CIDR "bits" . SenderBase Reputation Service IP Profiling . · SenderBase , 118 · HAT , 118 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 117 SenderBase Host Access Table SenderBase SenderBase Reputation Service . SenderBase . GUI "Use SenderBase for Flow Control( SenderBase )" CLI listenerconfig > hostaccess > edit SenderBase . HAT AsyncOS 3.8.3 , CIDR HAT(Host Access Table) IP . "10.1.1.0/24" , . HAT HAT Flow Control( ) "User SenderBase( SenderBase)" ( CLI listenerconfig -> setup SenderBase Information Service , "Would you like to enable SenderBase Reputation Filters and IP Profiling support?(SenderBase Reputation Filters IP Profiling ?)" no() ). , HAT SenderBase IP Profiling . ("10.1.1.0/24" "10.1.0.0/16" IP ) . , IP . HAT . · HAT , 118 · HAT , 119 · , 119 HAT HAT . IP ""( ) . IP SMTP . IP "CIDR "(: 10.1.1.0/24) (/32) . "signficant_bits" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 118 Host Access Table HAT HAT HAT signficant_bits . GUI Mail Policies( ) > Mail Flow Policies( ) . SenderBase "OFF" Directory Harvest Attack Prevention , "significant bits" IP , HAT CIDR . CIDR " (zeroed out)". IP 1.2.3.4 significant_bits 24 CIDR 1.2.3.0/24 . , HAT ( 10.1.1.0/24) ( 32) (24) . listenerconfig AsyncOS for Cisco Email Security Appliance CLI . . IP (: 60 15), . 3,600(1). 1(60) 4(14,400) . GUI ( , 72 ). CLI listenerconfig -> setup . listenerconfig AsyncOS for Cisco Email Security Appliance CLI . IP DNS . DNS . SMTP ( IP DNS ) . . AsyncOS . SMTP (throttle) . . · . SMTP . : , 120 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 119 : Host Access Table · . SMTP . : , 121 . · : , 120 · : , 121 · - , 123 · , 125 · , 127 : . DNS "" . DNS SMTP . DNS . SMTP . DNS IP (, ) . DNS IP DNS(PTR) PTR DNS(A) . A PTR . PTR A , HAT IP . . · PTR DNS . · PTR DNS . · DNS (PTR) DNS (A) . "Connecting Host DNS Verification( DNS )" (SUSPECTLIST , 124 ). DNS . DNS . , . (throttle) . WHITELIST DNS WHITELIST ( / , ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 120 Host Access Table : : DNS . ( ? DNS A MX ?) DNS DNS . , "domain does not exist( )" . SMTP , DNS SMTP IP . , AsyncOS MX . MX A . DNS "NXDOMAIN" ( ), AsyncOS . "Envelope Senders whose domain does not exist( )" . NXDOMAIN . DNS "SERVFAIL" "Envelope Senders whose domain does not resolve( )" . SERVFAIL DNS . MAIL FROM ( ) . MAIL FROM . ( ) MAIL FROM . . · DNS . · SMTP . DNS . · . · DNS . ( , 122 ). . . . , . , DNS . DNS . DNS SMTP . DNS (throttle) . , MAIL FROM SMTP . SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 121 , MAIL FROM Host Access Table GUI CLI(listenerconfig -> edit -> hostaccess -> < policy >) DNS ( ) . · , MAIL FROM, 122 · SMTP , 122 · : , 121 , MAIL FROM (envelope sender) SMTP Address Parsing(SMTP ) (" " SMTP ), . . SMTP , DNS , DNS (: DNS ) SMTP . SMTP $EnvelopeSender . . "Domain does not exist( )" . "" 5XX 4XX . SMTP . SMTP . . , . MAIL FROM: [email protected] . . RAT(Recipient Access Table) (SMTP RCPT TO ) . GUI Mail Policies( ) > Exception Table( ) ( CLI exceptionconfig ) , GUI(ACCEPTED , 124 ) CLI(AsyncOS for Cisco Email Security Appliance CLI ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 122 Host Access Table - . , 125 . - . , DNS SUSPECTLIST THROTTLED (throttle). (UNVERIFIED) (THROTTLEMORE) . SMTP (throttle)(UNVERIFIED THROTTLEMORE ). ACCEPTED . . 18: : UNVERIFIED SUSPECTLIST THROTTLEMORE THROTTLED ACCEPTED SMTP : PTR DNS . DNS (PTR) DNS (A) . SMTP : - MAIL FROM: - DNS . - DNS . · SUSPECTLIST , 124 · , 124 · ACCEPTED , 124 · , 125 · , 125 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 123 SUSPECTLIST Host Access Table SUSPECTLIST 1 Mail Policies( ) > HAT Overview(HAT ) . 2 SUSPECTLIST . 3 Edit Settings( ) . 4 THROTTLED . 5 Connecting Host DNS Verification( DNS ) "Connecting host reverse DNS lookup (PTR) does not match the forward DNS lookup (A)( DNS (PTR) DNS (A) )" . 6 . DNS SUSPECTLIST , THROTTLED . 1 ( THROTTLEMORE ) (throttling) . a) Mail Flow Policies( ) Add Policy( ) . b) Connection Behavior( ) Accept() . c) . d) . 2 ( UNVERIFIED ) THROTTLEMORE . a) HAT Overview(HAT ) Add Sender Group( ) . b) THROTTLEMORE . c) Connecting Host DNS Verification( DNS ) "Connecting host PTR record does not exist in DNS( PTR DNS )" . d) . ACCEPTED 1 Mail Policies( ) > Mail Flow Policies( ) . 2 Mail Flow Policies( ) ACCEPTED . 3 Sender Verification( ) . 4 Envelope Sender DNS Verification( DNS ) . · DNS On . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 124 Host Access Table · SMTP . 5 Use Domain Exception Table( ) On . 6 . 1 Mail Policies( ) > Exception Table( ) . "Use Exception Table( )" . 2 Mail Policies( ) > Exception Table( ) Add Domain Exception( ) . 3 . ([email protected]), (user@), (@example.com or @.example.com) IP (user@[192.168.23.1]) . 4 . SMTP . 5 . 1 Exception Table( ) Find Domain Exception( ) . 2 Find() . . . DNS . · MAIL FROM , 126 · , 126 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 125 MAIL FROM Host Access Table MAIL FROM THROTTLED DNS , MAIL FROM . 1 (Telnet) . 2 SMTP MAIL FROM(: "admin") . (" " ), , . 3 . # telnet IP_address_of_Email_Security_Appliance port 220 hostname ESMTP helo example.com 250 hostname mail from: admin 553 #5.5.4 Domain required for sender address SMTP THROTTLED . 1 [email protected] "Allow()" . 2 . 3 . 4 SMTP ([email protected]) . 5 . # telnet IP_address_of_Email_Security_Appliance port 220 hostname ESMTP helo example.com 250 hostname mail from: [email protected] 250 sender <[email protected]> ok , DNS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 126 Host Access Table . · , 127 : Thu Aug 10 10:14:10 2006 Info: ICID 3248 Address: <user> sender rejected, envelope sender domain missing (NXDOMAIN): Wed Aug 9 15:39:47 2006 Info: ICID 1424 Address: <[email protected]> sender rejected, envelope sender domain does not exist (SERVFAIL): Wed Aug 9 15:44:27 2006 Info: ICID 1425 Address: <[email protected]> sender rejected, envelope sender domain could not be resolved AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 127 Host Access Table AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 128 8 . · , 129 · RAT(Recipient Access Table) , 130 · GUI RAT , 130 · CLI RAT , 130 · RAT , 130 · , 131 AsyncOS RAT(Recipient Access Table) . . · · · . . RAT . "All Other Recipients( )" . . , . AsyncOS RAT(Recipient Access Table) . . currentcompanyname.com oldcompanyname.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 129 RAT(Recipient Access Table) currentcompanyname.com oldcompanyname.com . RAT . (: . " " (Domain Map) .) RAT(Recipient Access Table) Recipient Access Table . . RAT(Recipient Access Table) RAT , , LDAP . GUI RAT GUI Mail Policies( ) > Recipient Access Table(RAT) . CLI RAT CLI listenerconfig edit > rcptaccess > new . RAT · . · . (" " " " ) SMTP . . RAT . · RAT . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 130 1 Mail Policies( ) > Recipient Access Table(RAT) . 2 All Other Recipients( ) . RAT Mail Policies( ) > Recipient Access Table (RAT) , . . · RAT , . · . · RAT . · RAT . · , 131 · Recipient Access Table , 134 · Recipient Access Table , 134 · Recipient Access Table , 134 1 2 3 4 5 6 7 8 Mail Policies( ) > Recipient Access Table (RAT) . Overview for Listener( ) . Add Recipient( ) . . . . ( ) LDAP . ( ) SMTP . a) Custom SMTP Response( SMTP ) Yes() . b) SMTP . RCPT TO SMTP . 9 ( ) Bypass Receiving Control( ) Yes() . 10 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 131 · , 132 · LDAP , 132 · Bypass, 133 RAT . , , , IP . [IPv4 address] IPv4(Internet Protocol version 4) . IP "[]" . [IPv6 address] IPv6(Internet Protocol version 6) . IP "[]" . division.example.com .partialhost "partialhost" user@domain user@ user@[IP_address ] IPv4 IPv6 . IP "[]" . "user@IP_address"( ) . , RAT . GUI 4 Recipient Access Table (3: , 33 ) . example.net .example.net . example.net Recipient Access Table . RAT .example.com .example.com , (: [email protected]) . LDAP LDAP . LDAP (: [email protected]). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 132 Bypass LDAP (: ), LDAP . [email protected] [email protected] [email protected] . [email protected] LDAP , LDAP [email protected] [email protected] . GUI LDAP RAT Bypass LDAP Accept Queries for this Recipient( LDAP ) . CLI LDAP listenerconfig -> edit -> rcptaccess yes() . Would you like to bypass LDAP ACCEPT for this entry? [Y]> y LDAP RAT RAT . RAT RAT . RAT [email protected] ironport.com . [email protected] LDAP , ironport.com ACCEPT . [email protected] [email protected] ironport.com LDAP . ironport.com [email protected] RAT ACCEPT . Bypass , . . , "postmaster@domain" . RAT , "postmaster@domain" . . GUI RAT "Bypass Receiving Control( )" Yes() . CLI listenerconfig > edit > rcptaccess yes . Would you like to bypass receiving control for this entry? [N]> y AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 133 Recipient Access Table Recipient Access Table 1 Mail Policies( ) > Recipient Access Table (RAT) . 2 Overview for Listener( ) . 3 Edit Order( ) . 4 Order() . 5 . Recipient Access Table 1 Mail Policies( ) > Recipient Access Table (RAT) . 2 Overview for Listener( ) . 3 Export RAT(RAT ) . 4 . . 5 . Recipient Access Table Recipient Access Table Recipient Access Table . 1 Mail Policies( ) > Recipient Access Table (RAT) . 2 Overview for Listener( ) . 3 Import RAT(RAT ) . 4 . AsyncOS . 5 Submit() . Recipient Access Table . 6 Import() . 7 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 134 Recipient Access Table "" . '#' AsyncOS . . : # File exported by the GUI at 20060530T220526 .example.com ACCEPT ALL REJECT AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 135 Recipient Access Table AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 136 9 Cisco . , , . . · , 137 · , 138 · , 140 · , 146 · , 196 · Attachment Scanning( ), 229 · , 240 · CLI , 240 · , 255 · , 263 Cisco . . Cisco . . · . . , , , , . , , , BCC( ) . , 138 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 137 · . AsyncOS AsyncOS , , , MIME , . , 140 . · . . . , 138 . · . true . 2 . (: , ) (: ). , 138 . · . . , . . , . Attachment Scanning( ), 229 . · CLI . CLI . , , , . CLI , 240 . · . . , 255 . . . · , 138 · , 138 · , 139 . AND, OR NOT . . . 2 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 138 · (, ) . · . . . , . · , 196 · , 206 · , 208 · , 209 . . else else . , . . expedite: if (recv-listener == 'InboundMail' or recv-int == 'notmain') { alt-src-host('outbound1'); skip-filters(); } else { alt-src-host('outbound2'); } . expedite2: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 139 if ((not (recv-listener == 'InboundMail')) and (not (recv-int == 'notmain'))) { alt-src-host('outbound2'); skip-filters(); } . . . , notify(`[email protected]') notify("[email protected]") notify("[email protected]') . `#' filters -> detail AsyncOS . AsyncOS AsyncOS , . · . . , AsyncOS . , . , 141 . · . AsyncOS . AsyncOS . , 141 . · MIME . MIME "" " " . . , 141 . · . "" . "" . , 142 . · . AND OR AsyncOS . . , AND OR . AND OR , 145 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 140 · , 141 · , 141 · , 141 · , 142 · AND OR , 145 . . 9 (: ) 30 . . . . . · . · . · . "" . . · , . · , . · , . . . RFC " " , "" " " . Cisco (body-variable attachment-variable ) , Cisco "" " " MUA . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 141 body-variable attachment-variable MIME . (, MIME ) . AsyncOS MIME . , "Document attached below." "This is a Microsoft Word document.doc" Microsoft Outlook MUA . , RFCS 1521 1522 MIME , Cisco " " , ""( ) .doc ( MIME ) . 16: " " Cisco body-variable attachment-variable . · , "Content-Type: text/plain" "Content-Type: text/html" Cisco . Cisco . · (: UU ) . , . · . , .zip . . AsyncOS "" . true . . · body-contains · only-body-contains AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 142 · attachment-contains · every-attachment-contains · dictionary-match · attachment-dictionary-match drop-attachments-where-contains . . · , 143 · , 143 · MIME/ MIME , 144 · , 144 true . if(<filter rule>('<pattern>',<minimum threshold>)){ , body-contains "Company Confidential" 2 . if(body-contains('Company Confidential',2)){ , AsyncOS , 1 . . " " . . AsyncOS "" . MIME (: attachment-contains ) AsyncOS . , 2 body-contains , 1 . AsyncOS , 2 . AsyncOS . , 3 attachment-contains AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 143 MIME/ MIME , 2 2 . AsyncOS 4 . MIME/ MIME 2 ( HTML) AsyncOS . , . AsyncOS . , body-contains 4 . HTML, 2 . . multipart/mixed multipart/alternative text/plain text/html application/octet-stream application/octet-stream body-contains text/plain text/html . . , . , multipart/mixed multipart/alternative text/plain (2 matches) text/html (2 matches) application/octet-stream (1 match) application/octet-stream AsyncOS text/plain text/html 3 . "" . , "" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 144 AND OR "" "" ABA . . . , 19: / ABA 3 2 1 dictionary-match attachment-dictionary-match AsyncOS "" . "" 3 , AsyncOS 6 . 6 AsyncOS . 1 , 6 . AND OR AND OR AsyncOS . AND false . . , AND OR . , remote-ip rcpt-to-group ( LDAP ). andTestFilter: if (remote-ip == "192.168.100.100" AND rcpt-to-group == "GROUP") { ... } . if . . expensiveAvoid: if (<simple tests>) { if (<expensive test>) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 145 { <action> } } . if (test1 AND test2 AND test3) { ... } . if ((test1 AND test2) AND test3) { ... } , (test1 AND test2) test3 AND . (test1 AND test2) test3 . . true . · , 146 · , 158 · , 162 · , 209 . 20: Subject Header( ) Syntax subject Body Size( ) body-size ? Subject() , 165 . ? Body Size( ) , 168 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 146 Envelope Sender( ) Syntax mail-from Envelope Sender in Group( mail-from-group ) sendergroup Envelope Recipient( ) rcpt-to Envelope Sender( )(, Envelope From, <MAIL FROM>) ? Envelope Sender( ) , 167 . Envelope Sender( )(, Envelope From, <MAIL FROM>) LDAP ? Envelope Sender in Group( ) , 167 . HAT(Host Access Table) ? Sender Group( ) , 168 . Envelope Recipient( )(, Envelope To, <RCPT TO>) ? Envelope Recipient( ) , 166 . rcpt-to . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 147 Syntax rcpt-to-group Remote IP( IP) remote-ip Receiving Interface( recv-int ) Receiving Listener( ) recv-listener Date() date Header() header(<string>) Envelope Recipient( )(, Envelope To, <RCPT TO>) LDAP ? Envelope Recipient in Group( ) , 166 . rcpt-to-group . , . IP IP ? Remote IP( IP) , 169 . ? .Receiving IP Interface( IP ) , 170 ? Receiving Listener( ) , 169 . , ? Date() , 170 . ? ? Header( ) , 170 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 148 Random() Syntax random(<integer>) Recipient Count( ) rcpt-count Address Count( ) addr-count() SPF Status(SPF ) spf-status SPF Passed(SPF ) spf-passed S/MIME smime-gateway ? Random() , 171 . ? Recipient Count( ) , 172 . ? rcpt-count . Address Count( ) , 172 . SPF ? SPF . SPF/SIDF . SPF-Status , 178 . SPF/SIDF ? SPF/SIDF . SPF-Passed , 180 . S/MIME , , ? S/MIME Gateway Message(S/MIME ) , 180 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 149 S/MIME Syntax smime-gateway-verified Image verdict( ) image-verdict Workqueue count( ) workqueue-count Body Scanning( ) body-contains( <regular expression>) Body Scanning( ) only-body-contains (<regular expression>) Encryption Detection( encrypted ) , , ? S/MIME Gateway Verified(S/MIME ) , 181 . ? . , 232 . , , ? Workqueue-count , 181 . ? ? delivery-status . Body Scanning( ) , 173 . ? ? . Body Scanning( ) , 172 . ? , 173 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 150 Syntax attachment-filename Attachment Type( )a attachment-type Attachment File Type attachment-filetype ? Attachment Filename( ) , 174 . MIME ? Attachment Type( ) , 174 . (UNIX file )? Excel Word .exe , .dll, .bmp, .tiff, .pcx, .gif, .jpeg, png Photoshop . . . .exe . if (attachment-filetype == "exe") , 175 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 151 Attachment MIME Type Attachment Protected Attachment Unprotected Syntax attachment-mimetype attachment-protected attachment-unprotected MIME ? MIME MIME attachment-type . ( "" .) , 237 . ? , 239 . attachment-unprotected true . . zip . - attachment-unprotected attachment-protected . true . zip . , 239 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 152 Syntax Attachment Scanning( attachment-contains (<regular expression>) )a Attachment Scanning( attachment-binary-contains (<regular expression>) ) Attachment Scanning( every-attachment-contains (<regular expression>) ) ? ? body-contains() , "" . , . , 237 . ? attachment-contains () , . ? , 'attachment-contains()' AND . . ? , 237 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 153 Syntax Attachment Size( )a attachment-size ? body-size , "" . , . . , 237 . Public Blacklists( dnslist(<query server>) ) IP (RBL) ? DNS List(DNS ) , 175 . SenderBase Reputation reputation SenderBase Reputation ? SenderBase Reputation , 176 . No SenderBase no-reputation Reputation(SenderBase Reputation ) SenderBase Reputation "None()" . SenderBase Reputation , 176 . dictionary-match (<dictionary_name>) dictionary_name ? ? Dictionary() , 177 . Attachment Dictionary Match( attachment-dictionary-match (<dictionary_name>) ) dictionary_name ? ? Dictionary() , 177 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 154 Syntax Subject Dictionary Match( subject-dictionary-match (<dictionary_name>) ) Header Dictionary Match( header-dictionary-match (<dictionary_name>, ) <header>) Body Dictionary Match( body-dictionary-match (<dictionary_name>) ) Envelope Recipient Dictionary rcpt-to-dictionary-match Match( ) (<dictionary_name>) Envelope Sender Dictionary mail-from-dictionary-match Match( ) (<dictionary_name>) SMTP Authenticated User smtp-auth-id-matches Match(SMTP ) (<target>[, <sieve-char>]) True() true Subject dictionary name ? Dictionary() , 177 . (/ ) dictionary name ? Dictionary() , 177 . true . MIME , ( 1) true . Dictionary() , 177 . dictionary name ? Dictionary() , 177 . dictionary name ? Dictionary() , 177 . SMTP ID ? SMTP , 181 . . True , 165 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 155 Syntax Valid() valid / MIME false, true . , 165 . Signed() signed ? Signed , 183 . Signed Certificate( ) signed-certificate (<field> [<operator> <regular expression>]) X.509 ? Signed Certificate( ) , 184 . Header Repeats( ) header-repeats (<target>, <threshold> [, <direction>]) true . · 1 · 1 URL Reputation(URL ) url-reputation url-no-reputation URL url-category Header Repeats( ) , 186 . URL ? URL ? URL Reputation(URL ) , 188 Cisco Email Security , 307 . URL ? URL Category(URL ) , 189 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 156 Syntax Corrupt Attachment( attachment-corrupt ) ? Corrupt Attachment( ) , 189 . message-language ( )? , 189 . macro-detection-rule ([`file_type-1', 'file_type-2', ...,'file_type-n']) ? , 190 . forged-email-detection ("<dictionary_name>", <threshold>) ? : . , 191 . duplicate_boundaries MIME ? , 192 . MIME malformed-header MIME ? MIME , 192 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 157 Syntax geolocation-rule (['country_name-1', 'country_name-2', 'country_name-n']) Sender Domain Reputation: - sdr-reputation (<`sdr_verdict_range'>, <`domain_exception _list'>) - sdr-age (<`unit'>, <`operator'> <`actual value'>) - sdr-unscannable (<'domain_exception _list'>) External Threat Feeds: domain-externalthreat-feeds (<'external_threat_ feed_source_name'>, <'header'> , <'domain _exception_list'>) ? . , 193 . ? · · ETF , 193 SDR , 194 . Cisco Email Security , 307 , 323 . Cisco . ( , 138 ) , (AND, OR, NOT) . . . . 21: (abc) . Georg George Of The Jungle , Georgy Porgy, La Meson Georgette Georg . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 158 (^) ($) ($) , (^) . ^Georg$ Georg . "^$" . , @ , @ . ^George@admin$ George@admin . (. ) (.) ( ). ^...admin$ macadmin sunadmin win32admin . (*) (*) "0 " . (.*) ( ). ^P.*Piper$ PPiper, Peter Piper, P.Piper Penelope Penny Piper . (\) . \. , \$ , \^ . ^ik\.ac\.uk$ ik.ac.uk . : . "" 2 . ^ik\\.ac\\.uk$ . / ((?i)) (?i) / . / / . "(?i)viagra" Viagra, vIaGrA VIAGRA . {min,max} . "fo\{2,3\}" foo fooo fo fofo . if(header('To') == "^.{500,}") 500 "To" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 159 (|) "or" . A B "A|B" "A" "B" . "foo|bar" foo bar foobar . · , 160 · , 160 · ASCII , 161 · n , 161 · / , 161 · , 161 · PDF , 162 ASCII ( ) . ASCII (regex) . · · MIME · · MIME (, ) · MIME ( MIME ) · MIME · MIME (regex) . , HTML, MS Word, Excel . gb2312, HZ, EUC, JIS, Shift-JIS, Big5, Unicode . GUI . . CLI , 240 , 263 . (^) ($) . "" . . "^ $" . Subject() , 165 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 160 ASCII . sun.com thegodsunocommando , ^sun\.com$ sun.com . , Python re Module . Python Python Regular Expression HOWTO(http://www.python.org/doc/howto/) . ASCII / . (regex "\w" ) . n == , != . . rcpt-to == "^goober@dev\\.null\\....$" (matching) rcpt-to != "^goober@dev\\.null\\....$" (non-matching) / / . foo FOO Foo . , CPU . . attachment-filter: if ((recv-listener == "Inbound") AND ((((((((((((((((((((((((((((((((((((((((((((((attachment-filename == "\\.386$") OR (attachment-filename == "\\.exe$")) OR (attachment-filename == "\\.ad$")) OR (attachment-filename == "\\.ade$")) OR (attachment-filename == "\\.adp$")) OR (attachment-filename == "\\.asp$")) OR (attachment-filename == "\\.bas$")) OR (attachment-filename == "\\.bat$")) OR (attachment-filename == "\\.chm$")) OR (attachment-filename == "\\.cmd$")) OR (attachment-filename == "\\.com$")) OR (attachment-filename == "\\.cpl$")) OR (attachment-filename == "\\.crt$")) OR (attachment-filename == "\\.exe$")) OR (attachment-filename == "\\.hlp$")) OR (attachment-filename == "\\.hta$")) OR (attachment-filename == "\\.inf$")) OR (attachment-filename == "\\.ins$")) OR (attachment- filename == "\\.isp$")) OR (attachment-filename == "\\.js$")) OR (attachment-filename == "\\.jse$")) OR (attachment- filename == "\\.lnk$")) OR (attachment-filename == "\\.mdb$")) OR (attachment-filename == "\\.mde$")) OR (attachment-filename == "\\.msc$")) OR (attachment-filename == "\\.msi$")) OR (attachment-filename == "\\.msp$")) OR AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 161 PDF (attachment-filename == "\\.mst$")) OR (attachment-filename == "\\.pcd$")) OR (attachment-filename == "\\.pif$")) OR (attachment-filename == "\\.reg$")) OR (attachment-filename == "\\.scr$")) OR (attachment-filename == "\\.sct$")) OR (attachment-filename == "\\.shb$")) OR (attachment-filename == "\\.shs$")) OR (attachment-filename == "\\.url$")) OR (attachment-filename == "\\.vb$")) OR (attachment-filename == "\\.vbe$")) OR (attachment-filename == "\\.vbs$")) OR (attachment-filename == "\\.vss$")) OR (attachment-filename == "\\.vst$")) OR (attachment-filename == "\\.vsw$")) OR (attachment-filename == "\\.ws$")) OR (attachment-filename == "\\.wsc$")) OR (attachment-filename == "\\.wsf$")) OR (attachment-filename == "\\.wsh$"))) { bounce(); } AsyncOS recv-listener 30 . . attachment-filter: if (recv-listener == "Inbound") AND (attachment-filename == "\\. (386|exe|ad|ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|jse|l nk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shb|shs| url|vb|vbe|vbs|vss|vst|vsw|ws|wsc|wsf|wsh)$") { . "()" , . CPU . PDF PDF . . , PDF . PDF . PowerPoint . PDF . PDF "callout "call out" "c a l lout" . "callout" . . . · · · CUSIP(Committee on Uniform Security Identification Procedures) · ABA(American Banking Association) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 162 22: *credit 14, 15 16 . : enRoute . *aba ABA ABA . *ssn . *ssn , . *cusip CUSIP CUSIP . · , 163 , . ID_Credit_Cards: if(body-contains("*credit")){ notify("[email protected]"); } . . . *credit|*ssn . *SSN *ssn . "only-body-contains" . MIME true . . SSN-nohtml: if only-body-contains("*ssn") { duplicate-quarantine("Policy");} AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 163 . · True , 165 · , 165 · Subject() , 165 · Envelope Recipient( ) , 166 · Envelope Recipient in Group( ) , 166 · Envelope Sender( ) , 167 · Envelope Sender in Group( ) , 167 · Sender Group( ) , 168 · Body Size( ) , 168 · Remote IP( IP) , 169 · Receiving Listener( ) , 169 · Receiving IP Interface( IP ) , 170 · Date() , 170 · Header() , 170 · Random() , 171 · Recipient Count( ) , 172 · Address Count( ) , 172 · Body Scanning( ) , 172 · Body Scanning( ) , 173 · , 173 · Attachment Type( ) , 174 · Attachment Filename( ) , 174 · DNS List(DNS ) , 175 · SenderBase Reputation , 176 · Dictionary() , 177 · SPF-Status , 178 · SPF-Passed , 180 · S/MIME Gateway Message(S/MIME ) , 180 · S/MIME Gateway Verified(S/MIME ) , 181 · Workqueue-count , 181 · SMTP , 181 · Signed , 183 · Header Repeats( ) , 186 · URL Reputation(URL ) , 188 · URL Category(URL ) , 189 · Corrupt Attachment( ) , 189 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 164 True True · , 189 · , 190 · , 191 · , 192 · MIME , 192 · , 193 · ETF , 193 · SDR , 194 true . IP external . externalFilter: if (true) { alt-src-host('external'); } valid / MIME false, true . . not-valid-mime: if not valid { drop(); } Subject() subject . Make Money... . not-valid-mime: if not valid { drop(); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 165 Envelope Recipient( ) } ASCII . (: , ) . , 141 . true . EmptySubject_To_filter: if (header('Subject') != ".") OR (header('To') != ".") { drop(); } Subject To true , true . true . Envelope Recipient( ) rcpt-to . "scarface" . rcpt-to / . scarfaceFilter: if (rcpt-to == 'scarface') { drop(); } rcpt-to . , . Envelope Recipient in Group( ) rcpt-to-group LDAP . LDAP "ExpiredAccounts" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 166 Envelope Sender( ) expiredFilter: if (rcpt-to-group == 'ExpiredAccounts') { drop(); } rcpt-to-group . , . Envelope Sender( ) mail-from . [email protected] . mail-from / . . kremFilter: if (mail-from == '^admin@yourdomain\\.com$') { skip-filters(); } Envelope Sender in Group( ) mail-from-group LDAP ( LDAP ). LDAP "KnownSenders" . SenderLDAPGroupFilter: if (mail-from-group == 'KnownSenders') { skip-filters(); } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 167 Sender Group( ) Sender Group( ) sendergroup HAT(Host Access Table) . '=='() '!='() ( ) . Internal true , . senderGroupFilter: if (sendergroup == "Internal") { alt-mailhost("[172.17.0.1]"); } Body Size( ) . body-size . 5 . BigFilter: if (body-size > 5M) { bounce(); } body-size . body-size < 10M body-size <= 10M body-size > 10M body-size >= 10M body-size == 10M body-size != 10M . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 168 Remote IP( IP) 10b 13k 5M 40G 10 13 5 40(: Cisco 100 .) Remote IP( IP) remote-ip IP . IP IPv4(Internet Protocol version 4) IPv6(Internet Protocol version 6) . IP "Sender Group Syntax" (SBO, SBRS, dnslist ALL ). IP ( ) . 10.1.1.x IP ( X 50, 51, 52, 53, 54 55) . notMineFilter: if (remote-ip != '10.1.1.50-55') { bounce(); } Receiving Listener( ) recv-listener . . expedite . expediteFilter: if (recv-listener == 'expedite') { skip-filters(); } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 169 Receiving IP Interface( IP ) Receiving IP Interface( IP ) recv-int . . outside . outsideFilter: if (recv-int == 'outside') { bounce(); } Date() date . MM/DD/YYYY hh:mm:ss . . ( .) 2003 7 28 1 [email protected] . TimeOutFilter: if ((date > '07/28/2003 13:00:00') and (mail-from == 'campaign1@yourdomain\\.com')) { bounce(); } date $Date . Header() header() . ("header name"). (subject ) . "true", "false". X-Sample , "sample text" . . FooHeaderFilter: if (header('X-Sample') == 'sample text') { bounce(); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 170 Random() } ASCII . . X-DeleteMe . DeleteMeHeaderFilter: if header('X-DeleteMe') { strip-header('X-DeleteMe'); } (: , ) . , 141 . Random() random (0) N-1 . N . header() , "" . (0) true . A, B . load_balance_a: if (random(10) < 5) { alt-src-host('interface_a'); } else { alt-src-host('interface_b'); } load_balance_b: if (random(2)) { alt-src-host('interface_a'); } else { alt-src-host('interface_b'); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 171 Recipient Count( ) } Recipient Count( ) rcpt-count body-size . , . 100 . large_list_filter: if (rcpt-count > 100) { alt-src-host('mass_mailing_interface'); } Address Count( ) addr-count() , , . rcpt-count . "undisclosed-recipients" . large_list_filter: if (rcpt-count > 100) { alt-src-host('mass_mailing_interface'); } Body Scanning( ) body-contains() . delivery-status . body-contains() . MIME MIME Scan Behavior( ) CLI scanconfig . true . video/*, audio/*, image/* MIME . , .zip, .bzip, .compress, .tar .gzip . "" (: .zip .zip) . , 263 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 172 Body Scanning( ) Body Scanning( ) AsyncOS . , true . AsyncOS MIME , MIME . MIME AsyncOS . AsyncOS , . . AsyncOS Scan Behavior( ) scanconfig . AsyncOS MIME , 141 . MIME AsyncOS .zip .tar . . AsyncOS . "Company Confidential" . 2 . . ConfidentialFilter: if (body-contains('Company Confidential',2)) { notify ('[email protected]'); bounce(); } only-body-contains . disclaimer: if (not only-body-contains('[dD]isclaimer',1) ) { notify('[email protected]'); } encrypted . , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 173 Attachment Type( ) encrypted . . encrypted true . true, false . Scan Behavior( ) scanconfig . , 263 . , (BCC) . prevent_encrypted_data: if (encrypted) { bcc ('[email protected]'); bounce(); } Attachment Type( ) attachment-type MIME . , 263 Scan Behavior( ) scanconfig , (/) . MIME "true" . , 263 . Attachment Scanning( ), 229 . , video/* MIME . bounce_video_clips: if (attachment-type == 'video/*') { bounce(); } Attachment Filename( ) attachment-filename . / . , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 174 . "true" . . · MIME . MIME . · Cisco ( , 263 ). · ( ) . , attachment-filename . gzip (.exe). · (: foo.exe.gz) . , 175 . Attachment Scanning( ), 229 . , *.mp3 . block_mp3s: if (attachment-filename == '(?i)\\.mp3$') { bounce(); } · , 175 (: gzip ) . quarantine_gzipped_exe_or_pif: if (attachment-filename == '(?i)\\.(exe|pif)($|.gz$)') { quarantine("Policy"); } DNS List(DNS ) dnslist() DNSBL ("ip4r lookups" ) DNS . IP (IP 1.2.3.4 4.3.2.1 ) ( ). DNS AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 175 SenderBase Reputation DNS ( IP ) IP ( ) . IP 127.0.0.x . x 0~255(IP ). , . header() dnslist() . true, (: DNS ) false . Cisco Bonded Sender . whitelist_bondedsender: if (dnslist('query.bondedsender.org')) { skip-filters(); } , (==) (!=) . "127.0.0.2" . "false" . blacklist: if (dnslist('dnsbl.example.domain') == '127.0.0.2') { drop(); } SenderBase Reputation reputation SenderBase Reputation . > , == , <= . SenderBase Reputation ( , SenderBase Reputation Service ) ( , , ). no-reputation SBRS "none" . SenderBase Reputation Service -7.5 "*** BadRep ***" "Subject:" . note_bad_reps: if (reputation < -7.5) { strip-header ('Subject'); insert-header ('Subject', '*** BadRep $Reputation *** $Subject'); } " " . , 223 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 176 Dictionary() SenderBase Reputation -10 10, NONE . NONE no-reputation . none_rep: if (no-reputation) { strip-header ('Subject'); insert-header ('Subject', '*** Reputation = NONE *** $Subject'); } Dictionary() "dictonary_name" dictionary-match(<dictonary_name>) true . false . (/ ) " " . Cisco "secret_words" . copy_codenames: if (dictionary-match ('secret_words')) { bcc('[email protected]'); } "secret_words" Policy() . only-body-contains body-dictionary-match . (multipart/alternative ) . quarantine_data_loss_prevention: if (body-dictionary-match ('secret_words')) { quarantine('Policy'); } . quarantine_policy_subject: if (subject-dictionary-match ('gTest')) { quarantine('Policy'); } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 177 SPF-Status "to" . headerTest: if (header-dictionary-match ('competitorsList', 'to')) { bcc('[email protected]'); } attachment-dictionary-match(<dictonary_name>) dictionary-match . "secret_words" Policy() . quarantine_codenames_attachment: if (attachment-dictionary-match ('secret_words')) { quarantine('Policy'); } header-dictionary-match(<dictonary_name>, <header>) <header> dictionary-match . / "subject" "Subject" . "ex_employees" "cc" Policy() . quarantine_codenames_attachment: if (header-dictionary-match ('ex_employees', 'cc')) { quarantine('Policy'); } . . SPF-Status SPF/SIDF SPF/SIDF . spf-status SPF . , 599 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 178 SPF-Status SPF ID SPF SPF ID . SPF/SIDF . if (spf-status == "Pass") . if (spf-status == "PermError, TempError") HELO, MAIL FROM PRA ID . if (spf-status("pra") == "Fail") spf-status . skip-spam-check-for-verified-senders: if (sendergroup == "TRUSTED" and spf-status == "Pass"){ skip-spamcheck(); } quarantine-spf-failed-mail: if (spf-status("pra") == "Fail") { if (spf-status("mailfrom") == "Fail"){ # completely malicious mail quarantine("Policy"); } else { if(spf-status("mailfrom") == "SoftFail") { # malicious mail, but tempting quarantine("Policy"); } } } else { if(spf-status("pra") == "SoftFail"){ if (spf-status("mailfrom") == "Fail" or spf-status("mailfrom") == "SoftFail"){ AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 179 SPF-Passed # malicious mail, but tempting quarantine("Policy"); } } } stamp-mail-with-spf-verification-error: if (spf-status("pra") == "PermError, TempError" or spf-status("mailfrom") == "PermError, TempError" or spf-status("helo") == "PermError, TempError"){ # permanent error - stamp message subject strip-header("Subject"); insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); } . SPF-Passed spf-passed spf-passed . quarantine-spf-unauthorized-mail: if (not spf-passed) { quarantine("Policy"); } spf-status spf-passed SPF/SIDF . None, Neutral, Softfail, TempError, PermError Fail spf-passed . spf-status . S/MIME Gateway Message(S/MIME ) S/MIME Gateway Message(S/MIME ) S/MIME , , . S/MIME , S/MIME . quarantine_smime_messages: if (smime-gateway-message and not smime-gateway-verified) { quarantine("Policy"); } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 180 S/MIME Gateway Verified(S/MIME ) S/MIME , 537 . S/MIME Gateway Verified(S/MIME ) S/MIME Gateway Message Verified(S/MIME ) , , . S/MIME , S/MIME . quarantine_smime_messages: if (smime-gateway-message and not smime-gateway-verified) { quarantine("Policy"); } S/MIME , 537 . Workqueue-count workqueue-count workqueue-count . > , == , <= . , . wqfull: if (workqueue-count > 1000) { skip-spamcheck(); } SPF/SIDF SPF SIDF , 591 . SMTP SMTP smtp-auth-id-matches (<target> [, <sieve-char>]) SMTP ID . . smtp-auth-id-matches SMTP ID . *EnvelopeFrom SMTP Envelope Sender(MAIL FROM ) . *FromAddress From . From: . *Sender Sender . *Any ID SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 181 SMTP *None SMTP . (). . / . sieve-char . + [email protected] + . [email protected] +folder . SMTP ID . . $SMTPAuthID STMP ID . SMTP ID smtp-auth-id-matches . SMTP ID Sieve Char someuser [email protected] someuser [email protected] someuser [email protected] SomeUser [email protected] someuser [email protected] someuser + [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] SMTP , From SMTP ID . ID . . Msg_Authentication: if (smtp-auth-id-matches("*Any")) { # Always include the original authentication credentials in a # special header. insert-header("X-Auth-ID","$SMTPAuthID"); if (smtp-auth-id-matches("*FromAddress", "+") and AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 182 Signed smtp-auth-id-matches("*EnvelopeFrom", "+")) { # Username matches. Verify the domain if header('from') != "(?i)@(?:example\\.com|alternate\\.com)" or mail-from != "(?i)@(?:example\\.com|alternate\\.com)" { # User has specified a domain which cannot be authenticated quarantine("forged"); } } else { # User claims to be an completely different user quarantine("forged"); } } Signed signed . . ASN.1 DER , CMS SignedData Type (RFC 3852, Section 5.1.) . . signed . signedcheck: if signed { insert-header("X-Signed", "True"); } signed . Signed: if ((sendergroup == "NOTTRUSTED") AND NOT signed) { html-convert(); if (attachment_size > 0) { drop_attachments(""); } } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 183 Signed Certificate( ) Signed Certificate( ) signed-certificate X.509 S/MIME . X.509 . signed-certificate (<field> [<operator> <regular expression>]). · <field> "issuer" "signer", · <operator> == !=. · <regular expression> "issuer" "signer" . true . signed-certificate("issuer") signed-certificate("signer") S/MIME true . · , 184 · , 184 · , 184 · $CertificateSigners , 185 · 1, 186 X.509 subjectAltName rfc822Name . subjectAltName rfc822Name signed-certificate("signer") false . rfc822Name true . X.509 . AsyncOS LDAP-UTF8 . . · C=US,S=CA,O=IronPort · C=US,CN=Bob Smith X.509 signed-certificate("issuer") S/MIME X.509 . LDAP-UTF8 . LDAP-UTF8 LDAP(Lightweight Directory Access Protocol) String Representation of Distinguished Names(http://www.ietf.org/rfc/rfc4514.txt ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 184 $CertificateSigners signed-certificate LDAP-UTF8 . LDAP-UTF8 . LDAP-UTF8 "Example, Inc." . · Example\, Inc. · Example\,\ Inc\. signed-certificate Example\, Inc. . (LDAP-UTF8 ) . signed-certificate . $CertificateSigners $CertificateSigners subjectAltName , . . Alice . Bob . . S/MIME . [ { 'issuer': 'CN=Auth,O=Example\, Inc.', 'signer': ['[email protected]', '[email protected]'] }, { 'issuer': 'CN=Auth,O=Example\, Inc.', 'signer': ['[email protected]', '[email protected]'] }, { 'issuer': 'CN=Auth,O=Example\, Inc.', 'signer': ['[email protected]', '[email protected]'] } ] $CertificateSigners . "[email protected], [email protected], [email protected], [email protected]" AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 185 1 1 . Issuer: if signed-certificate("issuer") == "(?i)C=US" { insert-header("X-Test", "US issuer"); } example.com . NotOurSigners: if signed-certificate("signer") AND signed-certificate("signer") != "example\\.com$" { notify("[email protected]"); } X.509 . AnyX509: if signed-certificate ("issuer") { insert-header("X-Test", "X.509 present"); } . NoSigner: if not signed-certificate ("signer") { insert-header("X-Test", "Old X.509?"); } Header Repeats( ) Header Repeats( ) true . · 1 · 1 . . . header-repeats (<target>, <threshold> [, <direction>]). · <target> subject mail-from. AsyncOS . · <threshold> 1 . true . · <direction> incoming, outgoing . direction . Header Repeats( ) true . , 971 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 186 Header Repeats( ) . . Header Repeats( ) 1 . 1 . · Header Repeats( ) , 187 · , 187 Header Repeats( ) AND OR Header Repeats( ) . . F1: if (recv_listener == 'Gray') AND (header-repeats('subject', X, 'incoming') { drop();} AND OR Header Repeats( ) Header Repeats( ) . Header Repeats( ) , subject mail-from . Header Repeats( ) , OR . Signed Header Repeats( ) OR . f1: if signed OR (header-repeats('subject', 10)) { drop();} 9 Header Repeats( ) . 10 9 , . 1 X Policy() . f1 : if header-repeats('subject', X, 'incoming') { quarantine('Policy');} 1 X . f2 : if header-repeats('mail-from', X, 'outgoing') {drop();} AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 187 URL Reputation(URL ) 1 X . f3: if header-repeats('subject', X) {notify('[email protected]');} URL Reputation(URL ) URL URL . URL , 425 URL URL : , 433 . · msg_filter_name: . · whitelist URL (urllistconfig ). . url-reputation . url-reputation . <msg_filter_name>: url reputation('<min_score'>, <'max_score'>, '<whitelist>', '<include_attachments>','<include_message_body_subject>') {<action>} . · min_score max_score . . -10.0 10.0 . · include_attachments URL . '1' URL '0' URL . · include_message_body_subject URL . '1' URL '0' URL . url-no-reputation . url-no-reputation . <msg_filter_name>: if url_no_reputation('<whitelist>', '<include_attachments>','<include_message_body_subject>') AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 188 URL Category(URL ) {<action>} URL Category(URL ) URL URL . URL , 425 URL URL : , 433 . url-category . <msg_filter_name>: if url-category ([`<category-name1>','<category-name2>',..., `<category-name3>'],'<url_white_list>','<include_attachments>','<include_message_body_subject>') <action> . · msg_filter_name . · action . · category-name URL . . URL Category . URL , 446 . · url_white_list URL (urllistconfig ). · include_attachments URL . '1' URL '0' URL . · include_message_body_subject URL . '1' URL '0' URL . Corrupt Attachment( ) Corrupt Attachment( ) true . . · , 189 Policy Quarantine( ) . quar_corrupt_attach: if (attachment-corrupt) { quarantine("Policy"); } . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 189 · · . . Cisco Email Security Appliance . . . . ' ' . · Cisco Email Security Appliance · · 50 < msg_filter_name >: if (message language < operator > "< language1 >, < language2 >,..., < language n >") {< action >} . · msg_filter_name . · operator == != . · language . . . ([ ]) . · action . . DropMessagesWithUndeterminedLanguage: if (message-language == "unknown") { drop(); } . ussianDisclaimerRule: if (message-language == "ru") { add-heading("RussianDisclaimer"); . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 190 . <msg_filter_name>: if (macro-detection-rule (['file_type-1', 'file_type-2',... ,'file_type-n'])) {<action>} . · msg_filter_name . · file_type . · Adobe Portable Document Format · Microsoft Office · OLE · action . Microsoft Office . Drop_Messages_With_Macro-enabled_Office_Files: if (macro-detection-rule (['Microsoft Office Files'])) { drop(); } PDF . Strip_Macro_enabled_PDF: if (rcpt-to == "[email protected]") { drop-macro-enabled-attachments(['Adobe Portable Document Format']); } (From: ) . . (1~100) . forged-email-detection From: . . . · From: <[email protected]> `John Simons' 82 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 191 · From: <[email protected]> `John Simons' 100 . . , . , 610 . <filter_name>: if (forged-email-detection("<content_dictionary>", threshold)) {<action>;} . · filter_name . · content_dictionary . · threshold (1~100). From: 70 From: . FED_CF: if (forged-email-detection("Execs", 70)) { fed("from", ""); } duplicate_boundaries MIME . (: attachment-contains) (: drop-attachments-where-contains) ( MIME ) . <filter_name>: if (duplicate_boundaries){<action>;} MIME . DuplicateBoundaries: if (duplicate_boundaries) { quarantine("Policy"); } MIME malformed-header MIME . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 192 <filter_name>: if (malformed-header){<action>;} MIME . quarantine_malformed_headers: if (malformed-header) { quarantine("Policy"); } . <msg_filter_name>: if (geolocation-rule (['country_name-1', 'country_name-2',... ,'country_name-n'])) {<action>} . · msg_filter_name . · country_name . · action . Country1 Country2 . Quarantine_Incoming_Messages_from_Country1_and_Country2: if (geolocation-rule (['Country1', 'Country2'])) {quarantine("Policy");} ETF , ETF . : quarantine_msg_based_on_ETF: if (domain-external-threat-feeds (['etf_source1'], ['mail-from', 'from'], <'domain_exception_list'>)) { quarantine("Policy"); } · `domain-external-threat-feeds' . · `etf_source1' ETF . · `mail-from','from' . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 193 SDR · 'domain_exception_list' . "" . 'Errors To:' ETF . Quaranting_Messages_with_Malicious_Domains: if domain-external-threat-feeds (['threat_feed_source'], ['Errors-To'], "")) {quarantine("Policy");} SDR SDR . · · · "Poor". SDR Cisco Talos(https://www.talosintelligence.com) . : drop_msg_based_on_sdr_verdict: if sdr-reputation (['awful', 'poor'], "<domain_exception_list>") {drop();} : · 'drop_msg_based_on_sdr_verdict' . · 'sdr-reputation' . · 'awful','poor' SDR . · 'domain_exception_list' . "" . · 'drop' . SDR 'Unknownr' . quarantine_unknown_sdr_verdicts: if sdr-reputation (['unknown'], "") {quarantine("Policy")} AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 194 : <msg_filter_name> if sdr-age (<`unit'>, <`operator'> <`actual value'>) {<action>} : · 'sdr-reputation' . · 'sdr_age' SDR . · `unit' 'days', 'years', 'months' 'weeks' . · 'operator' . · >( ) · >=( ) · <( ) · <=( ) · ==() · !=( ) · Unknown( ) · `actual value' . . Drop_Messages_Based_On_SDR_Age: if (sdr-age ("unknown", "")) {drop();} . Drop_Messages_Based_On_SDR_Age: if (sdr-age ("months", <, 1, "")) { drop(); } : <msg_filter_name> if sdr-unscannable (<'domain_exception_list'>) {<action>} : · 'sdr-unscannable' . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 195 'domain_exception_list' . "" . SDR 'Unknown' . Quarantine_Messages_Based_On_Sender_Domain_Unscannable: if (sdr-unscannable ("")) {quarantine("Policy");} . 2 . · (, ) . · . . . , . · , 196 · , 206 · , 208 · , 209 . 23: Syntax alt-src-host IP ( ) . ( ) , 218 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 196 Syntax alt-rcpt-to alt-mailhost Notify notify notify-copy bcc bcc-scan archive quarantine (quarantine_name () duplicate-quarantine (quarantine_name strip-header insert-header . , 217 . . , 217 . . , 212 . notify , bcc-scan . , 212 . ( ). , 214 . , . , 214 . mbox . , 219 . quarantine_name . , 216 . . , 216 . . , 219 . . , 220 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 197 Syntax edit-header-text edit-body-text() HTML html-convert() bounce-profile skip-spamcheck skip-marketingcheck skip-socialcheck skip-bulkcheck skip-viruscheck . , 221 . . URL . , 221 . HTML . HTML . HTML , 222 . . , 222 . Cisco . , 223 . . , 223 . . , 223 . . , 223 . Cisco . , 224 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 198 Syntax skip-ampcheck Outbreak Filter skip-vofcheck drop-attachments-by-name drop-attachments-by-type drop-attachments-by-filetype MIME drop-attachments-by-mimetype . , 224 . Outbreak Filter . , 224 . . (zip, tar), Microsoft Office (doc, .docx) (winmail.dat) . , 237 . MIME ( MIME ) . (zip, tar) . , 237 . "" . (zip, tar) . , 237 . MIME . MIME . , 237 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 199 Syntax drop-attachments-by-size , ( ) . , . , 237 . drop-attachments-where-contains . ? (zip, tar) . , 237 . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 200 Syntax drop-macro-enabled-attachments . . Syntax drop-macro-enabled-attachments ([`file_type-1', 'file_type-2', ...,'file_type-n'], "custom_replacement_message") . · file_type . · Adobe Portable Document Format · Microsoft Office · OLE · . , 190 . drop-attachments-where-dictionary-match . MIME ( ) . , 237 . add-footer(footer-name) . " " " " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 201 Syntax add-heading(heading-name) . " " " " . encrypt-deferred . , . S/MIME smime-gateway-deferred / ("sending_profile") S/MIME . S/MIME , 211 . S/MIME / smime-gateway("sending_profile") S/MIME , . S/MIME , 212 . tag-message(tag-name) . DLP . . , 225 " " . Add Log Entry log-entry INFO . . . , 225 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 202 Syntax URL URL URL URL Defang URL URL Cisco · url-reputation-replace · url-no-reputation-replace URL URL URL . URL · url-reputation-defang · url-no-reputation-defang . URL , 226 · url-reputation-proxy-redirect . · url-no-reputation-proxy-redirect URL url-category-replace URL URL url-category-defang URL Defang URL URL URL . URL , 228 . URL url-category-proxy-redirect URL Cisco fed : . , 229 . no-op . , 229 . * skip-filters . , 210 . * drop . , 210 . * bounce . , 211 . * encrypt Cisco . , 211 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 203 * Syntax · , 204 attachment-filetype drop-attachments-by-filetype rules (: "exe" ) . AsyncOS . != , . .exe . exe_check: if (attachment-filetype != "exe") { drop(); } .exe .exe Email Security Appliance . 24: · doc · docx · mdb · mpp · ole · pdf · ppt · pptx · rtf · wps · x-wmf · xls · xlsx AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 204 · exe · java · msi · pif .dll .scr . · ace (ACE Archiver compressed file) · arc (SQUASH Compressed archive) · arj (Robert Jung ARJ compressed archive) · binhex · bz (Bzip compressed file) · bz2 (Bzip compressed file) · cab (Microsoft cabinet file) · gzip* (Compressed file - UNIX gzip) · lha (Compressed Archive [LHA/LHARC/LZH]) · rar (Compressed archive · sit (Compressed archive - Macintosh file [Stuffit]) · tar* (Compressed archive) · unix (UNIX compress file) · zip* (Compressed archive - Windows) · zoo (ZOO Compressed Archive File) * "body-scanned" . · txt · html · xml · bmp · cur · gif · ico · jpeg · pcx · png · psd · psp · tga · tiff AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 205 · aac · aiff · asf · avi · flash · midi · mov · mp3 · mpeg · ogg · ram · snd · wav · wma · wmv bcc(), bcc-scan(), notify(), notify-copy(), add-footer(), add-heading() insert-headers() , . . Cisco . 25: Syntax $AllHeaders . Body Size( ) $BodySize . Certificate Signers( subjectAltName $CertificateSigners ) . $CertificateSigners , 185 . $Date MM/DD/YYYY . . $dropped_filename Dropped File Names( ($filenames ). $dropped_filenames ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 206 Syntax Dropped File Types( ($filetypes $dropped_filetypes ) ). Envelope Sender( $EnvelopeFrom ) Envelope Sender(Envelope From, <MAIL FROM>) . Envelope Recipients( Envelope Recipient(Envelope To, $EnvelopeRecipients ) <RCPT TO>) . $filenames . File Sizes( ) $filesizes . $filetypes . GMTimeStamp $FilterName $GMTimeStamp . Received: GMT . HAT $Group . ">Unknown<" . $MatchedContent (body-contains ). $Policy HAT . ">Unknown<" . $Header['string '] . . $Hostname Cisco . ID $MID MID(Message ID) . $Header RFC822 "Message-Id" . $RecvListener . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 207 ASCII IP Syntax $RecvInt $RemoteIP $remotehost SenderBase Reputation $Reputation $Subject $Time $Timestamp . Cisco IP . Cisco . SenderBase Reputation . "None" . . . Received: . · ASCII , 208 ASCII ISO-2022 ( ) , . , UTF-8, QP(quoted printable) . Attachment Content( ) , Message Body or Attachment( ) , Message Body( ) , Attachment Content( ) . . $MatchedContent . , GUI . GUI , . GUI . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 208 17: . · , 210 · , 210 · , 211 · , 211 · , 212 · , 214 · , 216 · , 217 · , 217 · ( ) , 218 · , 219 · , 219 · , 220 · , 221 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 209 · , 221 · HTML , 222 · , 222 · , 223 · , 223 · , 224 · , 224 · , 224 · , 225 · , 225 · URL , 226 · URL , 228 · , 229 · , 229 skip-filters . skip-filters ( ) . skip-filters . [email protected] boss@admin . bossFilter: if(rcpt-to == 'boss@admin$') { notify('[email protected]'); skip-filters(); } drop . , , . [email protected] SPAM . spamFilter: if(subject == '^SPAM.*') { AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 210 notify('[email protected]'); drop(); } bounce (Envelope Sender) . @yahoo\\.com (). yahooFilter: if(mail-from == '@yahoo\\.com$') { bounce(); } encrypt . [encrypt] . Encrypt_Filter: if ( subject == '\\[encrypt\\]' ) { encrypt('My_Encryption_Profile'); } Cisco . . S/MIME smime-gateway-deferred S/MIME . , . S/MIME . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 211 S/MIME smime-deferred:if(mail-from == "[email protected]"){smime-gateway-deferred("smime-encrypt");} S/MIME smime-gateway S/MIME , . S/MIME . smime-deliver-now:if(mail-from == "[email protected]"){smime-gateway("smime-sign");} notify notify-copy . notify-copy (bcc-scan ). . · (MAIL FROM RCPT TO) · · , , . 4 , [email protected] , . bigFilter: if(body-size >= 4M) { notify('[email protected]'); drop(); } bigFilterCopy: if(body-size >= 4M) { notify-copy('[email protected]'); drop(); } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 212 (: [email protected]) , $EnvelopeRecipients( , 206 ) . bigFilter: if(body-size >= 4M) { notify('$EnvelopeRecipients'); drop(); } notify 3 . , , . . . ( , 206 ) . Message Notification . , $EnvelopeFrom . . , 236 . , [bigFilter] Message too large , , "message.too.large" . bigFilter: if (body-size >= 4M) { notify('[email protected]', '[$FilterName] Message too large', '$EnvelopeFrom', 'message.too.large'); drop(); } $MatchedContent . $MatchedContent . ABA . ABA_filter: if (body-contains ('*aba')){ AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 213 Notification Template notify('[email protected]','[$MatchedContent]Account Information Displayed'); } · Notification Template, 214 Notification Template Text Resources( ) textconfig CLI notify() notify-copy() . . , . $AllHeaders . " " . , . bigFilter: if (body-size >= 4M) { notify('$EnvelopeRecipients', '[$FilterName] Message too large', '$EnvelopeFrom', 'message.too.large'); drop(); } bcc . . , . johnny sue [email protected] . momFilter: if ((mail-from == '^johnny$') and (rcpt-to == '^sue$')) { bcc('[email protected]'); } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 214 bcc 3 . alt-mailhost . . . ( , 206 ) . , ($Subject ) . , $EnvelopeFrom . [Bcc] <original subject>, [email protected] . momFilter: if ((mail-from == '^johnny$') and (rcpt-to == '^sue$')) { bcc('[email protected]', '[Bcc] $Subject', '[email protected]'); } alt-mailhost . momFilterAltM: if ((mail-from == '^johnny$') and (rcpt-to == '^sue$')) { bcc('[email protected]', '[Bcc] $Subject', '$EnvelopeFrom', 'momaltmailserver.example.com'); } Bcc(), notify() bounce() . BCC . . . 10k . . bcc() . multiplealthosts: if (recv-listener == "IncomingMail") { insert-header('X-ORIGINAL-IP', '$remote_ip'); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 215 bcc-scan() bcc ('$EnvelopeRecipients', '$Subject', '$EnvelopeFrom', '10.2.3.4'); bcc ('$EnvelopeRecipients', '$Subject', '$EnvelopeFrom', '10.2.3.5'); bcc ('$EnvelopeRecipients', '$Subject', '$EnvelopeFrom', '10.2.3.6'); } bcc-scan() · , 257 bcc-scan bcc . momFilter: if ((mail-from == '^johnny$') and (rcpt-to == '^sue$')) { bcc-scan('[email protected]'); } quarantine(`quarantine_name') . "" . duplicate-quarantine(`quarantine_name') . . / . . . . . quarantine() bounce() drop() , . . skip-filters() , . skip-filters() , . "secret_word" Policy() . quarantine_codenames: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 216 if (dictionary-match ('secret_words')) { quarantine('Policy'); } .mp3 . .mp3 ( ) . (Policy() ). . strip_all_mp3s: if (attachment-filename == '(?i)\\.mp3$') { duplicate-quarantine('Policy'); drop-attachments-by-name('(?i)\\.mp3$'); } alt-rcpt-to . .freelist.com [email protected] . freelistFilter: if(rcpt-to == '\\.freelist\\.com$') { alt-rcpt-to('[email protected]'); } alt-mailhost IP IP . alt-mailhost . alt-mailhost . example.com . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 217 ( ) localRedirectFilter: if(true) { alt-mailhost('example.com'); } [email protected] Envelope To [email protected] example.com . smtproutes ( , 665 ). alt-mailhost . SMTP . 192.168.12.5 . local2Filter: if(true) { alt-mailhost('192.168.12.5'); } ( ) alt-src-host . IP IP . IP IP . , Cisco Email Security Appliance . Virtual GatewayTM , 718 . IP IP . IP 1.2.3.4 ( ) IP outbound2 . externalFilter: if(remote-ip == '1.2.3.4') { alt-src-host('outbound2'); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 218 } IP 1.2.3.4 IP Group1 . groupFilter: if(remote-ip == '1.2.3.4') { alt-src-host('Group1'); } archive mbox . . . . filters -> logconfig . logconfig filters . CLI , 240 . mbox UNIX , . UNIX "mail-f mbox.filename" . mbox . [email protected] joesmith . logJoeSmithFilter: if(mail-from == '^joesmith@yourdomain\\.com$') { archive('joesmith'); } strip-header . (: "Received:" ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 219 X-DeleteMe . stripXDeleteMeFilter: if (true) { strip-header('X-DeleteMe'); } (: , ) . , 141 . insert-header . AsyncOS . . My Company Name X-Company . addXCompanyFilter: if (not header('X-Company')) { insert-header('X-Company', 'My Company Name'); } insert-header() ASCII , ASCII ( ). QP(quoted printable) . strip-headers insert-header . (: Received:), MUA (: Subject: ). (: , ) . , 141 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 220 edit-header-text . . . Subject: SCAN Marketing Messages "SCAN" "Marketing Messages" . Remove_SCAN: if true { edit-header-text (`Subject', `^SCAN\\s*',''); } . Subject: Marketing Messages edit-body-text() Edit-Header-Text() , . edit-body-text() . Example: if true { edit-body-text("parameter 1","parameter 2"); } edit-body-text() . MIME " " " " , 141 . URL 'URL REMOVED' . URL_Replaced: if true { edit-body-text("(?i)(?:https?|ftp)://[^\\s\">]+", "URL REMOVED"); } "XXX-XX-XXXX" . ssn: if true { edit-body-text("(?!000)(?:[0-6]\\d{2}|7(?:[0-6]\\d|7[012]))([ AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 221 HTML -]?)(?!00)\\d\\d\\1(?!0000)\\d{4}", "XXX-XX-XXXX"); } edit-body-text() . HTML RFC 2822 , RFC 2822 (: MIME) . AsyncOS html-convert() HTML . Convert_HTML_Filter: if (true) { html-convert(); } Cisco MIME "" " " . html-convert() . , 141 . html-convert() HTML . (text/plain) . HTML (text/html) HTML HTML . , HTML . MIME(multipart/alternative ) text/plain text/html , text/html text/plain . MIME (: multipart/mixed) HTML . html-convert() . . . bounce-profile ( , 694 ). . ( ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 222 X-Bounce-Profile: fastbounce "fastbounce" . fastbounce: if (header ('X-Bounce-Profile') == 'fastbounce') { bounce-profile ('fastbounce'); } skip-spamcheck . . SenderBase Reputation . whitelist_on_reputation: if (reputation > 7.5) { skip-spamcheck(); } · , 381 · , 369 . skip-marketingcheck skip-socialcheck skip-bulkcheck "private_listener" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 223 internal_mail_is_safe: if (recv-listener == 'private_listener') { skip-socialcheck(); } skip-viruscheck . . "private_listener" . internal_mail_is_safe: if (recv-listener == 'private_listener') { skip-spamcheck(); skip-viruscheck(); } skip-ampcheck . . PDF . skip_amp_scan: if (attachment-filetype == 'pdf') { skip-ampcheck(); } Outbreak Filter skip-vofcheck Outbreak Filter . Outbreak Filter . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 224 "private_listener" Outbreak Filter . internal_mail_is_safe: if (recv-listener == 'private_listener') Outbreak Filters { skip-vofcheck(); } tag-message DLP . DLP . . [a-zA-Z0-9_-.] . . DLP " " . "[Encrypt]" . Cisco DLP . Tag_Message: if (subject == '^\\[Encrypt\\]') { tag-message('Encrypt-And-Deliver'); } log-entry INFO . . . . . CompanyConfidential: if (body-contains('Company Confidential')) { AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 225 URL log-entry('Message may have contained confidential information.'); bounce(); } URL URL URL URL . URL , 425 URL : URL URL , 434 . . URL · msg_filter_name: . · min_score max_score . . -10.0 10.0 . · "no-reputation" . · whitelist URL (urllistconfig .) . · Preserve_signed 0 1 . · 1 - · 0 - preserve_signed . · URL URL , 226 · URL URL Defang, 227 · URL URL Cisco , 227 URL URL url-reputation-replace . url-reputation-replace . <msg_filter_name>: if <condition> {url-reputation-replace(<min_score>, <max_score>,'<replace_text>', '< whitelist> ', < Preserve_signed> );} AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 226 URL URL Defang replace_text URL . url-no-reputation-replace . url-no-reputation-replace . <msg_filter_name>: if <condition> {url-no-reputation-replace ('<replace_text>', '<whitelist>', <Preserve_signed>);} replace_text URL . URL URL Defang url-reputation-defang . url-reputation-defang . <msg_filter_name>: if <condition> {url-reputation-defang (<min_score>, <max_score>, '<whitelist>', <Preserve_signed>);} url-no-reputation-defang . url-no-reputation-defang . <msg_filter_name>: if <condition> {url-no-reputation-defang ('<whitelist>', <Preserve_signed>);} URL URL Cisco url-reputation-proxy-redirect . url-reputation-proxy-redirect . <msg_filter_name>: if <condition> {url-reputation-proxy-redirect (<min_score>, <max_score>, '<whitelist>', <Preserve_signed>);} url-no-reputation-proxy-redirect . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 227 URL url-no-reputation-proxy-redirect . <msg_filter_name>: if <condition> {url-no-reputation-proxy-redirect ('<whitelist>', <Preserve_signed>);} URL URL URL URL . URL , 425 URL : URL URL , 434 . . URL · msg_filter_name: . · category-name URL . . URL Category . URL , 446 . · url_white_list URL (urllistconfig ). · unsigned-only: 0 1 . · 1 - · 0 - · URL URL , 228 · URL URL Defang , 228 · URL URL Cisco , 229 URL URL url-category-replace . <msg_filter_name>: if <condition> url-category-replace([`<category-name1>','<category-name2>',..., `<category-name3>'],'<replacement-text>', '<url_white_list>', <unsigned-only>); replacement-text URL . URL URL Defang url-category-defang . <msg_filter_name>: if <condition> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 228 URL URL Cisco url-category-defang([`<category-name1>','<category-name2>',..., `<category-name3>'], '<url_white_list>', <unsigned-only>); URL URL Cisco url-category-proxy-redirect . <msg_filter_name>: if <condition> url-category-proxy-redirect([`<category-name1>','<category-name2>',..., `<category-name3>'], '<url_white_list>', <unsigned-only>); No Operation( ) . Notify(), Quarantine(), Drop() . , No Operation( ) . Message Filters( ) . No Operation( ) . new_filter_test: if header-repeats ('subject', X, 'incoming') {no-op();} : . From: 70 From: . FED_CF: if (forged-email-detection("Execs", 70)) { fed("from", ""); } Attachment Scanning( ) Email Security Appliance . , . (: .exe) (: .doc) . . . Excel Word .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png Photoshop . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 229 Attachment Scanning( ) . · ACE · ALZ · Apple · ARJ · bzip2 · EGG · GNU Zip · ISO · Java · LZH · Microsoft Cabinet · RAR · RedHat Package Manager · Roshal (RAR) · Unix AR · UNIX · UNIX cpio · UNIX Tar · XZ · ZIP · 7-Zip Security Services > Scan Behavior( ) CLI contentscannerstatus . . , 263 . · , 231 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 230 · , 232 · , 232 · , 234 · , 236 · , 237 . ( .) ( ), ( , 237 ). 26: Syntax drop-attachments-by-name (<regular expression >[, <optional comment >]) . (zip, tar) . , 237 . drop-attachments-by-type (<MIME type >[, <optional comment >]) MIME ( MIME ) . (zip, tar) . "" drop-attachments-by-filetype . (<fingerprint name >[, <optional comment >]) (zip, tar) . MIME MIME drop-attachments-by-mimetype . (<MIME type >[, <optional comment >]) MIME . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 231 Syntax drop-attachments-by-size (<number >[, <optional comment >]) () ( ) . . drop-attachments-where-contains . (<regular expression >[, <optional comment >]) (zip, tar) . drop-attachments-where-dictionary -match(<dictionary name>) . MIME ( ) . , 237 . . . . . . . BMP, JPG, TIF, PNG, GIF, TGA, PCX . , . Cisco , . . . "clean()" "0" . "clean()" . GUI AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 232 1 Security Services( ) > IronPort Image Analysis(IronPort ) . 2 Enable() . , . . · Clean(): . , "clean()" . · Suspect(): . · Inappropriate(): . . . · Clean: 0~49 · Suspect: 50~74 · Inappropriate: 75~100 . , . , . 0( ) 100( ) . 65. · , 233 1 Security Services( ) > IronPort Image Analysis(IronPort ) . 2 Edit Settings( ) . 3 . 65. 4 Clean(), Suspect() Inappropriate() . . 5 , AsyncOS (). 100 . 100 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 233 imageanalysisconfig CLI . · , 234 . . . . , JPEG zip JPEG zip . zip . . (clean, suspect inappropriate) . , . . Thu Apr 3 08:17:56 2009 Debug: MID 154 IronPort Image Analysis: image 'Unscannable.jpg' is unscannable. Thu Apr 3 08:17:56 2009 Info: MID 154 IronPort Image Analysis: attachment 'Unscannable.jpg' score 0 unscannable Thu Apr 3 08:17:56 2009 Info: MID 6 rewritten to MID 7 by drop-attachments-where-image-verdict filter 'f-001' Thu Apr 3 08:17:56 2009 Info: Message finished MID 6 done . , . Inappropriate() suspect() . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 234 . image_analysis: if image-verdict == "inappropriate" { strip-header("Subject"); insert-header("Subject", "[inappropriate image] $Subject"); } else { if image-verdict == "suspect" { strip-header("Subject"); insert-header("Subject", "[suspect image] $Subject"); } } · , 235 , . . 1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Actions() Add Action( ) . 5 Strip Attachment by File Info( ) Image Analysis Verdict is( ) . 6 . · · · · · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 235 1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Conditions() Add Condition( ) . 5 Attachment File Info( ) Image Analysis Verdict( ) . 6 . · · · · · 7 Add Action( ) . 8 . 9 . GUI Text Resources( ) textconfig CLI . ASCII ( ). textconfig strip.mp3 , . .mp3 .mp3 . drop-mp3s: if (attachment-type == '*/mp3') { drop-attachments-by-filetype('Media'); notify ('$EnvelopeRecipients', 'Your mp3 has been removed', '$EnvelopeFrom', 'strip.mp3'); } , 212 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 236 . · , 237 · , 237 · , 239 · , 239 · , 239 AsyncOS . . X-Header . attach_disclaim: if (every-attachment-contains('[dD]isclaimer') ) { insert-header("X-Example-Approval", "AttachOK"); } . attachment-binary-contains , PDF . . match_PDF_Encrypt: if (attachment-filetype == 'pdf' AND attachment-binary-contains('/Encrypt')){ strip-header (`Subject'); insert-header (`Subject', `[Encrypted] $Subject'); } " " (.exe, .dll .scr) , ($dropped_filename ) . drop-attachments-by-filetype , . ("mpeg") ("Media") . strip_all_exes: if (true) { AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 237 drop-attachments-by-filetype ('Executable', "Removed attachment: $dropped_filename"); } example.com " " (.exe, .dll .scr) . strip_inbound_exes: if (mail-from != "@example\\.com$") { drop-attachments-by-filetype ('Executable'); } example.com " " (.exe, .dll .scr) ("wmf") . strip_inbound_exes_and_wmf: if (mail-from != "@example\\.com$") { drop-attachments-by-filetype ('Executable'); drop-attachments-by-filetype ('x-wmf'); } " " . ( .) strip_all_dangerous: if (true) { drop-attachments-by-filetype ('Executable'); drop-attachments-by-name('(?i)\\.(cmd|pif|bat)$'); } drop-attachments-by-name ASCII . drop-attachments-by-name MIME . MIME . .exe . . .exe . exe_check: if (attachment-filetype != "exe") { drop(); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 238 } .exe .exe Email Security Appliance . drop-attachments-where-dictionary-match . MIME ( ) . "secret_words" . 1 . Data_Loss_Prevention: if (true) { drop-attachments-where-dictionary-match("secret_words", 1); } attachment-protected . . zip . , PDF , . . quarantine_protected: if attachment-protected { quarantine("Policy"); } attachment-unprotected . attachment-protected . . AsyncOS . quarantine_unprotected: if attachment-unprotected { AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 239 quarantine("Policy"); } , ETF . : Strip_malicious_files: if (file-hash-etf-rule (['etf_source1'], <'file_hash_exception_list'>)) { file-hash-etf-strip-attachment-action (['etf_source1'], <'file_hash_exception_list>, "file stripped from message attachment"); } : · `file-hash-etf-rule' . · `etf_source1' ETF . · 'file_hash_exception_list' . "" . · 'file-hash-etf-strip-attachment-action' . ETF . Strip_Malicious_Attachment: if (true) {file-hash-etf-strip-attachment-action (['threat_feed_source'], "", "Malicious message attachment has been stripped from the message.");} CLI CLI , , /, / . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 240 CLI 27: Syntax filters . , (: new, delete, import). new . . . , 242 . delete . , 243 . move . , 242 . set . , 242 . import ( /configuration ). , 242 . export ( /configuration ). , 247 . list . , 247 . detail . , 247 . logconfig archive() logconfig . , 247 . commit . . 28: seqnum filtname . seqnum 2 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 241 range range X Y . X Y seqnum. 2-4 , , . X Y . -4 4 2- . all . · , 242 · , 243 · , 243 · , 243 · , 246 · , 247 · ASCII , 247 · , 247 · , 247 · , 247 · , 249 · , 250 new [seqnum|filtname|last] . last . . seqnum . filtname filtname, seqnum last . . (.) . . · · filtname · filtname · · (: ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 242 delete [seqnum|filtname|range] . . · . · move [seqnum|filtname|rangeseqnum|last] . last . . . · . · · · , . . CLI . ( ) . . AsyncOS . AsyncOS . "filterstatus" . filter -> set . ( ) . mail3.example.com> filters Choose the operation you want to perform: - NEW - Create a new filter. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 243 - IMPORT - Import a filter script from a file. []> new Enter filter script. Enter '.' on its own line to end. filterstatus: if true{skip-filters();} . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> list Num Active Valid Name 1 Y Y filterstatus Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> set AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 244 Enter the filter name, number, or range: [all]> all Enter the attribute to set: [active]> inactive 1 filters updated. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> detail Enter the filter name, number, or range: []> all Num Active Valid Name 1 N Y filterstatus filterstatus! if (true) { skip-filters(); } Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 245 - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> · , 246 set [seqnum|filtname|range] active|inactive . . · active: . · inactive: . . · filtname · . ( ) (!) . ). CLI . mailfrompm: mailfrompm! . import filename . configuration (interfaceconfig FTP/SCP ). , . . FTP, SSH SCP , 1199 . ( , 247 ), . , . . · · · filtname · · (: ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 246 export filename[seqnum|filtname|range] FTP/SCP configuration . FTP, SSH SCP , 1199 . , . . · . · ASCII ASCII CLI UTF-8 . / UTF-8 . ASCII ( , 246 ). list [seqnum|filtname|range] . . · · · / · / . · detail [seqnum|filtname|range] . logconfig AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 247 archive() . logconfig , . , logconfig . · - FTP Poll · - 10MB · - 10 "" . mail3.example.com> filters Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> logconfig Currently configured logs: 1. "joesmith" Type: "Filter Logs" Retrieval: FTP Poll Choose the operation you want to perform: - EDIT - Modify a log setting. []> edit Enter the number of the log you wish to edit. []> 1 Choose the method to retrieve the logs. 1. FTP Poll 2. FTP Push 3. SCP Push AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 248 [1]> 1 Please enter the filename for the log: [joesmith.mbox]> Please enter the maximum file size: [10485760]> Please enter the maximum number of files: [10]> Currently configured logs: 1. "joesmith" Type: "Filter Logs" Retrieval: FTP Poll Enter "EDIT" to modify or press Enter to go back. []> AsyncOS localeconfig . example.com> localeconfig Behavior when modifying headers: Use encoding of message body Behavior for untagged non-ASCII headers: Impose encoding of message body Behavior for mismatched footer or heading encoding: Try both body and footer or heading encodings Behavior when decoding errors found: Disclaimer is displayed as inline content and the message body is added as an attachment. Choose the operation you want to perform: - SETUP - Configure multi-lingual settings. []> setup If a header is modified, encode the new header in the same encoding as the message body? (Some MUAs incorrectly handle headers encoded in a different encoding than the body. However, encoding a modified header in the same encoding as the message body may cause certain characters in the modified header to be lost.) [Y]> If a non-ASCII header is not properly tagged with a character set and is being used or modified, impose the encoding of the body on the header during processing and final representation of the message? (Many MUAs create non-RFC-compliant headers that are then handled in an undefined way. Some MUAs handle headers encoded in character sets that differ from that of the main body in an incorrect way. Imposing the encoding of the body on the header may encode the header more precisely. This will be used to interpret the content of headers for processing, it will not modify or rewrite the header unless that is done explicitly as part of the processing.) [Y]> Disclaimers (as either footers or headings) are added in-line with the message body whenever possible. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 249 However, if the disclaimer is encoded differently than the message body, and if imposing a single encoding will cause loss of characters, it will be added as an attachment. The system will always try to use the message body's encoding for the disclaimer. If that fails, the system can try to edit the message body to use an encoding that is compatible with the message body as well as the disclaimer. Should the system try to re-encode the message body in such a case? [Y]> If the disclaimer that is added to the footer or header of the message generates an error when decoding the message body, it is added at the top of the message body. This prevents you to rewrite a new message content that must merge with the original message content and the header/footer-stamp. The disclaimer is now added as an additional MIME part that displays only the header disclaimer as an inline content, and the rest of the message content is split into separate email attachments. Should the system try to ignore such errors when decoding the message body? [N]> Behavior when modifying headers: Use encoding of message body Behavior for untagged non-ASCII headers: Impose encoding of message body Behavior for mismatched footer or heading encoding: Try both body and footer or heading encodings Behavior when decoding errors found: Disclaimer is displayed as inline content and the message body is added as an attachment. Choose the operation you want to perform: - SETUP - Configure multi-lingual settings. []> (: ) . . ( ) . " " " " . . 'Yes()' . 'No()' . filter . · big_messages. 10 body-size . · no_mp3s. .mp3 attachment-filename . · mailfrompm. [email protected] [email protected] mail-from . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 250 filter -> list . move . , . mail3.example.com> filters Choose the operation you want to perform: - NEW - Create a new filter. - IMPORT - Import a filter script from a file. []> new Enter filter script. Enter '.' on its own line to end. big_messages: if (body-size >= 10M) { drop(); } . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> new Enter filter script. Enter '.' on its own line to end. no_mp3s: if (attachment-filename == '(?i)\\.mp3$') { drop(); } . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 251 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> new Enter filter script. Enter '.' on its own line to end. mailfrompm: if (mail-from == "^postmaster$") { bcc ("[email protected]");} . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> list Num Active Valid Name AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 252 1 Y Y big_messages 2 Y Y no_mp3s 3 Y Y mailfrompm Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> move Enter the filter name, number, or range to move: []> 1 Enter the target filter position number or name: []> last 1 filters moved. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> list AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 253 Num Active Valid Name 1 Y Y no_mp3s 2 Y Y mailfrompm 3 Y Y big_messages Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> move Enter the filter name, number, or range to move: []> 2 Enter the target filter position number or name: []> 1 1 filters moved. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 254 - ROLLOVERNOW - Roll over a filter log file. []> list Num Active Valid Name 1 Y Y mailfrompm 2 Y Y no_mp3s 3 Y Y big_messages Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> mail3.example.com> commit Please enter some comments describing your changes: []> entered and enabled 3 filters: no_mp3s, mailfrompm, big_messages Do you want to save the current configuration for rollback? [Y]> n Changes committed: Fri May 23 11:42:12 2014 GMT . · , 256 · , 256 · , 260 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 255 %, @ ! . · user%otherdomain@validdomain · user@otherdomain@validdomain: · domain!user@validdomain sourceRouted: if (rcpt-to == "(%|@|!)(.*)@") { bounce(); } Sendmail/Qmail . (: %) , , , . Cisco . MTA . . , 75 . · , 256 · , 257 · , 257 · , 257 · "To:" , 258 · "From:" , 258 · SRBS , 258 · SRBS , 259 · Regex , 259 · SenderBase Reputation , 259 · , 259 · , 260 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 256 search_for_sensitive_content: if (Subject == "(?i)plaintiff|lawsuit|judge" ) { notify ("[email protected]"); } . header-dictionary-match() (Dictionary() , 177 ). competitorFilter: if (rcpt-to == '@competitor1.com|@competitor2.com') { bcc-scan('[email protected]'); } . block_harrasing_user: if (mail-from == "ex-employee@hotmail\\.com") { notify ("[email protected]"); drop (); } . drop_attachments: if (mail-from != "[email protected]") AND (attachment-filename == '(?i)\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$') { archive("Drop_Attachments"); insert-header("X-Filter", "Dropped by: $FilterName MID: $MID"); drop-attachments-by-name("\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$"); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 257 "To:" } "To:" "To" . drop() archive() . toTooBig: if(header('To') == "^.{500,}") { archive('tooTooBigdropped'); drop(); } "From:" "From:" . "from" . blank_mail_from_stop: if (recv-listener == "InboundMail" AND header("From") == "^$|<\\s*>") { drop (); } envelope from . blank_mail_from_stop: if (recv-listener == "InboundMail" AND (mail-from == "^$|<\\s*>" OR header ("From") == "^$|<\\s*>")) { drop (); } SRBS SenderBase Reputation note_bad_reps: if (reputation < -2) { strip-header ('Subject'); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 258 SRBS insert-header ('Subject', '***BadRep $Reputation *** $Subject'); } SRBS SBRS(SenderBase Reputation Score) . mod_sbrs: if ( (rcpt-count == 1) AND (rcpt-to == "@domain\\.com$") AND (reputation < -2) ) { drop (); } Regex , ("readme.zip", "readme.exe", "attach.exe" ). filename_filter: if ((body-size >= 9k) AND (body-size <= 20k)) { if (body-contains ("(?i)(readme|attach|information)\\.(zip|exe)$")) { drop (); } } SenderBase Reputation ("" ). Check_SBRS: if (true) { insert-header('X-SBRS', '$Reputation'); } . Policy_Tracker: if (true) { insert-header ('X-HAT', 'Sender Group $Group, Policy $Policy applied.'); } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 259 50 . bounce_high_rcpt_count: if ( (rcpt-count > 49) AND (rcpt-to != "@example\\.com$") ) { bounce-profile ("too_many_rcpt_bounce"); bounce (); } · , 260 · , 260 · , 261 · ( ), 261 · ( ), 261 · , 261 · , 262 . 'public1' 'public2' 'public1' . . public1 . virtual_gateways: if (recv-listener == "OutboundMail") { alt-src-host ("public2"); } . "listener1" "listener1" ( ). same_listener: if (recv-inj == 'listener1') { alt-src-host('listener1'); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 260 } . . textfilter-new: if (recv-inj == 'inbound' and body-contains("some spammy message")) { alt-rcpt-to ("[email protected]"); } ( ) ( , ). IP mycompany.com . DomainSpoofed: if (mail-from == "mycompany\\.com$") { if ((remote-ip != "1.2.") AND (remote-ip != "3.4.")) { drop(); } } ( ) , . domain_spoof: if ((recv-listener == "Inbound") and (mail-from == "@mycompany\\.com")) { archive('domain_spoof'); drop (); } : reject_domain_spoof: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 261 if (recv-listener == "MailListener") { insert-header("X-Group", "$Group"); if ((mail-from == "@test\\.mycompany\\.com") AND (header("X-Group") != "RELAYLIST")) { notify("[email protected]"); drop(); strip-header("X-Group"); } . Exchange Server . External_Loop_Count: if (header("X-ExtLoop1")) { if (header("X-ExtLoopCount2")) { if (header("X-ExtLoopCount3")) { if (header("X-ExtLoopCount4")) { if (header("X-ExtLoopCount5")) { if (header("X-ExtLoopCount6")) { if (header("X-ExtLoopCount7")) { if (header("X-ExtLoopCount8")) { if (header("X-ExtLoopCount9")) { notify ('[email protected]'); drop(); } else {insert-header("X-ExtLoopCount9", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount8", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount7", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount6", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount5", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount4", "from $RemoteIP");}} else {insert-header("X-ExtLoopCount3", "from $RemoteIP");}} AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 262 else {insert-header("X-ExtLoopCount2", "from $RemoteIP");}} else {insert-header("X-ExtLoop1", "1"); } AsyncOS 100 . (: ) . Scan Behavior( ) scanconfig . . , . zip MIME 'compressed', 'zip' 'application/zip' . 1 Security Services( ) > Scan Behavior( ) . 2 . . · . Add Mapping( ) . · . Import List( ) , configuration . configuration . , 935 . · Edit() . 3 . . a) Global Settings( ) Edit Global Settings( ) . b) . Action for attachments with MIME types / fingerprints in table above( . MIME / ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 263 Maximum depth of attachment recursion . to scan( ) Maximum attachment size to scan( . ) Attachment Metadata scan( . ) Attachment scanning timeout( . ) Assume attachment matches pattern if not scanned for any reason( . ) Action when message cannot be deconstructed to remove specified . attachments( ) Bypass all filters in case of a content or message filter error( . ) Encoding to use when none is specified( . ) Convert opaque-signed messages to clear-signed (S/MIME unpacking)( (S/MIME ) . (S/MIME )) URL URL . . RFC RFC . c) Submit() . 4 ( ) . Current Content Scanner files( ) Update Now( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 264 . CLI contentscannerupdate . 5 . . · · RFC · URL . · · · Security Services > Scan Behavior( ) Edit Global Settings( ) . . · · · · . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 265 . "Modify message subject( )" . ( ) ( ) . [WARNING: UNSCANNABLE EXTRACTION FAILURE] . . [WARNING: UNSCANNABLE EXTRACTION FAILED(: )] RFC [WARNING: UNSCANNABLE RFC NON-COMPLIANT(: RFC )] URL [WARNING: DECODING ERRORS WHEN APPLYING URL FILTERING ACTIONS(: URL )] . Yes() . . Yes() . . Yes() . . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 266 . . , . . . · · . "Modify message subject( )" . ( ) ( ) . [WARNING: UNSCANNABLE EXTRACTION FAILURE] . . [WARNING: UNSCANNABLE EXTRACTION FAILED(: )] RFC [WARNING: UNSCANNABLE RFC NON-COMPLIANT(: RFC )] URL [WARNING: DECODING ERRORS WHEN APPLYING URL FILTERING ACTIONS(: URL )] . Yes() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 267 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 268 10 . · , 269 · , 270 · , 271 · , 271 · , 274 · , 276 · , 281 Email Security Appliance . , . . · · · · · · · . Email Security Appliance , . IT . System Administrator( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 269 1 Email Security Appliance . . · Anti-Virus, 335 · File Reputation Filtering and File Analysis( ), 461 ( ) · Anti-Spam, 355 · . , 387 . · (Outbreak Filter), 399 · , 491 ( ) · , 283 2 ( ) , 283 . . 3 ( ) LDAP LDAP . , 756 . 4 ( ) , 276 . . 5 . . , 276 . 6 . . · : , 303 · : , 342 · : File Reputation Filtering and File Analysis( ), 461 · : , 362 · : , 392 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 270 · : Outbreak Filter Outbreak , 419 · : DLP , 511 . Email Security Appliance . · ACCEPT HAT . · RELAY HAT . SMTP AUTH . . GUI Mail Policies( ) > Incoming Mail Policies( ) Outgoing Mail Policies( ) CLI policyconfig . . . Advanced Malware Protection( ) . , Cisco "" . C170 C190 , . Email Security Appliance , . , . · , . , LDAP , , , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 271 · : · (RFC821 MAIL FROM ) · RFC822 From: · RFC822 Reply-To: , , , LDAP . · , 272 · , 272 ( ) . . . , . ( .) . . . . 29: 1 2 3 special_people ANY from_lawyers @lawfirm.com acquired_domains ANY Recipient [email protected] [email protected] ANY @newdomain.com @anotherexample.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 272 : 1: 1 2 3 4 engineering ANY 5 sales_team ANY 6 Default Policy ANY · : 1:, 273 · : 2:, 273 · : 3:, 273 PublicLDAP.ldapgroup: engineers jim@john@larry@ ANY [email protected] [email protected] . · (@lawfirm .com) (ANY) 2. · [email protected] 2. · [email protected] @lawfirm .com 5. [email protected] ([email protected], [email protected] [email protected]) . · [email protected] #3 , , . · [email protected] #5 . · [email protected] LDAP . . , 274 . [email protected]([email protected] ) [email protected] [email protected] . · [email protected] 1 , , . · (@lawfirm.com) (ANY) [email protected] 2 , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 273 . ( ) . . . · , "" . · . , . · , , , Advanced Malware Protection( ), DLP ( ), . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 274 (filters) (antispamconfig, antispamupdate) (antivirusconfig, antivirusupdate) (Advanced Malware Protection) (ampconfig) () , . 1 2 ( ) DLP . (policyconfig -> filters) (Outbreak Filter) (outbreakconfig, outbreakflush, outbreakstatus, outbreakupdate) (policyconfig) MID(message ID) (: MID 1 MID 2 MID 3 ). "" . trace . Email Security Manager( ) . · , 275 . , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 275 "" . , . . · , 276 · , 276 · , 280 . . . , 270 . 1 . · Mail Policies( ) > Incoming Mail Policies( ) · Mail Policies( ) > Outgoing Mail Policies( ) 2 . , . "Disable()" . 3 . 4 Submit() . 5 . · . , 270 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 276 · ( ) . , 272 . · ( ) . , , Advanced Malware Protection, , . , , . . 1 Mail Policies( ) > Incoming Mail Policies( ) Mail Policies( ) > Outgoing Mail Policies( ) . 2 Add Policy( ) . 3 . 4 ( ) Editable by (Roles)( ()) , . 5 . , 277 . 6 Submit() . 7 . 8 . 9 . 10 . · , 277 · , 356 . · : [email protected] · : user@ · : @example.com · : @.example.com · LDAP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 277 AsyncOS GUI CLI / . Joe@ [email protected] . . · . · . · , · , 1 Users() Add User( ) . 2 . . · Any Sender( ). . · Following Senders( ). . LDAP . · Following Senders are Not( ). . LDAP . , 279 . 3 . . · Any Recipient( ). . · Following Recipients( ). . LDAP . , . If one more conditions match( ) Only if all conditions match( ) . · Following Recipients are Not( ). . LDAP . Following Recipients( ) Only if all conditions match( ) . , 279 . 4 Submit() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 278 5 Users() . · , 276 · , 279 Add User( ) . Recipient Any Following Following Any Following Sender( Senders( Senders Recipient( Recipients( are Not( ) ) ) ) ) Following Recipients are Not( ) - - - - () Only if all conditions match( ) : user1 @, user2 @ : Recipient: user1@[AND]user2 @ AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 279 - - - : [email protected], [email protected] - - : [email protected], [email protected] () Only : if all conditions [email protected], match( [email protected] ) : [email protected], [email protected] - If one or more conditions match( ) : [email protected], [email protected] Sender: [email protected] [OR] [email protected] Recipient: [[email protected][AND][email protected]] [AND] [[NOT] [[email protected][AND][email protected]]] Sender: [NOT] [[email protected][OR][email protected]] Recipient: [email protected] [OR] [email protected] · , 277 Mail Policies( ) Find Policies( ) . [email protected] Find Policies( ) . . . · , 275 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 280 . , . "" , . , . , . . "" . "" . 30: / Anti-Spam : : : : "[Suspected : "[Marketing]" Spam]" : Anti-Virus : : : : : : : : AMP(Advanced : Malware Protection) : ( ) : : "[WARNING: ATTACHMENT UNSCANNED]" : : "[WARNING: ATTACHMENT(S) MAY CONTAIN MALWARE]" , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 281 SUMMARY STEPS 1. Mail Policies( ) > Mail Policy Settings( ) . 2. Add Priority( ) (: "From") . 3. Submit() . DETAILED STEPS 1 Mail Policies( ) > Mail Policy Settings( 1 ) . . Envelope Sender( ) . 2 Add Priority( ) (: "From") . 3 Submit() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 282 11 . · , 283 · , 283 · , 284 · , 293 · , 301 DLP . , . , , "" ( , 274 ) . . . Email Security Appliance " " . . . ( ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 283 · conditions() - ( ) · actions() - () · action variables( ) - ( ) · , 284 · , 284 · , 293 · , 299 1 ( ) . . · · · · · URL 2 . . · , 284 ( ) · , 293 · , 299 ( ) , 301 3 . . 4 , 269 . . Email Security Appliance "". . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 284 , . AsyncOS "" . true . , . . OR(" ...") , AND(" ...") . 31: ( ) . true . true . Contains text( ): ? Contains smart identifier( ): ? Contains term in content dictionary( ): <dictionary name> ? . , 613 . . , 613 . Number of matches required( ). true . , . delivery-status . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 285 Contains text( ): ? Contains smart identifier( ): ? . · · · CUSIP(Committee on Uniform Security Identification Procedures) · ABA(American Banking Association) Contains term in content dictionary( ): <dictionary name> ? . , 613 . . , 613 . Number of matches required( ). true . . . . URL Category(URL URL URL : , 433 URL ) , 446 . ? . body-size . ? . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 286 . ? body-contains() , "" . , . Contains a smart identifier( ). ? Contains terms in content dictionary( ). <dictionary name> ? . , 613 . . , 613 . Number of matches required( ). true . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 287 . ? Filename contains term in content dictionary( ). <dictionary name> ? . , 613 . . , 613 . File type( ). (UNIX file ) ? MIME type(MIME ). MIME ? MIME MIME attachment-type . ( "" .) Image Analysis( ). ? Suspect( ), Inappropriate(), Suspect or Inappropriate( ), Unscannable( ) Clean(). External Threat Feeds( ): ? Select a File Hash Exception List( ): ( ) Cisco Email Security Gateway . Cisco Email Security , 307 . Attachment is Corrupt( ). ? . ( , .) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 288 Subject Header( Subject Header( ): ? ) Contains terms in content dictionary( ): <dictionary name> ? . , 613 . . , 613 . Other Header Header name( ): ? Header value( ): ? . <dictionary name> ? . , 613 . . , 613 . URL Cisco Web Security : , 366 . Envelope Sender( ). Envelope Sender( )(, Envelope From, <MAIL FROM>) ? Matches LDAP group(LDAP ). Envelope Sender( )(, Envelope From, <MAIL FROM>) LDAP ? Contains term in content dictionary( ). <dictionary name> ? . , 613 . . , 613 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 289 Envelope Recipient( ). Envelope Recipient( )(, Envelope To, <RCPT TO>) ? Matches LDAP group(LDAP ). Envelope Recipient( )(, Envelope To, <RCPT TO>) LDAP ? Contains term in content dictionary( ). <dictionary name> ? . , 613 . . , 613 . Envelope Recipient( ) . , . Envelope Sender( )(, Envelope From, <MAIL FROM>) LDAP ? Receiving Listener( ? ) . Remote IP( IP) IP IP ? Remote IP( IP) IP . IPv4(Internet Protocol version 4) IPv6(version 6) . IP , 96 (SBO, SBRS, dnslist ALL ). Reputation Score SenderBase Reputation ? Reputation Score(Reputation ) SenderBase Reputation . DKIM , , , , DKIM ? AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 290 ? : . (1 ~ 100) . Forged Email Detection( ) From: . . . · From: <[email protected]> `John Simons' 82 . · From: <[email protected]> `John Simons' 100 . . , . Exception List( ) . . , 610 . SPF SPF ? SPF . SPF " " . SPF ID SPF SPF ID . S/MIME S/MIME , , ? S/MIME , 537 . S/MIME , , ? S/MIME , 537 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 291 ( )? . ? Cisco Email Security Appliance . . . . ' ' . · Cisco Email Security Appliance · · 50 MIME ? MIME . ( MIME ) (: ) (: ) . ? . . ? · · Cisco Email Security , 307 , 323 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 292 Email Security Appliance . , , . " "( ) Email Security Appliance , Outbreak Filter DLP . . , . Attachment Content( ) , Message Body or Attachment( ) , Message Body( ) , Attachment Content( ) . . $MatchedContent . . , . , . GUI CLI . , 299 . 32: Quarantine(). . Duplicate message( ): . . . . Encryption rule( ): , TLS . TLS , 529 . Encryption Profile( ). . Cisco Encryption Appliance . Subject(). . $Subject. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 293 Attachment contains( ). . (zip, tar) . Contains smart identifier( ). . Attachment contains terms in the content dictionary( ). <dictionary name> ? Number of matches required( ). true . , . Replacement message( ). . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 294 File name( ). . (zip, tar) . File size( ). () ( ) . . File type( ). "" . (zip, tar) . MIME type(MIME ). MIME . Image Analysis Verdict( ). . Suspect(), Inappropriate(), Suspect or Inappropriate( ), Unscannable( ) Clean() . External Threat Feeds( ). ETF . Select a File Hash Exception List( ). ( ) Cisco Email Security Gateway . Cisco Email Security , 307 . Replacement message( ). . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 295 . . Custom Replacement Message( )( ): . . <application/vnd.ms-excel> MIME <mail.example.com> drop-macro-enabled-attachments . Custom Replacement Message( ) . URL Reputation(URL ) URL : URL URL , 434 URL , 430 . URL "No Score( )" . S/MIME S/MIME . URL Category(URL ) URL : URL URL , 434 URL , 446 . S/MIME S/MIME . Above(). (). Below(). (). : . , 625 . Outbreak Filter . Bypass DKIM DKIM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 296 (Bcc:) Email addresses( ). . Subject(). . Return path (optional)( ( )). . Alternate mail host (optional)( ( )). . Notify Notify(). . . Subject(). . Return path (optional)( ( )). . Use template( ). . Include original message as an attachment( ). . Email address( ). . Send to Alternate Destination Mail host( ). Host( . ) . . IP IP . IP . Deliver from IP Interface(IP ) . IP . Header name( ). . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 297 / Inserts a new header into the message or modifies an existing header( ). Header name( ). . Specify value of new header( ). . Prepend to the Value of Existing Header( ). . Append to the Value of Existing Header( ). . Search & Replace from the Value of Existing Header( ). Search for() . Replace with() . . Replace with() . : . , 610 . DLP . DLP . . DLP , 494 . Add Log Entry INFO IronPort . . . S/MIME / S/MIME . , . S/MIME Sending Profile(S/MIME ): S/MIME S/MIME . S/MIME , 547 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 298 ( ) , . Encryption rule( ): , TLS . TLS , 529 . Encryption Profile( ). . Cisco Encryption Appliance . Subject(). . $Subject. S/MIME /( S/MIME , ) . S/MIME Sending Profile(S/MIME ): S/MIME S/MIME . S/MIME , 547 . ( ) . , . ( ) , Outbreak Filter . Drop (Final Action) . · , 299 , . . . 33: Syntax Body Size( ) $AllHeaders $BodySize . ( ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 299 Syntax $Date MM/DD/YYYY . . $dropped_filename Dropped File Names( $filenames , $dropped_filenames ) . Dropped File Types( $filetypes , $dropped_filetypes ) . Envelope Sender( $envelopefrom ) or $envelopesender Envelope Sender( )(Envelope From, <MAIL FROM>) . Envelope Recipients( $EnvelopeRecipients )(Envelope To, <RCPT TO>) . $filenames . File Sizes( ) $filesizes . $filetypes . GMTimeStamp $FilterName $GMTimeStamp . Received: (GMT ). HAT $Group . ">Unknown<" . $Policy HAT . ">Unknown<" . $MatchedContent . , . $Header['string '] . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 300 ID Syntax $Hostname $MID $RecvListener $RecvInt IP $RemoteIP $remotehost SenderBase Reputation $Reputation $Subject $Time $Timestamp Email Security Appliance . MID(Message ID) . RFC822 "Message-Id" ( $Header ). . . Email Security Appliance IP . . SenderBase Reputation . "None" . . ( ). Received: ( ). · , 301 · , 303 · , 303 · GUI , 304 · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 301 · . · . · . 1 Mail Policies( ) > Incoming Mail Policies( ) . Mail Policies( ) > Outgoing Mail Policies( ). 2 Add Filter( ) . 3 . 4 (X-REF) Editable By (Roles)( ()) Policy Administrator( ) OK() . Policy Administrator( ) . 5 ( ) . a) Add Condition( ) . b) . c) . d) OK() . e) . ( AND) , ( OR) . . 6 . a) Add Action( ) . b) . c) . d) OK() . e) . f) . "" , AsyncOS . 7 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 302 · . · . 1 Mail Policies( ) > Incoming Mail Policies( ) . Mail Policies( ) > Outgoing Mail Policies( ). 2 . 3 Content Filtering for Default Policy( ) "Disable Content Filters( )" "Enable Content Filters (Customize settings)( ( ))" . ( , 283 ) . "Enable Content Filters (Customize settings)( ( ))" . 4 Enable() . 5 . · . , 276 . 1 Mail Policies( ) > Incoming Mail Policies( ) . Mail Policies( ) > Outgoing Mail Policies( ). 2 (Content Filters ) . 3 Content Filtering for Policy: Engineering( : ) "Enable Content Filtering (Inherit default policy settings)( ( ))" "Enable Content Filtering (Customize settings)( ( ))" . 4 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 303 GUI 5 . GUI · . . ( true() . .) · , . " " . · . · . . ^ $ * + ? { [ ] \ | ( ) '\'() . : "\*Warning\*" · "benign()" . "deliver()" . . Email Security Manager( ) (: ) . · , " " . . · Incoming or Outgoing Content Filters( ) 1 . · Incoming or Outgoing Mail Policies( ) . · . · Bcc: . ( , , , 847 .) (, ) . · "Entire Message( )" Scan Behavior( ) scanconfig . "Entire Message( )" . "Subject( )" "Header()" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 304 GUI · LDAP (, ldapconfig LDAP ) LDAP GUI . · GUI . , Text Resources( ) CLI textconfig . · , , . · (UTF-8) · (UTF-16) · /-1(ISO 8859-1) · /-1(Windows CP1252) · (Big 5) · (GB 2312) · (HZ GB 2312) · (ISO 2022-KR) · (KS-C-5601/EUC-KR) · (Shift-JIS (X0123)) · (ISO-2022-JP) · (EUC) . . . · Incoming or Outgoing Content Filters( ) "Description()", "Rules()" "Policies()" . · Description() . ( .) · Rules() . · Policies() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 305 GUI AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 306 12 Cisco Email Security . · , 307 · Cisco Email Security , 308 · Cisco Email Security , 309 · , 309 · , 312 · , 313 · , 313 · , 320 · , 321 · , 321 · , 321 · , 322 ETF( ) Cisco Email Security TAXII STIX . Cisco Email Security . · , , . · . · Cisco Email Security . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 307 Cisco Email Security Cisco Email Security Cisco Email Security ETF . Cisco . STIX (Structured Threat Information eXpression) . STIX . STIX IOC( ) . · ( ) · IP ( IP ) · ( ) · URL ( URL ) TAXII(Trusted Automated eXchange of Indicator Information) (TAXII ) . STIX 1.1.1 1.2 TAXII 1.1 . Cisco Email Security . 1 Cisco Email Security Cisco Email Security ETF . , 309 2 Cisco Email Security , 309 TAXII STIX ETF . 3 , 312 . · HAT · 4 , URL , 320 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 308 Cisco Email Security Cisco Email Security Cisco Email Security Cisco Email Security ETF . 1 Security Services > External Threat Feeds( ) . 2 Enable() . 3 Accept() . Cisco Email Security ETF . 4 Enable External Threat Feeds( ) . 5 ( ) ETF ETF Yes() . 6 . ETF . , 309 . ETF TAXII . Cisco Email Security TAXII STIX ETF . Cisco Email Security 8 ETF . ' ' ' ' ETF . · Cisco Email Security ETF . · -80 HTTP 443 HTTPS . , 1227 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 309 Cisco Email Security 1 Mail Policies( ) > External Threat Feeds Manager( ) . 2 Add Source( ) . 3 ETF . ETF . ETF . TAXII TAXII (FQDN(Fully Qualified Domain Name) IP ) . TAXII (: /taxii-data) . TAXII (: guest.Abuse_ch) . Polling Interval( ) TAXII . 15 60. TAXII . 1~365 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 310 Cisco Email Security HTTPS . 1. 'Age of Threat Feeds( )' . 'Time Span for Poll Segment( )' . · TAXII 'Age of Threat Feeds( )' . · TAXII . · TAXII 30 . · 'Age of Threat Feeds( )' TAXII , . , 100 TAXII (: '40 days') 40 . (: '5 days') . HTTPS TAXII Yes() . TAXII TAXII Yes() . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 311 Cisco Email Security 4 . Cisco Email Security TAXII Yes() . . · Security Services > Service Updates( ) · CLI updateconfig No() Cisco Email Security TAXII . ETF Cisco Email Security TAXII . · CLI threatfeedsconfig > sourceconfig ETF . · ( ) Mail Policies( ) > External Threat Feeds Manager( ) Suspend Polling( )( ) ETF . · ( ) Mail Policies( ) > External Threat Feeds Manager( ) Resume Polling( )( ) ETF . · ( ) Mail Policies( ) > External Threat Feeds Manager( ) Poll Now( ) . · , 312 . Cisco Email Security . · HAT · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 312 Cisco Email Security · , 313 . · , 313 . EFT IP . 1 Mail Policies( ) > HAT Overview(HAT ) . 2 . 3 Edit Settings( ) . 4 IP ETF . 5 ( ) ETF Add Row( ) . 6 . ETF . · URL - ETF URL . · - ETF . · - ETF . · , 314 . · , 315 · URL , 315 · URL , 317 · , 318 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 313 Cisco Email Security · , 240 . ' ' ETF . · ) . Mail Policies( ) > Address Lists( ) CLI addresslistconfig . , 269 . · ( ) . . 1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 Domain Reputation( ) . 6 External Threat Feeds( ) . 7 ETF . 8 . 9 ( ) Cisco Email Security . 10 OK() . 11 Add Action( ) . 12 . . Cisco Email Security . 1 Security Services > Domain Reputation( ) . 2 Edit Settings( ) . 3 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 314 Cisco Email Security 4 . CLI domainrepconfig . AsyncOS for Cisco Email Security Appliances CLI . , ETF . : quarantine_msg_based_on_ETF: if (domain-external-threat-feeds (['etf_source1'], ['mail-from', 'from'], <'domain_exception_list'>)) { quarantine("Policy"); } · `domain-external-threat-feeds' . · `etf_source1' ETF . · `mail-from','from' . · 'domain_exception_list' . "" . 'Errors To:' ETF . Quaranting_Messages_with_Malicious_Domains: if domain-external-threat-feeds (['threat_feed_source'], ['Errors-To'], "")) {quarantine("Policy");} URL 'URL ' ETF URL . ETF 'URL ' . · 'URL ' . · 'URL ' . · 'URL ' . 'URL ' URL . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 315 URL Cisco Email Security · 'URL ' 11~20 . · 'URL ' 4~10 . · Cisco Email Security URL . URL Security Services > URL Filtering(URL ) . URL , 425 . · Cisco Email Security . Security Services > Outbreak Filters( ) . (Outbreak Filter), 399 . · Cisco Email Security . Security Services > Anti-Spam() . Anti-Spam, 355 . · ( ) URL . Mail Polices(Mail ) > URL Lists(URL ) . URL , 425 . 1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 URL Reputation(URL ) . 6 External Threat Feeds( ) . 7 URL ETF . 8 ( ) Cisco Email Security URL . 9 / URL Check URLs within( URL ) . 10 OK() . 11 Add Action( ) . 12 URL Reputation(URL ) . 13 External Threat Feeds( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 316 Cisco Email Security URL 14 ETF (7). 15 ( ) 8 URL . 16 ' ' / ' ' URL Check URLs within( URL ) . 17 / URL . 16 'Check URLs within( URL )' 'Attachments( )' . 18 . 19 OK() . 20 . WBRS( ) ETF URL , WBRS URL ETF URL . URL , ETF URL URL 'URL ' . : defang_url_in_message: if (url-external-threat-feeds (['etf_source1'], <'URL_whitelist'>, <'message_attachments'> , <'message_body_subject'> ,)) { url-etf-defang(['etf-source1'], "", 0); } <'URL_whitelist'> , <'Preserve_signed'>)} · `url-external-threat-feeds' URL . · `etf_source1' URL ETF . · `URL_whitelist' URL . URL "" . · `message_attachments' URL . '1' URL . · 'message_body_subject' URL . '1' URL . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 317 Cisco Email Security "1,1" , URL . · 'url-etf-defang' URL . URL ETF . · url-etf-strip(['etf_source1'], "None", 1) · url-etf-defang-strip(['etf_source1'], "None", 1, "Attachment removed") · url-etf-defang-strip(['etf_source1'], "None", 1) · url-etf-proxy-redirect(['etf_source1'], "None", 1) · url-etf-proxy-redirect-strip(['etf_source1'], "None", 1) · url-etf-proxy-redirect-strip(['etf_source1'], "None", 1, " Attachment removed") · url-etf-replace(['etf_source1'], "", "None", 1) · url-etf-replace(['etf_source1'], "URL removed", "None", 1) · url-etf-replace-strip(['etf_source1'], "URL removed ", "None", 1) · url-etf-replace-strip(['etf_source1'], "URL removed*", "None", 1, "Attachment removed") · 'Preserve_signed' '1' '0' . '1' '0' . URL ETF . Strip_Malicious_URLs: if (true) {url-etf-strip(['threat_feed_source'], "", 0);} ' ' ETF . ETF . ETF ' ' . · ' ' . · ' ' . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 318 Cisco Email Security · ' ' ' ' . ' ' ' ' . · ' ' 10~15 . · ' ' 4~9 . ( ) . Mail Polices(Mail ) > File Hash Lists( ) . , 319 . 1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 Attachment File Info( ) . 6 External Threat Feeds( ) . 7 ETF . 8 ( ) Cisco Email Security . 9 OK() . 10 Add Action( ) . 11 Strip Attachment by File Info( ) . 12 External Threat Feeds( ) . 13 etf (7 ). 14 ( ) 8 . 15 . 1 Mail Policies( ) > File Hash Lists( ) . 2 Add File Hash List( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 319 Cisco Email Security 3 ('SHA256' 'MD5' ) . 4 3 . 5 . , ETF . : Strip_malicious_files: if (file-hash-etf-rule (['etf_source1'], <'file_hash_exception_list'>)) { file-hash-etf-strip-attachment-action (['etf_source1'], <'file_hash_exception_list>, "file stripped from message attachment"); } : · `file-hash-etf-rule' . · `etf_source1' ETF . · 'file_hash_exception_list' . "" . · 'file-hash-etf-strip-attachment-action' . ETF . Strip_Malicious_Attachment: if (true) {file-hash-etf-strip-attachment-action (['threat_feed_source'], "", "Malicious message attachment has been stripped from the message.");} , URL . 1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Content Filters( ) . 3 Enable Content Filters (Customize Settings)( ( )) . 4 , URL . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 320 Cisco Email Security 5 . Cisco Email Security ETF . , ETF . Cisco ETF . (: ) ETF . ETG . · Security Services > External Threat Feeds( ) Update Now( ) . · CLI threatfeedupdate . ETF Security Services > External Threat Feeds( ) 'External Threat Feeds Engine Updates( )' CLI threatfeedstatus . ETF . / ETF 'source' - TAXII $source _name . . 'reason' - : $reason . Information(). TAXII . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 321 Cisco Email Security / ETF $type $count - $count . . $ type - Information(). . . ETF IOC . · . Security Services > Centralized Services( ) > Message Tracking( ) . · . 1 Monitor() > Message Tracking( ) . 2 Advanced() . 3 Message Event( ) External Threat Feeds( ) . 4 IOC IOC . 5 ( ) Cisco Email Security ETF ETF All External Threat Feed Sources( ) . 6 ( ) Cisco Email Security ETF Current External Threat Feed Sources( ) ETF . 7 ( ) ETF 'External Threat Feed Sources( )' ETF . 8 Search() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 322 13 . · , 323 · , 326 · Cisco Email Security , 326 · , 327 · , 331 · , 331 · , 332 · , 332 · , 332 Cisco SDR( ) . Cisco SDR( ) . IP , , SMTP(Simple Mail Transfer Protocol) FQDN(Fully Qualified Domain Name) . Cisco Cisco Talos SDR( ) (http://www.cisco.com/go/ccp). · SDR Cisco . · Cisco IPAS Cisco TAC(Technical Assistance Center) SDR . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 323 SDR SDR SDR , . 34: SDR . . FN() . . . FN() FP( ) . Talos SDR poor() awful( ) SDR . . . . Talos . . ( . ) . Talos . (Talos ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 324 Good SDR SDR . . Talos . Talos . . Talos "unknown" . Talos . . . SPF, DKIM , . DKIM ("From:" . ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 325 1 2 3 Cisco Email Security Cisco Email Security SDR . , 326 AsyncOS 12.0 SDR . SDR . , 327 SDR , 331 . Cisco Email Security AsyncOS 12.0 SDR . 1 Security Services > Domain Reputation( ) . 2 Enable() . 3 Enable Sender Domain Reputation Filtering( ) . 4 ( ) SDR SDR Include Additional Attributes( ) . , SDR . · 'Envelope From( ):', 'From( ):', 'Reply-To( ):' . · 'From( ):' 'Reply-To( ):' . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 326 5 ( ) SDR () . SDR . 6 ( ) Envelope From( ): SDR Match Domain Exception List based on Domain in Envelope From Envelope From( ): . 7 Submit() . 8 ( ) SDR Include Additional Attributes Agreement(SDR ) I Agree( ) . SDR Include Additional Attributes Agreement(SDR ) Include Additional Attributes( ) . 9 Commit() . SDR . , 327 . ' ' SDR . · · · · , 328 · , 330 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 327 "Poor". SDR SDR , 324 . : drop_msg_based_on_sdr_verdict: if sdr-reputation (['awful', 'poor'], "<domain_exception_list>") {drop();} : · 'drop_msg_based_on_sdr_verdict' . · 'sdr-reputation' . · 'awful','poor' SDR . · 'domain_exception_list' . "" . · 'drop' . SDR 'Unknown' . quarantine_unknown_sdr_verdicts: if sdr-reputation (['unknown'], "") {quarantine("Policy")} : <msg_filter_name> if sdr-age (<`unit'>, <`operator'> <`actual value'>) {<action>} : · 'sdr-reputation' . · 'sdr_age' SDR . · `unit' 'days', 'years', 'months' 'weeks' . · 'operator' . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 328 · >( ) · >=( ) · <( ) · <=( ) · ==() · !=( ) · Unknown( ) · `actual value' . . Drop_Messages_Based_On_SDR_Age: if (sdr-age ("unknown", "")) {drop();} . Drop_Messages_Based_On_SDR_Age: if (sdr-age ("months", <, 1, "")) { drop(); } : <msg_filter_name> if sdr-unscannable (<'domain_exception_list'>) {<action>} : · 'sdr-unscannable' . 'domain_exception_list' . "" . SDR 'Unknown' . Quarantine_Messages_Based_On_Sender_Domain_Unscannable: if (sdr-unscannable ("")) {quarantine("Policy");} AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 329 · ( ) . Mail Policies( ) > Address Lists( ) CLI addresslistconfig . , 269 . · ( ) . , 330 . 1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 Domain Reputation( ) . 6 SDR . · SDR Sender Domain Reputation Verdict( ) . "Poor". SDR SDR , 324 . · Sender Domain Age( ) , , , . · SDR Sender Domain Reputation Unscannable( ) . 7 ( ) Cisco Email Security SDR . 8 Add Action( ) SDR . 9 . . Cisco Email Security SDR . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 330 SDR . SDR , Envelope From( ):, From( ):, Reply-To( ): . Envelope From( ): SDR Domain Reputation settings( ) 'Match Domain Exception List based on Domain in Envelope From Envelope From( )' . 1 Security Services > Domain Reputation( ) . 2 Edit Settings( ) . 3 . 4 . CLI domainrepconfig . AsyncOS for Cisco Email Security Appliance CLI . SDR . 1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Content Filters( ) . 3 'Enable Content Filters (Customize Settings)( ( ))' . 4 SDR . 5 . , SDR . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 331 SDR . · . Security Services > Message Tracking( ) . · SDR . 1 Monitor() > Message Tracking( ) . 2 Advanced() . 3 Message Event( ) Sender Domain Reputation( ) . 4 SDR SDR . 5 ( ) SDR Unscannable( ) . 6 ( ) SDR . 7 Search() . SDR . / MAIL.IMH.SENDER_DOMAIN_ SDR . 'reason' - SDR LOOKUP_FAILURE_ALERTS - <$reason> . Warning() SDR . SDR . Info() Debug() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 332 SDR SDR SDR . Info() Debug() . · , 333 · , 333 · , 334 · , 334 SDR SDR . Mon Jul 2 08:57:18 2018 Info: New SMTP ICID 3 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 08:57:18 2018 Info: ICID 3 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled Mon Jul 2 08:57:18 2018 Info: Start MID 3 ICID 3 Mon Jul 2 08:57:18 2018 Info: MID 3 ICID 3 From: <[email protected]> Mon Jul 2 08:57:18 2018 Info: MID 3 ICID 3 RID 0 To: <[email protected]> Mon Jul 2 08:57:18 2018 Info: MID 3 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 08:57:18 2018 Info: MID 3 Subject 'Message 001' Mon Jul 2 08:57:19 2018 Info: MID 3 SDR: Message was not scanned for Sender Domain Reputation. Reason: Authentication failure. CLI sdradvancedconfig Cisco Email Security SDR . SDR SDR . Mon Jul 2 09:00:13 2018 Info: New SMTP ICID 4 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 09:00:13 2018 Info: ICID 4 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled Mon Jul 2 09:00:13 2018 Info: Start MID 4 ICID 4 Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 From: <[email protected]> Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 RID 0 To: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:00:13 2018 Info: MID 4 Subject 'Message 001' Mon Jul 2 09:00:13 2018 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation. Reason: Request timed out. SDR . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 333 SDR Cisco Email Security SDR . Mon Jul 2 09:04:08 2018 Info: ICID 7 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled Mon Jul 2 09:04:08 2018 Info: Start MID 7 ICID 7 Mon Jul 2 09:04:08 2018 Info: MID 7 ICID 7 From: <[email protected] > Mon Jul 2 09:04:08 2018 Info: MID 7 ICID 7 RID 0 To: <[email protected] > Mon Jul 2 09:04:08 2018 Info: MID 7 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:04:08 2018 Info: MID 7 Subject 'Message 001' Mon Jul 2 09:04:08 2018 Info: MID 7 SDR: Message was not scanned for Sender Domain Reputation. Reason: Invalid host configured. CLI sdradvancedconfig Cisco Email Security SDR . SDR . Mon Jul 2 09:00:13 2018 Info: New SMTP ICID 4 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 09:00:13 2018 Info: ICID 4 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled Mon Jul 2 09:00:13 2018 Info: Start MID 4 ICID 4 Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 From: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 RID 0 To: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:00:13 2018 Info: MID 4 Subject 'Test mail' Mon Jul 2 09:00:13 2018 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation. Reason: Unknown error. . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 334 14 Anti-Virus . · , 335 · Sophos , 336 · McAfee Anti-Virus , 339 · , 340 · , 351 · , 352 Cisco Sophos McAfee . , Cisco . McAfee Sophos , , , , . . "", , X-header , , . , " " ( , 63 ). . · , 336 · , 336 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 335 Anti-Virus Cisco 30 . Security Services( ) > Sophos/McAfee Anti-Virus (GUI), antivirusconfig systemsetup (CLI) . . 30 Cisco . System Administration( ) > Feature Keys( ) featurekey . ( , 926 .) AsyncOS , . Cisco . , Sophos McAfee . Sophos McAfee " " . (McAfee Anti-Virus , 339 Sophos , 336 ) . . Cisco . . McAfee , Sophos . McAfee , Sophos . McAfee Cisco Sophos , . Sophos Cisco Sophos, Plc. . Sophos Anti-Virus , . Sophos Anti-Virus , . " " . . · , 337 · , 337 · , 337 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 336 Anti-Virus · , 338 · Sophos , 338 · , 339 Sophos Sophos Anti-Virus , Microsoft COM(Component Object Model) . . " " . . . . · · · OLE2 Cisco SAV . ( ) . . . . , . Word . MIME . . . . · , 338 · , 338 · , 338 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 337 Anti-Virus , . ( ) . Sophos . Sophos , ( ) . . Sophos . . . , . . DOS Windows , Sophos Virus Description Language . , Sophos . , . . . , . , . Sophos . Sophos , 30% . . Sophos . Sophos Cisco Sophos Anti-Virus Sophos http://www.sophos.com/virusinfo/notifications/ Sophos . Sophos . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 338 Anti-Virus Sophos Anti-Virus () . Sophos Anti-Virus , . . . , . , . . Mail Policies > Incoming or Outgoing Mail Policies( > ) (GUI) policyconfig -> antivirus (CLI) . , 342 . McAfee Anti-Virus McAfee® . · . · . · . · . · , 339 · , 339 · , 340 · , 339 McAfee , (DAT) . . . . · . . . · . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 339 Anti-Virus . . . . . , . , , . . , . . Sophos Anti-Virus () . Sophos Anti-Virus , . . . , . , . . Mail Policies > Incoming or Outgoing Mail Policies( > ) (GUI) policyconfig -> antivirus (CLI) . , 342 . 1 Email Security Appliance . , 341 2 . , 276 3 ( ) , , Outbreak , 852 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 340 Anti-Virus 4 5 6 , . 342 . , 347 ( ) . , 351 · , 341 · , 342 · , 347 · , 348 · , 350 . . Sophos, McAfee . 1 Security Services( ) > McAfee . Security Services( ) > Sophos . 2 Enable() . Enable() . . 3 Accept() . 4 Edit Global Settings( ) . 5 . . 60. 6 ( ) Enable Automatic Updates( ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 341 Anti-Virus 7 . . , 342 . Cisco ( ) . . Mail Policies( ) > Incoming or Outgoing Mail Policies( ) (GUI) policyconfig > antivirus (CLI) . · , 342 · , 343 · , 344 · Scan for Viruses Only( ) . . . · Scan and Repair Viruses( ) . "" . · Dropping Attachments( ) . " " . . This attachment contained a virus and was stripped. Filename: filename Content-Type: application/filetype AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 342 Anti-Virus . ( , 346 ). . · X-IronPort-AV X-IronPort-AV: . , " " . X-IronPort-AV . . . - . . ( , 344 ). , , . . . . . ( , 173 ) "" . PGP S/MIME "" . PGP S/MIME . ZIP Microsoft Word Excel . " " . 3.8 AsyncOS Sophos Anti-Virus , . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 343 Anti-Virus . , . , . · , 344 · , 345 · , 345 · , 345 · , 346 · , 346 · , 346 · , 347 · , 347 , . , , , ( , 345 ). . . · · · GUI "Advanced()" . · · · · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 344 Anti-Virus . . , 348 . . . . . . , . ( ) "avarchive" . mbox . "Anti-Virus Archive" . , 1053 . GUI "Archive original message( )" "Advanced()" . . "Modify message subject( )" . ( ) ( ) . [WARNING: VIRUS REMOVED] . . Encrypted() [WARNING: MESSAGE ENCRYPTED] AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 345 Anti-Virus Infected() Repaired() [WARNING: VIRUS DETECTED] [WARNING: VIRUS REMOVED] [WARNING: A/V UNSCANNABLE] (: , ). , / . (CLI GUI ). . Repaired() The following virus(es) was detected in a mail message: <virus name(s)>( <virus name(s)> .) Actions taken: Infected attachment dropped (or Infected attachment repaired)( : ( )). Encrypted() The following message could not be fully scanned by the anti-virus engine due to encryption( ). Unscannable( The following message could not be fully scanned by the anti-virus engine( ) ). Infectious() The following unrepairable virus(es) was detected in a mail message: <virus name(s)>( <virus name(s)> ). . Yes() . skip-viruscheck . , 224 . . Yes() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 346 Anti-Virus , . Yes() . , . . , / ( ) . . , 621 . 18: $TRUSTED , WHITELIST . , 101 . . "Use Default( )" . . . GUI CLI policyconfig > antivirus . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 347 Anti-Virus . . 1 Mail Policies > Incoming Mail Policies( > ) Mail Policies > Outgoing Mail Policies( > ) . 2 . . 3 Yes() Use Default( ) . . Disable() . "Yes()" Repaired(), Encrypted(), Unscannable( ) Virus Infected( ) . 4 . McAfee Sophos . 5 Message Scanning( ) . , 342 . 6 Repaired(), Encrypted(), Unscannable( ) Virus Infected( ) . , 343 , 344 . 7 Submit() . 8 . drop attachments . "Drop infected attachments if a virus is found and it could not be repaired( )" , MIME . clean() . (GUI ) . "Scan for Viruses only( )" "clean()". RFC822 . "Scan for Viruses only( )" "Drop infected attachments if a virus is found and it could not be repaired( )" . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 348 Anti-Virus Drop-attachments( ): NO() Scanning(): Scan-Only() Cleaned messages( ): Deliver() . Unscannable messages( ): DROP message( ) Encrypted messages( ): Send to administrator or quarantine for review( ) Viral messages( ): Drop message( ) Drop-attachments( ): YES() Scanning(): Scan and Repair( ) . Cleaned messages( ): [VIRUS REMOVED] and Deliver([ ] ) Unscannable messages( ): Forward as attachment( ) Encrypted messages( ): Mark and forward( ) Viral messages( ): Quarantine or mark and forward( ) Drop-attachments( ): YES() Scanning(): Scan and Repair( ) Cleaned messages( ): [VIRUS REMOVED] and Deliver([ ] ) ( ) Unscannable messages( ): Send notification(s), quarantine, OR drop and archive( , ) Encrypted messages( ): Mark and forward OR treat as unscannable( ) Viral messages( ): Archive and drop( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 349 Anti-Virus Drop-attachments( ): NO() Scanning(): Scan-Only() Cleaned messages( ): Deliver()( ) . Unscannable messages( ): Forward as attachment( ), alt-src-host alt-rcpt-to Encrypted messages( ): Treat as unscannable( ) Viral messages( ): Forward to quarantine or administrator( ) . 19: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 350 Anti-Virus Cisco McAfee , Sophos . McAfee . McAfee Cisco (, ) . 1 . Security Services( ) > Sophos/McAfee Anti-virus antivirusconfig , Email Security Manager( ) (GUI) policyconfig antivirus . 2 , . X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . . "X5O..." (0) O . PDF HTML . . 3 EICAR.COM . 68 70. . , , . . 4 EICAR.COM , 1 . . ( , 131 .) Cisco (: Microsoft Exchange ) , . . 5 , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 351 Anti-Virus . 1. Scan and Repair( ) Scan only() ( ). · Eicar . ( , 344 ) . 2. Scan and Repair( ) Scan only() ( ). · Eicar . · ( , 343 ) . http://www.eicar.org/anti_virus_test_file.htm . 4 . . · HTTP , 352 · , 353 · , 353 · , 353 HTTP Sophos McAfee . . Cisco 5 . Sophos McAfee . . . 1 (Security Services > Service Updates( > ) ). 10 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 352 Anti-Virus Security Services > Service Updates( > ) . , . , 945 . Security Services( ) > Sophos McAfee antivirusstatus CLI , , . . , 353 . 1 Security Services( ) > Sophos McAfee Anti-Virus . 2 Current McAfee/Sophos Anti-Virus Files( McAfee/Sophos ) Update Now( ) . . CLI antivirusstatus antivirusupdate . , Updater Logs( ) . tail . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 353 Anti-Virus AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 354 15 Anti-Spam . · , 355 · , 356 · IronPort Anti-Spam , 358 · Cisco Intelligent Multi-Scan , 360 · , 362 · , 369 · , 369 · Cisco , 370 · IP , 374 · , 383 · , 384 ( ) . · . · . . · . · Not spam( ) · Suspected spam( ) · Positively-identified spam( ) · . , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 355 Anti-Spam . , . . , , , . , 63 . · , 356 Cisco . · IronPort Anti-Spam , 358 . · Cisco Intelligent Multi-Scan , 360 . Cisco , . . 1 Email Security Appliance . . Cisco IronPort Anti-Spam Intelligent Multi-Scan . · IronPort Anti-Spam , 358 · Cisco Intelligent Multi-Scan , 360 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 356 Anti-Spam 2 Email Security Appliance Security Management Appliance . · , 868 · , 1188 3 , 276 . 4 , 362 . 5 Cisco Anti-Spam , 223 skip-spamcheck . 6 () SenderBase Reputation "Use SenderBase for Flow Control( Senderbase )" SenderBase Reputation Service . . , 108 . 7 Email Security Appliance IP , , , 374 IP . 8 . , 369 9 ( ) URL URL , 427 URL . 10 . , 384 11 ( ) ( ) . Cisco . · , 945 · , 949 · , 949 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 357 IronPort Anti-Spam Anti-Spam IronPort Anti-Spam · , 358 · Cisco Anti-Spam: , 358 · IronPort Anti-Spam , 359 Cisco Cisco Anti-Spam 30 . Security Services( ) > IronPort Anti-Spam (GUI), systemsetup antispamconfig (CLI) . Cisco Anti-Spam . Cisco Anti-Spam 30 ( , 2: , 31 ) . 30, 15, 5, 0 . 30 Cisco . System Administration( ) > Feature Keys( ) featurekey . ( , 926 .) Cisco Anti-Spam: IronPort Anti-Spam , (: "419" ) . IronPort Anti-Spam URL (: ) . IronPort Anti-Spam , , , , . IronPort Anti-Spam (SenderBase) . IronPort Anti-Spam 100,000 . · - ? · - ? · - ? · - ? . , IP "" PC URL . , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 358 Anti-Spam · , 359 · URL , 425 Cisco Anti-Spam . , . · . . . , . · . . . IronPort Anti-Spam . · IronPort Anti-Spam , 359 IronPort Anti-Spam IronPort Anti-Spam . · . , 359 . 1 Security Services( ) > IronPort Anti-Spam . 2 IronPort Anti-Spam . a) Enable() . b) Accept() . 3 Edit Global Settings( ) . 4 Enable IronPort Anti-Spam Scanning(IronPort Anti-Spam Scanning ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 359 Cisco Intelligent Multi-Scan Anti-Spam . 5 Cisco Anti-Spam . 1. - 1MB . " " . . 3MB . . 2. - 2MB . Cisco Anti-Spam X-IronPort-Anti-Spam-Filtered: true . 10MB . . always scan( ) never scan( ) . Outbreak Filter Cisco Anti-Spam Outbreak Filter . () . 1~120 . 60. , . . . 6 . Cisco Intelligent Multi-Scan Cisco Intelligent Multi-Scan Cisco Anti-Spam . Cisco Intelligent Multi-Scan : AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 360 Anti-Spam Cisco Intelligent Multi-Scan · . · Cisco Intelligent Multi-Scan Cisco Anti-Spam . · Cisco Anti-Spam AsyncOS . · Cisco Anti-Spam Cisco Anti-Spam . Cisco Intelligent Multi-Scan . Cisco Anti-Spam , Cisco Intelligent Multi-Scan . Cisco Intelligent Multi-Scan . Cisco . , Intelligent Multi-Scan Cisco Anti-Spam Cisco Intelligent MultiScan Cisco Anti-Spam . · Cisco Intelligent Multi-Scan , 361 Cisco Intelligent Multi-Scan Cisco Intelligent Multi-Scan . . , 926 . IronPort Intelligent Multi-Scan . 1 Security Services( ) > IronPort Intelligent Multi-Scan . 2 Cisco Intelligent Multi-Scan . a) Enable() . b) Accept() . 3 Edit Global Settings( ) . 4 Enable IronPort Intelligent Multi-Scan(IronPort Intelligent Multi-Scan ) . . Mail Policies( ) . 5 Cisco Intelligent Multi-Scan . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 361 Anti-Spam . · 512K · 1M 6 () . 1~120 . 60. . , . 7 . . . . . . · , 356 . · . · , 365 · : , 365 · , 366 · , : , 367 . · , 369 · " " , , 1053 . · , , 217 . 1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Mail Policies > Outgoing Mail Policies( > ) . 3 Anti-Spam() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 362 Anti-Spam 4 Enable Anti-Spam Scanning for This Policy( ) . . , . . 5 , . Enable Suspected Spam . Scanning( ) . Enable Marketing Email Scanning( ) Apply This Action to , Message( . ) · · · · ( ) (SMTP DNS ) . IP . MX( ) . MX DNS A (SMTP ). . , 217 . . . ( ) ( ) . [SPAM] . " " US-ASCII . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 363 Anti-Spam ( ) ( ) . Advanced() . URL Cisco Web Security . URL Cisco Web Security : , 366 . ( ) . Advanced() . . . " " . mbox . Spam Thresholds( , ) . 6 . Host Access Table , . , 101 . · , 356 · , 365 · : , 365 · , 366 · URL Cisco Web Security : , 366 · : , 367 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 364 Anti-Spam . . . 90 100 . 50. · . · . . 50~99 . 25 . : · ( ) . , . · ( ) . , . , . . " " "" . · , 356 · : , 365 : () () · "[ ]" · "[ "[ ]" ]" AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 365 Anti-Spam . ( ) . . . . , 281 . Marketing Email Settings( ) , AsyncOS 9.5 for Email Marketing Email Settings( ) . , 387 . URL Cisco Web Security : Cisco Web Security URL . . URL . URL , 426 . 1 . a) Mail Policies( ) > Incoming Mail Policies( ) . b) Anti-Spam() . c) Suspected Spam Settings( ) . d) Advanced() Add Custom Header( ) . e) url_redirect . f) . 2 URL . a) Mail Policies > Incoming Content Filters( > ) . b) Add Filter( ) . c) url_redirect . d) Add Condition( ) . e) Other Header( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 366 Anti-Spam : f) url_redirect . . g) Header exists( ) . h) OK() . i) Add Action( ) . j) URL Category(URL ) . k) Available Categories( ) Selected Categories( ) . l) Action on URL(URL ) Redirect to Cisco Security Proxy(Cisco Security ) . m) OK() . 3 . a) Mail Policies( ) > Incoming Mail Policies( ) . b) Content Filters( ) . a) Enable Content Filters( ) . b) url_filtering . c) . · URL , 403 · , 283 : ( CLI systemsetup ) Cisco Intelligent Multi-Scan Cisco Anti-Spam . , Security Services( ) . Mail Policies( ) > Incoming Mail Policies( ) . . . "" Cisco Anti-Spam . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 367 : 20: - Anti-Spam Cisco Intelligent Multi-Scan Partners() Anti-Spam( ) (" "). Cisco Intelligent Multi-Scan Yes() . . Cisco Intelligent Multi-Scan . 21: Mail Policies( ) - Cisco Intelligent Multi-Scan . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 368 Anti-Spam 22: - Intelligent Multi-Scan Cisco IronPort (: ) URL . . , 276 , 223 . · . X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result Cisco . . · Cisco Intelligent Multi-Scan . · , . , 362 . · URL Cisco Web Security : , 366 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 369 Cisco Anti-Spam Cisco Cisco . . . · · · · · · Cisco , 370 · , 374 Cisco Cisco . . 1 ID . ID Cisco Email Security . 1. . 2. System Administration( ) > Email Submission and Tracking Portal Registration( ) . 3. . 4. Set Registration ID( ID ) . 5. Registration ID( ID) . 16 48 , (-) (_) . 6. . 7. 1~6 . CLI portalregistrationconfig ID . 2 Cisco . Cisco Cisco . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 370 Anti-Spam Cisco Cisco Cisco . · : 1. Cisco Cisco (https://email-submission.cisco.com) . 2. Register a new Registration ID( ID ) 1 ID Register() . ID . · : 1. Cisco Cisco (https://email-submission.cisco.com) . 2. Register as an administrator( ) Register() . Register() . Admin registration requests( ) . 3 Cisco . 1. Cisco . 2. Configuration() > Domains() . 3. Add new domain( ) . 4. Add() . . , example.com [email protected] . . [email protected] . domain.com . . [email protected] postmaster [email protected] [email protected] . . redirect_postmaster: if (rcpt-to == "[email protected]") AND (mail-from == "^[email protected]$") { alt-rcpt-to ("[email protected]"); } AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 371 Cisco Anti-Spam Cisco https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/ 200648-ESA-FAQ-How-to-work-with-Cisco-Email-Su.html . 1 Cisco , 370 . 2 Cisco . · Cisco Email Security , 372 · Cisco , 373 · , 373 Cisco 2 . . 2 . Help() > Troubleshooting Instructions( ) . , 374 Cisco Email Security Cisco Email Security ( ) Microsoft Outlook Cisco . Microsoft Outlook Microsoft Outlook . . · https://software.cisco.com/portal/pub/download/portal/ select.html?&mdfid=284900944&flowid=41782&softwareid=283090986 Cisco Email Security . · Cisco Email Security (http://www.cisco.com/c/en/us/support/ security/email-encryption/products-user-guide-list.html) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 372 Anti-Spam Cisco Cisco Cisco Cisco . . . 1 Cisco Cisco (https://email-submission.cisco.com) . 2 Submissions() New Submission( ) . 3 . EML 15MB . 4 Create() . Cisco . https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance Cisco /117822-qanda-esa-00.html Cisco https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance /200648-ESA-FAQ-How-to-work-with-Cisco-Email-Su.html Cisco https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/ 200653-ESA-FAQ-Troubleshooting-Email-Submissio.html RFC 822 . · - [email protected] · - [email protected] · - [email protected] · - [email protected] · - [email protected] . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 373 Anti-Spam · Apple Mail · Microsoft Outlook for Mac · Microsoft Outlook Web App · Mozilla Thunderbird Microsoft Windows Microsoft Outlook 2010, 2013 2016 , Cisco Email Security Microsoft Outlook Web App . Windows Outlook . . Cisco . 1 Cisco Cisco (https://email-submission.cisco.com) . 2 Submission() . 3 (, ID, , ) . https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/ 200648-ESA-FAQ-How-to-work-with-Cisco-Email-Su.html. . IP / (MX MTA), Cisco IP . MX/MTA . IronPort Anti-Spam Cisco Intelligent Multi-Scan(SenderBase Reputation Service ) IP . . Cisco MX/MTA IP IP . · , 375 · , 376 · , 381 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 374 Anti-Spam · , 383 . IP 7.8.9.1 MX/MTA Cisco IP 10.2.3.4 . 23: MX/MTA - Cisco . A 7.8.9.1 Cisco MX MTA . B 7.8.9.1 Cisco MX . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 375 24: MX/MTA - Anti-Spam · , 376 · , 376 · , 378 MX/MTA Cisco . 1 Network() > Incoming Relays( ) . 2 Enable() . 3 . . · Email Security Appliance AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 376 Anti-Spam · IP , 378 . · IP Received . · . · IP . · MX, MTA IP . 1 Network() > Incoming Relays( ) . 2 Add Relay( ) . 3 . 4 Email Security Appliance MTA, MX IP . IPv4 IPv6 , CIDR IP . MTA , MTA IP (: 10.2.3.1/8 10.2.3.1~10). IPv6 AsyncOS . · 2620:101:2004:4202::0-2620:101:2004:4202::ff · 2620:101:2004:4202:: · 2620:101:2004:4202::23 · 2620:101:2004:4202::/64 5 IP . . a) . () Received . b) : . . SenderIP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 377 Anti-Spam X-CustomHeader c) Received : IP . IP "" . 6 . . · DHAP . , 382 . · . , 383 . · , 356 . · , 378 · , 379 . . IP . . SenderIP: 7.8.9.1 X-CustomHeader: 7.8.9.1 MX/MTA , . C D IP 10.2.3.5 . C 2 D . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 378 Anti-Spam 25: MX/MTA - · , 376 IP MX/MTA , "Received:" IP . "Received:" IP "" . , ( - MX/MTA - 10.2.3.5) . ( - MX/MTA - ) Cisco ( , 378 ). ( Received: ) . (Cisco . , 383 . AsyncOS Received: IP . Cisco Received: . IP Cisco IP . ([) IP 7.8.9.1 . ()) IP . IP (10.2.3.5). - MX/MTA - . · A - 10.2.3.5(Received 2 ) · B - 10.2.6.1(Received 2 ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 379 Anti-Spam - MX/MTA - Cisco . (Cisco ) . . 35: Received: ( A 1) 1 Microsoft Mail Internet Headers Version 2.0 Received: from smemail.rand.org ([10.2.2.7]) by smmail5.customerdoamin.org with Microsoft SMTPSVC(5.0.2195.6713); Received: from ironport.customerdomain.org ([10.2.3.6]) by smemail.customerdoamin.org with Microsoft SMTPSVC(5.0.2195.6713); 2 Received: from mta.customerdomain.org ([10.2.3.5]) by ironport.customerdomain.org with ESMTP; 21 Sep 2005 13:46:07 -0700 3 Received: from mx.customerdomain.org (mx.customerdomain.org) [10.2.3.4]) by mta.customerdomain.org (8.12.11/8.12.11) with ESMTP id j8LKkWu1008155 for <[email protected]> 4 Received: from sending-machine.spamham.com (sending-machine.spamham.com [7.8.9.1]) by mx.customerdomain.org (Postfix) with ESMTP id 4F3DA15AC22 for <[email protected]> 5 Received: from linux1.thespammer.com (HELO linux1.thespammer.com) ([10.1.1.89]) by sending-machine.spamham.com with ESMTP; Received: from exchange1.thespammer.com ([10.1.1.111]) by linux1.thespammer.com with Microsoft SMTPSVC(6.0.3790.1830); Subject: Would like a bigger paycheck? Date: Wed, 21 Sep 2005 13:46:07 -0700 From: "A. Sender" <[email protected]> To: <[email protected]> : · Cisco . · Cisco ( ) . · ( ). · . MTA. IP 7.8.9.1. · Cisco Microsoft Exchange . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 380 Anti-Spam 36: Received: ( A 2) 1 Received: from mta.customerdomain.org ([10.2.3.5]) by ironport.customerdomain.org with ESMTP; 21 Sep 2005 13:46:07 -0700 2 Received: from mx.customerdomain.org (mx.customerdomain.org) [10.2.3.4]) by mta.customerdomain.org (8.12.11/8.12.11) with ESMTP id j8LKkWu1008155 for <[email protected]>; 3 Received: from sending-machine.spamham.com (sending-machine.spamham.com [7.8.9.1]) by mx.customerdomain.org (Postfix) with ESMTP id 4F3DA15AC22 for <[email protected]>; GUI Add Relay( ) A() . 26: Received · , 376 · , 381 · , HAT, SBRS , 382 · , 382 · , 382 · () , 382 · , 382 · , 382 SenderBase Reputation SenderBase Reputation Service (reputation, no-reputation) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 381 , HAT, SBRS Anti-Spam , HAT, SBRS HAT . SenderBase Reputation $reputation HAT . MX MTA , (DHAP) . Email Security Appliance . , MX MTA . DHAP . IP SenderBase Reputation . () : · IP MX/MTA . (IP 7.8.9.1) MX/MTA(IP 10.2.3.4) 5 , IP 7.8.9.1 5 MX/MTA(IP 10.2.3.5) 5 . · SenderBase Reputation . , . Message Tracking Details( ) IP IP SenderBase Reputation . SenderBase Reputation 1 . SenderBase Reputation 5 . 1 Fri Apr 28 17:07:29 2006 Info: ICID 210158 ACCEPT SG UNKNOWNLIST match nx.domain SBRS rfc1918 2 Fri Apr 28 17:07:29 2006 Info: Start MID 201434 ICID 210158 3 Fri Apr 28 17:07:29 2006 Info: MID 201434 ICID 210158 From: <[email protected]> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 382 Anti-Spam 4 Fri Apr 28 17:07:29 2006 Info: MID 201434 ICID 210158 RID 0 To: <[email protected]> 5 Fri Apr 28 17:07:29 2006 Info: MID 201434 IncomingRelay(senderdotcom): Header Received found, IP 192.192.108.1 being used, SBRS 6.8 6 Fri Apr 28 17:07:29 2006 Info: MID 201434 Message-ID '<[email protected]>' 7 Fri Apr 28 17:07:29 2006 Info: MID 201434 Subject 'That report...' 8 Fri Apr 28 17:07:29 2006 Info: MID 201434 ready 2367 bytes from <[email protected]> 9 Fri Apr 28 17:07:29 2006 Info: MID 201434 matched all recipients for per-recipient policy DEFAULT in the inbound table 10 Fri Apr 28 17:07:34 2006 Info: ICID 210158 close 11 Fri Apr 28 17:07:35 2006 Info: MID 201434 using engine: CASE spam negative 12 Fri Apr 28 17:07:35 2006 Info: MID 201434 antivirus negative 13 Fri Apr 28 17:07:35 2006 Info: MID 201434 queued for delivery . Wed Aug 17 11:20:41 2005 Info: MID 58298 IncomingRelay(myrelay): Header Received found, IP 192.168.230.120 being used Cisco . (: Microsoft Exchange ) Cisco . AsyncOS . , 1107 . Cisco Anti-Spam Cisco Intelligent Multi-Scan . 1 Security Services( ) > IronPort Anti-Spam . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 383 Anti-Spam 2 Security Services > IMS and Graymail(IMS ) . 3 Rule Updates( ) . "Never Updated( )" . -- Update Now( ) . · , 945 · , 949 · , 949 X-advertisement: spam . . Cisco Anti- Spam Cisco Anti- Spam ( , 362 ) X-header X-Advertisement: spam . . . · SMTP . Cisco Anti-Spam , 385 . · trace . : , 1149 . . . , 386 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 384 Anti-Spam Cisco Anti-Spam · Cisco Anti-Spam , 385 · , 386 Cisco Anti-Spam : SMTP , 385 . 1 Cisco Anti-Spam . 2 X-Advertisement: spam . SMTP . 3 . . · ? · ? · ? · ? · : SMTP , 385 : SMTP HAT . # telnet IP_address_of_IronPort_Appliance_with_IronPort_Anti-Spam port 220 hostname ESMTP helo example.com 250 hostname mail from: <[email protected]> 250 sender <[email protected]> ok rcpt to: <test@address> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 385 Anti-Spam 250 recipient <test@address> ok data 354 go ahead Subject: Spam Message Test X-Advertisement: spam spam test . 250 Message MID accepted 221 hostname quit IronPort Anti-Spam Cisco Intelligent Multi-Scan . · . , IP, . · " " . SBRS, , " " . · . · . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 386 16 . · , 387 · Email Security Appliance , 387 · , 388 · , 391 · , 396 , , , . , . , ( , ). Email Security Appliance Email Security Appliance Unsubscribe Service( ), . . · . · Unsubscribe Service( ) . . · . . . Unsubscribe Service( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 387 URL , URL , . . · . . . . · . ( , 388 ), . · · , 388 . · . (: Amazon.com ) · . , , . : · LinkedIn - · CNET - · . (: TechTarget ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 388 27: 1 Email Security Appliance . 2 Email Security Appliance . 3 . 8 . 3 Email Security Appliance , . 8 . 4 . 4 Email Security Appliance . 5 . 8 . 5 Email Security Appliance , , , . 6 Email Security Appliance . 7 . 8 . 7 Email Security Appliance . Email Security Appliance . 8 Email Security Appliance . , , 57 . · , 390 · , 57 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 389 . 28: 1 . 2 Unsubscribe( ) . 3 Unsubscribe Service( ) URI . 4 Unsubscribe Service( ) URI . 5 URI , Unsubscribe Service( ) . · URI Unsubscribe Service( ) . · URI URI (http mailto) Unsubscribe Service( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 390 · Unsubscribe Service( ) "Successfully unsubscribed( )" . · Unsubscribe Service( ) "Unsubscribe process in progress( )" URL . URL . Unsubscribe Service( ) 4 . · 1 , Unsubscribe Service( ) "Successfully unsubscribed( )" . · 4 , Unsubscribe Service( ) "Unable to subscribe( )" URL . · , 391 · , 392 · , 392 · , 392 · IronPort-PHdr , 393 · , 394 · , 394 · , 395 · , 396 · , 396 · , 396 · . IronPort Anti-Spam, Intelligent Multi-Scan Outbreak Filters . Anti-Spam, 355 . · · . · Unsubscribe Service( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 391 , . , 391 . 1 Security Services( ) > Detection and Safe Unsubscribe( ) . 2 Edit Global Settings( ) . 3 Enable Graymail Detection( ) . 4 ( ) . · . · (). 5 ( ) Enable Automatic Updates( ) . . 6 Enable Safe Unsubscribe( ) . 7 . CLI graymailconfig . AsyncOS for Cisco Email Security Appliance CLI . , 392 1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Graymail() . 3 . · · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 392 IronPort-PHdr · , . S/MIME S/MIME . · ( , ) · , , ( ) . · · · · . · . Email Security Appliance . 4 . . . CLI policyconfig . AsyncOS for Cisco Email Security Appliance CLI . IronPort-PHdr IronPort-PHdr . · . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 393 IronPort-PHdr . IronPort-PHdr . . , IronPort-PHdr . . skip-marketingcheck skip-socialcheck skip-bulkcheck "private_listener" . internal_mail_is_safe: if (recv-listener == 'private_listener') { skip-socialcheck (); } . Overview() > Incoming Mail (, ) Overview( Summary( ) ) , . 799 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 394 Incoming Mail( ) > Top . Senders by Graymail Messages( ) Incoming Mail( ) , Incoming Mail( ) > 802 IP , Incoming Mail Details( (, ) ) . Incoming Mail( ) > IP , Incoming Mail Details( (, ) > Sender Profile( )( ) ) . Internal Users( ) > Top . Internal Users by Graymail( Users( ) ) , 811 Internal Users( ) > User ( Mail Flow Details( , ) ) . Internal Users( ) > User ( Mail Flow Details( , ) ) > Internal User( )( . ) AsyncOS 9.5 Marketing Email Scanning( ) . · . · . · . Cisco . (: ) . . · Security Service( ) > IMS and Graymail(IMS ) Update Now( ) . · CLI, graymailupdate . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 395 IMS and Graymail(IMS ) Rule Updates( ) CLI graymailstatus . Unsubscribe Service( ) , Cisco Unsubscribe( ) ( , 390 ). Security Services( ) > Block Page Customization( ) Unsubscribe( ) (: , ) . , 431 . , . , 873 . . · Graymail Engine Logs( ). , , . Info() Debug() . · Graymail Archive( ). ( " " ) . mbox . · Mail Logs( ). . Info() Debug() . Unsubscribe( ) "Unable to unsubscribe from...(... )" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 396 Unsubscribe Service( ) . Unsubscribe Service( ) . · URI mailto · Credential · · captcha Unsubscribe Service( ) captcha · URL . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 397 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 398 17 (Outbreak Filter) . · Outbreak Filter , 399 · Outbreak Filter , 400 · Outbreak Filter , 407 · Outbreak Filter , 410 · Outbreak Filter , 421 · Outbreak Filter , 422 Outbreak Filter Outbreak Filter (: ) . , Cisco Email Security Appliance . Cisco , . Cisco Sophos McAfee . , , URL . . Outbreak Filter , URL . Outbreak Filter URL . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 399 Outbreak Filter (Outbreak Filter) Outbreak Filter · , , 400 · , 400 · Cisco Security Intelligence Operations, 402 · Context Adaptive Scanning Engine, 402 · , 403 · URL , 403 · , 404 · : Outbreak, 404 · Outbreaks, 405 · , 406 , Outbreak Filter . · . Outbreak Filter . . · . Outbreak Filter URL , Cisco . . . URL URL , 403 . · . Outbreak Filter URL , . , 404 . Outbreak Filter . , , . Outbreak Filter . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 400 (Outbreak Filter) Virus Outbreaks( ) Outbreak Filter Anti-Spam Intelligent Multi-Scan . · Virus Outbreaks( ), 401 · , , 401 Virus Outbreaks( ) Outbreak Filter . . . . . , . . · . · (: ) HTML . · IP URL. , . · URL URL. . Outbreak Filter . CASE URL Outbreak , . Email Security Appliance , URL Cisco . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 401 Cisco Security Intelligence Operations (Outbreak Filter) Cisco Security Intelligence Operations Cisco SIO(Security Intelligence Operations) , Cisco . SIO . · SenderBase. · TOC(Threat Operations Center). SenderBase · . SIO SenderBase , . TOC . Email Security Appliance Outbreak Outbreak . SenderBase . http://www.senderbase.org/ SIO , . http://tools.cisco.com/security/center/home.x Context Adaptive Scanning Engine Outbreak Filter Cisco CASE(Context Adaptive Scanning Engine) . CASE 100,000 . CASE , . CASE SIO Outbreak . CASE URL , URL SIO Outbreak . CASE . CASE SIO Outbreak . . CASE . CASE . CASE Cisco Anti-Spam: , 358 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 402 (Outbreak Filter) . . Outbreak Filter , Cisco . Outbreak . URL URL . URL CASE SIO Outbreak , . Outbreak Filter , 408 . URL CASE Outbreak Filter URL . CASE Outbreak . Outbreak Filter Cisco URL ( URL ) TOC . URL URL , 418 . Email Security Appliance Cisco . Cisco , . . URL Cisco . . Ignore this warning( ) Exit() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 403 29: Cisco (proxy_splash_screen) (Outbreak Filter) Cisco URL . URL . (: , ) . , 431 . URL Cisco Web Security URL Cisco Web Security : , 366 . Outbreak Filter URL , . Outbreak Filter . , 417 . Mail Policies( ) > Text Resources( ) Disclaimer( ) . , 622 . : Outbreak Outbreak Filter Adaptive() Outbreak( ), . Outbreak Filter . Outbreak Filter , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 404 (Outbreak Filter) · , 405 · , 405 Outbreak Cisco Security Intelligence Operations Cisco TOC(Threat Operations Center) , . Outbreak SenderBase ( ) , , . Outbreak GUI (: Outbreak ) ID . SenderBase . TOC . 0( ) 5( ) , Cisco ( , 406 ). TOC Outbreak . Outbreak . · , , · · · URL · Sophos IDE CASE . . . Outbreak . Outbreak , (Adaptive Rules) "" . . Outbreaks Outbreak Filter (: , , , ) (: 4). , Cisco SIO 143 (: "hello") .exe . Outbreak . Outbreak 5 (Outbreak Filter , 414 ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 405 (Outbreak Filter) Outbreak . . Outbreak( ) . URL . . 0 None . 1 Low . 2 Low/Medium . "". 3 Medium . 4 High . 5 Extreme . Outbreak Filter , 414 . · , 406 · : , 407 . (1 2) . , (4 5) . , . , 408 . Cisco 3 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 406 (Outbreak Filter) : : (.zip) . TOC . TOC .exe .zip .zip .exe (.zip(exe)) Outbreak , .zip (: .txt ) . (.zip(*)) . (Always) . SIO . 37: Outbreak .zip(exe) 4 .zip .exe 4 . .zip(doc) 0 .zip .doc 0 . zip(*) 2 .zip 2 . Outbreak Filter " " ( , 57 ). , . , ( ) Outbreak Filter . Outbreak Filter . Outbreak Filter CASE . Outbreak Filter . · , 408 · , 408 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 407 (Outbreak Filter) Outbreak Filter . Outbreak CASE ( : Outbreak, 404 ). . ( ) CASE . ( ) 0 . Email Security Appliance , URL . . CASE . , . ( ) Outbreak ( Outbreak ) . Outbreak Filter . . , Outbreak . Outbreak Filter . · . · Outbreak . · . (desktops/groupware) . Outbreak Filter . Outbreak Filter Outbreak . ( Outbreak , 409 .) Outbreak . CASE Outbreak . (Outbreak ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 408 (Outbreak Filter) Outbreak . , . . CASE Outbreak . CASE . . CASE , Email Security Appliance . 1. 4. . Email Security Appliance ( ). Outbreak 100% . . · ( ) · Outbreak ( ) Outbreak 100% . , 850 , 851 . Outbreak ( ) . ( ). Outbreak Filter Outbreak , 419 . . Outbreak Filter , Outbreak . (Outbreak Filter , Outbreak ) . Outbreak Filter . Outbreak Filter ( ), . · Outbreak , 409 Outbreak Outbreak( ) . . . Outbreak . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 409 Outbreak Filter (Outbreak Filter) 38: Outbreak T=0 T=5 T=10 T=20 T=12 ( , ) 100,000 Outbreak .zip(exe) .exe .zip Outbreak 50KB .zip(exe) 50KB .zip(exe) Outbreak 50~55KB .zip(exe) "Price" Outbreak Outbreak Filter GUI(Graphical User Interface) , Security Services( ) Outbreak Filters . 30: Outbreak Filters AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 410 (Outbreak Filter) Outbreak Filter Outbreak Filters Outbreak Filters Overview() Outbreak Filter Rules() ( ), . Outbreak Filter , Adaptive Scanning( ) , 512k . Edit Global Settings( ) . Outbreak Filter , 411 . Outbreak Filter Rules() ( ) , Outbreak Filter . Outbreak Outbreak Filter , 414 . · Outbreak Filter , 411 · Outbreak Filter , 414 · Outbreak Filter , 415 · Outbreak Filter Outbreak , 419 Outbreak Filter 1 Security Services( ) > Outbreak Filters . 2 Edit Global Settings( ) . 3 . · Outbreak Filter · · ( ) · Outbreak Filter · . , 429 . 4 . outbreakconfig CLI (AsyncOS for Cisco Email Security Appliance CLI ). . URL . CLI URL URL URL , 412 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 411 Outbreak Filter (Outbreak Filter) · Outbreak Filter , 412 · , 412 · Outbreak Filter , 412 · URL URL , 412 Outbreak Filter Outbreak Filter Outbreak Filters Global Settings(Outbreak Filter ) Enable Outbreak Filters(Outbreak Filter ) Submit( ) . Outbreak Filters . Outbreak Filter . Outbreak Filter , 415 . Outbreak Filter CASE(Context Adaptive Scanning Engine) . Anti-Spam Intelligent Multi-Scan . (4: , 37 ), Security Services( ) > Outbreak Filters Enable() . Adaptive Scanning( ) Outbreak Filters . ( ) . Adaptive Scanning( ) Outbreak Filters Global Settings(Outbreak Filter ) Enable Adaptive Rules( ) Submit() . Outbreak Filter Outbreak Filter "Emailed Alerts( )" . Outbreak Filter Outbreak Filter . System Administration( ) Alerts() . Outbreak Filter , SNMP Outbreak Filter, 422 . URL URL URL . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 412 (Outbreak Filter) : outbreakconfig URL · URL URL · URL URL · Outbreak Filter URL CLI(command-line interface) outbreakconfig . · : outbreakconfig URL , 413 · Outbreak Filter , 414 · : outbreakconfig URL , 413 : outbreakconfig URL outbreakconfig URL . mail.example.com> outbreakconfig Outbreak Filters: Enabled Choose the operation you want to perform: - SETUP - Change Outbreak Filters settings. []> setup Outbreak Filters: Enabled Would you like to use Outbreak Filters? [Y]> Outbreak Filters enabled. Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or back down below), meaning that new messages of certain types could be quarantined or will no longer be quarantined, respectively. Would you like to receive Outbreak Filter alerts? [N]> What is the largest size message Outbreak Filters should scan? [524288]> Do you want to use adaptive rules to compute the threat level of messages? [Y]> Logging of URLs is currently disabled. Do you wish to enable logging of URL's? [N]> Y Logging of URLs has been enabled. The Outbreak Filters feature is now globally enabled on the system. You must use the 'policyconfig' command in the CLI or the Email Security Manager in the GUI to enable Outbreak Filters for the desired Incoming and Outgoing Mail Policies. Choose the operation you want to perform: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 413 Outbreak Filter (Outbreak Filter) - SETUP - Change Outbreak Filters settings. []> Outbreak Filter Outbreak Cisco Security Intelligence Operations , Outbreak 5 . . , 949 . · Outbreak Filter , 414 Outbreak Filter Outbreak Filters Rules(Outbreak Filter ) . Cisco (, ). . Update Rules Now( ) Cisco Outbreak . Update Rules Now( ) Outbreak "" . Outbreak . Cisco Outbreak . · Outbreak Filter , 414 Outbreak Filter 5 Outbreak Filter . Security Services( ) > Service Updates( ) . , 945 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 414 (Outbreak Filter) Outbreak Filter Outbreak Filter Outbreak Filter . Outbreak Filter . Outbreak Filter . Policyconfig CLI (AsyncOS for Cisco Email Security Appliance CLI ). Outbreak Filter Anti-Spam Intelligent Multi-Scan . Outbreak Filter Outbreak Filters . Outbreak Filter Enable Outbreak Filtering (Customize Settings)(Outbreak Filtering ( )) . Outbreak Filter . · · · · · · Outbreak Filter (: $threat_verdict, $threat_category, $threat_type, $threat_description $threat_level) · : · X-IronPort-Outbreak-Status · X-IronPort-Outbreak-Description · Email Security Appliance Exchange Server · URL · Outbreak Filters Enable Outbreak Filtering (Inherit Default mail policy settings)(Outbreak Filtering ( )) . Outbreak Filter ( ) Outbreak Filter . . · , 416 · , 416 · , 416 · , 417 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 415 (Outbreak Filter) Quarantine Threat Level( ) . , . Cisco 3 . , 406 . Outbreak . . Deliver messages without adding them to quarantine( ) . Message Modification( ) . CASE . Email Security Appliance CASE . . CASE . . Bypass Attachment Scanning( ) Add Extension( ) . AsyncOS File Extensions to Bypass( ) . File Extensions to Bypass( ) . · : , 416 : , (: .zip .doc ) . .doc , .doc . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 416 (Outbreak Filter) Message Modification( ) . AsyncOS Cisco URL . . . · , 417 · , 417 · Outbreak Filter , 417 · , 418 · URL , 418 · , 419 Message Modification Threat Level( ) . CASE . , . Cisco 3 . , . , Outbreak Filter( ) (: $threat_verdict, $threat_category, $threat_type, $threat_description, $threat_level) . Insert Variables( ) . Message Subject( ) . ( ) ( ) . [MODIFIED FOR PROTECTION] . Message Subject( ) US-ASCII . Outbreak Filter . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 417 (Outbreak Filter) X-IronPortOutbreakStatus X-IronPort-Outbreak-Status: X-IronPort-Outbreak- $threat_verdict, level Status: Yes, level $threat_level, 4, Phish - Password $threat_category - $threat_type · · · X-IronPortOutbreakDescription X-IronPort-OutbreakDescription: $threat_description X-IronPort-Outbreak-Description: It may trick victims into submitting their username and password on a fake website. · Enable() · Outbreak Filter Email Security Appliance ( ), . Outbreak Filter , Email Security Appliance Outbreak Filter . Outbreak Filter . IP (IPv4 IPv6) FQDN Alternate Destination Mail Host( ) . URL , Outbreak Filter URL Cisco URL . ( URL , 403 .) . TOC . CASE SIO Outbreak . . AsyncOS URL URL . URL . · Enable only for unsigned messages( ). AsyncOS URL , URL . Cisco URL . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 418 (Outbreak Filter) Email Security Appliance DomainKeys/DKIM URL , Email Security Appliance DomainKeys/DKIM . S/MIME S/MIME . · Enable for all messages( ). AsyncOS URL . AsyncOS . · Disable(). Outbreak Filter URL . URL . Bypass Domain Scanning( ) IPv4 , IPv6 , CIDR , , . . URL ( ). URL , 430 . Email Security Appliance . HTML . Threat Disclaimer( ) , Mail Policies( ) > Text Resources( ) Disclaimer Template( ) . . Preview Disclaimer( ) . , . , 622 . Outbreak Filter Outbreak Outbreak Filter Outbreak . "" ( , , , 847 ). (: Outbreak Outbreak ID , ) . Outbreak , 421 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 419 Outbreak (Outbreak Filter) · Outbreak , 420 · Outbreak , 421 Outbreak , Outbreak . Outbreak . · Default Action( ) Release() . , , X-Header . , 851 . · Default Action( ) Delete() . · . ( ) . , , X-Header . , Outbreak . Default Action( ) Delete() Outbreak . Delete() . Outbreak Outbreak , 851 . , Outbreak . . ( ), , . Outbreak Filters . Outbreak Filter . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 420 (Outbreak Filter) Outbreak Outbreak GUI Monitor() Outbreak . Outbreak Outbreak Quarantine Manage by Rule Summary Link( Outbreak ) . 31: Outbreak · ID Outbreak , 421 ID Outbreak ID Outbreak Manage by Rule Summary( ) . 32: Outbreak Outbreak ( ) , . . quarantineconfig -> outbreakmanage CLI . AsyncOS for Cisco Email Security Appliance CLI . Outbreak Filter Outbreak Filter . · Outbreak Filter , 422 · Outbreak Filter , 422 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 421 Outbreak Filter (Outbreak Filter) · , 422 · , SNMP Outbreak Filter, 422 Outbreak Filter Outbreak Filter Outbreak Filter Outbreak Filter . Monitor( ) > Outbreak Filters . " " . Outbreak Filter Outbreak Filter . Security Services( ) > Outbreak Filters . Outbreak Filter Outbreak . . Outbreak , 421 , , , 847 . , SNMP Outbreak Filter Outbreak Filter AsyncOS SNMP . SNMP . AsyncOS SNMP "CLI " . AsyncOS Outbreak Filter ( ) . Outbreak 5, 50, 75 95 AsyncOS . 95% CRITICAL WARNING. . . , 962 . , , CASE . Outbreak Filter Outbreak Filter . · Cisco , 423 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 422 (Outbreak Filter) Cisco · , 423 · , 423 Cisco Cisco Outbreak Manage Quarantine( ) . , , . . Outbreak Filter . Outbreak Filter . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 423 (Outbreak Filter) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 424 18 URL . · URL , 425 · URL , 426 · URL , 432 · URL , 436 · URL URL , 437 · URL , 438 · URL , 440 · URL , 441 · URL , 441 · URL , 441 · URL , 446 URL , , . . · URL URL Outbreak Filter . Cisco Web Security Appliance , . URL WBRS(Web Based Reputation Score) . Cisco Web Security Proxy URL . · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 425 URL URL . , . · URL (: ) . · URL . · URL , 426 · Web Interaction Tracking( ) , 819 URL ( ) URL . URL . · http, https www · IP · (:) · URL , . URL · URL , 426 · URL , 427 · Cisco Web Security Services , 428 · , 429 · URL , 429 · URL , 430 · , 431 URL URL , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 426 URL URL · , . IronPort Anti-Spam Intelligent Multi-Scan . . · Outbreak Filter , . Outbreak Filter . URL · Outbreak Filter . Outbreak Filter . URL Security Services( ) > URL Filtering(URL ) CLI websecurityconfig URL . · URL . URL , 426 . · ( ) URL URL . URL , 430 . 1 Security Services( ) > URL Filtering(URL ) . 2 Enable() . 3 Enable URL Category and Reputation Filters(URL ) . 4 ( ) URL URL . Outbreak Filter . 5 ( ) . , 429 . 6 . Outbreak Filters , URL . · URL URL , 432 . · URL URL , 432 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 427 Cisco Web Security Services URL · URL Cisco Web Security URL Cisco Web Security : , 366 . · ( ) , 431 . · . URL , 459 , AsyncOS , 964 . Cisco Web Security Services URL Cisco Web Security Services . Email Security Appliance , 1227 URL Cisco Web Security Services . HTTPS . ( , 945 ). URL , 428 . Security Services( ) > Service Updates( ) HTTP HTTPS Email Security Appliance Cisco Web Security Services . , 949 . . · URL , 428 · : SDS: , 442 · : SDS: , 442 URL AsyncOS URL . . (System , Warning ) . , 962 . Cisco TAC . Cisco Web Security Services , 445 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 428 URL URL (, ) . Web Interaction Tracking( ) URL, URL . Web Interaction Tracking( ) Web Interaction Tracking( ) , 819 . Cisco Aggregator Server . · , 429 · Cisco Aggregator Server , 429 . · Outbreak Filter. Outbreak Filter URL . Outbreak Filter , 411 . · URL Filtering(URL ). ( ) URL . URL , 427 . Cisco Aggregator Server Email Security Appliance , 1227 URL 30 Cisco Aggregator Server ( ). HTTPS . ( , 945 ). Security Services( ) > Service Updates( ) HTTP HTTPS Email Security Appliance Cisco Aggregator Server . , 949 . . URL · , URL . · URL , URL , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 429 URL URL · URL , URL . · URL , URL . · . URL URL URL , , Outbreak Filter, . URL Outbreak Filter . URL () URL URL . Outbreak Filter URL Mail Policies( ) > Outbreak Filters Bypass Domain Scanning( ) . URL URL . URL , 418 . URL SBRS . URL . URL , 431 . 1 Mail Policies( ) > URL Lists(URL ) . 2 Add URL List(URL ) . URL . URL . 3 . URL URLs (;) Submit() . more( )... . URL, IP . 4 . · URL URL , 427 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 430 URL URL · URL () URL , 432 , 293 . URL , 228 URL Category(URL ) , 189 . · URL , 431 URL URL URL . 1 . · URL . · URL . 2 /configuration . 3 CLI urllistconfig > new . Outbreak Filtering( ) ( ) URL , Cisco Web Security Proxy . . Outbreak Filtering( ) URL 10 Cisco Web Security Proxy . (: , ) . Cisco . · URL . URL , 427 . 1 Security Services( ) > Block Page Customization( ) . 2 Enable() . 3 Enable Block Page customization( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 431 URL URL · URL. . · · 4 . . . AsyncOS , . 5 ( ) Preview Block Page Customization( ) . 6 . URL . · Outbreak Filter . URL , 403 . · URL , 432 . URL URL . Outbreak Filter URL , URL . URL . · ( URL ) Neutral URL Cisco Cloud Web Security . · Malicious() URL . URL . · (: ) URL . · ( ) . ( URL ) Unclassified() URL Cisco Cloud Web Security . · URL () , 433 · URL URL : , 433 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 432 URL URL () · URL : URL URL , 434 · URL: , 436 URL () URL URL . . , URL URL . : URL . ( URL URL URL URL ) URL URL . URL . . . , . · URL URL : , 433 · URL : URL URL , 434 URL URL : URL . URL URL URL URL . Adult() URL Drop (Final Action)(( )) , Adult() URL Category(URL ) . . URL, URL URL URL . . . -8 ~ -10 -8 ~ -10 . URL "No Score( )" . URL URL . URL , . , Cisco Web Security . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 433 URL : URL URL URL URL URL URL . URL . URL URL URL . URL URL . URL . URL URL URL , 459 . · URL , 430 · , 283 · URL Reputation(URL ) , 188 · URL Category(URL ) , 189 URL : URL URL URL URL URL URL . URL URL . , URL URL . URL . URL . . URL, URL URL URL . . . -8 ~ -10 -8 ~ -10 . URL "No Score( )" . URL URL . URL , . , Cisco Web Security . URL URL . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 434 URL URL : URL URL · URL . URL . · , Cisco Web Security Proxy URL . : Uncategorized() URL Cisco Cloud Web Security Proxy Service . URL: , 436 . URL . Cisco Cloud Web Security . . · URL . URL $URL . : · Illegal Downloads( ) URL . Message from your system administrator: A link to an illegal downloads web site has been removed from this message. · URL . WARNING! The following URL may contain malware: $URL : WARNING: The following URL may contain malware: http://example.com. · . http://custom_proxy/$URL : http://custom_proxy/http://example.com URL URL URL . URL URL . URL URL URL URL ( ) . () . URL URL URL , 459 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 435 URL: URL · URL , 430 · URL Cisco Web Security : , 366 · , 283 · URL Reputation(URL ) , 188 · URL Category(URL ) , 189 URL: Cisco Cloud Web Security : · , . · . (: , ) . , 431 . · Cisco Cloud Web Security Proxy Service . · . · URL : URL URL , 434 URL URL X-URL-ScanningError . · URL · URL · URL URL , Other Header( ) X-URL-LookUp-ScanningError . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 436 URL URL URL URL URL URL URL URL URL . URL URL URL URL . URL URL 10 URL . URL 10 URL URL -10 URL . URL CLI websecurityadvancedconfig . · URL . URL , 427 . · URL URL . · URL . URL HTTP . : URL URL websecurityadvancedconfig URL URL . mail.example.com> websecurityadvancedconfig Enter URL lookup timeout (includes any DNS lookup time) in seconds: [5]> Enter the URL cache size (no. of URLs): [810000]> Do you want to disable DNS lookups? [N]> Enter the maximum number of URLs that should be scanned: [100]> Enter the Web security service hostname: [v2.sds.cisco.com]> Enter the threshold value for outstanding requests: [50]> Do you want to verify server certificate? [Y]> Do you want to enable URL filtering for shortened URLs? [Y]> yes For shortened URL support to work, please ensure that ESA is able to connect to the following domains: bit.ly, tinyurl.com, ow.ly, tumblr.com, post/ly .................. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 437 URL URL Enter the default time-to-live value (seconds): [30]> Do you want to rewrite both the URL text and the href in the message? Y indicates that the full rewritten URL will appear in the email body. N indicates that the rewritten URL will only be visible in the href for HTML messages. [N]> Do you want to include additional headers? [N]> Enter the default debug log level for RPC server: [Info]> Enter the default debug log level for URL cache: [Info]> Enter the default debug log level for HTTP client: [Info]> URL 'URL ' ETF URL . ETF 'URL ' . · 'URL ' . · 'URL ' . · 'URL ' . 'URL ' URL . · 'URL ' 11~20 . · 'URL ' 4~10 . · Cisco Email Security URL . URL Security Services > URL Filtering(URL ) . URL , 425 . · Cisco Email Security . Security Services > Outbreak Filters( ) . (Outbreak Filter), 399 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 438 URL URL · Cisco Email Security . Security Services > Anti-Spam() . Anti-Spam, 355 . · ( ) URL . Mail Polices(Mail ) > URL Lists(URL ) . URL , 425 . 1 Mail Policies( ) > Incoming Content Filters( ) . 2 Add Filter( ) . 3 . 4 Add Condition( ) . 5 URL Reputation(URL ) . 6 External Threat Feeds( ) . 7 URL ETF . 8 ( ) Cisco Email Security URL . 9 / URL Check URLs within( URL ) . 10 OK() . 11 Add Action( ) . 12 URL Reputation(URL ) . 13 External Threat Feeds( ) . 14 ETF (7). 15 ( ) 8 URL . 16 ' ' / ' ' URL Check URLs within( URL ) . 17 / URL . 16 'Check URLs within( URL )' 'Attachments( )' . 18 . 19 OK() . 20 . WBRS( ) ETF URL , WBRS URL ETF URL . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 439 URL URL URL , ETF URL URL 'URL ' . : defang_url_in_message: if (url-external-threat-feeds (['etf_source1'], <'URL_whitelist'>, <'message_attachments'> , <'message_body_subject'> ,)) { url-etf-defang(['etf-source1'], "", 0); } <'URL_whitelist'> , <'Preserve_signed'>)} · `url-external-threat-feeds' URL . · `etf_source1' URL ETF . · `URL_whitelist' URL . URL "" . · `message_attachments' URL . '1' URL . · 'message_body_subject' URL . '1' URL . "1,1" , URL . · 'url-etf-defang' URL . URL ETF . · url-etf-strip(['etf_source1'], "None", 1) · url-etf-defang-strip(['etf_source1'], "None", 1, "Attachment removed") · url-etf-defang-strip(['etf_source1'], "None", 1) · url-etf-proxy-redirect(['etf_source1'], "None", 1) · url-etf-proxy-redirect-strip(['etf_source1'], "None", 1) · url-etf-proxy-redirect-strip(['etf_source1'], "None", 1, " Attachment removed") · url-etf-replace(['etf_source1'], "", "None", 1) · url-etf-replace(['etf_source1'], "URL removed", "None", 1) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 440 URL URL · url-etf-replace-strip(['etf_source1'], "URL removed ", "None", 1) · url-etf-replace-strip(['etf_source1'], "URL removed*", "None", 1, "Attachment removed") · 'Preserve_signed' '1' '0' . '1' '0' . URL ETF . Strip_Malicious_URLs: if (true) {url-etf-strip(['threat_feed_source'], "", 0);} URL URL Monitor() > URL Filtering(URL ) . URL Filtering(URL ) , 818 . URL URL : · . · URL URL / . · URL . URL , 418 . · URL . URL URL , 412 . , 842 . , 898 . URL · , 442 · : SDS: , 442 · : SDS: , 442 · Cisco Web Security Services , 443 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 441 URL · : Cisco Aggregator Server , 443 · : Cisco Aggregator Server , 444 · websecurityadvancedconfig , 444 · , 444 · URL Outbreak Filter , 444 · URL , 445 · URL , 445 · Cisco Web Security Services , 445 URL . · (mail_logs). URL (URL ) . · URL (web_client). URL , , . Info() Debug() . . "SDS" URL . : SDS: . Cisco Web Security Services(URL ) Cisco Aggregator Server( ) . . 1. . 2. URL . 3. Cisco TAC . : SDS: SDS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 442 URL Cisco Web Security Services URL Cisco Web Security Services . Cisco Web Security Services , 445 . Cisco Web Security Services Security Services( ) > URL Filtering(URL ) Cisco Web Security Services . · URL . · Cisco Web Security Services . , 966 . : SDS: , 442 : SDS: , 442 . · Security Services > Service Updates( ) , . · . · SDS URL , sent 1-12 CLI websecuritydiagnostics websecurityadvancedconfig . · Response Time( ) DNS Lookup Time(DNS ) URL Lookup Timeout(URL ) , URL Lookup Timeout(URL ) . · . · URL , Cisco Web Security Services SDS URL . "SDS" Cisco Web Security Services . TAC . : Cisco Aggregator Server Unable to Connect to the Cisco Aggregator Server(Cisco Aggregator Server ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 443 : Cisco Aggregator Server URL 1. ping Cisco Aggregator Server . CLI aggregatorconfig Cisco Aggregator Server . 2. Security Services( ) > Service Updates( ) , . 3. . 4. DNS . 5. Cisco TAC . : Cisco Aggregator Server Unable to retrieve web interaction tracking information from the Cisco Aggregator Server(Cisco Aggregator Server ) . . 1. Security Services > Service Updates( ) , . 2. . 3. DNS . 4. Cisco TAC . websecurityadvancedconfig TAC websecurityadvancedconfig . URL . , 845 . URL Outbreak Filter AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 444 URL URL URL Outbreak Filter . · Outbreak Filter , . URL , . Outbreak Filter , 415 , 362 . URL . · Email Security Appliance Cisco Web Security Services . Cisco Web Security Services , 443 . URL URL . · ( ) . · Email Security Appliance Cisco Web Security Services . Cisco Web Security Services , 443 . · URL . URL URL , 459 . URL . URL URL Cisco Web Security Proxy . . · . · , Cisco Web Security Proxy . . Cisco Web Security Services Cisco Web Security Services . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 445 URL URL 1 . 2 Network() > Certificates() CLI certconfig . 3 CLI websecurityconfig . 4 Cisco Web Security Services Authentication . 5 webcacheflush . URL · URL , 446 · URL , 459 · URL URL , 459 · URL , 459 URL URL Web Security Appliance AsyncOS . URL Category(URL ) URL adlt 1006 www.adultentertainmentexpo.com . www.adultnetline.com ( , , , ), , , , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 446 URL URL URL Category(URL ) URL adv 1027 www.adforce.com , www.doubleclick.com . " " . alc 1077 , www.samueladams.com , , www.whisky.com , , , , . " " . " " . art 1002 , www.moma.org , , , www.nga.gov , , , , , . TV " " . astr 1074 , , , , www.astro.com , www.astrology.com . auct 1088 , www.craigslist.com www.ebay.com . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 447 URL URL URL Category(URL ) URL busi 1019 , , , www.freightcenter.com , , , , www.staples.com , , , ( ), , , , , , : , , , , , , , , ( , , , , , , , , , , , ) . chat 1040 www.icq.com . www.meebo.com plag 1051 www.bestessays.com www.superiorpapers.com cprn 1064 -- . csec 1065 www.computersecurity.com www.symantec.com . comp 1003 www.xml.com , www.w3.org , , , , , , , . " " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 448 URL URL URL Category(URL ) URL date 1055 , www.eharmony.com , www.match.com . card 1082 e- www.all-yours.net . www.delivr.net food 1061 , www.hideawaybrewpub.com , , www.restaurantrow.com , . dyn 1091 http://109.60.192.55 http://dynalink.co.jp IP . http://ipadsl.net . edu 1001 , , , www.education.com , , www.greatschools.org , , , , , . ent 1093 www.eonline.com , , TV, www.ew.com , , , . "" . extr 1075 , www.car-accidents.com , www.crime-scene-photos.com (: , , , ), . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 449 URL URL URL Category(URL ) URL fash 1076 , , , www.fashion.net , , , www.findabeautysalon.com , , . " " . fts 1071 www.rapidshare.com www.yousendit.com . filt 1025 www.bypassschoolfilter.com www.filterbypass.com cgi, php, glype . fnnc 1015 , , finance.yahoo.com , , , , www.bankofamerica.com , , , , , . " " . free 1068 www.freewarehome.com . www.shareware.com gamb 1049 , www.888.com , , www.gambling.com , , , . " " . "" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 450 URL URL URL Category(URL ) URL game 1007 , , www.games.com , , www.shockwave.com , , , , , (: ) . gov 1011 , , www.usa.gov / , www.law.com (: , , , , , , ), , , , , , , , , (: , , ), . hack 1050 , www.hackthissite.org www.gohacking.com . hate 1016 , , , www.kkk.com , , , , , www.nazi.org , , , , , , , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 451 URL URL URL Category(URL ) URL hlth 1009 , , www.health.com , , , , www.webmd.com , , , , , , ( ), /// ( ), , , , , , , ( ), . lol 1079 , , www.humor.com . www.jokes.com "" . ilac 1022 , , www.ekran.no , , , www.thedisease.net , , . ildl 1084 www.keygenguru.com www.zcrack.com , , . " " . drug 1047 , , www.cocaine.org . www.hightimes.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 452 URL URL URL Category(URL ) URL infr 1018 www.akamai.net , www.webstat.net . voip 1067 www.evaphone.com . www.skype.com job 1004 , www.careerbuilder.com , , www.monster.com , , . ling 1031 www.swimsuits.com . www.victoriassecret.com lotr 1034 , www.calottery.com . www.flalottery.com cell 1070 SMS( ), www.cbfsms.com www.zedge.net . " " . natr 1013 , , www.enature.com , , , , www.nature.org , , , , (, , , , , , ), (, , , , , , , , ), ( , , , , , , ), , , , , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 453 URL URL URL Category(URL ) URL news 1058 , , , TV www.cnn.com , , , news.bbc.co.uk . ngo 1087 , , , www.panda.org , www.unions.org . nsn 1060 , , www.artenuda.com , www.naturistsociety.com . comm 1024 , www.igda.org , , www.ieee.org . " " " " . osb 1066 , , www.adrive.com www.dropbox.com P2P(Peer-to-peer) . trad 1028 , www.tdameritrade.com www.scottrade.com , , , , , , , , IPO, . "" . "" . pem 1085 -- ( Outlook Web Access ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 454 URL URL URL Category(URL ) URL park 1092 www.domainzaar.com www.parked.com , " " . . p2p 1056 P2P(Peer-to-Peer) www.bittorrent.com . www.limewire.com . pers 1081 , www.karymullis.com , www.stallman.org , . img 1090 , , www.flickr.com www.photobucket.com . pol 1083 , , // www.politics.com / www.thisnation.com . porn 1054 www.redtube.com . www.youporn.com , , , , , , , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 455 URL URL URL Category(URL ) URL pnet 1089 www.linkedin.com . www.europeanpwn.net " " . rest 1045 , www.realtor.com , (: www.zillow.com , , , ) . ref 1017 / , , , www.wikipedia.org , , www.yellowpages.com . rel 1086 , www.religionfacts.com , www.religioustolerance.org . SaaS B2B saas 1080 , www.netsuite.com www.salesforce.com . kids 1057 kids.discovery.com www.nickjr.com . sci 1012 www.physorg.com , , , www.science.gov , , , , , , (, , ), (, ) . srch 1020 www.bing.com www.google.com . sxed 1052 , , , www.avert.org www.scarleteen.com . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 456 URL URL URL Category(URL ) URL shop 1005 , , www.amazon.com , www.shopping.com , , . snet 1069 . " www.facebook.com " . www.twitter.com socs 1014 , , , www.archaeology.org , , , , , www.anthropology.net , . scty 1010 , , , www.childcare.gov , , www.familysearch.org . swup 1053 www.softwarepatch.com www.versiontracker.com . sprt 1008 , www.espn.com , , , www.recreation.gov , , , , , , , . aud 1073 www.live-radio.net www.shoutcast.com . vid 1072 TV, , www.hulu.com www.youtube.com . tob 1078 , www.bat.com , ( www.tobacco.org ) . " " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 457 URL URL URL Category(URL ) URL trns 1044 , www.cars.com , www.motorcycles.com / , , / /RV( ) . , " " . trvl 1046 , , www.expedia.com , , www.lonelyplanet.com , , , , , , , . -- -- Cisco -- . URL . weap 1036 , , www.coldsteel.com , , www.gunbroker.com , , , . " " . whst 1037 , www.bluehost.com . www.godaddy.com tran 1063 babelfish.yahoo.com . translate.google.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 458 URL URL URL Category(URL ) URL mail 1038 mail.yahoo.com . www.hotmail.com " " . URL URL URL URL , 459 . URL URL URL URL . https://securityhub.cisco.com/web/submit_urls URL Status on Submitted URLs( URL ) . URL , URL . , , , , . , (System , Warning ) . . . , 964 . . · . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 459 URL URL AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 460 19 File Reputation Filtering and File Analysis( ) . · , 461 · , 465 · , 484 · , 487 · , 487 Advanced Malware Protection . · · · . . ( ) . · "" " "() Cisco AMP Virtual Virtual Private Cloud . , 466 . · Cisco AMP Threat Grid . , 467 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 461 File Reputation Filtering and File Analysis( ) . . AMP . . . Low Risk( ). , . . , 463 . · , 484 · , 487 . MIME " " . . " " . . " " "" . . : · "" . · workqueue . · . · . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 462 File Reputation Filtering and File Analysis( ) · ( , 463 ) workqueue . · ( , 463 ) ( , 479 ) . BE(Best Effort). . · . . . · , . 33: Advanced Malware Protection : · : HTTPS . · . · . . · Cisco AMP Threat Grid . , 462 . . ID . . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 463 File Reputation Filtering and File Analysis( ) Cisco . Cisco Advanced Malware Protection (https://www.cisco.com/c/en/us/support/security/email-security-appliance/ products-user-guide-list.html) . . Cisco . https://tools.cisco.com/RPF/register/register.do . Advanced Malware Protection . ( ) . File Analysis( ) SHA-256 . · , 468 · Advanced Malware Protection , 483 · , 464 · . , 463 . · . · . · ( ). · , . · . ( ). · . · 20 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 464 File Reputation Filtering and File Analysis( ) · 5 . · 200 . · 50MB . · . MIME (: /) . · SHA . . · . · "" . . Cisco AMP Threat Grid . · . Cisco Email Security Appliance "SenderBase " AMP . · , 466 · , 466 · , 467 · , 468 · ( ) , 475 · , 477 · , 479 · , 480 · , 482 · X- , 482 · , 482 · Advanced Malware Protection , 483 · Advanced Malware Protection , 483 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 465 File Reputation Filtering and File Analysis( ) · Advanced Malware Protection , 484 · Email Security Appliance . , Cisco AMP Threat Grid Appliance . · . · . Security Services( ) > File Reputation and Analysis( ) . · . In/Out 32137( ) 443 TCP . 443 TCP . Out Security Services( ) , > Anti-Malware and Reputation( ), . Out . Security Services( ) > Anti-Malware and Reputation( ), Advanced() . Cisco AMP Virtual Private Cloud Appliance : · http://www.cisco.com/c/en/us/support/security/fireamp-private-cloud-virtual-appliance/tsd-products-support-series-home.html FireAMP Private Cloud Cisco Advanced Malware Protection Virtual Private Cloud Appliance . . AMP Virtual Private Cloud Appliance Help() . · "" "Air-Gap"(-) Cisco AMP Virtual Private Cloud Appliance . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 466 File Reputation Filtering and File Analysis( ) · Cisco AMP Virtual Private Cloud Appliance 2.2 . Cisco Email Security Appliance . · Email Security Appliance AMP Virtual Private Cloud · Email Security Appliance . Email Security Appliance , 468 6 . Cisco AMP Threat Grid : · Cisco AMP Threat Grid Cisco AMP Threat Grid . Cisco AMP Threat Grid Appliance http://www.cisco.com/c/en/us/support/security/amp-threat-grid-appliances/products-installation-guides%20-list.html . . AMP Threat Grid Help() . Cisco , CSA(Cisco Sandbox API), ESA(Email Security Appliance), . · Cisco AMP Threat Grid . · Cisco AMP Threat Grid Appliance 1.2.1 Cisco Email Security Appliance . AMP Thread Grid . · . Cisco Email Security Appliance AMP Threat Grid Appliance CLEAN . · : Email Security Appliance Cisco AMP Threat Grid Appliance SSL . AMP Threat Grid SSL . AMP Threat Grid CN . AMP Threat Grid . · , 468 Email Security Appliance Threat Grid Appliance . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 467 File Reputation Filtering and File Analysis( ) · . · , 466 . · . · Cisco AMP Virtual Private Cloud Appliance , 466 . · Cisco AMP Threat Grid Appliance , 467 . 1 2 3 Security Services( ) > File Reputation and Analysis( ) . Edit Global Settings( ) . Enable File Reputation Filtering( ) Enable File Analysis( ) . · Enable File Reputation Filtering( ) URL File Reputation Server( )(6) . · , Enable File Analysis( ) File Analysis Server URL( URL)(7) URL , . . 4 5 . File Analysis( ) (: "Microsoft ") . . , 463 Cisco . . Other potentially malicious file types( ) . . 6 Advanced Settings for File Reputation( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 468 File Reputation Filtering and File Analysis( ) . . . · - Cisco AMP Virtual Private Cloud Appliance IP . · - . . Upload File( ) . . AMP for Endpoints Register the Appliance with AMP for Endpoints(AMP for Endpoints ) AMP for Endpoints Console . AMP for Endpoints Console , 472 . SSL 32137 443 Use SSL(Port 443)(SSL ( 443)) . SSH Cisco AMP Virtual Private Cloud Appliance . 32137 SSL . . , . Use SSL (Port 443)(SSL ( 443)) Relax Certificate Validation( ) . , . Advanced Settings for File Reputation( ) SSL Communication for File Reputation( SSL ) Use SSL (Port 443)(SSL ( 443)) CLI certconfig > CERTAUTHORITY > CUSTOM Network() > Certificates()( ) AMP CA . (Configuration() > SSL > Cloud server( ) > download( )). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 469 File Reputation Filtering and File Analysis( ) ping (). . . · (60) · Enter Custom Value( ) - 60. ID (). (). ( ) ID. , , Suppress the retrospective verdict alerts( ) . Cisco . 7 Advanced Settings for File Analysis( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 470 File Reputation Filtering and File Analysis( ) URL Private analysis cloud( )(URL) . . . Cisco AMP Threat Grid . · - URL. · TG - Cisco AMP Threat Grid IPv4 . 7 Cisco AMP Threat Grid . Cisco AMP Threat Grid . . · Certificate Authority( ) Use Cisco Default Certificate Authority(Cisco ) Use Uploaded Certificate Authority( ) . Use Uploaded Certificate Authority( ) Browse() . . ID Cisco AMP Threat Grid , Cisco AMP Threat Grid (: https://panacea.threatgrid.eu) . Cisco AMP Threat Grid Cisco TAC . ( ) ID. 8 9 ( ) Cache Settings( ) . Threshold Settings( ) . . . · Use value from Cloud Service (95)( (95) ) · Enter Custom Value( ) - 95 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 471 AMP for Endpoints Console File Reputation Filtering and File Analysis( ) 10 . 11 Cisco AMP Threat Grid AMP Threat Grid . "" AMP Threat Grid . a) ID . "" . b) AMP Threat Grid . c) Welcome...(...) > Manage Users( ) User Details( ) . d) Email Security Appliance ID "" . e) "" . AMP for Endpoints Console AMP for Endpoints Console AMP for Endpoints Console . · . · SHA . · . · SHA . · . · . · . · . · . · SHA . AMP for Endpoints Console , . SHA SHA AMP for Endpoints Console SHA . SHA AMP for Endpoints Console SHA . Advanced Malware Protection Incoming Malware Files by Category( ) Custom Detection( ) AMP for Endpoints Console SHA . SHA Incoming Malware Threat Files( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 472 File Reputation Filtering and File Analysis( ) AMP for Endpoints Console Simple Custom Detection( ) . More Details( ) AMP for Endpoints Console SHA . AMP for Endpoints Console . AMP for Endpoints Console Cisco TAC . . , 468 . 1 Security Services( ) > File Reputation and Analysis( ) . 2 Edit Global Settings( ) . 3 File Reputation and File Analysis( ) Advanced Settings for File Reputation( ) Register Appliance with AMP for Endpoints(AMP for Endpoints ) . Register the Appliance with AMP for Endpoints(AMP for Endpoints ) AMP for Endpoints Console . 4 AMP for Endpoints Console . 5 AMP for Endpoints Allow() . Allow() File Reputation and Analysis( ) . AMP for Endpoints Console Integration(AMP for Endpoints Console ) . AMP for Endpoints Console . : · AMP for Endpoints Console Accounts() > Applications() AMP for Endpoints Console . AMP for Endpoints Console Applications() . · ( ) ( ) . SHA . AMP for Endpoints SHA https://console.amp.cisco.com/docs AMP for Endpoints . · AMP for Endpoints Console , Advanced Settings for File Reputation( ) Deregister( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 473 AMP for Endpoints File Reputation Filtering and File Analysis( ) https://console.amp.cisco.com/ AMP for Endpoints Console . https://console.amp.cisco.com/docs AMP for Endpoints . AMP for Endpoints Console . AMP for Endpoints Console . SHA SHA AMP for Endpoints Console . AMP for Endpoints AMP for Endpoints . AMP for Endpoints . AMP for Endpoints Console . AMP for Endpoints Console Cisco TAC . 1 2 3 4 5 6 7 8 . Security Services > File Reputation and Analysis( ) . Centralized Management Options( ) Manage Settings( ) . Copy settings to( ): ' ' . Submit() . . File Reputation and Analysi( ) Edit Global Settings( ) . File Reputation and File Analysis( ) Advanced Settings for File Reputation( ) Register Appliance with AMP for Endpoints(AMP for Endpoints ) . Register the Appliance with AMP for Endpoints(AMP for Endpoints ) AMP for Endpoints Console . 9 AMP for Endpoints Console . 10 AMP for Endpoints Allow() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 474 File Reputation Filtering and File Analysis( ) ! Allow() File Reputation and Analysis( ) . AMP for Endpoints Console Integration(AMP for Endpoints Console ) . AMP for Endpoints . 11 File Reputation and Analysi( ) Submit() . 12 Centralized Management Options( ) Manage Settings( ) . 13 Delete settings from( ): . 14 Submit() . 15 . 16 AMP for Endpoints 1~15 . 17 AMP for Endpoints . AMP for Endpoints . . AMP for Endpoints . ! . · . . · . AMP . . Cisco AMP Thread Grid ( http://www.cisco.com/c/en/us/support/security/amp-threat-grid-appliances/products-installation-guides -list.html) . ( ) . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 475 ? File Reputation Filtering and File Analysis( ) 1 Security Services > File Reputation and Analysis( ) . 2 Appliance Grouping for File Analysis Cloud Reporting( ) File Analysis Group ID( ID) . · . · ID / . · ID . ID . · ID Cisco TAC . · . · . · . · . 3 Group Now( ) . ? 1 Security Services > File Reputation and Analysis( ) . 2 Appliance Grouping for File Analysis Cloud Reporting( ) View Appliances( ) . 3 ID . ID Email Security Appliance Security Services( ) > File Reputation and Analysis( ) Advanced Settings for File Analysis( ) Web Security Appliance Security Services > Anti-Malware and Reputation( ) Advanced Settings for File Analysis( ) Security Management Appliance Management Appliance( ) > Centralized Services( ) > Security Appliances( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 476 File Reputation Filtering and File Analysis( ) 1 Mail Policies( ) > Incoming Mail Policies( ) Mail Policies( ) > Outgoing Mail Policies( ) . 2 Advanced Malware Protection . 3 . · Cisco AMP Threat Grid Appliance Enable File Analysis( ) . · . . · : · · RFC . · 200 · 5 · · - . · AMP : · . · . · · · AMP . · · · · . · mbox amparchive . AMP Archive(amparchive) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 477 File Reputation Filtering and File Analysis( ) · (: [: ]) · · Yes() . · . Yes() . · . · . , . · mbox amparchive . AMP Archive(amparchive) . · (: [: ]) · · AsyncOS . . · · mbox amparchive . AMP Archive(amparchive) . · · (: [: ]) · · Yes() . · . Yes() . · AsyncOS . . · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 478 File Reputation Filtering and File Analysis( ) · mbox amparchive . AMP Archive(amparchive) . · (: [: ]) · · Yes() . · . Yes() . · ( ) . Enable Mailbox Auto Remediation( ) . · . (: ) . · . . · . . Office 365 (: ) . Mailbox Auto Remediation( ) . Office 365 , 561 4 . workqueue . . . 1 Mail Policies( ) > Incoming Mail Policies( ) Mail Policies( ) > Outgoing Mail Policies( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 479 File Reputation Filtering and File Analysis( ) 2 Advanced Malware Protection . 3 Messages with File Analysis Pending( ) Action Applied to Message( ) Quarantine() . . , 480 . 4 ( ) . · mbox amparchive . AMP Archive(amparchive) . · (: [: ]) · 4 . · . · . · . 5 . , 480 · , 480 · , 481 1 Monitor() > Policy, Virus, and Outbreak Quarantines(, , ) . 2 File Analysis( ) . 3 . 1 . 4 AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 480 File Reputation Filtering and File Analysis( ) 5 Retention Period( ) Free up space by applying default action on messages upon space overflow( ) . 6 Default Action( ) Release() . . , . ASCII RFC 2047 . X-Header X-Header . . . : = Inappropriate-release-early Value = True . 7 . . . . . 8 . 1 Monitor() > Policy, Virus, and Outbreak Quarantines(, , ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 481 File Reputation Filtering and File Analysis( ) 2 . 3 . · Delete · · · Cisco Email Security Appliance " , " . X- X- . X- . / . (/ ) X-Amp-Result Unscannable( ) X-Amp-Original-Verdict . . X-Amp-File-Uploaded "". X- . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 482 File Reputation Filtering and File Analysis( ) Advanced Malware Protection Advanced Malware Protection , Advanced Malware Protection . . . Advanced Malware Protection Advanced Malware Protection . . ( ) Cisco AMP Threat Grid Appliance . , 468 ( ) AMP . . AMP watchdog AMP . . AMP AMP . . AMP . AMP . · , 488 · , 487 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 483 Advanced Malware Protection File Reputation Filtering and File Analysis( ) Advanced Malware Protection Security Management Appliance Advanced Malware Protection . · SHA-256 , 484 · , 485 · , 486 · Message() Advanced Malware Protection , 486 SHA-256 (SHA-256) . SHA-256 . SHA-256 . SHA-256 ( AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 484 File Reputation Filtering and File Analysis( ) AMP(Advanced Malware Protection) . AMP . Advanced Malware Protection . SHA Advanced Malware Protection . Incoming Malware Files by Category( ) Custom Detection( ) AMP for Endpoints Console SHA . AMP for Endpoints Console SHA Incoming Malware Threat Files( ) Simple Custom Detection( ) . Incoming Malware Threat Files( ) Custom Threshold( ) . More Details( ) AMP for Endpoints Console SHA . AMP . Advanced Malware Protection ( ) . Cisco AMP Threat Grid "" . AMP Threat Grid . 1,000 .csv . . SHA Cisco AMP Threat Grid AMP Threat Grid SHA . SHA . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 485 File Reputation Filtering and File Analysis( ) Advanced Malware Protection . , 462 . 1,000 .csv . SHA-256 . SHA-256 SHA-256 SHA-256 . . Detected by Advanced Malware Protection(Advanced Malware Protection /)" . Columns() . Message() Advanced Malware Protection Message() . · . Advanced( ) Message Event( ) Advanced Malware Protection Positive . · Message() . , . . · SHA-256 · Advanced Malware Protection · · AMP . Message() . () SHA-256 . · . . Reporting() Monitor() > File Analysis( ) SHA-256 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 486 File Reputation Filtering and File Analysis( ) . . Message() . 1 AMP . 2 SHA-256 . 3 . 4 SHA-256 . , 462 · , 487 · , 488 · , 488 · API ( ) , 488 · , 489 · , 489 : · AMP amp . · Retrospective . · VRT sandboxing . Advanced Malware Protection AMP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 487 File Reputation Filtering and File Analysis( ) AMP . "Response received for file reputation query( )" "upload action( )" . · 0: . · 1: · 2: . "Disposition()" . · 1: ( ) · 2: · 3: Spyname . . . . ( .) · , 466 . · . · . Security Services( ) > File Reputation and Analysis( ) . Advanced() . API ( ) Email Security Appliance AMP Threat Grid API . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 488 File Reputation Filtering and File Analysis( ) AMP Threat Grid AMP Threat Grid ( ). . · AMP Threat Grid Appliance . · Email Security Appliance . · AMP Threat Grid API . AMP Threat Grid Appliance . · , 468 . . . · . . . . · . · . . . · , AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 489 File Reputation Filtering and File Analysis( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 490 20 . · , 491 · , 493 · , 493 · DLP( ) , 494 · , 494 · , 512 · DLP , 517 · DLP , 518 · DLP , 519 · Data Loss Prevention , 520 DLP(Data Loss Prevention) , . DLP , . · DLP , 492 · , 492 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 491 DLP DLP 1. Email Security Appliance . "" . . 2. Email Security Appliance DLP DLP " " . . DLP , 57 . 3. DLP , 492 , . . 4. . , , 512 . . , Email Security Appliance . . DLP . ( ) , , (: ) DLP . . , ((Visa, AMEX ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 492 DLP , DLP . DLP , . 0~100 . DLP . (: Critical Low) , DLP . C-Series X-Series (D-Mode ). . 1 DLP . DLP( ) , 494 2 , 512 . . 3 DLP . . · · · DLP , 496 · DLP , 497 · DLP () , 498 4 DLP DLP DLP , 510 DLP DLP . 5 DLP , 269 . . DLP / DLP , 509 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 493 DLP( ) 6 DLP DLP DLP , 511 . 7 DLP . · DLP , 517 · , 898 DLP( ) 1 Security Services( ) > Data Loss Prevention( ) . 2 Enable() . 3 Accept() . DLP . 4 Data Loss Prevention Global Settings( ) Enable Data Loss Prevention( ) . 5 ( ) . . 6 . , 493 . · DLP , 517 · DLP , 496 · DLP , 518 · DLP , 495 · DLP , 495 · DLP , 496 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 494 DLP · DLP , 497 · DLP () , 498 · , 499 · DLP , 509 · , 510 · DLP , 510 · DLP , 511 · DLP , 512 DLP DLP . · · . · . , . , 499 . · . DLP , 509 . · . DLP , 509 . · . , 510 . DLP . DLP DLP . . · Regulatory Compliance( ). , . · Acceptable Use( ). , . · Privacy Protection( ). , ID . · Intellectual Property Protection( ). . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 495 DLP · Company Confidential( ). . · Custom Policy( ). "" . , . . DLP DLP DLP . DLP DLP DLP . . · DLP . DLP DLP . · , , . , 503 . 1 Security Services( ) > Data Loss Prevention( ) . 2 Edit Settings( ) . 3 Enable and configure DLP using the DLP Assessment Wizard(DLP DLP ) . 4 Submit() . 5 . . · PII(personally identifying information) (California SB-1386) . . · DLP Incident Summary . · , . . · DLP Outgoing Mail Policies( ) . DLP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 496 DLP 6 . · ( ) DLP , , , Mail Policies( ) > DLP Policy Manager(DLP ) . DLP , 497 , DLP () , 498 , 510 . · ( ) DLP DLP , 511 . · DLP , 497 · DLP () , 498 DLP 1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Add DLP Policy(DLP ) . 3 DLP . Display Policy Descriptions( ) . 4 DLP Add() . 5 ( ) . 6 , ( ) . . , 499 , 503 . . 7 ( ) , , DLP . DLP , 509 . . 8 Severity Settings( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 497 DLP () · . , 510 . · ( ) Edit Scale( ) . , 510 . 9 . · DLP , 496 · DLP () , 498 DLP () . DLP . DLP , . , DLP . : . DLP , 502 . . 1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Add DLP Policy(DLP ) . 3 Custom Policy( ) . 4 Custom Policy( ) Add() . 5 . 6 DLP . a) . b) Add() . · Create a Classifier( ) DLP , 502 . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 498 c) ( ) . , NOT . d) : . 7 ( ) , , DLP . DLP , 509 . . 8 Severity Settings( ) · . , 510 . · ( ) Edit Scale( ) . , 510 . 9 . · DLP , 496 · DLP , 497 , . . . . . . HIPAA HITECH DLP . . 123-CL456789 [0-9]{3}\-[A-Z]{2}[0-9]{6} . "Patient ID" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 499 . . "Patient ID" DLP DLP . DLP DLP RSA . . DLP . · , 500 · DLP , 502 · ( DLP ) , 503 · , 503 · DLP ( DLP ) , 505 · , 506 · , 508 . · , 500 · US Social Security Number( ), 501 · ABA , 501 · () , 501 · NPI(National Provider ID)(), 501 · (), 502 · (), 502 DLP Credit Card Number( ) . , , . . . : · 378734493671000( ) · 378734493671000 VISA() · 378734493671000 : 12/2019() AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 500 US Social Security Number( ) US Social Security Number( ) US Social Security Number( ) , , SSN . : · 321-02-3456( ) · SSN: 132-45-6788() ABA ABA Routing Number(ABA ) Credit Card Number( ) . : · 119999992( ) · ABA No. 800000080() () US Drivers License( ) . , . California AB-1298 Montana HB-732 . , . : · CA DL# C3452362( ) · California DL# C3452362() · DL: C3452362( ) · California C3452362( ) · OR DL# C3452362() · OR DL# 3452362(Oregon ) · WV DL# D654321(West Virginia ) · WV DL# G654321() NPI(National Provider ID)() US National Provider Identifier( NPI) 10 NPI(National Provider Identifier) . : · NPI No. 1245319599(NPI ) · NPI No. 1235678996(NPI ) · 3459872347( ) · NPI: 3459872342( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 501 () () FERPA(Family Educational Rights and Privacy Act) DLP Student Records( ) . Student Identification Number( ) ID . : · : CHEM101, ECON102, MATH103() () SOX(Sarbanes-Oxley) Corporate Financials( ) . : 2016 6 30 , . () DLP DLP . 1 DLP . : · , 499 · , 500 2 Mail Policies( ) > DLP Policy -- Customizations(DLP ) Add Custom Classifier( ) . . 3 . , 506 . 4 : . · ( · DLP ) , 503 · · DLP ( DLP ) · , 505 · · , 503 5 ( ) Add Rule( ) Weight() Max Score( ) . , 506 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 502 ( DLP ) 6 Rules() . (All) (Any) . 7 . -- DLP . DLP () , 498 . · , 508 ( DLP ) DLP . . · . . . · . . . , 503 , 505 . · . . . DLP ( DLP ) , 505 . · . , , , ABA . Mail Policies( ) > DLP Policy Manager(DLP ) Add DLP Policy(DLP ), Privacy Protection( ), Display Policy Descriptions( ) . . ( , ID) . Perl Compatible Regular Expression(PCRE2) DLP . DLP PCRE2 . / , (: [a-zA-Z]) . . (: 8 ) 8 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 503 . (abc) . ACC ACCOUNT ACCT . [] . . [a-z] a z , [a-zA-Z] A Z . [xyz] x, y z . (\) \d . , \$ , \^ . \d . : . "" 2 . (0-9) . {} . \d 5 55 . \d{2} 55 5 . \D . {} . \w (a-z, A-Z, 0-9 _). {min,max} . " \d{8}" 12345678 11223344 8 . (|) "or" . A B "A|B" "A" "B" . . "foo|bar" foo bar foobar . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 504 · , 505 . · 8 : \d{8} · : \d{3}-\d{4}-\d · : [a-zA-Z]\d{7} · 3 9 : \d{3}[A-Z]{9} · | : \d{3}[A-Z]{9}|\d{2}[A-Z]{9}-\d DLP ( DLP ) AsyncOS . DLP DLP . DLP . · DLP (Custom DLP Dictionaries) , 505 · DLP , 505 DLP , 506 · Email Security Appliance DLP , 506 DLP , 506 . DLP (Custom DLP Dictionaries) 1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Advanced Settings( ) Custom DLP Dictionaries( DLP ) . 3 Add Dictionary( ) . 4 . 5 ( ) . / ASCII . . 6 Add() . 7 . DLP . . / ASCII . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 505 DLP DLP DLP . 1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Advanced Settings( ) Custom DLP Dictionaries( DLP ) . 3 Export Dictionary( ) . 4 . 5 . 6 ( ) . 7 . 8 Submit() . DLP Email Security Appliance DLP . 1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 Advanced Settings( ) Custom DLP Dictionaries( DLP ) . 3 Import Dictionary( ) . 4 . 5 . 6 Next() . "Success()" Add Dictionary( ) . . 7 . 8 . DLP . DLP . 0 . 100 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 506 DLP DLP . DLP . , 510 . SOX(Sarbanes-Oxley) , "75" . DLP DLP . · Proximity(). . , . · Minimum Total Score( ). DLP . . · Weight(). "" . . 10 2 20. . · Maximum Score( ). . · Minimum Score( ). DLP Policy Customizations(DLP ) Custom Classifiers Settings( ) Use recommended minimum scores for entity-based rules( ) . ( DLP ), 508 . . . . 10~100 (10~10,000) . 39: 10 18 20 28 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 507 ( DLP ) 30 33 50 41 100 50 150 56 300 65 500 72 1000 82 10000 100 ( DLP ) 1 Mail Policies( ) > DLP Policy Customizations(DLP ) . 2 Custom Classifiers Settings( ) Use recommended minimum scores for entity-based rules( ) . . , 10 5 5 10 50 . 10 . Use recommended minimum scores for entity-based rules( ) . 3 Submit() . . DLP , 502 . 1 Mail Policies( ) > DLP Policy Customizations(DLP ) . 2 Custom Classifiers( ) Custom Classifiers( ) Policies() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 508 DLP · DLP , 502 DLP DLP . DLP . · : [email protected] · : user@ · : @example.com · : @.example.com . AsyncOS , DLP . , . DLP , DLP . DLP . , . AsyncOS . DLP . DLP . , 293 , 137 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 509 DLP DLP DLP . (: Low Critical) . ( Ignore ). . · , 510 . . 90~100 Critical(). . DLP Critical() 75~100 . 1 Mail Policies( ) > DLP Policy Manager(DLP ) . 2 . 3 Severity Settings( ) Edit Scale( ) . 4 . 5 Done() . 6 Severity Scale( ) . 7 Submit() . · , 510 DLP DLP DLP DLP . 1 DLP Policy Manager(DLP ) Edit Policy Order( ) . 2 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 510 DLP 3 . DLP · DLP , 511 · DLP , 511 DLP . , 493 . DLP . 1 Mail Policies( ) > Outgoing Mail Policies( ) . 2 Default Policy( ) DLP Disabled() . 3 Enable DLP (Customize Settings)(DLP ( )) . 4 DLP . 5 . DLP . DLP , 511 . DLP DLP . DLP . DLP . DLP , 511 . 1 Mail Policies( ) > Outgoing Mail Policies( ) . 2 DLP . 3 DLP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 511 DLP 4 . 5 . 6 . , 493 . DLP DLP . DLP DLP . DLP . DLP Email Security Appliance . . . · · · . · . ID . DLP , DLP . . · . . . · DLP . · . · . · (bcc). ( DLP .) · DLP DLP . DLP , 515 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 512 DLP ( ) . DLP . . DLP , . · DLP ( ) , 513 · , 514 · DLP , 515 DLP ( ) · DLP ( ) . Email Security Appliance Security Management Appliance . , , , 847 . · . Cisco Email Encryption, 521 . · DLP Mail Policies( ) > Text Resources( ) . , 625 . · DLP DLP . DLP , 515 . 1 Mail Policies( ) > DLP Policy Customizations(DLP ) . 2 Message Actions( ) Add Message Action( ) . 3 . 4 . 5 DLP , . . ID . 6 Enable Encryption( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 513 · Encryption Rule( ). , TLS . · Encryption Profile( ). Cisco IronPort Encryption Appliance . · Encrypted Message Subject( ). . $Subject . 7 Quarantine() DLP . 8 Advanced() . · · · · (bcc) · DLP 9 . 1 Mail Policies( ) > DLP Policy Customizations(DLP ) . 2 Message Actions( ) . Actions( ) Policies() . Actions( ) Description() . . . DLP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 514 DLP Duplicate() . , . 3 . DLP . DLP DLP . · DLP , 515 . . 1 Mail Policies( ) > Text Resources( ) . 2 Add Text Resource( ) . 3 Type() DLP Notification Template(DLP ) . DLP . 4 . . DLP DLP DLP . · DLP , 515 DLP DLP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 515 DLP $DLPPolicy DLP . $DLPSeverity . "Low," "Medium," "High" "Critical." $DLPRiskFactor ( 0~100). $To To: (Envelope Recipient ). $From From: (Envelope Sender ). $Subject . $Date MM/DD/YYYY . $Time ( ). $GMTimestamp Received: GMT . $MID MID(Message ID) . RFC822 "Message-Id" ( $Header ). $Group . ">Unknown<" . $Reputation SenderBase Reputation . "None" . $filenames . $filetypes . $filesizes . $remotehost Cisco . $AllHeaders . $EnvelopeFrom Envelope Sender( )(Envelope From, <MAIL FROM>) . $Hostname Cisco . $bodysize ( ). $header[`string '] . . $remoteip Cisco IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 516 DLP $recvlistener . $dropped_filenames $filenames , . $dropped_filename . $recvint . $timestamp Received: ( ). $Time ( ). $orgid SenderBase Organization ID( ) . $enveloperecipients Envelope Recipients( )(Envelope To, <RCPT TO>) . $dropped_filetypes $filetypes , . $dropped_filetype . DLP DLP DLP . . . . , 837 . 1 Security Services( ) > Data Loss Prevention( ) . 2 Edit Settings( ) . 3 Enable Matched Content Logging( ) . 4 . . , 898 . · , 842 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 517 DLP DLP Cisco DLP . · DLP , 518 · DLP , 518 · ( ) , 518 · () DLP , 519 DLP 1 Security Services( ) > Data Loss Prevention( ) . 2 Current DLP Version Files( DLP ) . dlpstatus CLI DLP . CLI Reference Guide for AsyncOS for Cisco Email Security Appliances . DLP . · ( ) () DLP , 519 1 Security Services( ) > Data Loss Prevention( ) . 2 Current DLP Version Files( DLP ) Update Now( ) . . dlpupdate CLI DLP . CLI Reference Guide for AsyncOS for Cisco Email Security Appliances . ( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 518 () DLP Cisco . DLP . DLP . · Security Settings( ) > Service Updates( ) . · () DLP , 519 . 1 Security Services( ) > Data Loss Prevention( ) . 2 Edit Settings( ) . 3 Enable automatic updates( ) . 4 . () DLP . · DLP . · DLP , DLP . · DLP dlpstatus CLI . DLP Security Management Appliance . DLP , , 837 . DLP , . DLP , , 858 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 519 Data Loss Prevention DLP , 793 DLP . DLP , 793 DLP . · DLP , 517 · , 898 Data Loss Prevention · DLP , 520 DLP DLP DLP . . · DLP . DLP . · DLP . · . DLP () , 498 . · DLP . , 510 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 520 21 Cisco Email Encryption . · Cisco Email Encryption , 521 · , 522 · Email Security Appliance , 523 · , 528 · , 531 Cisco Email Encryption AsyncOS . . . · Cisco Registered Envelope Service( ) · Cisco Encryption Appliance( ) , , . 1. Email Security Appliance . 2. , . 3. (, C-Series CRES ) . TLS . TLS , 529 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 521 Cisco Email Encryption 40: 1 2 3 4 5 6 7 8 Cisco IronPort Encryption Appliance , 15 . . . Email Security Appliance , 524 . . , 524 . , 528 . . . · , 529 . · , 530 . ( ) , 531 . . . . , 269 . . . , 269 . · , 522 Cisco Email Security Appliance . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 522 Cisco Email Encryption 34: Email Security Appliance . 1. . Email Security Appliance (Cisco Registered Envelope Service) . 2. . 3. ID . . . . , . 4. . Email Security Appliance Email Security Appliance . encryptionconfig CLI GU Security Services( ) > Cisco IronPort Email Encryption . PXE S/MIME AsyncOS S/MIME , PXE . · Email Security Appliance , 524 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 523 Email Security Appliance Cisco Email Encryption · , 524 · , 527 · PXE , 528 Email Security Appliance 1 Security Services( ) > Cisco IronPort Email Encryption . 2 Enable() . 3 ( ) Edit Settings( ) . · . Cisco 10MB. 25MB. 10MB . Cisco Registered Envelope Service , 10MB . · . . · . . . , , . (: 'confidential') , . , DLP . DLP , . DLP . , 893 . . PXE . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 524 Cisco Email Encryption · . . · . , , , , . · . Reply All( ) . · . , HTML . , . . , 636 , 634 . 1 2 3 Email Encryption Profiles( ) Add Encryption Profile( ) . . Used By (Roles)(()) , OK() . DLP . 4 Key Server Settings( ) . · Cisco Encryption Appliance() · Cisco Registered Envelope Service( ) 5 Encryption Appliance( ) . · Internal URL( URL). URL Cisco Email Security Appliance Cisco Encryption Appliance . · External URL( URL). URL Cisco Encryption Appliance . URL HTTP HTTPS . 6 7 Cisco Registered Envelope Service URL . URL https://res.cisco.com. Key Server Settings( ) Advanced() , HTTP HTTPS . . · Use the Key Service with HTTP(HTTP ). HTTP . Cisco Registered Envelope Service 6 URL. Cisco Encryption Appliance 5 URL . · HTTP HTTPS . HTTPS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 525 Cisco Email Encryption · Use the Key Service with HTTPS(HTTPS ). HTTPS . Cisco Registered Envelope Service 6 URL. Cisco Encryption Appliance 5 URL . · Specify a separate URL for payload transport( URL ). URL , HTTP HTTPS . 8 Envelope Settings( ) . · High Security( ). . · Medium Security( ). Credential Credential . · . . . , . 9 URL . . · No link( ). . · Custom link URL( URL). URL . 10 ( ) . (receipt) . 11 ( ) Edit Settings( ) Advanced() . · () . . · . · ARC4. ARC4 , . · AES. AES , . AES . · . . . . 12 Message Settings( ) . · Enable Secure Reply All( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 526 Cisco Email Encryption · Enable Secure Message Forwarding( ) . 13 ( ) Cisco Registered Envelope Service . Notification Settings( ) Use Localized Envelope( ) . HTML . , 527 . 14 HTML . HTML . . . a) HTML . HTML . . b) . . . . 15 . . 16 . . . 17 . 18 Cisco Registered Envelope Service . . Provision() . . Cisco Registered Envelope Service . · · · · · · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 527 PXE Cisco Email Encryption · Key Service Type( ) Cisco Registered Envelope Service . , 524 . · Cisco Registered Envelope Service . 1 Security Services( ) > Cisco IronPort Email Encryption . 2 . 3 Notification Settings( ) Localized Envelopes( ) . 4 Submit() . 5 Commit Changes( ) . PXE Cisco Email Encryption Settings(Cisco Email Encryption ) PXE Domain Mappings . Email Security Appliance PXE Security Services > Service Updates( ) ( CLI updateconfig ) . , 945 . IronPort Email Encryption Settings(IronPort Email Encryption ) ( CLI encryptionupdate ) PXE Engine Updates(PXE ) Update Now( ) . . , . Cisco Email Security Appliance . . . DLP ( ) , 513 . · TLS , 529 · , 529 · , 530 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 528 Cisco Email Encryption TLS TLS TLS , Email Security Appliance TLS . TLS (Required(), Preferred( ) None()) TLS . TLS TLS . TLS Email Security Appliance TLS . 41: ESA TLS TLS None TLS TLS TLS Preferred(TLS ) TLS TLS Required(TLS ) TLS / TLS , 69 . · , 283 . · ( ) , 531 . 1 2 3 4 5 6 7 Mail Policies( ) > Outgoing Content Filters( ) . Add Filter( ) . Conditions() Add Condition( ) . . (: "Confidential") . OK() . , Add Action( ) Add Header( ) . Actions() Add Action( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 529 Cisco Email Encryption 8 Add Action( ) Encrypt and Deliver Now (Final Action)( ( )) . 9 , TLS . 10 . , , . . 11 . 12 OK() . ABA . . 35: 13 Submit() . 14 . . , . , 269 . . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 530 Cisco Email Encryption · , 283 . · ( ) , 531 . 1 Mail Policies( ) > Outgoing Content Filters( ) . 2 Add Filter( ) . 3 Conditions() Add Condition( ) . 4 . (: "Confidential") . 5 OK() . 6 , Add Action( ) Add Header( ) . 7 Actions() Add Action( ) . 8 Add Action( ) Encrypt on Delivery( ) . 9 , TLS . 10 . , , . . 11 . 12 OK() . 13 Submit() . 14 . . , . , 269 . AsyncOS SMTP . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 531 Cisco Email Encryption Cisco Ironport Encryption Appliance . 1 Mail Policies( ) > Outgoing Content Filters( ) Incoming Content Filters( ) . 2 Filters() Add Filter( ) . 3 Actions() Add Action( ) Add Header( ) . Registered Envelope( ) 24 X-PostX-ExpirationDate, +24:00:00 . · , 532 · , 534 · , 529 . · , 137 . . 42: MIME Reply() . X-PostX-Reply- Enabled Reply() . true . . false. X-PostX-Reply-AllEnabled " " Reply All( ) Reply() . true . . false. . X-PostX-ForwardEnabled Forward() . Forward() true . . . false. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 532 Cisco Email Encryption MIME X-PostX-Send-ReturnReceipt . . (receipt) true . false . . . Registered Envelope( ) . X-PostX-Expiration Date . , , +HH:MM:SS . +D . . . . Cisco Registered Envelope Service (http://res.cisco.com) , , . Registered Envelope( ) " . X-PostX-ReadNotification " . , , +HH:MM:SS Date +D . Cisco Registered . . Envelope Service . . . . X-PostX-Suppress-Applet- true . For-Open . false. . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 533 Cisco Email Encryption MIME X-PostX-Use-Script JavaScript . JavaScript JavaScript . JavaScript false JavaScript . true. Registered Envelope( ). Open Online( ) Open by Forwarding( ) . JavaScript . . . X-PostX-Remember-Envelope -Key-Checkbox . "Remember the password for this envelope( )" "Remember the password for this envelope( . false. )" . . . . · JavaScript , 535 · , 534 · , 535 · , 535 . X-PostX-Remember-Envelope-Key-Checkbox: true "Remember the password for this envelope( )" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 534 Cisco Email Encryption JavaScript JavaScript JavaScript . X-PostX-Use-Script: false securedoc.html Open Online( ) Open() . 24 . X-PostX-ExpirationDate: +24:00:00 24 . . . X-PostX-Suppress-Applet-For-Open: true . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 535 Cisco Email Encryption AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 536 22 S/MIME . · S/MIME , 537 · Email Security Appliance S/MIME , 537 · S/MIME , , 540 · S/MIME , , 551 · S/MIME , 556 · , 558 S/MIME S/MIME(Secure/Multipurpose Internet Mail Extensions) . S/MIME / . · . · ID . S/MIME RFC . · RFC 5750: S/MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - · RFC 5751: MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - · RFC 3369: Email Security Appliance S/MIME S/MIME . Email Security Aappliance S/MIME (, , ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 537 S/MIME S/MIME Email Security Aappliance B2B(Business-to-Business) B2C(Business-to-Consumer) S/MIME . · S/MIME , S/MIME , , 540 . · S/MIME , S/MIME , , 551 . · S/MIME , 538 S/MIME · : Business-to-Business, 538 · : Business-to-Consumer, 539 : Business-to-Business A B S/MIME . A S/MIME Email Security Appliance . A S/MIME . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 538 S/MIME : Business-to-Consumer B S/MIME . S/MIME (Email Security Appliance ) . A B . 1. Bob( A) Dave( B) . 2. A Email Security Appliance B . 3. B . 4. Dave . B A . 1. Dave( B) Bob( A) . 2. B A . 3. A Email Security Appliance . 4. Bob . : Business-to-Consumer AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 539 S/MIME , S/MIME A B S/MIME . A S/MIME Email Security Appliance . B S/MIME . A B . 1. Alice( A) Erin( B) . 2. A Email Security Appliance B . 3. B Erin . B A . 1. Erin( B) Alice( A) . 2. A Email Security Appliance . 3. Alice . S/MIME , · Email Security Appliance S/MIME , 540 · S/MIME , , 541 · S/MIME , 542 · S/MIME , 545 · S/MIME , 547 · , , 549 · , , 549 · , , 550 Email Security Appliance , , . Email Security Appliance S/MIME · S/MIME , 541 · S/MIME , 541 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 540 S/MIME S/MIME S/MIME Email Security Appliance S/MIME . 1. MD(Message Digest) . 2. S/MIME MD . 3. S/MIME MD PKCS7 . 4. PKCS7 . 5. . S/MIME Email Security Appliance S/MIME . 1. . 2. . 3. ( ) S/MIME . 4. . 5. . PXE S/MIME Email Security Appliance S/MIME , PXE . S/MIME , 1 2 3 S/MIME S/MIME , 556 . . : · S/MIME S/MIME . · S/MIME S/MIME . · S/MIME S/MIME S/MIME . · S/MIME , 542 · S/MIME , 545 , , . S/MIME , 547 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 541 S/MIME S/MIME 4 5 6 7 , , , 549 . . , : . · , , 549 · , , 550 . . , 269 . . . , 269 . CLI S/MIME , smimeconfig . AsyncOS for Cisco Email Security Appliances CLI . S/MIME S/MIME . Email Security Appliance S/MIME . · S/MIME . S/MIME , 543 . · S/MIME . S/MIME , 544 . S/MIME . CA S/MIME . S/MIME S/MIME , 556 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 542 S/MIME S/MIME S/MIME CLI RFC 5750(S/MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - ) S/MIME . S/MIME . 1 Network() > Certificates() . 2 Add Certificate( ) . 3 Create Self-Signed S/MIME Certificate( S/MIME ) . 4 . / /: / 2 ISO () () . . domain.com *.domain.net . . . (: [email protected]). . CSR(Certificate Signing Request) () () . 5 Next() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 543 S/MIME S/MIME 6 . · . · CSR CA Download Certificate Signing Request( ) CSR PEM . 7 . CLI S/MIME certconfig . S/MIME S/MIME . S/MIME S/MIME , 556 . 1 Network() > Certificates() . 2 Add Certificate( ) . 3 Import Certificate( ) . 4 . 5 . 6 Next() . 7 . 8 . CLI S/MIME certconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 544 S/MIME S/MIME S/MIME S/MIME . . · (: ) . CLI . S/MIME , 545 . · CLI . Email Security Appliance . , 546 . S/MIME · S/MIME , 556 . · EM . 1 Mail Policies( ) > Public Keys( ) . 2 Add Public Key( ) . 3 . 4 . 5 . smimeconfig CLI . S/MIME S/MIME () ( ) Email Security Appliance . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 545 S/MIME . S/MIME Harvested Public Keys(S/MIME ) . · , 546 S/MIME () ( ) Email Security Appliance . S/MIME . S/MIME S/MIME , 556 . 1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) . 4 S/MIME Public Key Harvesting(S/MIME ) . · S/MIME . · ( ) . · ( ) . 48 . 5 . 512MB. Email Security Appliance . CLI listenerconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 546 S/MIME S/MIME Email Security Appliance . Email Security Appliance Mail Policies( ) > Harvested Public Keys( ) . · S/MIME , 545 S/MIME S/MIME . · S/MIME (: , ) · S/MIME · S/MIME (: opaque detached) · S/MIME , . ( , ) . CLI S/MIME , , , , . · , S/MIME , 547 · S/MIME , 549 , S/MIME 1 Mail Policies( ) > Sending Profiles( ) . 2 Add Profile( ) . 3 . S/MIME Profile . Name(S/MIME ) S/MIME Mode(S/MIME ) S/MIME . . · Sign · Encrypt · Sign/Encrypt. · Triple. , S/MIME Sign, Sign/Encrypt Triple . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 547 , S/MIME S/MIME S/MIME Profile . Name(S/MIME ) . S/MIME Sign, Sign/Encrypt Triple . S/MIME Sign S/MIME . . Mode(S/MIME ) · Opaque. (opaque-signed) . · Detached. . MIME multipart/signed MIME application/(x-)pkcs7-signature . S/MIME Sign, Sign/Encrypt Triple . S/MIME Action(S/MIME Email Security Appliance ) . . · Bounce. . · Drop. . · Split. . , . : [email protected] [email protected] , [email protected] . Split Email Security Appliance . · [email protected] . · [email protected] . S/MIME Encrypt, Sign/Encrypt Triple . 4 . CLI smimeconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 548 S/MIME S/MIME S/MIME 1 Mail Policies( ) > Sending Profiles( ) . 2 . 3 , S/MIME , 547 . 4 . , , . , . Email Security Appliance , . · , 301 , . , 283 . 1 2 3 4 5 6 7 8 9 Mail Policies( ) > Outgoing Content Filters( ) . Add Filter( ) . Conditions() Add Condition( ) . , . (: "Confidential") . OK() . Actions() Add Action( ) . Add Action( ) S/MIME Sign/Encrypt (Final Action)(S/MIME /( )) . . OK() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 549 , S/MIME 10 . . , . , 269 . , , . , , . · . , 283 . 1 Mail Policies( ) > Outgoing Content Filters( ) . 2 Add Filter( ) . 3 Conditions() Add Condition( ) . 4 , . (: "Confidential") . 5 OK() . 6 Actions() Add Action( ) . 7 Add Action( ) S/MIME Sign/Encrypt on Delivery( S/MIME /) . 8 . 9 OK() . 10 . . , . , 269 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 550 S/MIME S/MIME , S/MIME , · Email Security Appliance S/MIME , 551 · S/MIME , , 552 · , 552 · , 553 · S/MIME , 555 · S/MIME , 556 , Email Security Appliance S/MIME . Email Security Appliance S/MIME · S/MIME , 551 · S/MIME , 551 S/MIME Email Security Appliance S/MIME . 1. MD(Message Digest) . 2. S/MIME PKCS7 , MD(Message Digest) . 3. MD MD . MD . 4. S/MIME . S/MIME Email Security Appliance S/MIME . 1. S/MIME . 2. . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 551 S/MIME , S/MIME S/MIME , 1 2 S/MIME S/MIME , 556 . . : · S/MIME S/MIME ( ) . · S/MIME , S/MIME . · S/MIME . · , 552 · , 553 · , 663 · S/MIME ( ) · . · S/MIME 3 4 S/MIME , S/MIME , 555 . . ( ) Email S/MIME Security Appliance , 556 . . CLI S/MIME , listenerconfig > hostaccess . CLI . S/MIME ( ) . · S/MIME . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 552 S/MIME · (: ) . · . . B2C S/MIME , (: Microsoft Outlook) S/MIME . . · S/MIME S/MIME , 556 . 1 Network() > Certificates() . 2 Add Certificate( ) . 3 Import Certificate( ) . 4 . 5 . 6 Next() . 7 . 8 . CLI S/MIME certconfig . S/MIME . . · (: ) . CLI . S/MIME , 545 . · . , 546 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 553 S/MIME S/MIME S/MIME · S/MIME , 556 . · EM . 1 Mail Policies( ) > Public Keys( ) . 2 Add Public Key( ) . 3 . 4 . 5 . smimeconfig CLI . S/MIME S/MIME () ( ) Email Security Appliance . S/MIME . 1. CLI . , 554 . 2. . 3. . S/MIME , 555 . . 1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 554 S/MIME S/MIME 4 S/MIME Public Key Harvesting(S/MIME ) . · S/MIME . · ( ) . · ( ) . 48 . 5 . 512MB. Email Security Appliance . CLI listenerconfig . S/MIME 1 Mail Policies( ) > Harvested Public Keys( ) . 2 . 3 . S/MIME , 554 . 4 . S/MIME 1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) . 4 S/MIME Decryption/Verification(S/MIME /) . · S/MIME . · S/MIME . S/MIME Remove() . (triple wrapped) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 555 S/MIME S/MIME 5 . S/MIME S/MIME . S/MIME smime-gateway-verified smime-gateway . S/MIME , 556 . S/MIME Email Security Appliance S/MIME , , . , smime-gateway-verified smime-gateway . , 137 . , S/MIME Gateway Message S/MIME Gateway Verified . , 283 . : , S/MIME S/MIME , S/MIME . quarantine_smime_messages:if (smime-gateway-message and not smime-gateway-verified) { quarantine("Policy"); } S/MIME · , 556 · , 557 S/MIME . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 556 S/MIME / /: () () / 2 ISO . domain.com *.domain.net . . (: [email protected]). . CSR . digitalSignature nonRepudiation . digitalSignature nonRepudiation . S/MIME RFC 5750: S/MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - . S/MIME . / /: / 2 ISO AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 557 S/MIME () () domain.com *.domain.net . . SAN Domain . (: [email protected]). . CSR . keyEncipherment . S/MIME RFC 5750: S/MIME(Secure/Multipurpose Internet Mail Extensions) 3.2 - . Email Security Appliance . · S/MIME · S/MIME . · PEM CLI . , 558 . · , /configuration CLI . , 559 . Email Security Appliance ( ). S/MIME , 545 . · S/MIME , 556 . · EM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 558 S/MIME 1 Mail Policies( ) > Public Keys( ) . 2 Add Public Key( ) . 3 . 4 . 5 . smimeconfig CLI . /configuration . , 559 . 1 Mail Policies > Public Keys( > ) . 2 Import Public Keys( ) . 3 Submit() . . CLI . 4 . /configuration . 1 Mail Policies( ) > Public Keys( ) . 2 Export Public Keys( ) . 3 Submit() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 559 S/MIME AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 560 23 Office 365 . · , 561 · , 568 · , 568 · , 568 . AMP . . Office 365 . . · , 562 · , 563 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 561 36: Office 365 1. . 2. AMP . 3. AMP . . 4. . 5. AMP . . 6. ( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 562 Office 365 1 2 3 4 . , 563 Azure AD(Azure ) Azure AD Email Security Appliance , 564 . Office 365 Cisco Email Security Office . 365 , 566 , 567 . . · . · . File Reputation Filtering and File Analysis( ), 461 . Office 365 Azure AD . · Office 365 · Office 365 Azure AD Office 365 . Office 365 . CA . . · .crt . p12 . emailAddress Office 365 (<admin_username>@<domain>.com) . · pem ( 2048 ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 563 Azure AD Office 365 . Azure AD Office 365 Azure AD(Azure Active Directory) . Office 365 Azure AD . Azure AD . Microsoft (https://msdn.microsoft.com/en-us/office/office365/howto/add-common-consent-manually) . , 563 . 1 Office 365 Azure . 2 Office 365 . . · / API . · . · URL. URL URL(: https://<company_domain>/ManualRegistration). · ID URI. Microsoft Azure AD URI(: https://<company_domain>). 3 . Configure () Office 365 Exchange Online . · · · · · Exchange Web Services · · · · · Exchange Web Services AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 564 Office 365 Azure AD 4 Office 365 . . a) Windows PowerShell $base64Thumbprint, $base64Value $keyid . . Windows PowerShell . : $cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cer.Import(".\mycer.cer") $bin = $cer.GetRawCertData() $base64Value = [System.Convert]::ToBase64String($bin) $bin = $cer.GetCertHash() $base64Thumbprint = [System.Convert]::ToBase64String($bin) $keyid = [System.Guid]::NewGuid().ToString() . · $keyid · $base 64value · $base 64thumbprint b) Azure . c) keycredentials JSON . : "keyCredentials": [ { "customKeyIdentifier" : "$base64Thumbprint_from_step_1", "keyId": "$keyid_from_step1", "type": "AsymmetricX509Cert", "usage": "Verify", "value": "$base64Value_from_step1" } ], JSON $base 64thumbprint $base 64thumbprint, $keyid a . . d) Azure . 5 Azure AD Azure . · Configure() ID. · View Endpoints( ) > App Endpoints( ) ID. ID URL . URL . · https://login.microsoftonline.com/abcd1234-bcdd-469d-8545-a0662708cbc3/ federationmetadata/2007-06/federationmetadata.xml · https://login.microsoftonline.com/abcd1234-bcdd-469d-8545-a0662708cbc3/wsfed · https://login.microsoftonline.com/abcd1234-bcdd-469d-8545-a0662708cbc3/saml2 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 565 Cisco Email Security Office 365 Office 365 ID abcd1234-bcdd-469d-8545-a0662708cbc3. Cisco Email Security Office 365 , 566 Cisco Email Security Office 365 . · . File Reputation Filtering and File Analysis( ), 461 . · pem . , 563 . · : · Azure ID ID. Azure AD , 564 5 . · ($base 64thumbprint). Azure AD , 564 4 . 1 . 2 System Administration( ) > Mailbox Settings( ) . 3 Enable() . 4 Enable Office 365 Mailbox Settings(Office 365 ) . 5 . · Azure ID ID. · (base64Thumbprint ). 6 . Choose File( ) .pem . 7 . 8 Office 365 . 1. Check Connection( ) . 2. Office 365 . Office 365 . 3. Test Connection( ) . Office 365 . . · ID, ID . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 566 Office 365 · . , 567 Office 365 . Cisco Email Security Office 365 , 566 . 1 Mail Policies( ) > Incoming Mail Policies( ) . 2 Advanced Malware Protection . 3 Enable Mailbox Auto Remediation( ) . 4 . . · . (: ) . · . . · . . Office 365 (: ) . 5 . · , 568 · , 568 · , 568 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 567 Office 365 Mailbox Auto Remediation( ) (Monitor() > Mailbox Auto Remediation( )) . . · · · SHA-256 Recipients for whom remediation was unsuccessful( ) . · Office 365 Office 365 . · . , . · Office 365 . SHA-256 . · . , 837 . · Office 365 (System Administration( ) > Mailbox Settings( )) . Cisco Email Security Office 365 , 566 . · (Security Services > Mailbox Auto Remediation( )) . , 567 . , 842 . · Office 365 , 569 · , 569 · , 570 · , 570 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 568 Office 365 Office 365 Office 365 Mailbox Settings( ) (System Administration( ) > Mailbox Settings( )) Office 365 Connection Unsuccessful( ) . . Office 365 . The SMTP address has no mailbox associated with it . Application with identifier ID . '<client_id>' was not found in ID the directory <tenant_id> . No service namespace named ID . '<tenant_id>' was found in the ID data store. . Error validating credentials. Credential validation failed . . Error validating credentials. Client assertion . contains an invalid signature. . · . · . · . · . . · (mail_logs). . · (mar). , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 569 Office 365 : Office 365 Office 365 . . · Office 365 . . , 986 . · . , 1227 . · Office 365 . AMP Office 365 . . · Office 365 . Cisco Email Security Office 365 , 566 8 . · Office 365 . , 570 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 570 24 . · , 571 · DomainKeys DKIM , 574 · DKIM , 586 · SPF SIDF , 591 · SPF/SDIF , 593 · SPF SIDF , 594 · SPF/SIDF , 598 · SPF/SIDF , 601 · DMARC , 602 · , 610 AsyncOS . AsyncOS SPF(Sender Policy Framework), SIDF(Sender ID Framework), DKIM(DomainKeys Identified Mail), DMARC(Domain-based Message Authentication, Reporting and Conformance) . AsyncOS DomainKeys DKIM . · DomainKeys DKIM , 572 · SPF SIDF , 591 · DMARC , 602 · , 610 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 571 DomainKeys DKIM DomainKeys DKIM DomainKeys DKIM . From:( Sender:) . DomainKeys DKIM . AsyncOS DomainKeys "" , DKIM . DomainKeys DKIM . · DomainKeys DKIM , 572 · AsyncOS DomainKeys DKIM , 572 DomainKeys DKIM 37: 1. ( ) DNS . 2. MTA(Mail Transfer Agent) . 3. . DomainKey DKIM . 4. MTA DomainKeys DKIM (Sender: From: ) . DomainKeys DKIM . 5. DomainKeys DKIM . DomainKeys Yahoo! Gmail . DomainKeys . AsyncOS DomainKeys DKIM AsyncOS DomainKeys DKIM ( "" ) . " " . . ( ) . DomainKeys . DKIM DomainKeys AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 572 AsyncOS DomainKeys DKIM DKIM . CLI domainkeysconfig GUI Mail Policies( ) > Domain Profiles( ) Mail Policies( ) > Signing Keys( ) DomainKeys DKIM . DomainKeys DKIM . . DNS (DNS TXT ), . ( ) . () . ( ) Sender: From: . Sender: dkim , From: DKIM . Sender: DomainKeys DKIM . From: . · Sender: . · DKIM Global Setting(DKIM ) Use From Header for DKIM Signing(DKIM From ) . Async0S 10.0 DKIM Global Setting(DKIM ) DKIM From: . DMARC DKIM From: . mail_logs . DomainKey DKIM ( ) AsyncOS DomainKeys DKIM . . . . DomainKeys("DomainKey-Signature:" ) , . DKIM DKIM . AsyncOS ( ) . . DomainKeys DKIM , DKIM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 573 DomainKeys DKIM Domain Key Profile( ) Signing Key( ) . , . DomainKeys DKIM · , 574 · , 575 · , 575 · , 576 · , 576 · DomainKeys/DKIM (GUI), 577 · DomainKeys , 586 . . . . 512 2048 . 768~1024. 2048 . , 580 . . . , 581 . , Signing Key( ) . · , 574 . . , 581 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 574 . , 581 . DNS . DNS Text Record(DNS ) Generate() ( CLI domainkeysconfig -> profiles -> dnstxt ) . DNS DNS , 583 . Signing Keys( ) View() . 38: Signing Keys( ) . · . · ("d=" ). · ( . DNS "_domainkey." .) · (canonicalization) ( ) AsyncOS DomainKeys "simple" "nofws" , DKIM "relaxed" "simple" . · ( , 574 ). · (DKIM ). · (DKIM ). . · (: ) ID. · . · . · ( ). · , (|) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 575 · (DKIM ). · ( ). Domain() . . , 585 . . · DKIM · DKIM From DKIM , 585 . · , 576 . . , 584 . . . , 584 . DomainKeys DKIM . " " . 1 Mail Policies( ) Mail Flow Policies( ) RELAYED ( ) . 2 Security Features( ) On() DomainKeys/DKIM Signing(DomainKeys/DKIM ) . 3 . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 576 DomainKeys/DKIM (GUI) DomainKeys DKIM , DomainKeys/DKIM . 1 Hard Bounce and Delay Warning Messages( ) . 2 "Use Domain Key Signing for Bounce and Delay Messages( DomainKeys )" . DomainKeys/DKIM (GUI), 577 . From: . (System Administration( ) > Return Addresses( )), Profile Users( ) . [email protected] , [email protected] . DomainKeys/DKIM (GUI) 1 . , 574 . 2 . , 575 . 3 DNS . DNS DNS , 583 . 4 , DomainKeys/DKIM ( , 576 ). 5 , DomainKeys/DKIM . , 576 . 6 . DomainKeys/DKIM . . DomainKey DKIM ( ) AsyncOS DomainKeys DKIM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 577 DomainKeys · DomainKeys , 578 · DKIM , 578 · , 580 · , 581 · , 583 · DKIM , 585 DomainKeys 1 2 3 4 Mail Policies( ) > Signing Profiles( ) . Domain Signing Profiles( ) Add Profile( ) . . Domain Key Type( ) Domain Keys( ) . . 5 . 6 . "_domainkey" , . DNS . 7 (no forwarding whitespaces simple). 8 . . ( ) . , 580 . 9 ( , ) . 10 . 11 DomainKeys/DKIM ( , 576 ). DomainKeys DKIM AsyncOS DomainKeys DKIM . DKIM 1 2 3 4 Mail Policies( ) > Signing Profiles( ) . Domain Signing Profiles( ) Add Profile( ) . . Domain Key Type( ) DKIM . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 578 DKIM 5 6 7 . . "_domainkey." , . DNS . . . · Relaxed. "relaxed" . , , , . · Simple. . 8 . . · Relaxed. "relaxed" . , , . · Simple. . 9 . . ( ) . , 580 . 10 . . · All. AsyncOS . . · Standard. . AsyncOS ( DKIM null ). · From · Sender, Reply To- · Subject · Date, Message-ID · To, Cc · MIME-Version · Content-Type, Content-Transfer-Encoding, Content-ID, Content-Description · Resent-Date, Resent-From, Resent-Sender, Resent-To, Resent-cc, Resent-Message-ID · In-Reply-To, References · List-Id, List-Help, List-Unsubscribe, LIst-Subscribe, List-Post, List-Owner, List-Archive "Standard" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 579 11 . , . . · Whole Body Implied( ). "l=" . . · Whole Body Auto-determined( ). , . · Sign first _ bytes( _ ). . 12 . . . · "i" . (: ) ID. @ (: @example.com). · "q" . . dns/txt. · "t" . . · "x" . . () . 31536000 . · "z" . , (|) . . . z=From:[email protected]|To:[email protected]| Subject:test%20message|Date:Date:August%2026,%202011%205:30:02%20PM%20-0700 13 ( , ) . , . example.com [email protected] . [email protected] [email protected] . [email protected] example.com . 14 . 15 DomainKeys/DKIM ( , 576 ). DomainKeys DKIM AsyncOS DomainKeys DKIM . · , 580 · , 581 DomainKeys DKIM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 580 1 Mail Policies( ) > Signing Keys( ) . 2 Add Key( ) . 3 . 4 Generate() . 5 . , . 1 Mail Policies( ) > Signing Keys( ) . 2 . 3 , 580 . 4 . . 1 Mail Policies( ) > Signing Keys( ) . 2 Export Keys( ) . 3 Submit() . · , 581 · , 582 1 Mail Policies( ) > Signing Keys( ) . 2 Add Key( ) . 3 Paste Key( ) (PEM RSA ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 581 4 . , 581 . 1 Mail Policies( ) > Signing Keys( ) . 2 Import Keys( ) . 3 . 4 Submit() . . . 5 Import() . · , 582 · , 582 1 Mail Policies( ) > Signing Keys( ) . 2 . 3 Delete() . 4 . 1 Mail Policies( ) > Signing Keys( ) . 2 Signing Keys( ) Clear All Keys( ) . 3 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 582 DNS DNS 1 Mail Policies( ) > Signing Profiles( ) . 2 Domain Signing Profiles( ) DNS Text Record(DNS ) Generate() . 3 DNS . 4 Generate Again( ) . 5 DNS ( ). DNS . DNS , 583 . 6 Done() . · DNS , 583 DNS DNS 1024 DNS . DNS 255 . DNS DNS DKIM . DNS 255 . . s._domainkey.domain.com. IN TXT "v=DKIM1;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE" "A4Vbhjq2n/3DbEk6EHdeVXlIXFT7OEl81amoZLbvwMX+bej" "CdxcsFV3uS7G8oOJSWBP0z++nTQmy9ZDWfaiopU6k7tzoi" "+oRDlKkhCQrM4oP2B2F5sTDkYwPY3Pen2jgC2OgbPnbo3o" "m3c1wMWgSoZxoZUE4ly5kPuK9fTtpeJHNiZAqkFICiev4yrkL" "R+SmFsJn9MYH5+lchyZ74BVm+16Xq2mptWXEwpiwOxWI" "YHXsZo2zRjedrQ45vmgb8xUx5ioYY9/yBLHudGc+GUKTj1i4" "mQg48yCD/HVNfsSRXaPinliEkypH9cSnvgvWuIYUQz0dHU;" DKIM , DNS . DNS DNS . 1 Mail Policies( ) > Signing Profiles( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 583 2 Domain Signing Profiles( ) Test Profile( ) Test() . 3 . . . 1 Mail Policies( ) > Signing Profiles( ) . 2 Export Domain Profiles( ) . 3 Submit() . 1 Mail Policies( ) > Signing Profiles( ) . 2 Import Domain Profiles( ) . 3 . 4 Submit() . . . 5 Import() . · , 584 · , 585 1 Mail Policies( ) > Signing Profiles( ) . 2 . 3 Delete() . 4 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 584 1 Mail Policies( ) > Signing Profiles( ) . 2 Clear All Profiles( ) . 3 . 1 Mail Policies( ) > Signing Profiles( ) . 2 Find Domain Profiles( ) . 3 Find Profiles( ) . 4 , , . . DKIM DKIM . · DKIM . · Cisco IronPort Spam Quarantine · · · · DKIM From 1 Mail Policies( ) > Signing Profiles( ) . 2 DKIM Edit Settings( ) . 3 . · DKIM · DKIM From DKIM From From Sender . DKIM DMARC DKIM From . 4 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 585 DomainKeys DomainKeys DomainKeys . Tue Aug 28 15:29:30 2007 Info: MID 371 DomainKeys: signing with dk-profile - matches [email protected] Tue Aug 28 15:34:15 2007 Info: MID 373 DomainKeys: cannot sign - no profile matches [email protected] DKIM . Tue Aug 28 15:29:54 2007 Info: MID 372 DKIM: signing with dkim-profile - matches [email protected] Tue Aug 28 15:34:15 2007 Info: MID 373 DKIM: cannot sign - no profile matches [email protected] DKIM DKIM 1 DKIM DKIM , 588 . 2 ( ) DKIM , 108 . 3 DKIM DKIM , . 590 4 Email Security Appliance DKIM , 591 . 5 , 276 . · AsyncOS DKIM , 587 · DKIM , 587 · DKIM , 590 · DKIM , 591 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 586 AsyncOS DKIM AsyncOS DKIM DKIM AsyncOS . 1 AsyncOS DKIM-Signature , , . AsyncOS permfail . 2 DNS TXT . AsyncOS permfail . DNS tempfail . 3 AsyncOS . AsyncOS permfail . 4 AsyncOS pass . AsyncOS . dkim = pass (partially verified [x bytes]) X . Authentication-Results . . Authentication-Results: example1.com header.from=From:[email protected]; dkim=pass (signature verified) Authentication-Results: example1.com header.from=From:[email protected]; dkim=pass (partially verified [1000 bytes]) Authentication-Results: example1.com header.from=From:[email protected]; dkim=permfail (body hash did not verify) DKIM . . . DNS TXT DKIM (t = y) , DKIM . DKIM DKIM Email Security Appliance DKIM . . 30 , 3 . DDoS Throttled . . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 587 DKIM · / . 512 2048. · . . 5. · (). 05:00:00 05:00:30 , 60 10 . 60 . · . · SMTP . · SMTP . . DKIM configuration . . DKIM , 589 . DKIM . DKIM DKIM . DKIM , 589 . · DKIM , 588 · DKIM , 589 · DKIM , 589 · DKIM , 589 · DKIM , 590 DKIM 1 Mail Policies( ) > Verification Profiles( ) . 2 Add Profile( ) . 3 . 4 . 5 . 6 . 5. 7 ( ) . 10. 8 () . 60. 9 body-length . 10 Email Security Appliance . , 451 SMTP SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 588 DKIM 11 Email Security Appliance . , 451 SMTP SMTP . 12 . DKIM Verification Profiles(DKIM ) . 13 . 14 DKIM . DKIM DKIM configuration . 1 Mail Policies( ) > Verification Profiles( ) . 2 Export Profiles( ) . 3 Submit() . DKIM 1 Mail Policies( ) > Verification Profiles( ) . 2 Import Profiles( ) . 3 DKIM . 4 Submit() . DKIM . 5 Import() . DKIM · DKIM , 589 · DKIM , 590 DKIM 1 Mail Policies( ) > Verification Profiles( ) . 2 DKIM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 589 DKIM 3 Delete() . 4 . DKIM 1 Mail Policies( ) > Verification Profiles( ) . 2 Clear All Profiles( ) . 3 . DKIM DKIM 1 Mail Policies( ) > Verification Profiles( ) . 2 Search DKIM Verification Profiles(DKIM ) . 3 Find Profiles( ) . DKIM . DKIM . DKIM DKIM . 1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) On() DKIM Verification(DKIM ) . 4 DKIM . 5 . · DKIM , 591 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 590 DKIM DKIM DKIM . mail.current:Mon Aug 6 13:35:38 2007 Info: MID 17 DKIM: no signature mail.current:Mon Aug 6 15:00:37 2007 Info: MID 18 DKIM: verified pass DKIM DKIM Authentication-Results , . DKIM . DKIM . . 1 Mail Policies() > Incoming Content Filters( ) . 2 Add Filter( ) . 3 Conditions() Add Condition( ) . 4 DKIM Authentication(DKIM ) . 5 DKIM . . · Pass. . · Neutral. . · Temperror. . · Permerror. . · Hardfail. . · None. . 6 . DKIM . DKIM . 7 . 8 . 9 . SPF SIDF AsyncOS SPF(Sender Policy Framework) SIDF(Sender ID Framework) . SPF SIDF DNS . SPF SIDF DNS TXT , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 591 SPF . SPF MTA(Mail Transfer Agent) ID . SPF/SIDF SPF , SPF MTA(Mail Transfer Agent) ID . SPF AsyncOS . SPF DNS . SPF SIDF SIDF SPF . SIDF SPF RFC 4406 . . AsyncOS SPF . · SPF , 592 SPF SPF SIDF RFC 4406, 4408 7208 SPF . PRA ID RFC 4407 . SPF SIDF . http://www.openspf.org/FAQ/Common_mistakes · SPF , 592 · SIDF , 593 · SPF , 593 SPF SPF HELO MTA( ) "v=spf1 a all" SPF . HELO HELO ID None . SPF None MTA "v=spf1 a all" SPF . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 592 SIDF SIDF SIDF "v=spf1" "spf2.0" . DNS . example.com. TXT "v=spf1 +mx a:colo.example.com/28 -all" smtp-out.example.com TXT "v=spf1 a -all" example.com. TXT "spf2.0/mfrom,pra +mx a:colo.example.com/28 -all" SIDF HELO ID MTA SPF v2.0 . SIDF "spf2.0/pra ~all" . SPF RFC Email Security Appliance SPF SPF . openspf.org . http://www.openspf.org/Tools SPF . http://www.openspf.org/Why SPF Cisco trace CLI ( GUI ) SPF . IP . SPF/SDIF 1 2 3 4 5 ( ) SPF/SDIF , 108 . SPF/SDIF SPF SIDF , 594 . Email Security Appliance SPF/SIDF . , 598 , 276 . ( ) . SPF/SIDF , 601 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 593 SPF SIDF Cisco , Cisco SPF/SIDF . Cisco SPF/SIDF . AsyncOS CLI(command line interface) SPF . SPF , SMTP . listenerconfig Host Access Table SPF . CLI SPF SIDF , 595 . SPF SIDF SPF/SIDF SPF/SIDF . SPF/SIDF , . 1 Mail Policies( ) > Mail Flow Policy( ) . 2 Default Policy Parameters( ) . 3 Security Features( ) . 4 SPF/SIDF Verification(SPF/SIDF ) On() . 5 ( SIDF-compatible). SPF SIDF . SIDF , SPF SIDF SIDF-compatible . SPF/SIDF SPF SPF/SIDF RFC4408 RFC7208 . - PRA(purported responsible address) ID . : HELO ID . SIDF SPF/SIDF RFC4406 . - PRA ID . - SPF v1.0 spf2.0/mfrom,pra . - ID Fail . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 594 CLI SPF SIDF SIDF Compatible(SIDF SPF/SIDF RFC4406 . ) - SPF v1.0 spf2.0/mfrom . - ID None . : OpenSPF (www.openspf.org) . CLI . CLI SPF SIDF , 595 . 6 SIDF Compatible(SIDF ) , Resent-Sender: Resent-From: PRA ID Pass None . . 7 SPF , HELO ID . HELO . spf-passed PRA MAIL FROM ID . SPF HELO . · Received-SPF , 598 · CLI SPF SIDF , 595 CLI SPF SIDF AsyncOS CLI SPF/SIDF . Host Access Table , SPF/SIDF SPF/SIDF SMTP (ACCEPT REJECT) . SMTP . HELO ID, MAIL FROM ID PRA ID . ID SPF/SIDF (ACCEPT) (REJECT) . · None(). . · Neutral. ID . · SoftFail. ID . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 595 CLI SPF SIDF · Fail. ID . · TempError. . · PermError. . Resent-Sender: Resent-From: , PRA ID Pass None SIDF Compatible Pass . PRA None SMTP . ID SMTP Fail . ID ID REJECT . Fail HELO ID , MAIL FROM ID Fail . HELO ID . MAIL FROM ID REJECT STMP . SMTP SPF/SIDF . TempError SMTP . TempError 451 #4.4.3 Temporary error occurred during SPF verification. 550 #5.7.1 SPF unauthorized mail is prohibited. TempError . , Neutral, SoftFail Fail REJECT SPF . . 550-#5.7.1 SPF unauthorized mail is prohibited. 550-The domain example.com explains: 550 <Response text from SPF domain publisher> SPF/SIDF listenerconfig -> edit . hostaccess -> default Host Access Table . Host Access Table SPF . CLI SPF AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 596 CLI SPF SIDF SPF SPF · HELO ID · ID SMTP · HELO identity (if enabled) · MAIL FROM Identity · REJECT SMTP · () SIDF Compatible(SIDF ) · HELO ID · Resent-Sender: Resent-From: PRA ID Pass None · ID SMTP · HELO identity (if enabled) · MAIL FROM Identity · PRA Identity · REJECT SMTP · () SIDF Strict · ID SMTP · MAIL FROM Identity · PRA Identity · SPF REJECT SMTP · () HELO ID , None Neutral . SMTP CLI ID . MAIL FROM ID SMTP . ID . REJECT . CLI listenerconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 597 Received-SPF Received-SPF SPF/SIDF AsyncOS SPF/SIDF (Received-SPF) . Received-SPF . · - SPF ( , 599 ). · ID - SPF ID: HELO, MAIL FROM PRA. · receiver - · IP - SMTP IP . · ENVELOPE FROM - . (MAIL FROM ID MAIL FROM ID .) · x-sender - HELO, MAIL FROM PRA ID . · x-conformance - ( - SPF/SIDF ) PRA . SPF/SIDF . Received-SPF: Pass identity=pra; receiver=box.example.com; client-ip=1.2.3.4; envelope-from="[email protected]"; x-sender="[email protected]"; x-conformance=sidf_compatible spf-status spf-passed received-SPF SPF/SIDF . SPF/SIDF SPF/SIDF SPF/SIDF . SPF/SIDF , . · spf-status. SPF/SIDF . SPF/SIDF . · spf-passed. SPF/SIDF . spf-passed . spf-status , spf-passed . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 598 · , 599 · CLI spf-status , 599 · GUI spf-status , 601 · spf-passed , 601 spf-status SPF/SIDF . if (spf-status == "Pass") . if (spf-status == "PermError, TempError") HELO, MAIL FROM PRA ID . if (spf-status("pra") == "Fail") HELO, MAIL FROM PRA ID spf-status . ID spf-status . spf-status PRA ID . . · None - . · Pass - ID . · Neutral - ID . · SoftFail - ID . · Fail - ID . · TempError - . · PermError - . CLI spf-status spf-status . skip-spam-check-for-verified-senders: if (sendergroup == "TRUSTED" and spf-status == "Pass"){ AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 599 CLI spf-status skip-spamcheck(); } quarantine-spf-failed-mail: if (spf-status("pra") == "Fail") { if (spf-status("mailfrom") == "Fail"){ # completely malicious mail quarantine("Policy"); } else { if(spf-status("mailfrom") == "SoftFail") { # malicious mail, but tempting quarantine("Policy"); } } } else { if(spf-status("pra") == "SoftFail"){ if (spf-status("mailfrom") == "Fail" or spf-status("mailfrom") == "SoftFail"){ # malicious mail, but tempting quarantine("Policy"); } } } stamp-mail-with-spf-verification-error: if (spf-status("pra") == "PermError, TempError" or spf-status("mailfrom") == "PermError, TempError" or spf-status("helo") == "PermError, TempError"){ # permanent error - stamp message subject strip-header("Subject"); insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); } . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 600 GUI spf-status GUI spf-status GUI spf-status . spf-status HELO, MAIL FROM PRA ID . GUI spf-status Mail Policies( ) > Incoming Content Filters( ) . Add Condition( ) SPF Verification(SPF ) . . SPF Verification(SPF ) SPF . SPF SoftFail . spf-passed spf-passed SPF . spf-passed spf-passed . quarantine-spf-unauthorized-mail: if (not spf-passed) { quarantine("Policy"); } spf-status spf-passed SPF/SIDF . None, Neutral, Softfail, TempError, PermError Fail spf-passed . spf-status . SPF/SIDF SPF/SIDF SPF/SIDF . SPF/SIDF . SPF/SIDF , , Email Security Monitor - Content Filters( - ) . SPF/SIDF SPF/SIDF . · SPF/SIDF , 602 · SPF/SIDF , 602 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 601 SPF/SIDF SPF/SIDF SPF/SIDF Email Security Monitor - Content Filters( - ) . SPF/SIDF . 1 SPF/SIDF , . SPF/SIDF SPF SIDF , 594 . 2 SPF/SIDF spf-status . . SPF/SIDF "SPF-Passed" , "SPF-TempErr" . spf-status GUI spf-status , 601 . 3 SPF/SIDF Monitor() > Content Filters( ) SPF/SIDF . SPF/SIDF SPF/SIDF , SPF/SIDF , . SPF/SIDF . SPF/SIDF , 602 . , SPF/SIDF . 1 SPF/SIDF . SPF/SIDF . SPF/SIDF SPF SIDF , 594 . 2 SPF/SIDF SPF/SIDF . " " . 3 SPF/SIDF spf-status . . SPF/SIDF "SPF-Passed" , "SPF-TempErr" . spf-status GUI spf-status , 601 . 4 SPF/SIDF Monitor() > Content Filters( ) SPF/SIDF . DMARC DMARC(Domain-based Message Authentication, Reporting and Conformance) . DMARC SPF DKIM AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 602 DMARC . DMARC RFC 5322 . Email Security Appliance . · DMARC · (, ) · · DMARC 10MB DMARC RUA AsyncOS 2013 3 31 IETF(Internet Engineering Task Force) DMARC . http://tools.ietf.org/html/draft-kucherawy-dmarc-base-02 . Email Security Appliance DMARC DMARC . . · DMARC , 603 · DMARC , 604 DMARC AsyncOS DMARC . 1. AsyncOS SMTP . 2. AsyncOS SPF DKIM . 3. AsyncOS DNS DMARC . · AsyncOS DMARC . · DNS AsyncOS DMARC . 4. DKIM SPF AsyncOS DMARC . DKIM SPF , DMARC DKIM SPF . 5. DMARC DMARC , AsyncOS , . DMARC , AsyncOS . 6. AsyncOS SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 603 DMARC 7. AsyncOS DMARC , . DMARC DMARC , 609 . 10MB DMARC RUA AsyncOS . DMARC DMARC 1 DMARC DMARC , 605 DMARC DMARC , 606 . 2 ( ) DMARC DMARC , 607 . 3 DMARC DMARC , . 608 4 ( ) DMARC DMARC , . 609 5 ( ) . · DMARC · DMARC · DMARC Verification(DMARC ) , 815 · Incoming Mail( ) , 802 · , 838 · DMARC , 605 · DMARC , 609 · DMARC , 607 · DMARC , 608 · DMARC , 609 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 604 DMARC DMARC DMARC Email Security Appliance DMARC . . DMARC . · . · DMARC '' · DMARC '' · · · DMARC , 605 · DMARC , 606 · DMARC , 606 · DMARC , 606 · DKIM , 589 DMARC DMARC . AsyncOS DMARC . DMARC DMARC . DMARC Mail Policies( ) > DMARC . DMARC DMARC , 606 . 1 Mail Policies( ) > DMARC . 2 Add Profile( ) . 3 . 4 DMARC '' AsyncOS . . · No Action( ). AsyncOS DMARC . · Quarantine(). AsyncOS DMARC . · Reject(). AsyncOS DMARC SMTP . 550 #5.7.1 DMARC unauthenticated mail is prohibited. 5 DMARC '' AsyncOS . . · No Action( ). AsyncOS DMARC . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 605 DMARC · Quarantine(). AsyncOS DMARC . 6 DMARC AsyncOS . . · Accept(). AsyncOS DMARC . · Reject(). AsyncOS DMARC SMTP . 451 #4.7.1 Unable to perform DMARC verification. 7 DMARC AsyncOS . . · Accept(). AsyncOS DMARC . · Reject(). AsyncOS DMARC SMTP . 550 #5.7.1 DMARC verification failed. 8 . DMARC 1 Mail Policies( ) > DMARC . 2 . 3 DMARC , 605 . 4 . DMARC DMARC configuration . 1 Mail Policies( ) > DMARC . 2 Export Profiles( ) . 3 . 4 . DMARC 1 Mail Policies( ) > DMARC . 2 Import Profiles( ) . 3 DMARC . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 606 DMARC 4 Submit() . DMARC . 5 Import() . 6 . DMARC 1 Mail Policies( ) > DMARC . 2 . 3 Delete() . 4 . DMARC 1 Mail Policies( ) > DMARC . 2 Edit Global Settings( ) . 3 . DMARC Specific senders bypass address list( DMARC . ) . DMARC . , 116 . Bypass verification for messages with DMARC . headers( DMARC ) . . Schedule for report generation( AsyncOS DMARC . ) . Entity generating reports( DMARC . DMARC ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 607 DMARC Additional contact information for DMARC reports( ) (: ). Send copy of all aggregate reports DMARC (: to( ) . ) . Error Reports( ) DMARC 10MB DMARC RUA . . 4 . DMARC 1 Mail Policies( ) > Mail Flow Policies( ) . 2 . 3 Security Features( ) On() DMARC Verification(DMARC ) . 4 DMARC . 5 ( ) DMARC RUA DMARC . . 6 . · DMARC , 608 DMARC DMARC . · DMARC · DMARC · DKIM SPF DMARC AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 608 DMARC · DMARC · DMARC DNS · DMARC · · · DMARC 1 System Administration( ) > Return Addresses( ) . 2 Edit Settings( ) . 3 DMARC . 4 . DMARC DMARC . . AsyncOS DMARC , AsyncOS . XML GZip . AsyncOS DMARC DMARC . DMARC . · ID · DMARC · IP DMARC · · DMARC · DMARC , 609 DMARC <?xml version="1.0" encoding="UTF-8" ?> <feedback> <version>1.0</version> <report_metadata> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 609 <org_name>cisco.com</org_name> <email>[email protected]</email> <extra_contact_info>http://cisco.com/dmarc/support</extra_contact_info> <report_id>[email protected]</report_id> <date_range> <begin>1335571200</begin> <end>1335657599</end> </date_range> </report_metadata> <policy_published> <domain>example.com</domain> <adkim>r</adkim> <aspf>r</aspf> <p>none</p> <sp>none</sp> <pct>100</pct> </policy_published> <record> <row> <source_ip>1.1.1.1</source_ip> <count>2</count> <policy_evaluated> <disposition>none</disposition> <dkim>fail</dkim> <spf>pass</spf> </policy_evaluated> </row> <identifiers> <envelope_from>example.com</envelope_from> <header_from>example.com</header_from> </identifiers> <auth_results> <dkim> <domain>example.com</domain> <selector>ny</selector> <result>fail</result> </dkim> <dkim> <domain>example.net</domain> <selector></selector> <result>pass</result> </dkim> <spf> <domain>example.com</domain> <scope>mfrom</scope> <result>pass</result> </spf> </auth_results> </record> </feedback> (, CEO ) . PII( ) . PII . PII . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 610 Cisco Email Security Appliance (From: ) . , From: . () . · , 611 · , 612 · , 612 1. (: ) . . · . , "[email protected]" "Olivia Smith" . · . · . · . . 39: , 617 . 2. . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 611 · /: ( , 284 , 138 ) · : . ( , 284 , 138 ) 3. . , 270 . Forged Email Matches( ) (Monitor() > Forged Email Matches( )) . . · Top Forged Email Matches( ) From( ): 10 . · Forged Email Matches( ): Details( ) From( ): , . Message Tracking( ) . . · . , 837 . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 612 25 . · , 613 · , 615 · , 619 · , 621 · , 622 · , 625 , , . · , 613 · , 614 · , 614 · DLP ( DLP ) , 505 Body Scanning( ) . , . , , . AsyncOS GUI(Mail Policies( ) > Dictionaries()) CLI dictionaryconfig 100 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 613 . , , . . , , . / . , . "" . ASCII . . · · 0-9, A-Z, a-z, , , @ · 0-9, A-Z, a-z, , , @ ([email protected]) . · , 615 · , 616 · , 617 · , 618 · , 618 · , 619 , , . AsyncOS . . . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 614 Body Scanning( ) . , . , , . AsyncOS GUI(Mail Policies( ) > Dictionaries()) CLI dictionaryconfig 100 . , , . . , , . / . , . "" . ASCII . . · · 0-9, A-Z, a-z, , , @ · 0-9, A-Z, a-z, , , @ ([email protected]) . · , 615 · , 616 · , 617 · , 618 · , 618 · , 619 , . ASCII . , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 615 . Python Python Regular Expression HOWTO . http://www.python.org/doc/howto/ # [#] . "" . AsyncOS "" . 3 6. AsyncOS , . . , ABA . . " " " " . " " " " . ASCII CLI . ASCII , , . , 616 . · , 616 ( ) / . (regex "\w" ) . . configuration . · config.dtd · profanity.txt · proprietary_content.txt AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 616 · sexual_content.txt . . Match Whole Words( ) Case Sensitive(/ ) . . FTP, SSH SCP , 1199 . . ASCII , . , 618 . , 619 . . , . 1 Mail Policies( ) > Dictionaries() . 2 Add Dictionary( ) . 3 . 4 ( ) Advanced Matching( ) . Match Whole Words( ) Case Sensitive(/ ) . . 5 ( ) . , ABA . " " . 6 . . ".*" "word" MIME . ".*" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 617 7 . "" . " " " " . 8 Add() . 9 . · , 615 . AsyncOS . AsyncOS , . 1 Mail Policies( ) > Dictionaries() . 2 . . 3 Delete() . 4 . configuration . 1 Mail Policies( ) > Dictionaries() . 2 Import Dictionary( ) . 3 . 4 . 5 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 618 AsyncOS . . 6 . 7 Next() . 8 . 9 . 1 Mail Policies( ) > Dictionaries() . 2 Export Dictionary( ) . 3 . 4 . configuration . 5 . 6 . 7 . dictionary-match() . · , 619 dictionary_name dictionary-match(<dictionary_name>) ( ) . . dictionary-match() body-contains() . . *-dictionary-match() . subject-dictionary-match() , header-dictionary-match() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 619 . " " " " . 43: Syntax dictionary-match (<dictionary_name>) ? "secret_words" ( ) dictionary-match() . / "codename" true . bcc_codenames: if (dictionary-match ('secret_words')) { bcc('[email protected]'); } Policy() . quarantine_codenames: if (dictionary-match ('secret_words')) { quarantine('Policy'); } · , 620 · , 621 44: : foo $ : ^ foo ( [email protected], @example.com ) example.com$ (ends with)@example.* AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 620 ( ^ "RE:" "FW:" .) trace dictionary-match() . : , 1149 . quarantine_codenames quarantine() . . . · - . , 625 . · - notify() notify-bcc() . , 631 . · - . ( ) . , 631 . · - . , 634 . · - . . , 636 . CLI(textconfig) GUI , , , , . GUI , 622 . ASCII . ASCII CLI . ASCII , , . , 616 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 621 · , 616 configuration . configuration . configuration . configuration FTP, SSH SCP , 1199 . ASCII , . , 623 . , 624 . GUI CLI . GUI . textconfig CLI . . · · · · · HTML · , 622 · , 623 · , 624 · , 623 · HTML , 624 . 1 Mail Policies( ) > Text Resources( ) . 2 Add Text Resource( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 622 3 Name() . 4 Type() . 5 Text() HTML and Plain Text(HTML ) . Text() . HTML HTML and Plain Text(HTML ) . 6 . · HTML , 624 . · . · . 1 Mail Policies( ) > Text Resources( ) Delete() . . 2 Delete() . 3 . configuration . 1 Mail Policies( ) > Text Resources( ) Import Text Resource( ) . 2 . 3 . 4 Next() . 5 , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 623 6 . configuration . 1 Mail Policies( ) > Text Resources( ) Export Text Resource( ) . 2 . 3 . 4 . 5 Submit() configuration . HTML HTML . HTML HTML text/html , text/plain . HTML GUI HTML . HTML . · HTML , . · Code View( ) HTML . · GUI HTML HTML . <img src> HTML . · HTML , 624 HTML HTML . HTML . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 624 · [html_version] · [text_version] . . [html_version] <p>Sample <i>message.</i></p> [text_version] Sample message. HTML . · HTML HTML [text_version] . · , HTML [html_version] HTML HTML . [text_version] . · [html_version] HTML [text_version] HTML . Text Resource( ) textconfig CLI . . , . · , 625 · , 628 · , 631 · , 631 · , 634 · , 636 ( ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 625 · , GUI listenerconfig ( , 626 ). · , Add Disclaimer Text ( , 293 ). · , add-footer() (" " ). · ( , 491 ). · Outbreak Filter ( , 404 ). . , . . GUI Text Resources( ) ( , 622 ) textconfig (AsyncOS for Cisco Email Security Appliance CLI ) . · , 626 · , 626 · , 627 . . ( ) () . HTML (Microsoft Outlook " " ) . , . "Content-Disposition inline attachment" . " " " " . add-footer() "Add Disclaimer Text" . LDAP "Legal" legal.disclaimer . Add-Disclaimer-For-Legal-Team: if (mail-from-group == 'Legal') { add-footer('legal.disclaimer'); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 626 } ( " " " " ). . 45: $To $From $Subject $Date $Time $GMTimestamp $MID $Group $Policy $Reputation $filenames $filetypes $filesizes $remotehost $AllHeaders $EnvelopeFrom To: (Envelope Recipient ). From: (Envelope Sender ). . MM/DD/YYYY . ( ). Received: GMT . MID(Message ID) . RFC822 "Message-Id" ( $Header ). . ">Unknown<" . HAT . ">Unknown<" . SenderBase Reputation . "None" . . . . Email Security Appliance . . Envelope Sender( )(Envelope From, <MAIL FROM>) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 627 $Hostname Email Security Appliance . $header[`string '] . . $enveloperecipients Envelope Recipients( )(Envelope To, <RCPT TO>) . $bodysize ( ). $FilterName . $MatchedContent (body-contains ). $DLPPolicy DLP . $DLPSeverity . "Low," "Medium," "High" "Critical." $DLPRiskFactor ( 0~100). $threat_category , , , Outbreak Filter . $threat_type Outbreak Filter . , , . $threat_description Outbreak Filter . $threat_level ( 0~5). $threat_verdict Message Modification Threat Level( ) Yes() No() . Yes() . GUI Text Resource( ) textconfig . add-footer() , UTF-8, QP(quoted printable) ASCII . AsyncOS . AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 628 localeconfig . . To: [email protected] From: [email protected] : ! < > ! . Example.zip MIME . " " "" , " " . () . To: [email protected] From: [email protected] : ! < > ! . Example.zip AsyncOS ("inline"()) . , . US-ASCII , ISO-8859-1 . "" . localeconfig , AsyncOS . example.com> localeconfig Behavior when modifying headers: Use encoding of message body AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 629 Behavior for untagged non-ASCII headers: Impose encoding of message body Behavior for mismatched footer or heading encoding: Try both body and footer or heading encodings Behavior when decoding errors found: Disclaimer is displayed as inline content and the message body is added as an attachment. Choose the operation you want to perform: - SETUP - Configure multi-lingual settings. []> setup If a header is modified, encode the new header in the same encoding as the message body? (Some MUAs incorrectly handle headers encoded in a different encoding than the body. However, encoding a modified header in the same encoding as the message body may cause certain characters in the modified header to be lost.) [Y]> If a non-ASCII header is not properly tagged with a character set and is being used or modified, impose the encoding of the body on the header during processing and final representation of the message? (Many MUAs create non-RFC-compliant headers that are then handled in an undefined way. Some MUAs handle headers encoded in character sets that differ from that of the main body in an incorrect way. Imposing the encoding of the body on the header may encode the header more precisely. This will be used to interpret the content of headers for processing, it will not modify or rewrite the header unless that is done explicitly as part of the processing.) [Y]> Disclaimers (as either footers or headings) are added in-line with the message body whenever possible. However, if the disclaimer is encoded differently than the message body, and if imposing a single encoding will cause loss of characters, it will be added as an attachment. The system will always try to use the message body's encoding for the disclaimer. If that fails, the system can try to edit the message body to use an encoding that is compatible with the message body as well as the disclaimer. Should the system try to re-encode the message body in such a case? [Y]> If the disclaimer that is added to the footer or header of the message generates an error when decoding the message body, it is added at the top of the message body. This prevents you to rewrite a new message content that must merge with the original message content and the header/footer-stamp. The disclaimer is now added as an additional MIME part that displays only the header disclaimer as an inline content, and the rest of the message content is split into separate email attachments. Should the system try to ignore such errors when decoding the message body? [N]> Behavior when modifying headers: Use encoding of message body Behavior for untagged non-ASCII headers: Impose encoding of message body Behavior for mismatched footer or heading encoding: Try both body and footer or heading encodings Behavior when decoding errors found: Disclaimer is displayed as inline content and the message body is added as an attachment. Choose the operation you want to perform: - SETUP - Configure multi-lingual settings. []> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 630 localeconfig " " . notify() notify-copy() . ascii (" " " " ). $Allheaders . From: , 960 . . notify-copy() "grape_text" "[email protected]" . 40: . · . . · . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 631 . From: . , 960 . · , 632 . 41: · , 632 . 46: $To $From $Subject $AV_VIRUSES To: (Envelope Recipient ). From: (Envelope Sender ). . . "Unix/Apache.Trojan", "W32/Bagel-F" AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 632 $AV_VIRUS_TABLE MIME-Part/Attachment . "HELLO.SCR" : "W32/Bagel-F" <unnamed part of the message> : "Unix/Apache.Trojan" $AV_VERDICT . $AV_DROPPED_TABLE . , . "HELLO.SCR" : "W32/Bagel-f", "W32/Bagel-d" "Love.SCR" : "Netsky-c", "W32/Bagel-d" $AV_REPAIRED_VIRUSES . $AV_REPAIRED_TABLE . "HELLO.SCR" : "W32/Bagel-F" $AV_DROPPED_PARTS . "HELLO.SCR", "CheckThisOut.exe" $AV_REPAIRED_PARTS . $AV_ENCRYPTED_PARTS . $AV_INFECTED_PARTS . $AV_UNSCANNABLE_PARTS . $Date MM/DD/YYYY . $Time ( ). $GMTimestamp Received: GMT . $MID MID(Message ID) . RFC822 "Message-Id" ( $Header ). $Group . ">Unknown<" . $Policy HAT . ">Unknown<" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 633 $Reputation $filenames $filetypes $filesizes $remotehost $AllHeaders $EnvelopeFrom $Hostname SenderBase Reputation . "None" . . . . Email Security Appliance . . Envelope Sender( )(Envelope From, <MAIL FROM>) . Email Security Appliance . / . "$to" "$To" . "AV_" <None> . Mail Policies( ( > Incoming/Outgoing Mail Policies(/ ) > Edit Anti-Virus Settings( ) policyconfig -> edit -> antivirus , Repaired, Unscannable, Encrypted Virus Positive RFC 822 . , 347 . . , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 634 42: RFC-1891 DSN . . 43: · , 635 . 47: $Subject $Date $Time $GMTimeStamp $MID . MM/DD/YYYY . ( ). Received: GMT . MID(Message ID) . RFC822 "Message-Id" ( $Header ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 635 $BouncedRecipient $BounceReason $remotehost Email Security Appliance . Cisco Email Encryption . . . HTML . HTML . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 636 26 SMTP . · SMTP Call-Ahead , 637 · SMTP Call-Ahead , 637 · SMTP , 639 · SMTP , 642 · LDAP , 642 · SMTP Call-Ahead , 643 · SMTP Call-Ahead , 644 SMTP Call-Ahead SMTP call-ahead SMTP . LDAP RAT(Recipient Access Table) . , , LDAP LDAP . Email Security Appliance SMTP , SMTP . SMTP call-ahead . . . SMTP Call-Ahead SMTP call-ahead Email Security Appliance MTA SMTP SMTP " (call ahead)". SMTP SMTP Email Security Appliance , . SMTP call-head . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 637 SMTP Call-Ahead 44: SMTP Call Ahead SMTP 1. MTA SMTP . 2. Email Security Appliance SMTP [email protected] SMTP . SMTP LDAP SMTP . 3. SMTP Email Security Appliance . 4. Email Security Appliance SMTP MTA , SMTP ( SMTP Call-Ahead ) . , RAT SMTP call-ahead . example.com RAT , [email protected] SMTP call-ahead . HAT DHAP(Directory Harvest Attack Prevention) SMTP call-ahead . SMTP . DHAP " " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 638 SMTP SMTP SMTP 1 2 3 4 SMTP Call-Ahead , 639 . SMTP SMTP . , 642 ( ) LDAP , SMTP LDAP 642 . ( ) call-ahead . SMTP Call-Ahead , 644 · Call-Ahead , 639 Call-Ahead SMTP Call-Ahead Email Security Appliance SMTP SMTP . 1 Network() > SMTP Call-Ahead . 2 Add Profile( ) . 3 . - SMTP Call-Ahead . 4 . - SMTP Call-Ahead . 5 . · SMTP Call-Ahead , 640 · Call Ahead , 641 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 639 SMTP Call-Ahead SMTP SMTP Call-Ahead SMTP Call-Ahead Email Security Appliance SMTP . 48: SMTP Call-Ahead Profile Name( ) Call-Ahead . Call-Ahead Server Call-Ahead . Type(Call-Ahead ) · Use Delivery Host( ). SMTP call-ahead . [email protected] example.com SMTP SMTP . SMTP LDAP SMTP . LDAP LDAP , 642 . · Static Call-Ahead Server( Call-Ahead ). call-ahead . Call-ahead . Email Security Appliance call-ahead . call-ahead SMTP . call-ahead IP MX A . Static Call-Ahead Servers( call-ahead Call-Ahead ) . . ironport.com:25 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 640 SMTP Call Ahead 49: SMTP Call-Ahead SMTP SMTP . Management Auto . Auto Email Security Appliance . Cisco IronPort SMTP . · call-ahead . · SMTP . · . MAIL FROM Address(MAIL SMTP SMTP MAIL FROM: . FROM ) Validation Request Timeout( SMTP (). ) call-ahead . Call Ahead , 641 . Validation Failure Action( ( , , ) ). Email Security Appliance . Call Ahead , 641 . Temporary Failure Action( ( SMTP ) 4xx ) . , . Call Ahead , 641 . Max. Recipients per Session( SMTP . ) 1~25,000 . Max. Connections per call-ahead SMTP . Server( ) 1~100 . SMTP . 100~1,000,000 . Cache TTL( TTL) TTL(time-to-live) . 900 . 60~86,400 . Call Ahead SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 641 SMTP SMTP · 2xx: Call-ahead 2 SMTP . 250 . · 4xx: 4 SMTP SMTP . . 451 . · 5xx: 5 SMTP SMTP . 550 . · Timeout( ). Call-ahead . · Connection error( ). Call-ahead . · . SMTP ( ) . SMTP SMTP Call-Ahead , SMTP . SMTP call-ahead . 1 Network() > Listeners() . 2 SMTP call-ahead . 3 SMTP Call Ahead Profile(SMTP Call Ahead ) SMTP Call-Ahead . 4 . LDAP LDAP AsyncOS Alternate Mailhost Attribute SMTP . . (mailHost) SMTP call-ahead SMTP (callAhead) . dn: mail=cisco.com, ou=domains mail: cisco.com mailHost: smtp.mydomain.com policy: ASAV callAhead: smtp2.mydomain.com,smtp3.mydomain.com:9025 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 642 SMTP SMTP Call-Ahead SMTP Call-Ahead , SMTP call-ahead callAhead . . 45: SMTP Call-Ahead LDAP {d} SMTP Call-Ahead Server Attribute call-ahead ( 9025 smtp2.mydomain.com, smtp3.mydomain.com). LDAP SMTP call-ahead SMTP . LDAP . SMTP Call-Ahead SMTP call-ahead AsyncOS . 1. . 2. LDAP . 3. SMTP . 4. DNS (MX A ). LDAP SMTP . SMTP DNS . SMTP call-ahead LDAP SMTP . · LDAP SMTP call-ahead SMTP . SMTP SMTP IP DNS . · LDAP SMTP , SMTP LDAP . SMTP SMTP IP DNS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 643 SMTP Call-Ahead SMTP · LDAP SMTP , SMTP LDAP . SMTP SMTP IP DNS . SMTP Call-Ahead SMTP call-ahead SMTP call-ahead . SMTP call-ahead SMTP call-ahead . RAT . GUI SMTP call-ahead RAT Bypass SMTP Call-Ahead(SMTP Call-Ahead ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 644 27 MTA . · MTA , 645 · , 646 · HAT TLS , 651 · TLS , 654 · DNS , 658 · , 661 · HTTPS , 664 MTA ( Message Transfer Agent, MTA) " " . , . . . TLS(Transport Layer Security) SSL(Secure Socket Layer) , SMTP . AsyncOS RFC 3207(RFC 2487 ) , SMTP(Secure SMTP over TLS) STARTTLS . AsyncOS TLS . X.509 . AsyncOS TLS , HTTP(HTTPS) , LDAP , TLS . · TLS SMTP , 645 TLS SMTP TLS SMTP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 645 MTA 1 X.509 , 646 . 2 Email Security Appliance . · , 648 · , 650 3 , TLS . · HAT TLS , 651 · TLS , 654 4 ( ) , 661 . 5 ( ) TLS TLS , 657 Email Security Appliance . TLS Email Security Appliance X.509 . SMTP , HTTPS , LDAP TLS . . Network() > Certificates() CLI certconfig print . print . TLS HTTPS , . CLI . · , 647 · , 647 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 646 MTA Email Security Appliance (: ) . . 1 . , 648 2 CSR(Certificate Signing Request) . , 648 3 CSR(Certificate Signing . Request) , 649 4 . , 650 5 , 661 . 6 . , 648 . . 1 , 648 . 2 Email Security Appliance , 648 . 3 . , 651 4 Email Security Appliance . . 5 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 647 MTA 6 Email Security Appliance , 650 . . Cisco AMP Threat Grid Appliance , 467 . CN . Email Security Appliance ( SAN(Subject Alternative Name) ). . AsyncOS . , . godaddy.com . godaddy.com godaddy.com . . · TLS MTA SMTP ( ) · HTTPS GUI HTTPS · LDAP LDAPS · Cisco AMP Threat Grid Appliance CLI certconfig . 1 Network() > Certificates() . 2 Add Certificate( ) . 3 Create Self-Signed Certificate( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 648 MTA CSR(Certificate Signing Request) 4 . / /: / 2 ISO CSR 2048 1024 . 5 Next() . 6 . AsyncOS CN . 7 CSR(Certificate Signing Request) Download Certificate Signing Request( ) CSR PEM . 8 . . · , 647 · , 647 CSR(Certificate Signing Request) ID . . . Cisco . Email Security Appliance , CSR(Certificate Signing Request) . . , CSR , Network() > Certificates() CLI certconfig . "certificate authority services SSL Server Certificates( SSL )" . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 649 MTA , 647 . . , IP HTTPS , LDAP TLS . 1 , PEM PEM . ( http://www.openssl.org OpenSSL .) 2 . . a) Network() > Certificates() . b) . c) . 3 . · , 647 AsyncOS PKCS #12 . CLI certconfig . . , 650 . 1 Network() > Certificates() . 2 Add Certificate( ) . 3 Import Certificate( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 650 MTA 4 . 5 . 6 Next() . 7 . AsyncOS CN . 8 . · , 647 . AsyncOS PKCS #12 . CSR(Certificate Signing Request) . , 647 . 1 Network() > Certificates() . 2 Export Certificate( ) . 3 . 4 . 5 . 6 Export() . 7 . 8 , Cancel() Network() > Certificates() . · , 647 . HAT TLS TLS . (, ) TLS (, ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 651 GUI TLS MTA TLS . 50: TLS TLS 1. 2. Preferred 3. TLS . SMTP . . MTA TLS . MTA TLS , STARTTLS NOOP, EHLO QUIT . Transport Layer Security SMTP SMTP Service Extension RFC 3207 . TLS "" , TLS . . TLS . () () TLS HAT TLS . tls "off" . TLS . , 75 . · GUI TLS , 652 · CLI TLS , 653 · , 657 · GUI : HAT TLS , 653 · CLI : HAT TLS , 653 GUI TLS 1 Network() > Listeners() . 2 . 3 Certificate() . 4 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 652 MTA CLI TLS CLI TLS 1 listenerconfig -> edit . 2 certificate . 3 . 4 commit . Email Security Appliance TLS . . · TLS "required()" · Email Security Appliance "Must issue a STARTTLS command first(STARTTLS )" · TLS . GUI : HAT TLS 1 Mail Policies( ) > Mail Flow Policies( ) . 2 . ( .) 3 "Encryption and Authentication( )" "TLS:" TLS . 4 . TLS . CLI : HAT TLS 1 listenerconfig -> edit . 2 hostaccess -> default HAT . 3 TLS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 653 TLS MTA Do you want to allow encrypted TLS connections? 1. No 2. Preferred 3. Required [1]> 3 You have chosen to enable TLS. Please use the 'certconfig' command to ensure that there is a valid certificate configured. 4 certconfig . . TLS , . listenerconfig -> edit -> certificate . TLS , CLI . Name: Inboundmail Type: Public Interface: PublicNet (192.168.2.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 1000 (TCP Queue: 50) Domain map: disabled TLS: Required 5 commit . TLS Destination Controls( ) destconfig TLS . TLS , . . . · SMTP CA( ) . · CN(Common Name) DNS . -- AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 654 MTA TLS RFC 2459 , subjectAltName(Subject Alternative Name) DNS . RFC 2818 3.1 , . CA ID . . TLS Email Security Appliance . "Cisco Email Encryption" . TLS . Destination Controls( ) Edit Global Settings( ) CLI destconfig -> setup . . Destination Controls( ) destconfig TLS 5 . TLS (required) (preferred) , . . 51: TLS TLS 1. No 2. Preferred 3. Required Destination Controls( ) destconfig -> default , MTA TLS . "Do you wish to apply a specific TLS setting for this domain?( TLS ?)" "no()" "Default( )" . MTA TLS . Email Security Appliance MTA TLS . TLS (220 ) SMTP " "( ) . . 220 SMTP . Email Security Appliance MTA TLS . . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 655 TLS MTA TLS 4. Preferred (Verify)( ()) Email Security Appliance MTA TLS . . . · TLS . . · TLS . . · TLS , . . 5. Required (Verify)( ()) MTA TLS . . . · TLS . . · TLS , CA( ) . . · TLS . . 6. - ID TLS Required - Verify(TLS - ) TLS Required - Verify Hosted Domain(TLS - ) . ID . ID dNSName subjectAltName . dNSName ID(REF ID) CN ID . CN dNSName subjectAltName . TLS , Destination Controls( ) destconfig -> default ("No," "Preferred," "Required," "Preferred (Verify)" "Required (Verify)") . · TLS , 657 · , 657 · , 661 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 656 MTA TLS TLS TLS TLS Email Security Appliance . TLS . Email Security Appliance Warning() . GUI System Administration( ) > Alerts() ( CLI alertconfig ) . · TLS , 657 TLS 1 Mail Policies Destination Controls( ) . 2 Edit Global Settings( ) . 3 "Send an alert when a required TLS connection fails( TLS )" Enable() . . Monitor() > Message Tracking( ) . 4 . CLI destconfig -> setup TLS . Email Security Appliance TLS . TLS . . · MTA ESMTP ( Email Security Appliance EHLO ) · MTA ESMTP , EHLO "STARTTLS" · MTA "STARTTLS" , Email Security Appliance STARTTLS AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 657 DNS MTA DNS · SMTP DNS , 658 · DANE TLS , 660 · DANE , 661 SMTP DNS TLS . · CA( ) . · MITM( ) TLS . · DNS DNSSEC DNS MX DNS DNS . · MTA(Mail Transfer Agent) , (CA) . SMTP DANE( DNS ) DNS DNSSEC(Domain Name System Security) TLSA DNS DNS x.509 . TLSA CA( ), RFC 6698 DNS . TLSA , 659 . DNSSEC(Domain Name System Security) DNS DNS . DNSSEC . TLS SMTP DANE . · MITM( ) , DNS . · DNSSEC TLS DNS . · SMTP DANE , 659 · TLSA , 659 · DANE TLS , 660 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 658 MTA SMTP DANE · DANE , 661 SMTP DANE TLS DANE . 46: DANE TLS 1. (Alice) (Bob) . 2. Email Security . 3. Email Security DNS (DNS DNS TLSA ) . 4. TLSA DNSSEC DNS . 5. STARTTLS SMTP . 6. x.509 TLSA . MTA(Mail Transfer Agent) . . 7. MTA . TLSA DNSSEC DNS CA( ) TLSA . FQDN(Fully Qualified Domain Name) www.example.com TLSA . _443. _tcp. .com. IN TLSA (0 0 1 91751cee0a1ab8414400238a761411daa29643ab4b8243e9a91649e25be53ada) TLSA . · Certificate Usage( ): . · '0' RFC 6698 PKIX CA . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 659 DANE TLS MTA · '1' , TLS . · '2' , TLS . · '3' TLS . · Selector Field( ): TLS . · '0' . · '1' 'SubjectPublicKeyInfo' . · Matching Type( ): . · '1' SHA-256 . · '0' . · '2' SHA-512 . DANE TLS · TLSA DNSSEC . · DANE TLS . TLS , 654 . 1 Mail Policies( ) > Destination Controls( ) . 2 Add Destination Controls( ) . 3 TLS Support(TLS ) DANE Preferred(), Required() Mandatory() . 4 DANE Support(DANE ) TLS DANE . DANE Destination Controls( ) DANE MTA TLS . "Default" DANE TLS . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 660 MTA DANE DANE None 5 . MTA DANE "None" . "Opportunistic" DANE SMTP TLS . "Opportunistic" DANE SMTP . "Mandatory" DANE . "Mandatory" DANE SMTP . DANE DANE TLS MX DANE Email Security Appliance . Email Security Appliance Warning() . DANE 1 System Administration( ) > Alerts() . 2 . 3 Message Delivery( ) . 4 . . . · . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 661 MTA · . . , . GUI Network() > Certificates() > Edit Certificate Authorities( ) CLI certconfig > certauthority . Network() > Certificates() > Edit Certificate Authorities( ) . · ( ) . , 662 . · . . , 662 . · . . , 663 . · . . , 663 . · , 662 · , 662 · , 663 · , 663 1 Network() > Certificates() . 2 Certificate Authorities( ) Edit Settings( ) . 3 View System Certificate Authorities( ) . , . . 1 Network() > Certificates() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 662 MTA 2 Certificate Authorities( ) Edit Settings( ) . 3 System List( ) Disable() . 4 . . PEM , . 1 Network() > Certificates() . 2 Certificate Authorities( ) Edit Settings( ) . 3 Custom List( ) Enable() . 4 . 5 . , .txt . . 1 Network() > Certificates() . 2 Certificate Authorities( ) Edit Settings( ) . 3 Export List( ) . AsyncOS Export Certificate Authority List( ) . 4 . 5 . 6 Export() . AsyncOS .txt . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 663 HTTPS MTA HTTPS GUI Network() > IP Interfaces(IP ) CLI interfaceconfig IP HTTPS . 1 Network() > IP Interfaces(IP ) . 2 HTTPS . 3 Appliance Management( ) HTTPS . 4 . . HTTPS , . GUI HTTPS . , 15 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 664 28 . · , 665 · , 670 · , 671 · , 678 · , 688 · , 694 · , 703 · , 711 · , 715 · Virtual GatewayTM , 718 · , 727 · : , 730 , 69 , SMTP . (HAT ) ( RAT ) . Network() > SMTP Routes(SMTP ) ( smtproutes ) , . sendmail mailertable . " " GUI ( systemsetup ) , RAT SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 665 SMTP · SMTP , 666 · SMTP , 667 · SMTP , 667 · SMTP , 668 · SMTP DNS, 668 · SMTP , 668 · SMTP , , 668 · SMTP SMTP , 668 · GUI SMTP , 669 SMTP SMTP MX(mail exchange) . example.com groupware.example.com . @example.com groupware.example.com . groupware.example.com "MX" , "A" . MX DNS MX , . AsyncOS 40,000 SMTP . (SMTP , 668 ) "(globbing)" . example.com example.com . [email protected] [email protected] . SMTP DNS MX . SMTP . foo.domain DNS MX bar.domain , foo.domain bar.domain . bar.domain foo.domain . , . b.domain a.domain b.domain a.domain , . a.domain b.domain MX , b.domain a.domain MX . SMTP . . SMTP host1.example.com .example.com , .example.com host1.example.com . MX . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 666 SMTP SMTP ALL SMTP . SMTP , ALL MX . SMTP SMTP ALL: . SMTP . . Network() > SMTP Routes(SMTP ) smtproutes SMTP . SMTP Network() > SMTP Routes(SMTP ) ( smtproutes ) . , . . IP . IP IPv4(Internet Protocol version 4) IPv6(version 6) . IPv6 AsyncOS . · 2620:101:2004:4202::0-2620:101:2004:4202::ff · 2620:101:2004:4202:: · 2620:101:2004:4202::23 · 2620:101:2004:4202::/64 /dev/null . ( /dev/null .) , MX . . . "" . SMTP . . , . (MX ). CLI smtproutes , IP /pri= 0~65535 (0 ). host1.example.com/pri=0 host2.example.com/pri=10 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 667 SMTP SMTP 40,000 . ALL . 39,999 ALL . SMTP DNS MX (hop) USEDNS . . example.com Exchange SMTP . example.com exchange.example.com (foo.example.com) SMTP . .example.com USEDNS SMTP System Administration( ) > Alerts() ( alertconfig ) SMTP . SMTP , : 10 Exchange , AsyncOS TCP 10 . : , 10 10 AsyncOS 10 MTA 10 . : 10 ( 10), 10 Exchange . TCP 10 . SMTP SMTP SMTP SMTP . . SMTP SMTP , 772 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 668 GUI SMTP GUI SMTP SMTP Network() > SMTP Routes(SMTP ) . , . SMTP . · SMTP , 669 · SMTP , 669 · SMTP , 669 SMTP 1 Network() > SMTP Routes(SMTP ) Add Route( ) . 2 . , , IPv4 IPv6 . 3 . , IPv4 IPv6 . Add Row( ) . ":<port number>" example.com:25 . 4 0~65535 . 0 . SMTP , 667 . 5 . SMTP HAT(Host Access Table) RAT(Recipient Access Table) SMTP . SMTP 1 SMTP Routes(SMTP ) Export SMTP Routes(SMTP ) . 2 Submit() . SMTP HAT(Host Access Table) RAT(Recipient Access Table) SMTP . SMTP 1 SMTP Routes(SMTP ) Import SMTP Routes(SMTP ) . 2 SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 669 3 Submit() . SMTP . SMTP . 4 Import() . "" . '#' AsyncOS . . # this is a comment, but the next line is not ALL: . 47: SMTP AsyncOS . (" ") . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 670 52: *@anydomain user@domain *@olddomain *@newdomain *@olddomain *@newdomain ( , 671 ) · · · ( , 688 ) · · ( , 678 ) · To:, From: / CC: · . Unix sendmail /etc/mail/aliases . Envelope Recipient( )(Envelope To RCPT TO ) . , RAT . " " . . smtproutes ( , 694 ) . · , 672 · , 673 · , 673 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 671 . , . ('[' ']') . RFC 1035, 2.3.1., "Preferred name syntax" , , . .example.com . . .example.com mars.example.com venus.example.com . , . . 53: LHS(Left-hand Side) RHS(Right-hand Side) (":") LHS(Left-hand Side) . username . "domains" . . user@domain . LHS(Left-hand Side) . RHS(Right-hand Side) user@domain . "" ( ) , , . ""( ) , . sendmail , /dev/null . /dev/null (dropped) . ( "CLI " .) . · , 673 · aliasconfig , 675 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 672 FTP, SSH SCP , 1199 . aliasconfig export . /configuration . CLI . ( .) /configuration , aliasconfig import . (#) . commit . CLI(command line interface) . , "ALL (any domain)" . . . # sample Alias Table file # copyright (c) 2001-2005, IronPort Systems, Inc. # # Incoming Envelope To addresses are evaluated against each # entry in this file from top to bottom. The first entry that # matches will be used, and the Envelope To will be rewritten. # # Separate multiple entries with commas. # # Global aliases should appear before the first domain # context. For example: # # [email protected]: [email protected] AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 673 # [email protected]: [email protected] # # This alias has no implied domain because it appears # before a domain context: # # [email protected]: [email protected] # # The following aliases apply to recipients @ironport.com and # any subdomain within .example.com because the domain context # is specified. # # Email to [email protected] or [email protected] will # be delivered to [email protected]. # # Similarly, email to [email protected] will be # delivered to [email protected] # # [ironport.com, .example.com] # # joe, fred: [email protected] # # In this example, email to partygoers will be sent to # three addresses: # # partygoers: [email protected], [email protected], [email protected] # # In this example, mail to [email protected] will be delivered to # [email protected]. Note that mail to [email protected] will # NOT be processed by the alias table because the domain context # overrides the previous domain context. # # [example.com] AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 674 aliasconfig # # help: [email protected] # # In this example, mail to [email protected] is dropped. # # [email protected]: /dev/null # # "Chains" may be created, but they must end in an email address. # For example, email to "all" will be sent to 9 addresses: # # [example.com] # # all: sales, marketing, engineering # sales: [email protected], [email protected], [email protected] # marketing:[email protected], advertising # engineering:[email protected], [email protected], [email protected] # advertising:[email protected], [email protected] aliasconfig aliasconfig . example.com . [email protected] [email protected], [email protected] [email protected] customercare . admin [email protected] admin . . admin example.com . mail3.example.com> aliasconfig No aliases in table. Choose the operation you want to perform: - NEW - Create a new entry. - IMPORT - Import aliases from a file. []> new How do you want your aliases to apply? 1. Globally AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 675 aliasconfig 2. Add a new domain context [1]> 2 Enter new domain context. Separate multiple domains with commas. Partial domains such as .example.com are allowed. []> example.com Enter the alias(es) to match on. Separate multiple aliases with commas. Allowed aliases: - "user" - This user in this domain context. - "user@domain" - This email address. []> customercare Enter address(es) for "customercare". Separate multiple addresses with commas. []> [email protected], [email protected], [email protected] Adding alias customercare: [email protected],[email protected],[email protected] Do you want to add another alias? [N]> n There are currently 1 mappings defined. Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display the table. - IMPORT - Import aliases from a file. - EXPORT - Export table to a file. - CLEAR - Clear the table. []> new How do you want your aliases to apply? 1. Globally 2. Add a new domain context AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 676 aliasconfig 3. example.com [1]> 1 Enter the alias(es) to match on. Separate multiple aliases with commas. Allowed aliases: - "user@domain" - This email address. - "user" - This user for any domain - "@domain" - All users in this domain. - "@.partialdomain" - All users in this domain, or any of its sub domains. []> admin Enter address(es) for "admin". Separate multiple addresses with commas. []> [email protected] Adding alias admin: [email protected] Do you want to add another alias? [N]> n There are currently 2 mappings defined. Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display the table. - IMPORT - Import aliases from a file. - EXPORT - Export table to a file. - CLEAR - Clear the table. []> print admin: [email protected] [ example.com ] customercare: [email protected], [email protected], [email protected] There are currently 2 mappings defined. Choose the operation you want to perform: - NEW - Create a new entry. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 677 - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display the table. - IMPORT - Import aliases from a file. - EXPORT - Export table to a file. - CLEAR - Clear the table. []> (Email Gateway) . 48: Masquerading() Envelope Sender( )( MAIL FROM ) To:, From:, / CC: . " ". "" " ". . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 678 altsrchost . , LDAP , LDAP . " " . To:, From:, CC: . . · · LDAP . Unix sendmail /etc/mail/genericstable . LDAP LDAP , 735 . · altsrchost, 679 altsrchost , "". CLI altscrchost ( ) altsrchost . Virtual GatewayTM , 718 : , 730 . · , 679 · , 681 · , 681 · , 681 listenerconfig edit -> masquerade . . , 681 . , . LDAP LDAP , 735 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 679 . 54: LHS(Left-hand Side) RHS(Right-hand Side) ( / / ) . LHS(Left-hand Side) RHS(Right-hand Side) username username@domain . LHS(Left-hand Side) RHS(Right-hand Side) . RHS(Right-hand Side) . user@domain username@domain . LHS(Left-hand Side) RHS(Right-hand Side) . RHS(Right-hand Side) . @domain @domain . LHS(Left-hand Side) RHS(Right-hand Side) . @.partialdomain @domain . LHS(Left-hand Side) RHS(Right-hand Side) . ALL @domain ALL (bare) RHS(Right-hand Side) . RHS(Right-hand Side) "@" . . ALL . · . · From:, To: CC: . . config . · (#) . # . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 680 · new , 400,000 . # sample Masquerading file @.example.com @example.com # Hides local subdomains in the header sales [email protected] @techsupport [email protected] user@localdomain [email protected] ALL @bigsender.com sendmail /etc/mail/genericstable . genericstable FTP, SSH SCP , 1199 . genericstable configuration , masquerade import . . listenerconfig -> edit -> listener_number -> masquerade -> import export . configuration . CLI . import . (: right-hand side left-hand side) CLI . . genericstable commit . listenerconfig masquerade PrivateNet "OutboundMail" . , LDAP . (LDAP LDAP , 735 .) , .example.com example.com @.example.com @example.com . joe [email protected] . masquerade.txt . config CC: , . mail3.example.com> listenerconfig AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 681 Currently configured listeners: 1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public 2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> edit Enter the name or number of the listener you wish to edit. []> 2 Name: OutboundMail Type: Private Interface: PrivateNet (192.168.1.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 600 (TCP Queue: 50) Domain Map: Disabled TLS: No SMTP Authentication: Disabled Bounce Profile: Default Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 682 - LDAPACCEPT - Configure an LDAP query to determine whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure an LDAP query to reroute messages. - LDAPGROUP - Configure an LDAP query to determine whether a sender or recipient is in a specified group. - SMTPAUTH - Configure an SMTP authentication. []> masquerade Do you want to use LDAP for masquerading? [N]> n Domain Masquerading Table There are currently 0 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> new Enter the source address or domain to masquerade. Usernames like "joe" are allowed. Full addresses like "[email protected]" are allowed. Full addresses with subdomain wildcards such as "[email protected]" are allowed. Domains like @example.com and @.example.com are allowed. Hosts like @training and @.sales are allowed. []> @.example.com Enter the masqueraded address or domain. Domains like @example.com are allowed. Full addresses such as [email protected] are allowed. []> @example.com Entry mapping @.example.com to @example.com created. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 683 Domain Masquerading Table There are currently 1 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> new Enter the source address or domain to masquerade. Usernames like "joe" are allowed. Full addresses like "[email protected]" are allowed. Full addresses with subdomain wildcards such as "[email protected]" are allowed. Domains like @example.com and @.example.com are allowed. Hosts like @training and @.sales are allowed. []> joe Enter the masqueraded address. Only full addresses such as [email protected] are allowed. []> [email protected] Entry mapping joe to [email protected] created. Domain Masquerading Table There are currently 2 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 684 - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> print @.example.com @example.com joe [email protected] Domain Masquerading Table There are currently 2 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> export Enter a name for the exported file: []> masquerade.txt Export completed. Domain Masquerading Table There are currently 2 entries. Masqueraded headers: To, From, Cc Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 685 []> config Do you wish to masquerade Envelope Sender? [N]> y Do you wish to masquerade From headers? [Y]> y Do you wish to masquerade To headers? [Y]> y Do you wish to masquerade CC headers? [Y]> n Do you wish to masquerade Reply-To headers? [Y]> n Domain Masquerading Table There are currently 2 entries. - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import all entries from a file. - EXPORT - Export all entries to a file. - CONFIG - Configure masqueraded headers. - CLEAR - Remove all entries. []> Name: OutboundMail Type: Private Interface: PrivateNet (192.168.1.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 600 (TCP Queue: 50) Domain Map: Disabled TLS: No SMTP Authentication: Disabled Bounce Profile: Default AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 686 Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings. - LDAPACCEPT - Configure an LDAP query to determine whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure an LDAP query to reroute messages. - LDAPGROUP - Configure an LDAP query to determine whether a sender or recipient is in a specified group. - SMTPAUTH - Configure an SMTP authentication. []> Currently configured listeners: 1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public 2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> ( Enterprise Gateway) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 687 49: " " . . . sendmail " " Postfix " " . "To:" . RAT . " " . . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 688 20,000 . 55: Left Side Right Side [email protected] [email protected] [email protected] [email protected] @example.com [email protected] @example.net @.example.com [email protected] @example.net Right Side "InboundMail" listenerconfig domainmap . oldcompanyname.com example.com . . RAT . [email protected] [email protected] . oldcompanyname.com RAT [email protected] . . , " @domain" " @newdomain" . mail3.example.com> listenerconfig Currently configured listeners: 1. Inboundmail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public 2. Outboundmail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> edit Enter the name or number of the listener you wish to edit. []> 1 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 689 Name: InboundMail Type: Public Interface: PublicNet (192.168.2.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 1000 (TCP Queue: 50) Domain Map: Disabled TLS: No SMTP Authentication: Disabled Bounce Profile: Default Use SenderBase For Reputation Filters and IP Profiling: Yes Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - RCPTACCESS - Modify the Recipient Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings. []> domainmap Domain Map Table There are currently 0 Domain Mappings. Domain Mapping is: disabled Choose the operation you want to perform: - NEW - Create a new entry. - IMPORT - Import domain mappings from a file. []> new AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 690 Enter the original domain for this entry. Domains such as "@example.com" are allowed. Partial hostnames such as "@.example.com" are allowed. Email addresses such as "[email protected]" and "[email protected]" are also allowed. []> @.oldcompanyname.com Enter the new domain for this entry. The new domain may be a fully qualified such as "@example.domain.com" or a complete email address such as "[email protected]" []> @example.com Domain Map Table There are currently 1 Domain Mappings. Domain Mapping is: enabled Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display all domain mappings. - IMPORT - Import domain mappings from a file. - EXPORT - Export domain mappings to a file. - CLEAR - Clear all domain mappings. []> print @.oldcompanyname.com --> @example.com Domain Map Table There are currently 1 Domain Mappings. Domain Mapping is: enabled Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display all domain mappings. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 691 - IMPORT - Import domain mappings from a file. - EXPORT - Export domain mappings to a file. - CLEAR - Clear all domain mappings. []> Name: InboundMail Type: Public Interface: PublicNet (192.168.2.1/24) TCP Port 25 Protocol: SMTP Default Domain: Max Concurrency: 1000 (TCP Queue: 50) Domain Map: Enabled TLS: No SMTP Authentication: Disabled Bounce Profile: Default Use SenderBase For Reputation Filters and IP Profiling: Yes Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - RCPTACCESS - Modify the Recipient Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings. []> · , 693 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 692 FTP, SSH SCP , 1199 . . ( ) . (#) . configuration , domain import . . listenerconfig -> edit -> inejctor_number -> domainmap -> import export . configuration . CLI . import . (: right-hand side left-hand side) CLI . . commit . ( Enterprise Gateway) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 693 50: . . . ( , 703 ). · , 695 · , 701 · , 702 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 694 " " . "" : SMTP . . . . (: SMTP 4XX .) . . . (: SMTP 5XX .) ""( "") : , . . . . (: SMTP 4XX .) . . . (: SMTP 5XX .) AsyncOS GUI Network() Bounce Profiles( ) ( bounceconfig ) . Network() > Listeners() ( listenerconfig ) . . ( , 137 .) · , 695 · , 696 · status , 699 · SMTP , 700 · , 700 · , 700 · , 701 · , 701 · , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 695 Bounce Profiles( ) bounceconfig . ( , 696 .) · . Envelope Sender( ) . Envelope Sender( ) Envelope From . , . ("" .) · ( ) . . 56: Maximum number , of retries( . ) 100. Maximum number , of seconds in queue( . 259,200(72), ) Initial number of seconds to wait . 60. before retrying a . , message( . ) Maximum number of seconds to wait . 3,600(1). before retrying a , message( . . , . ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 696 . . DSN (RFC 1894) . ( ) . , , . Notification Template( ) Add Row( ) . (Default() Message Language( )) . . . · . · Cisco Email Security Appliance . · . · ( ) 50 . ( , ) . DSN . "Yes()" DSN (RFC 3436) , Status() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 697 Send Delay Warning Messages( ) . ( ) . , , . Notification Template( ) Add Row( ) . (Default() Message Language( )) . . . · . · Cisco Email Security Appliance . · . · ( ) 50 . ( , ) . . Specify Recipient Envelope Sender( ) for Bounces( . ) Use DomainKeys DomainKeys . signing for bounce DomainKeys DomainKeys DKIM , 572 and delay . messages( DomainKeys ) Bounce Profiles( ) Edit Global Settings( ) CLI bounceconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 698 status Initial number of seconds to wait before retrying an . 60. unreachable host( ) Max interval allowed between retries to an unreachable host( . 3,600(1). , ( ) . ) status status status detail . Counters: Reset Uptime Lifetime Receiving Messages Received 0 0 0 Recipients Received 0 0 0 Gen. Bounce Recipients 0 0 0 "CLI " . . Envelope Sender( ) From: . AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 699 SMTP SMTP SMTP SMTP . SMTP . , SMTP . . 57: 1: Max number of retries( ) 2 Max number of seconds in queue( ) 259,200(72) Initial number of seconds before retrying( ) 60 Max number of seconds to wait before retrying( 60 ) 1 t=0 . 60 1 t=60 . , 60 . t=120 . 2 . 58: 2: Max number of retries( ) 100 Max number of seconds in queue( ) 100 Initial number of seconds before retrying( ) 60 Max number of seconds to wait before retrying( ) 120 2 t=0, t=60 . (t=120 ) . 100 . DSN(Delivery Status Notification) . DSN RFC 1894(see http://www.faqs.org/rfcs/rfc1894.html ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 700 , " MTA(message transfer agent) MIME content-type ." , 10k . 10k . 10k . DSN 10k ( ) bounceconfig max_bounce_copy ( CLI ). ( ) DSN . / Network() Bounce Profiles( ) ( bounceconfig ) . · · "Maximum Time in Queue( )" "Send Delay Warning Messages( )" . Systems . 15 . Bounce Profiles( ) bouncepr1 . , [email protected] . . , 4(14400) . · , 701 · Minimalist , 702 Bounce Profiles( ) . . maximum number of seconds to wait before retrying unreachable hosts( ()) 3600(1) 10800(3) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 701 Minimalist Minimalist minimalist . ( 0), . , . Network() > Listeners() listenerconfig . OutgoingMail bouncepr1 . . 51: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 702 . AsyncOS . Destination Controls( ) (GUI Mail Policies( ) > Destination Controls( ) CLI destconfig ) . · , 703 · TLS, 703 · , 703 · , 703 TLS · Concurrent Connections( ): . · Maximum Messages Per Connection( ): . · Recipients(): . · Limits(): MGA . · TLS , (TLS , 707 ). · TLS TLS . . · TLS TLS . · ( , 711 ). · ( Network() > Bounce Profiles( ) ). . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 703 · , 704 · , 704 · , 704 deliveryconfig (alt-src-host) , AsyncOS . "auto" AsyncOS . , IP . Network() > Interfaces() interfaceconfig ( ) . . . (Network() > Routing() setgateway ). IP . . AsyncOS IP IP . Network() > Routing() ( routeconfig command) . . . . Destination Controls( ) . Destination Controls( ) "" . Destination Control( ) GUI Policies() > Destination Controls( ) CLI destconfig . · , 705 · , , 705 · TLS , 707 · , 707 · , 707 · , 707 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 704 · , 708 · CLI, 711 . Email Security Appliance IPv4(Internet Protocol version 4) IPv6(Internet Protocol version 6) . . Pv4 IPv6 "Required()" . IP . Pv4 IPv6 "Preferred( )" , . , . , . "good neighbor" Destination Controls( ) (Mail Policies( ) > Destination Controls( ) destconfig - setgoodtable ) . . domain.com .domain.com AsyncOS sample.server.domain.com . , . ( IP . .) . 500 50. . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 705 , 59: . ( .) Maximum Messages Per Connection( ) . Recipients( . "None()" ) . 1 60 . "0" . AsyncOS . . Apply Limits( . ) , . . IP , . . Virtual GatewayTM , 718 . , . 4 yahoo.com 100 25 . delivernow ( ) destconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 706 TLS TLS TLS(Transport Layer Security) . "Required()" TLS MTA . . TLS , 654 . TLS TLS . TLS . Warning() . GUI System Administration( ) > Alerts() ( CLI alertconfig ) . TLS Destination Controls( ) Edit Global Settings( ) destconfig -> setup . . Monitor( ) > Message Tracking( ) . TLS . Destination Controls( ) Edit Global Settings( ) destconfig -> setup . , 646 . " " . . . Cisco . , 711 . . destconfig . . , 701 . 1 Add Destination( ) . 2 . 3 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 707 . Windows INI . . example.com [example.com] . . [DEFAULT] . , [DEFAULT] , . . . bounce_profile [DEFAULT] . 60: ip_sort_pref . . · "IPv6 Preferred" PREFER_V6 · "IPv6 Required" REQUIRE_v6 · "IPv4 Preferred" PREFER_V4 · "IPv4 Required" REQUIRE_v4 max_host_concurrency . limit_type limit_apply . max_messages_per_connection . recipient_minutes 1 60 . . recipient_limit . . recipient_minutes, limit_type limit_apply . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 708 limit_type MX IP . . · 0( host) · MX IP 1( MXIP) limit_apply . . · 0( system) · 1( VG) bounce_validation . . · 0( off) · 1( on) table_tls TLS . TLS , 654 . . · 0( off ) · "Preferred( )" 1( on) · "Required() 2( required) · "Preferred (Verify)( ())" 3( on_verify) · "Required (Verify)(())" 4( require_verify) / . bounce_profile . [DEFAULT] . send_tls_req_alert TLS . . · 0( off) · 1( on) [DEFAULT] . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 709 certificate TLS . [DEFAULT] . AsyncOS . . example1.com example2.com . [DEFAULT] ip_sort_pref = PREFER_V6 max_host_concurrency = 500 max_messages_per_connection = 50 recipient_minutes = 60 recipient_limit = 300 limit_type = host limit_apply = VG table_tls = off bounce_validation = 0 send_tls_req_alert = 0 certificate = example.com [example1.com] ip_sort_pref = PREFER_V6 recipient_minutes = 60 recipient_limit = 100 table_tls = require_verify limit_apply = VG bounce_profile = tls_failed limit_type = host [example2.com] table_tls = on bounce_profile = tls_failed example1.com and example2.com . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 710 CLI example1.com IP Address Preference: IPv6 Preferred Maximum messages per connection: 50 Rate Limiting: 500 concurrent connections 100 recipients per 60 minutes Limits applied to entire domain, across all virtual gateways TLS: Required (Verify) Bounce Profile: tls_failed example2.com IP Address Preference: IPv6 Preferred Maximum messages per connection: Default Rate Limiting: Default TLS: Preferred Bounce Profile: tls_failed Destination Controls( ) Import Table( ) destconfig -> import . Destination Controls( ) Export Table( ) destconfig -> export INI . AsyncOS INI [Default] . CLI CLI destconfig . AsyncOS for Cisco Email Security Appliances CLI . "" Envelope Sender( ) Envelope Recipient( ) MTA . ( ) (MAIL FROM: < >) () . . . "" AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 711 : ( ) . ( "Joe Job" ). , ( ) ( ) . " " ( ) . . AsyncOS . , . . ( ) . . . , 694 . · : , 712 · , 714 · , 713 : . MAIL FROM: [email protected] MAIL FROM: [email protected] . 123... " ". Bounce Verification( ) ( Address Tagging , 713 ). , . . . , Destination Controls( ) ( , 704 ). AsyncOS ( DMZ ). · , 713 · Address Tagging , 713 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 712 . . . ( ) . , 715 . , , 7 . . Fri Jul 21 16:02:19 2006 Info: Start MID 26603 ICID 125192 Fri Jul 21 16:02:19 2006 Info: MID 26603 ICID 125192 From: <> Fri Jul 21 16:02:40 2006 Info: MID 26603 ICID 125192 invalid bounce, rcpt address <[email protected]> rejected by bounce verification. Fri Jul 21 16:03:51 2006 Info: Message aborted MID 26603 Receiving aborted by sender Fri Jul 21 16:03:51 2006 Info: Message finished MID 26603 aborted (: Exchange) . AsyncOS null Mail From (<>) . AsyncOS . AsyncOS 7 . Address Tagging . . , . 7. 7 . 7 . AsyncOS HAT . "No()". , , Mail Policies( ) > Bounce Verification( ) . "Yes()" . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 713 . . ( ). 1 . . 2 ( ), "Accept()" Consider Untagged Bounces to be Valid( ) . 1 . , 714 . 2 . , 715 . 3 . , 704 . · , 714 · , 715 · CLI , 715 · , 715 . . 1 Mail Policies( ) > Bounce Verification( ) New Key( ) . 2 Submit() . 3 Commit(). · , 715 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 714 Purge() . . 1 Mail Policies( ) > Bounce Verification( ) . 2 Edit Settings( ) . 3 , . . 4 , . ( ). 5 . CLI CLI bvconfig destconfig . AsyncOS for Cisco Email Security Appliances CLI . " " . . / . deliveryconfig . (SMTP QMQP) . SMTP . deliveryconfig . . " IP " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 715 IP · IP , 716 · Possible Delivery( ) , 716 · , 716 · deliveryconfig , 717 IP IP IP . IP IP . AsyncOS SMTP HELO . IP interfaceconfig . Auto() . · . · auto-select routeconfig . · . IP . Possible Delivery( ) . RFC 5321 . http://tools.ietf.org/html/ rfc5321#section-6.1. . Possible Delivery( ) AsyncOS , "possible delivery( )" . . AsyncOS . . ( 10,000.) ( 600, 1,000). . , DoS(Denial of Service) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 716 deliveryconfig deliveryconfig deliveryconfig "Possible Delivery( )" "Auto()" . 9,000 . mail3.example.com> deliveryconfig Choose the operation you want to perform: - SETUP - Configure mail delivery. []> setup Choose the default interface to deliver mail. 1. Auto 2. PublicNet2 (192.168.3.1/24: mail4.example.com) 3. Management (192.168.42.42/24: mail3.example.com) 4. PrivateNet (192.168.1.1/24: mail3.example.com) 5. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Enable "Possible Delivery" (recommended)? [Y]> y Please enter the default system wide maximum outbound message delivery concurrency [10000]> 9000 mail3.example.com> . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 717 Virtual GatewayTM 52: Virtual GatewayTM Cisco Virtual GatewayTM , , . Cisco ( IP , ), ( ). Email Security Appliance 255. · , 719 · , 719 · , 726 · , 726 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 718 Cisco . . IP , . IP , . SMTP HELO . ISP(Internet Service Provider) DNS , IP . ISP DNS . DNS IP IP , ISP . Cisco DNS IP , . . . ( ) . , . Cisco IP . ( " IP " .) IP DNS . DNS DNS IP/ . · IP , 719 · IP , 722 · altsrchost , 723 · altsrchost , 723 · altsrchost , 723 · CLI altsrchost , 724 IP IP GUI Network( ) > IP Interfaces(IP ) CLI interfaceconfig IP/ IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 719 IP IP IP . "" . IP IP . · altsrchost IP IP ( ) . · , IP ( ) . ( ) , 218 . ( .) IP " " . , . 53: IP Interfaces(IP ) Management (PrivateNet PublicNet) . 54: IP Interfaces(IP ) Data2 PublicNet2 Add IP Interface(IP ) . IP 192.168.2.2 mail4.example.com . FTP( 21) SSH( 22) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 720 IP 55: Add IP Interface(IP ) . 56: . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 721 IP 57: IP , . IP altsrchost IP ( ) . . , 137 . altsrchost IP . · IP · IP , IP IP ( ) . AsyncOS IP . IP IP . . . IP IP . : 192.168.1.5 . : [email protected] @ . @ . : username@ AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 722 altsrchost @ . @ . : @example.com altsrchost , . CLI altsrchost . Syntax new . print . delete . altsrchost HAT, RAT, smtproutes, altsrchost . 1 altsrchost export ( ) . 2 CLI . ( FTP, SSH SCP , 1199 .) 3 . altsrchost . 4 , "altsrchost" . ( FTP, SSH SCP , 1199 .) 5 altsrchost import . altsrchost 1,000 altsrchost . altsrchost # Comments to describe the file @example.com DemoInterface paul@ PublicInterface joe@ PublicInterface 192.168.1.5, DemoInterface AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 723 CLI altsrchost [email protected] PublicNet import export IP . , (,) ( ) . (#) . CLI altsrchost altsrchost . . · @exchange.example.com PublicNet . · IP 192.168.35.35 (: ) PublicNe2t . altsrchost . mail3.example.com> altsrchost There are currently no mappings configured. Choose the operation you want to perform: - NEW - Create a new mapping. - IMPORT - Load new mappings from a file. []> new Enter the Envelope From address or client IP address for which you want to set up a Virtual Gateway mapping. Partial addresses such as "@example.com" or "user@" are allowed. []> @exchange.example.com Which interface do you want to send messages for @exchange.example.com from? 1. PublicNet2 (192.168.2.2/24: mail4.example.com) 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail4.example.com) [1]> 4 Mapping for @exchange.example.com on interface PublicNet created. Choose the operation you want to perform: - NEW - Create a new mapping. - EDIT - Modify a mapping. - DELETE - Remove a mapping. - IMPORT - Load new mappings from a file. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 724 CLI altsrchost - EXPORT - Export all mappings to a file. - PRINT - Display all mappings. - CLEAR - Remove all mappings. []> new Enter the Envelope From address or client IP address for which you want to set up a Virtual Gateway mapping. Partial addresses such as "@example.com" or "user@" are allowed. []> 192.168.35.35 Which interface do you want to send messages for 192.168.35.35 from? 1. PublicNet2 (192.168.2.2/24: mail4.example.com) 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail4.example.com) [1]> 1 Mapping for 192.168.35.35 on interface PublicNet2 created. Choose the operation you want to perform: - NEW - Create a new mapping. - EDIT - Modify a mapping. - DELETE - Remove a mapping. - IMPORT - Load new mappings from a file. - EXPORT - Export all mappings to a file. - PRINT - Display all mappings. - CLEAR - Remove all mappings. []> print 1. 192.168.35.35 -> PublicNet2 2. @exchange.example.com -> PublicNet Choose the operation you want to perform: - NEW - Create a new mapping. - EDIT - Modify a mapping. - DELETE - Remove a mapping. - IMPORT - Load new mappings from a file. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 725 - EXPORT - Export all mappings to a file. - PRINT - Display all mappings. - CLEAR - Remove all mappings. []> mail3.example.com> commit Please enter some comments describing your changes: []> Added 2 altsrchost mappings Do you want to save the current configuration for rollback? [Y]> n Changes committed: Fri May 23 11:42:12 2014 GMT . 58: : IP , . hoststatus hostrate . "CLI " " " . hoststatus . . . AsyncOS DNS . resetcounters . . , MX 5XX . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 726 ISP . ISP . destconfig , 703 . "" , 254 IP good neighbor . "" 254 IP , small-isp.com good neighbor 100, 10 . 254 IP 10 . . , IP AsyncOS Global Unsubscribe( ) . unsubscribe , . AsyncOS " " , , IP . , GUS(Global Unsubscribe) . ( , .) GUS . . . 10,000. . 61: [email protected] username@ . . @ . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 727 CLI @example.com @.example.com 10.1.28.12 . @ . . IP IP IP . IP . IP . · CLI , 728 · , 730 CLI [email protected] , . . . mail3.example.com> unsubscribe Global Unsubscribe is enabled. Action: drop. Choose the operation you want to perform: - NEW - Create a new entry. - IMPORT - Import entries from a file. - SETUP - Configure general settings. []> new Enter the unsubscribe key to add. Partial addresses such as "@example.com" or "user@" are allowed, as are IP addresses. Partial hostnames such as "@.example.com" are allowed. []> [email protected] AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 728 CLI Email Address '[email protected]' added. Global Unsubscribe is enabled. Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import entries from a file. - EXPORT - Export all entries to a file. - SETUP - Configure general settings. - CLEAR - Remove all entries. []> setup Do you want to enable the Global Unsubscribe feature? [Y]> y Would you like matching messages to be dropped or bounced? 1. Drop 2. Bounce [1]> 2 Global Unsubscribe is enabled. Action: bounce. Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import entries from a file. - EXPORT - Export all entries to a file. - SETUP - Configure general settings. - CLEAR - Remove all entries. []> mail3.example.com> commit Please enter some comments describing your changes: []> Added username "[email protected]" to global unsubscribe Do you want to save the current configuration for rollback? [Y]> n Changes committed: Fri May 23 11:42:12 2014 GMT AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 729 HAT, RAT, smtproutes, , , altsrchost . 1 unsubscribe export ( ) . 2 CLI . ( FTP, SSH SCP , 1199 .) 3 . . (<CR>, <LF> <CR><LF>). (#) . ([email protected]), (@testdomain.com), (testuser@), IP (11.12.13.14) . # this is an example of the global_unsubscribe.txt file [email protected] @testdomain.com testuser@ 11.12.13.14 4 , configuration . ( FTP, SSH SCP , 1199 .) 5 unsubscribe import . : , . ( ) . - Email Security Appliance : . trace . " : " . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 730 : 62: Email Security Appliance : HAT(Host Access Table) ACCEPT, REJECT, RELAY TCPREFUSE DNS IP TCP TLS: no/preferred/required(/ /) SMTP AUTH: no/preferred/required(/ /) FROM . SenderBase /(IP profiling/) Received Received (on/off). "(bare)" . . Recipient Access Table(RAT) ( ) RCPT TO SMTP (ACCEPT) (REJECT). (throttling) . . ( . aliasconfig listenerconfig .) LDAP LDAP SMTP . LDAP . LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 731 : 63: Email Security Appliance : LDAP LDAP . LDAP . LDAP SMTP . LDAP , LDAP , To:, From: / CC: . LDAP LDAP . LDAP mail-from-group rcpt-to-group . * "" . * . ** . * . . * . AMP(Advanced Malware Protection) Advanced Malware Protection . * . * . * . * . IP IP . 1. . 2. . . , , TLS : no/preferred/required( / /) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 732 : ( ). . , * . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 733 : AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 734 29 LDAP . · LDAP , 735 · LDAP , 745 · , 752 · , 754 · , 755 · LDAP , 756 · , 760 · LDAP , 761 · LDAP , 763 · SMTP AsyncOS , 765 · LDAP , 773 · , 776 · , 778 · DN , 779 · LDAP AsyncOS , 780 · , 780 LDAP LDAP (: Microsoft Active Directory, SunONE Directory Server OpenLDAP ) , LDAP . LDAP . LDAP , , LDAP , LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 735 LDAP LDAP · LDAP , 736 · LDAP AsyncOS , 737 · LDAP Cisco IronPort , 738 · LDAP LDAP , 739 · LDAP , 740 · LDAP , 740 · Microsoft Exchange 5.5 , 743 LDAP LDAP LDAP . · . LDAP ( ) . , 752 . · ( ). LDAP / . , 754 . · . Email Security Appliance SMTP . , 785 . · . ( ) (To:, Reply To:, From: CC: ) (masquerade) . , 755 . · . LDAP . . LDAP . LDAP , 756 . · . . Email Security Appliance , LDAP . · . . , LDAP . , . · . LDAP . SMTP . LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 736 LDAP LDAP AsyncOS . LDAP , 763 . · SMTP . AsyncOS SMTP . SMTP SMTP . ( ) . SMTP AsyncOS , 765 . · . LDAP . LDAP , 773 . · . . , 776 . · . . , 778 . LDAP AsyncOS LDAP , / LDAP . LDAP , . LDAP . 59: LDAP 1. MTA SMTP "A" . 2. System Administration( ) > LDAP ( ldapconfig ) LDAP . 3. LDAP , System Administration( ) > LDAP ( ldapconfig ) . · . · . · From:, To: CC: . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 737 LDAP Cisco IronPort LDAP · rcpt-to-group mail-from-group ( ). LDAP . LDAP . LDAP LDAP AsyncOS , 780 . LDAP Cisco IronPort LDAP AsyncOS , , . 1 LDAP . AsyncOS LDAP . · · DN · LDAP LDAP , 739 . LDAP LDAP AsyncOS . AsyncOS LDAP AsyncOS , 780 . 2 LDAP . LDAP LDAP . LDAP . LDAP LDAP , 736 . LDAP , 745 . 3 LDAP . , LDAP LDAP . LDAP , 740 . AsyncOS LDAP . LDAP , 756 . LDAP . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 738 LDAP LDAP LDAP LDAP LDAP AsyncOS LDAP LDAP LDAP . 1 2 3 System Administration( ) > LDAP Add LDAP Server Profile(LDAP ) . . LDAP . LDAP . . LDAP AsyncOS , 780 . 4 5 6 . . LDAP (Active Directory, OpenLDAP, Unknown Other) . . Active Directory Unknown( )/Other() SSL 3268 SSL 3269. Open LDAP SSL 389 SSL 636. 7 LDAP DN(distinguishing name) . , DN . [email protected]. . uid=joe, ou=marketing, dc=example dc=com 8 LDAP SSL . 9 Advanced() TTL(time-to-live) . . 10 . LDAP . LDAP LDAP . . 11 . LDAP LDAP . 10 3 AsyncOS 10 30 . LDAP LDAP . LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 739 LDAP LDAP 12 Test Server(s)( ) . LDAP . Connection Status( ) . LDAP , 740 . 13 . Accept(), Routing(), Masquerade(), Group( ), SMTP Authentication(SMTP ), External Authentication( ), Spam Quarantine End-User Authentication( ) Spam Quarantine Alias Consolidation( ) . LDAP LDAP . LDAP , 740 . 14 Test Query( ) . Run Test( ) . Connection Status( ) . Update() . LDAP , 740 . LDAP . 15 . , , . LDAP LDAP Add/Edit LDAP Server Profile(LDAP /) Test Server(s)( ) ( CLI ldapconfig test ) . AsyncOS . LDAP AsyncOS . LDAP LDAP LDAP . · LDAP , 741 · LDAP , 741 · LDAP , 742 · LDAP , 743 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 740 LDAP LDAP LDAP LDAP LDAP . 1 System Administration( ) > LDAP Edit Settings( ) . 2 LDAP IP . . 3 LDAP TLS . Network() > Certificates() CLI certconfig TLS . MTA , 645 . 4 LDAP . 5 . LDAP System Administration( ) > LDAP LDAP , . LDAP 60 ( DNS , , ). AsyncOS ( ). AsyncOS . 60: LDAP (1/2) myldapserver.example.com LDAP "PublicLDAP" . 10( ) , LDAP () . . Queries are directed to port 3268 (the AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 741 LDAP LDAP default). SSL . example.com DN (dc=example,dc=com). TTL(time-to-live) 900, 10000, passphrase . , . / . 61: LDAP (2/2) LDAP "InboundMail" LDAP . , SMTP ( , 752 ). 62: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 742 LDAP LDAP LDAP OutboundMail" LDAP . From, To, CC Reply-To . 63: Microsoft Exchange 5.5 AsyncOS Microsoft Exchange 5.5 . Microsoft Exchange . LDAP ldapconfig -> edit -> server -> compatibility "y" Microsoft Exchange 5.5 (CLI ). mail3.example.com> ldapconfig Current LDAP server configurations: 1. PublicLDAP: (ldapexample.com:389) Choose the operation you want to perform: - NEW - Create a new server configuration. - EDIT - Modify a server configuration. - DELETE - Remove a server configuration. []> edit Enter the name or number of the server configuration you wish to edit. []> 1 Name: PublicLDAP Hostname: ldapexample.com Port 389 Authentication Type: anonymous Base: dc=ldapexample,dc=com Choose the operation you want to perform: - SERVER - Change the server for the query. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 743 Microsoft Exchange 5.5 LDAP - LDAPACCEPT - Configure whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure message routing. - MASQUERADE - Configure domain masquerading. - LDAPGROUP - Configure whether a sender or recipient is in a specified group. - SMTPAUTH - Configure SMTP authentication. []> server Name: PublicLDAP Hostname: ldapexample.com Port 389 Authentication Type: anonymous Base: dc=ldapexample,dc=com Microsoft Exchange 5.5 Compatibility Mode: Disabled Choose the operation you want to perform: - NAME - Change the name of this configuration. - HOSTNAME - Change the hostname used for this query. - PORT - Configure the port. - AUTHTYPE - Choose the authentication type. - BASE - Configure the query base. - COMPATIBILITY - Set LDAP protocol compatibility options. []> compatibility Would you like to enable Microsoft Exchange 5.5 LDAP compatibility mode? (This is not recommended for versions of Microsoft Exchange later than 5.5, or other LDAP servers.) [N]> y Do you want to configure advanced LDAP compatibility settings? (Typically not required) [N]> Name: PublicLDAP Hostname: ldapexample.com Port 389 Authentication Type: anonymous Base: dc=ldapexample,dc=com Microsoft Exchange 5.5 Compatibility Mode: Enabled (attribute "objectClass") Choose the operation you want to perform: - NAME - Change the name of this configuration. - HOSTNAME - Change the hostname used for this query. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 744 LDAP LDAP - PORT - Configure the port. - AUTHTYPE - Choose the authentication type. - BASE - Configure the query base. - COMPATIBILITY - Set LDAP protocol compatibility options. []> LDAP LDAP LDAP . LDAP LDAP . LDAP . · LDAP , 745 · DN(Distinguishing Name), 746 · LDAP , 746 · LDAP(SSL), 747 · , 747 · LDAP , 747 · LDAP , 750 · LDAP , 752 LDAP · . , 752 . · . , 754 . · . , 785 . · . , 755 . · . LDAP , 756 . · . , 760 . · . LDAP , 761 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 745 DN(Distinguishing Name) LDAP · . LDAP , 736 . · SMTP . SMTP AsyncOS , 765 . · . LDAP , 773 . · . , 776 . · . , 778 . . DN(Distinguishing Name) (base) . (base) DN(distinguishing name) . Active Directory DN ( RFC 2247 ) (dc=) DNS . example.com DN dc=example, dc=com . DNS . LDAP . BASE . LDAP BASE NONE . . LDAP LDAP . CN DC / . Cn=First Last,oU=user,dc=domain,DC=COM / , LDAP . mailLocalAddress maillocaladdress . · :, 746 : LDAP . · {a} username@domainname · {d} domainname · {dn} distinguished name · {g} groupname · {u} username · {f} MAIL FROM: address AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 746 LDAP LDAP(SSL) {f} . Active Directory LDAP . (|(mail={a})(proxyAddresses=smtp:{a})) Cisco LDAP Test() ( ldapconfig test ) , LDAP . LDAP , 750 . LDAP(SSL) AsyncOS LDAP SSL . SSL LDAP · AsyncOS CLI certconfig LDAPS ( , 648 ). LDAPS LDAP . · LDAPS AsyncOS . LDAP . . AsyncOS . LDAP LDAP . (, .) Active Directory URL "Microsoft Knowledge Base Article - 320528" . http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B320528 LDAP "user()" . , . · "anonymous()" Microsoft Exchange 2000 . · "anonymous bind( )" Microsoft Exchange 2000 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 747 LDAP · "anonymous bind( )" "anonymous()" Microsoft Exchange 2000 LDAP AsyncOS . "anonymous()" "anonymous bind( )" Microsoft Exchange 2000 . SMTP LDAP . · , 748 · Active Directory , 749 · Active Directory , 750 Microsoft Windows Active Directory Active Directory Exchange 2000 . Active Directory " " Active Directory , 749 . 1 Active Directory . ADSI Edit LDP Active Directory . · · OU CN . . Inheritance OU(Organizational Unit) 2 Active Directory · Windows 2000 Support Tools ADSIEdit . · Domain Naming Context( ) . LDAP . · Domain Naming Context( ) Properties() . · Security() . · Advanced() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 748 LDAP Active Directory · Add() . · User Object( ) Everyone OK() . · Permission Type( ) . · Apply onto( ) Inheritance() . · Permission() Allow() . 3 Cisco Messaging Gateway CLI(Command Line Interface) ldapconfig LDAP . · Active Directory Exchange · 3268 · DN · Active Directory Microsoft Windows Active Directory Active Directory Exchange 2000 . Active Directory anonymous . Active Directory . 1 Active Directory . ADSI Edit LDP Active Directory . · · OU CN . . Inheritance ANONYMOUS LOGON ANONYMOUS LOGON OU(Organizational Unit) ANONYMOUS LOGON ANONYMOUS LOGON 2 Active Directory AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 749 Active Directory LDAP · Windows 2000 Support Tools ADSIEdit . · Domain Naming Context( ) . LDAP . · Domain Naming Context( ) Properties() . · Security() . · Advanced() . · Add() . · User Object( ) ANONYMOUS LOGON OK() . · Permission Type( ) . · Apply onto( ) Inheritance() . · Permission() Allow() . 3 Cisco Messaging Gateway System Administration( ) > LDAP ( CLI ldapconfig) LDAP . · Active Directory Exchange · 3268 · DN · cn=anonymous Active Directory · Active Directory 3268 389 LDAP . 3268. · Active Directory 636 3269 LDAPS . Microsoft Windows Server 2003 LDAPS . · (base) , . · Active Directory "Everyone" . . · Active Directory mail "ProxyAddresses" . · Microsoft Exchange MTA . LDAP LDAP Add/Edit LDAP Server Profile(LDAP /) Test Query( ) ( CLI test ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 750 LDAP LDAP . AsyncOS . . ldaptest . . ldaptest LDAP.ldapaccept [email protected] LDAP Host Name( ) , LDAP . 64: LDAP (PASS)... (FAIL)... (Accept, ldapaccept) . : . DHAP: Drop. . (Routing, ldaprouting) . (Masquerade, masquerade) . . (Group, ldapgroup) true" false" . . SMTP (SMTP Authentication, smtpauth) LDAP . SMTP . SMTP . . (externalauth) , , "match positive" . "match negative" . "match (isqauth) positive" . . . (isqalias) . . / , LDAP . mailLocalAddress maillocaladdress . Systems ldapconfig test , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 751 LDAP LDAP LDAP LDAP . · Error: LDAP authentication failed: <LDAP Error "invalidCredentials" [0x31]> · Error: Server unreachable: unable to connect · Error: Server unreachable: DNS lookup failure . LDAP 3268 389 . Active Directory 3268 ( " " ). AsyncOS 4.0 SSL LDAP ( 636) . LDAP(SSL), 747 . . LDAP Add/Edit LDAP Server Profile(LDAP /) Test Server(s)( )( CLI ldapconfig test ) . LDAP , 740 . LDAP : · LDAP Accept(), Masquerading() Routing() . · LDAP Accept() ( ) , false . LDAP ( ) . . . (: [email protected]) LDAP . RAT(Recipient Access Table) . " " . · , 753 · Lotus Notes , 753 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 752 LDAP . 65: LDAP LDAP : : OpenLDAP (mailLocalAddress={a}) (mail={a}) (mailAlternateAddress={a}) Microsoft Active Directory Address Book (|(mail={a})(proxyAddresses=smtp:{a})) Microsoft Exchange SunONE Directory Server (mail={a}) (mailAlternateAddress={a}) (mailEquivalentAddress={a}) (mailForwardingAddress={a}) (mailRoutingAddress={a}) Lotus NotesLotus Domino (|(|(mail={a})(uid={u}))(cn={u})) (|(ShortName={u})(InternetAddress={a})(FullName={u})) (Left Hand Side). . Accept() (uid={u}) . Lotus Notes LDAPACCEPT Lotus Notes . Notes LDAP [email protected] cn=Joe User uid=juser cn=123456 location=New Jersey AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 753 LDAP Lotus LDAP "[email protected]" , . AsyncOS . . Lotus Notes . AsyncOS ( LDAP ). AsyncOS (: [email protected] [email protected] [email protected] ). . · , 754 66: LDAP LDAP : : OpenLDAP (mailLocalAddress={a}) Microsoft Active Directory Address Book Microsoft Exchange SunONE Directory Server (mail={a}) (mailForwardingAddress={a}) (mailEquivalentAddress={a}) (mailRoutingAddress={a}) (otherMailbox={a}) (rfc822Mailbox={a}) Active Directory proxyAddresses AD smtp:[email protected] , LDAP / . attribute:value . Microsoft Exchange MTA . · : MAILHOST MAILROUTINGADDRESS, 755 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 754 LDAP : MAILHOST MAILROUTINGADDRESS : MAILHOST MAILROUTINGADDRESS Routing() MAILHOST IP , . DNSconfig . MAILHOST . MAILHOST MAILROUTINGADDRESS . Masquerading() Envelope Sender( )( MAIL FROM ) To:, From:, / CC: . " ". "" " ". · , 755 · " " , 755 67: LDAP LDAP : : Masquerade OpenLDAP (mailRoutingAddress={a}) Microsoft Active Directory Address Book (proxyaddresses=smtp:{a}) SunONE Directory Server (mail={a}) (mailAlternateAddress={a}) (mailEquivalentAddress={a}) (mailForwardingAddress={a}) (mailRoutingAddress={a}) " " LDAP " " . (: , ) , AsyncOS ( ) (To:, Reply To:, From:, CC: ) " " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 755 LDAP LDAP LDAP LDAP . user@domain ( ). LDAP , LDAP (0 ) . LDAP (LDAP ldapconfig ) "y" . Do you want the results of the returned attribute to replace the entire friendly portion of the original recipient? [N] LDAP . mailRoutingAddress admin\@example.com mailLocalAddress joe.smith\@example.com mailFriendlyAddress "Administrator for example.com," <joe.smith\@example.com> (mailRoutingAddress={a}) LDAP (mailLocalAddress) . (From, To, CC, Reply-to) [email protected] From: "Administrator for example.com," <[email protected]> MAIL FROM: <[email protected]> LDAP LDAP LDAP . 1 rcpt-to-group mail-from-group . 2 System Administration( ) > LDAP ( ldapconfig ) , LDAP . 3 Network() > Listeners() ( listenerconfig -> edit -> ldapgroup ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 756 LDAP · , 757 · , 757 68: LDAP LDAP : : OpenLDAP Microsoft Active Directory SunONE Directory Server OpenLDAP memberOf . LDAP . (&(memberOf={g})(proxyAddresses=smtp:{a})) (&(memberOf={g})(mailLocalAddress={a})) LDAP "Marketing" ou=Marketing . . 1 , 2 3 LDAP . Marketing (LDAP "Marketing" ) marketingfolks.example.com . 1 . mail-from-group . LDAP "marketing-group1" ( alt-mailhost ) . (groupName) 2 . "groupName" marketing-group1 . mail3.example.com> filters Choose the operation you want to perform: - NEW - Create a new filter. - IMPORT - Import a filter script from a file. []> new Enter filter script. Enter '.' on its own line to end. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 757 LDAP MarketingGroupfilter: if (mail-from-group == "marketing-group1") { alt-mailhost ('marketingfolks.example.com');} . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file. - EXPORT - Export filters to a file - MOVE - Move a filter to a different position. - SET - Set a filter attribute. - LIST - List the filters. - DETAIL - Get detailed information on the filters. - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> mail-from-group rcpt-to-group , 138 . 2 Add LDAP Server Profile(LDAP ) LDAP , . 3 "InboundMail" LDAP . LDAP Edit Listener( ) . , LDAP . System Administration( ) > LDAP PublicLDAP2.group . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 758 LDAP 64: : 4 . : . IT . LDAP DN . DN . cn=IT, ou=groups, o=sample.com LDAP . (&(memberOf={g})(proxyAddresses=smtp:{a})) , . IT LDAP . []> - NEW - Create a new filter. - IMPORT - Import a filter script from a file. []> new Enter filter script. Enter '.' on its own line to end. IT_Group_Filter: if (rcpt-to-group == "cn=IT, ou=groups, o=sample.com"){ skip-spamcheck(); AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 759 LDAP skip-viruscheck(); deliver(); } . 1 filters added. rcpt-to-group DN (cn=IT, ou=groups, o=sample.com). LDAP . LDAP . IT . LDAP LDAP LDAP LDAP . , , LDAP . LDAP LDAP . "MyCompany" "HisCompany" "HerCompany" . MyCompany MyCompany.example.com HisCompany.example.com HerCompany.example.com , LDAP . MyCompany . MyCompany.example.com Mycompany.example.com, HisCompany.example.com HerCompany.example.com . 1 . (, ). LDAP LDAP , 739 . 2 . , Envelope To . , 761 . 3 . " " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 760 LDAP LDAP . . · , 761 System Administration( ) > LDAP > LDAP Server Profiles(LDAP ) . 1 2 3 4 LDAP Server Profiles(LDAP ) Advanced() . Add Domain Assignments( ) . . . . . 5 Domain Assignments( ) . 6 . 7 . 8 . None( ) . 9 Test Query( ) Test Parameters( ) . Connection Status( ) . 10 , {f} . . 11 . LDAP LDAP . LDAP ( "" ) "" . , . LDAP ( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 761 LDAP . maillocaladdress mail . . 1 . . LDAP LDAP , 739 . 2 . , 762 . 3 . " " . LDAP . . · , 762 System Administration( ) > LDAP > LDAP Server Profiles(LDAP ) . 1 LDAP Server Profiles(LDAP ) Advanced() . 2 Add Chain Query( ) . 3 . 4 . . . 5 . . . 6 Test Query( ) Test Parameters( ) . Connection Status( ) . 7 , {f} . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 762 LDAP LDAP 8 . LDAP , . "" . Email Security Appliance LDAP DHA(Directory Harvest Attack) . SMTP LDAP . · SMTP , 763 · , 764 SMTP RAT(Recipient Access Table) SMTP LDAP DHA . SMTP LDAP LDAP . SMTP LDAP . 65: SMTP LDAP LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 763 66: SMTP LDAP DHAP(Directory Harvest Attack Prevention) . · Max. Invalid Recipients Per hour( ). . RAT SMTP LDAP . 5 , 2 RAT 3 LDAP . . 25. . "Unlimited()" DHAP . · Drop Connection if DHAP Threshold is reached within an SMTP conversation(SMTP DHAP ). DHAP(Directory Harvest Attack Prevention) . · Max. Recipients Per Hour Code( ). . 550. · Max. Recipients Per Hour Text( ). . "Too many invalid recipients( )". , . RAT(Recipient Access Table) LDAP DHA . SMTP . ( LDAP .) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 764 LDAP · , 765 LDAP (LDAP . LDAP , . IP . DHA . . LDAP: Potential Directory Harvest Attack from host=('IP-address', 'domain_name '), dhap_limit=n, sender_group=sender_group, listener=listener_name, reverse_dns=(reverse_IP_address, 'domain_name ', 1), sender=envelope_sender, rcpt=envelope_recipients , . AsyncOS . HAT (HAT ). CLI listenerconfig . LDAP , GUI . DHAP . 25. . "Unlimited()" DHAP . SMTP AsyncOS AsyncOS SMTP . SMTP SMTP . ( ) . MUA(Mail User Agent) (challenge/response) . SMTP . . AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 765 SMTP LDAP · LDAP . · SMTP (SMTP SMTP ) . 67: SMTP : LDAP SMTP SMTP smtpauthconfig HAT SMTP ( SMTP , 769 ). · SMTP , 766 · SMTP , 767 · SMTP SMTP ( SMTP ), 768 · LDAP SMTP , 769 · SMTP , 772 · SMTP , 772 · SMTP , 773 SMTP LDAP , Add/Edit LDAP Server Profile(LDAP /) ( ldapconfig ) SMTPAUTH SMTP . LDAP SMTP SMTPAUTH . SMTP , LDAP bind(LDAP ) passphrase as attribute( ) . LDAP . , , . LDAP LDAP . · , 766 RFC 2307 OpenLDAP (: "{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ="). SHA base64 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 766 LDAP SMTP SASL MUA . MUA (LOGIN, PLAIN, MD5, SHA, SSHA, CRYPT SASL ). LDAP . LDAP . · LDAP . · , MUA / , . RFC 2307 SHA1 MD5 . · LDAP (: OpenWave LDAP ) . LDAP . SMTP SMTP AUTH . SMTP LDAP . SMTP LDAP ( ). SMTP . . SMTP 69: SMTP LDAP . Query String( LDAP ) . Bind(): LDAP ( LDAP ). SMTP . LDAP . ( SMTP ). . LDAP . : SMTP AUTH . LDAP . Active Directory : (&(samaccountname={u})(objectCategory=person)(objectClass=user)) SMTP Auth Passphrase "Authenticate by fetching the password as an attribute( )" Attribute(SMTP . ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 767 SMTP SMTP ( SMTP ) LDAP System Administration( ) > LDAP , SMTPAUTH "PublicLDAP" LDAP . userPassword (uid={u}) . 68: SMTP SMTPAUTH , SMTP . SMTP SMTP ( SMTP ) SMTP SMTP . , SMTP . SMTP . SMTP ( "") " SMTP " . 1 Network() > SMTP Authentication(SMTP ) . 2 Add Profile( ) .. 3 SMTP . 4 Profile Type( ) Forward() . 5 Next() . 6 /IP . . . TLS . SASL (PLAIN LOGIN) . . 7 . 8 . SMTP , 769 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 768 LDAP LDAP SMTP LDAP SMTP System Administration( ) > LDAP LDAP SMTP LDAP SMTP . SMTP . LDAP LDAP , 736 . 1 Network() > SMTP Authentication(SMTP ) . 2 Add Profile( ) . 3 SMTP . 4 Profile Type( ) LDAP . 5 Next() . 6 LDAP . 7 . SHA, Salted SHA, Crypt, Plain MD5 . LDAP 'None()' . LDAP (: OpenWave LDAP ) . LDAP . 8 Finish() . 9 . 10 . SMTP , 769 . · SMTP , 769 SMTP Network() > SMTP Authentication(SMTP ) SMTP SMTP "" (LDAP SMTP ), Network( ) > Listeners() ( listenerconfig ) . RELAY . . SASL CRAM-MD5 DIGEST-MD5 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 769 SMTP HAT LDAP Edit Listener( ) SMTPAUTH "InboundMail" . 69: Edit Listener( ) SMTP , SMTP , Host Access Table . 70: SMTP 1. 2. SMTP SMTP . "No" SMTP . (SMTP Authentication:) "Required" , TLS ( EHLO ) AUTH . · SMTP HAT , 770 · HAT , 771 SMTP HAT SMTP HAT(Host Access Table) . . SUSPECTLIST MTA "suspicious.com" , "suspicious.com's" SMTPAUTH THROTTLE . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 770 LDAP HAT HAT SMTPAUTH "" . SMTPAUTH "RELAY" , RAT(Recipient Access Table) LDAPACCEPT . . , Rate Limiting( ) (throttling) . HAT HAT RELAY . HAT . HAT SMTP . HAT "Reject()" AsyncOS SMTP (RCPT TO) . , AsyncOS . . HAT MTA . HAT . · MAIL FROM . · RCPT TO . · MTA SMTP AUTH RELAY . listenerconfig --> setup CLI . . HAT . example.com> listenerconfig Currently configured listeners: 1. listener1 (on main, 172.22.138.17) QMQP TCP Port 628 Private 2. listener2 (on main, 172.22.138.17) SMTP TCP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> setup Enter the global limit for concurrent connections to be allowed across all listeners. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 771 SMTP LDAP [300]> [...] By default HAT rejected connections will be closed with a banner message at the start of the SMTP conversation. Would you like to do the rejection at the message recipient level instead for more detailed logging of rejected mail? [N]> y Do you want to modify the SMTP RCPT TO reject response in this case? [N]> y Enter the SMTP code to use in the response. 550 is the standard code. [550]> 551 Enter your custom SMTP response. Press Enter on a blank line to finish. Sender rejected due to local mail policy. Contact your mail admin for assistance. SMTP Email Security Appliance Email Security Appliance SMTP . SMTP LDAP . Email Security Appliance SMTP AUTH . SMTP , . SMTP SMTP . '' SMTP SMTP . . SMTP PLAIN LOGIN . 1 SMTP . 1. Network() > SMTP Authentication(SMTP ) . 2. Add Profile( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 772 LDAP SMTP 3. SMTP . 4. Profile Type( ) Outgoing() . 5. Next() . 6. . 7. Finish() . 2 1 SMTP SMPT . 1. Network() > SMTP Routes(SMTP ) . 2. Receiving Domain( ) All Other Domains( ) . 3. SMTP Destination Host( ) . . 4. SMTP . 5. . SMTP SMTP (LDAP , SMTP SMTP ) . · [] SMTP - . . · [] SMTP - . · [] - . · [] (, ) . LDAP LDAP LDAP . LDAP , GUI System Administration( ) > Users() ( CLI userconfig ) . 1 . LDAP LDAP . 2 . . 3 LDAP . LDAP LDAP . " " " " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 773 LDAP LDAP Test Query( ) ( ldaptest ) . LDAP , 750 . · , 774 · , 775 AsyncOS LDAP . AsyncOS . RFC 2307, LDAP (shadowLastChange, shadowMax shadowExpire) . DN . AsyncOS Active Directory . 70: : Active Directory Active Directory DN [ ] ( DN .) (&(objectClass=user)(sAMAccountName={u})) displayName AsyncOS OpenLDAP . 71: : OpenLDAP OpenLDAP DN [ ] ( DN .) (&(objectClass=posixAccount)(uid={u})) gecos AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 774 LDAP AsyncOS . . GUI System Administration( ) > Users() ( CLI userconfig) LDAP . , . IT Administrator Support Help Desk User . LDAP AsyncOS . Operator Help Desk User AsyncOS Help Desk User . LDAP DN, . LDAP , AysncOS . Active Directory (&(objectClass=group)(member={u})). LDAP "memberof" DN {u} {dn} . AsyncOS Active Directory . 72: : Active Directory Active Directory DN [ ] ( DN .) (&(objectClass=group)(member={u})) LDAP memberOf DN {u} {dn} . member ( DN) cn AsyncOS OpenLDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 775 LDAP 73: : OpenLDAP OpenLDAP DN [ ] ( DN .) (&(objectClass=posixGroup)(memberUid={u})) memberUid ( DN) cn . {u} ( ). {a} . LDAP "SMTP:" . AsyncOS . LDAP "Designate as the active query( )" . ( ) . System Administration( ) > LDAP (*) . AsyncOS . · Active Directory: (sAMAccountName={u}) · OpenLDAP: (uid={u}) · : [ ] Active Directory proxyAddresses, OpenLDAP mail. . CLI ldapconfig isqauth . Query String( ) (mail=smtp:{a}) . · Active Directory , 777 · OpenLDAP , 779 · , 884 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 776 LDAP Active Directory Active Directory Active Directory . Active Directory , mail proxyAddresses , Active Directory . 74: LDAP : Active Directory ( ) Active Directory 3268 DN [] [] (sAMAccountName={u}) mail,proxyAddresses OpenLDAP OpenLDAP . OpenLDAP , mail mailLocalAddress , OpenLDAP . 75: LDAP : OpenLDAP Anonymous OpenLDAP 389 DN [ ] ( DN .) [] (uid={u}) mail,mailLocalAddress AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 777 LDAP . [email protected], [email protected] [email protected] . . , Email Attribute( ) . LDAP "Designate as the active query( )" . ( ) . System Administration( ) > LDAP (*) . Active Directory (|(proxyAddresses={a})(proxyAddresses=smtp:{a})) mail. OpenLDAP (mail={a}) mail. , . proxyAddresses mail . CLI ldapconfig isqalias . · Active Directory , 778 · OpenLDAP , 779 Active Directory Active Directory . Active Directory , Active Directory , mail . 76: LDAP : Active Directory Anonymous Active Directory 3268 DN [] SSL AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 778 LDAP OpenLDAP Anonymous ( |(mail={a})(mail=smtp:{a}) ) mail . OU . OpenLDAP OpenLDAP . OpenLDAP , OpenLDAP , mail . 77: LDAP : OpenLDAP Anonymous OpenLDAP 389 DN [ ] ( DN .) SSL (mail={a}) mail . OU . DN Active Directory DN . Active Directory Active Directory DN . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 779 LDAP AsyncOS LDAP 78: LDAP : Active Directory Anonymous Active Directory 3268 DN [] SSL (proxyAddresses=smtp:{a}) . OU . LDAP AsyncOS LDAP LDAP . LDAP , , LDAP . ( .) LDAP LDAP . LDAP . · . LDAP , LDAP LDAP . · . LDAP , LDAP LDAP . System Administration( ) > LDAP CLI ldapconfig LDAP . LDAP Add/Edit LDAP Server Profile(LDAP /) Test Server(s)( ) ( CLI test ) . LDAP AsyncOS . AsyncOS LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 780 LDAP · , 781 · , 782 LDAP LDAP . LDAP (: Unavailable Busy) LDAP . LDAP . LDAP (: Unavailable Busy) LDAP . , . LDAP LDAP . LDAP . . LDAP . LDAP . · LDAP , 781 LDAP LDAP GUI . 1 System Administration( ) > LDAP LDAP . 2 LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 781 LDAP 1 2 LDAP 3 LDAP . LDAP LDAP LDAP . LDAP LDAP . LDAP . . LDAP LDAP . · , 782 1 System Administration( ) > LDAP LDAP . 2 LDAP . 1 2 LDAP 3 LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 782 30 SMTP . · SMTP , 783 · , 785 · LDAP Directory , 786 · TLS SMTP , 786 · TLS , 787 · , 788 SMTP Email Security Appliance Email Security Appliance SMTP . Email Security Appliance . , , . Email Security Appliance TLS SMTP . CAC(Common Access Card) CAC ActivClient Email Security Appliance . Email Security Appliance . SMTP LDAP . (TLS) . · , 784 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 783 SMTP · SMTP LDAP , 784 · LDAP SMTP , 785 79: 1 2 3 4 LDAP . , 785 SMTP . TLS SMTP , 786 SMTP . , 75 TLS, SMTP RELAYED TLS , 787 . SMTP LDAP 80: SMTP LDAP 1 2 3 4 SMTP LDAP Directory , 786 . LDAP SMTP . SMTP AsyncOS , 765 LDAP SMTP LDAP SMTP . , . TLS SMTP RELAYED TLS , 787 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 784 SMTP LDAP SMTP LDAP SMTP 81: LDAP SMTP 1 2 3 4 5 6 SMTP LDAP Directory , 786 . LDAP . , 785 SMTP . TLS SMTP , 786 LDAP SMTP . SMTP AsyncOS , 765 SMTP . , 75 1. RELAYED TLS , 787 . 2. TLS Preferred(TLS ) 3. SMTP authentication required( SMTP ) 4. Require TLS for SMTP authentication(SMTP TLS ) Certificate Authentication LDAP Email Security Appliance SMTP . , ID ( uid), . , CN (&(objectClass-posixAccount)(caccn={cn})(cacserial={sn}) . SMTP . LDAP OpenLDAP, Active Directory Oracle Directory . LDAP LDAP , 735 . 1 System Administration( ) > LDAP . 2 LDAP . LDAP LDAP , 739 . 3 Certificate Authentication Query( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 785 LDAP Directory SMTP 4 . 5 . : (&(objectClass=user)(cn={cn})) 6 sAMAccountName ID . 7 . LDAP Directory SMTP LDAP (Allowance Query String) . Email Security Appliance LDAP . , . . (&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t}))) true . · CAC (caccn=*) · CAC exempt(cacexempt=*) · CAC (cacemergency>={t}) SMTP SMTP AsyncOS , 765 . 1 System Administration( ) > LDAP . 2 LDAP . LDAP LDAP , 739 . 3 LDAP SMTP . 4 SMTP Authentication Query(SMTP ) . 5 . 6 ID . : (uid={u}) 7 LDAP BIND . 8 . : (&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t}))) 9 . TLS SMTP SMTP Email Security Appliance TLS SMTP . LDAP . Email Security Appliance SMTP AUTH . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 786 SMTP TLS LDAP SMTP SMTP AsyncOS , 765 . 1 Network() > SMTP Authentication(SMTP ) . 2 Add Profile( ) . 3 SMTP . 4 Profile Type( ) Certificate() . 5 Next() . 6 . 7 SMTP LDAP . SMTP AUTH . 8 Finish . 9 . TLS RELAYED Verify Client Certificate( ) TLS Email Security Appliance . TLS Preferred(TLS ) , TLS . TLS Required(TLS ) , . SMTP . · TLS - Required(TLS - ) · Verify Client Certificate( ) · Require SMTP Authentication(SMTP ) SMTP Email Security Appliance SMTP LDAP . SMTP SMTP RELAYED . · TLS - Required(TLS - ) · Require SMTP Authentication(SMTP ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 787 SMTP Email Security Appliance LDAP SMTP RELAYED . · TLS - Preferred(TLS - ) · Require SMTP Authentication(SMTP ) · Require TLS to Offer SMTP Authentication(TLS SMTP ) Email Security Appliance ( Certificate Revocation List) . Email Security Appliance . 1 2 Network() > CRL Sources(CRL ) . SMTP TLS CRL . a) Global Settings( ) Edit Settings( ) . b) ( ) Global Settings( ) . · SMTP TLS CRL · SMTP TLS CRL · CRL c) 'CRL check for inbound SMTP TLS( SMTP TLS CRL )', 'CRL check for outbound SMTP TLS( SMTP TLS CRL )' 'CRL Check for Web Interface( CRL )' . d) . 3 Add CRL Source(CRL ) . 4 CRL . 5 . ASN.1 PEM . 6 URL . : https://crl.example.com/certs.crl 7 , URL . 8 CRL . 9 CRL . 10 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 788 SMTP SMTP SMTP 1 System Administration( ) > LDAP LDAP . 2 LDAP . a) . b) . c) . : (&(caccn={cn})(cacserial={sn})) d) uid ID . e) . 3 Network > SMTP Authentication( > SMTP ) Certificate SMTP . a) . b) LDAP . c) SMTP AUTH . d) . 4 Network > Listeners( > ) , SMTP . 5 TLS, SMTP RELAYED . SMTP Email Security Appliance SMTP AUTH . Email Security Appliance . 6 . SMTP AUTH SMTP Email Security Appliance SMTP SMTP AUTH . SMTP AUTH , . 1 System Administration( ) > LDAP LDAP . 2 LDAP SMTP . a) . b) . : (uid={u}) c) LDAP BIND . d) . : (&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t}))). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 789 SMTP AUTH SMTP SMTP e) . 3 Network > SMTP Authentication( > SMTP ) LDAP SMTP . a) . b) SMTP LDAP . c) SMTP AUTH Check with LDAP(LDAP ) , . d) . 4 Network > Listeners( > ) , LDAP SMTP . 5 TLS SMTP RELAYED . 6 . SMTP AUTH SMTP Email Security Appliance , SMTP AUTH . SMTP AUTH . 1 System Administration( ) > LDAP LDAP . 2 SMTP . a) . b) . : (uid={u}) c) LDAP BIND . d) . : (&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t}))). 3 LDAP . a) . b) . c) . : (&(caccn={cn})(cacserial={sn})) d) ID (: uid). e) . 4 Network > SMTP Authentication( > SMTP ) LDAP SMTP . a) . b) SMTP LDAP . c) SMTP AUTH Check with LDAP(LDAP ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 790 SMTP SMTP AUTH SMTP d) SMTP AUTH . . 525, "Dear user, please use your CAC to send email." e) . 5 SMTP . a) . b) LDAP . c) SMTP AUTH . d) LDAP SMTP . e) . 6 Network > Listeners( > ) , SMTP . 7 RELAYED . · TLS · SMTP · SMTP TLS 8 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 791 SMTP AUTH SMTP SMTP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 792 31 . · , 793 · , 794 · , 831 · , 832 · , 835 Email Security Monitor( ) . IP , SenderBase Reputation Service . . , , " " . . · . · SBRS(SenderBase Reputation Score) (, ). , IP . · , , . . · · · · (throttle) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 793 · · · Anti-Spam, 355 , Anti-Virus, 335 . ( ) . GUI , ( , ) . . . AsyncOS . , (Delivery Status Details( ) , 811 ). . · , 794 Cisco Content Security Management Appliance . . . , . Archived Reports( ) . . "Generate Report( )" . Scheduled Reports( ) , . , . "Preview This Report( )" . Quarantines() Monitor() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 794 GUI . " " , , , ""( ) . (SBRS , ). , SenderBase Reputation Service, , , , Outbreak Filter . Printable PDF( PDF) .PDF . PDF , 832 . Export() CSV(comma separated values) . CSV Email Security Appliance GMT . GMT . CSV . . File() > Open() . . CSV , 829 . · My Dashboard( ) , 797 · Overview() , 799 · Incoming Mail( ) , 802 · Outgoing Destinations( ), 809 · Outgoing Senders( ), 809 · Delivery Status( ) , 810 · Internal Users( ) , 811 · DLP Incidents(DLP ) , 813 · Content Filters( ) , 814 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 795 · DMARC Verification(DMARC ) , 815 · Outbreak Filters , 816 · Virus Types( ) , 817 · URL Filtering(URL ) , 818 · Web Interaction Tracking( ) , 819 · , 820 · TLS Connections(TLS ) , 821 · Inbound SMTP Authentication( SMTP ) , 821 · Rate Limits( ) , 822 · System Capacity( ) , 823 · System Status( ) , 826 · High Volume Mail( ) , 828 · Message Filters( ) , 828 · Geo Distribution( ) , 810 . . · IP (IPv4 IPv6) · · · · · · IP · , (: "ex" "example.com" ) . IPv4 , 4 IP . "17" 17.0.0.0~17.255.255.255 , 17.0.0.1 172.0.0.1 . . IP CIDR (17.16.0.0/12) . IPv6 , AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 796 · 2001:db8:2004:4202::0-2001:db8:2004:4202::ff · 2001:db8:2004:4202:: · 2001:db8:2004:4202::23 · 2001:db8:2004:4202::/64 . (Cisco Content Security Management Appliance ). 1 . ( .) Message Tracking( ) . 2 . · , 841 My Dashboard( ) () . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 797 My Dashboard( ) 1. Monitor() > Email or Web( ) > Reporting() > My Dashboard( ) , [X] . 2. . · Monitor() [+] . · Monitor() > Email or Web( ) > Reporting( ) > My Dashboard( ) , [+] , . + Report Module in( +) . 3. . (: , ), . . 4. (: Overview() ) . , . : · . . · . , . 1. Monitor() > Email or Web( ) > Reporting() > My Dashboard( ) . 2. Time Range( ) : My Dashboard( ) . . . . [X] . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 798 Overview() Overview() Overview() Outbreak Filter ( System Overview( ) ) . . . Overview() SenderBase Reputation Service (: ). Overview() . · "" . · , (SBRS) , , , , . · . · TOC(Threat Operations Center) . Overview() System Overview( ) Incoming and Outgoing Mail( ) . · , 799 · , 800 · , 801 · , 802 Overview() System Overview( ) , , . Status() · Status(), 799 · , 800 · , 800 . System Status( ): · · (conservation) · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 799 · · · CLI , 997 . Incoming Messages( ): . Work Queue( ): . System Status( ) System Status Details( ) . 3 , , ( ), . Local Quarantines( ) Local Quarantines( ) . TOC(Threat Operations Center) Outbreak( ) . ( ), Outbreak . Outbreak Filters Outbreak . Threat Level( ) 80 "downloads.ironport.com" . Threat Level( ) . Service Updates( ) . , 945 . TOC(Threat Operations Center) Outbreak Details(Outbreak ) . . Separate Window( ) . . . Outgoing Mail Graphs( ) Mail Summaries( ) . Time Range( ) . Email Security Monitor( ) . ( , 801 ). , . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 800 . · , 801 . example.com 3 . , . . Cisco . Overview and Incoming Mail( ) . · Stopped by Reputation Filtering( ): HAT ( , 801 ) (throttling) · Invalid Recipients( ): LDAP RAT · Spam Messages Detected( ): · Virus Messages Detected( ): . . · Detected by Advanced Malware Protection(AMP ): . . · Messages with Malicious URLs( URL ): URL URL. · Stopped by Content Filter( ): . · Stopped by DMARC(DMARC ): DMARC . · S/MIME Verification/Decryption Failed(S/MIME / ): S/MIME , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 801 · S/MIME Verification/Decryption Successful(S/MIME / ): S/MIME , , . · Clean Messages( ): . (: ) . . · · Marketing Messages( ): (: Amazon.com) . · Social Networking Messages( ): , , . LinkedIn CNET . · Bulk Messages( ): (: TechTarget) . Message Tracking( ) . . . . , , , . Outbreak ( , ), , , . , , . , . , . Incoming Mail( ) Incoming Mail( ) . IP , ( ) . IP , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 802 Incoming Mail( ) Incoming Mail( ) Domain(), IP Address(IP ), Network Owner( ) , . ( IP ) ( ) . . /IP/ Sender Profile( ) . /IP/ Incoming Mail( ) . , . Columns() . , "Detected by Advanced Malware Protection(AMP )" . Incoming Mail( ) Incoming Mail( ), Sender Profiles( ), Sender Group Report( ) . Incoming Mail( ) . · IP , ( ) . · . , 808 . · , , , , . · . · SenderBase Reputation Service IP , . · SenderBase Reputation Service SBRS(SenderBase Reputation Score) . . · . · , IP "Add to Sender Group( )" IP , ( ). , 69 . · Incoming Mail( ), 804 · , 804 · : , 806 · , 808 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 803 Incoming Mail( ) Incoming Mail( ) Incoming Mail( ) . ( , , ) . , 804 . , 804 . 60 , 120 . . , . . 82: GUI 30 90 60 + 5 24 + 60 7 + 30 + 90 + 00:00 ~ 23:59(~11:59 PM) 00:00 23:59 / / Centralized Reporting( ) . Cisco Content(M-Series) Security Management Appliance , 1187 . , Incoming Mail( ) External Domains Received listing( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 804 . . , 801 . DNS IP (, ) . DNS , 69 . Sender Detail listing( ) Summary() All() . Sender Detail( ) , (Overview() Incoming Mail Summary( ) ). Stopped by Reputation Filtering( ) . · "(throttled)" · TCP ( ) · . . "(floor)" . , . Overview() Stopped by Reputation Filtering( ) . . . Connections Rejected( ): HAT . . . Connections Accepted( ): Stopped by Recipient Throttling( ): Stopped by Reputation Filtering( ) . , HAT . TCP Stopped by Reputation Filtering( ) . Detected by Advanced Malware Protection(AMP ): . . Total Threat( ): ( , , ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 805 "No Domain Information( )" Column() . . . · "No Domain Information( )", 806 · , 806 "No Domain Information( )" DNS "No Domain Information( )" . Sender Verification( ) . , 69 . Items Displayed( ) . ( "No Domain Information( )" ) . SenderBase Reputation Service Sender Profile( ) . Sender Profile( ) IP ( : , 806 ). Incoming Mail( ) Sender Groups report( ) . , 808 . : Incoming Mail( ) Incoming Mail Details( ) IP , ( ) Sender Profile( ) . . Incoming Mail( ) , IP Sender Profile( ) . , IP . SenderBase Reputation Service , 69 . IP , . . IP ( IP ) SenderBase, . · IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 806 : · IP . · IP IP . Current Information( ) . · SenderBase Reputation Service : · IP , / · ( ) · CIDR (IP ) · IP , / · · DNS (IP ) 24 . SenderBase 10 . 10 , 100% ( 100 ). , 1 10 . , 30 . · (IP ) · /30 (IP ) · Bonded Sender (IP ) · SenderBase Reputation Score(IP ) · ( ) · ( ) · IP ( ) · IP ( ) SenderBase Reputation Service "More from SenderBase(SenderBase )" . · Mail Flow Statistics( ) . · IP . IP . IP . Columns() IP Addresses(IP ) DNS Verified(DNS ) , SBRS(SenderBase Reputation Score) Last Sender Group( ) . . Columns() Domains( ) Connections Rejected( ), Connections Accepted( AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 807 ), Stopped by Recipient Throttling( ), Detected by Advanced Malware Protection(AMP ) . . ( ) Add to Sender Group( ) , IP . Current Information( ) Sender Group Information( ) Add to Sender Group( ) Add to Sender Group( ) . , 69 . , . · , 808 Quick Search( ) IP , . . : , 806 . Sender Groups( ) , SMTP . Mail Flow by Sender Group( ) . Connections by Mail Flow Policy Action( ) . HAT(Host Access Table) . HAT , 69 . Sender Domain Reputation( ) Sender Domain Reputation( ) . · SDR . · SDR . · SDR . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 808 Outgoing Destinations( ) SDR ' ' '' '', '' SDR . · SDR . SDR , . Outgoing Destinations( ) Outgoing Destinations( ) . . . ( ). (: , ) . Export() CSV . Outgoing Destinations( ) . · ? · ? · , , , ? · ? Outgoing Senders( ) Outgoing Senders( ) IP . IP . . IP IP . . . , . . ( ). . Delivery Status( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 809 Geo Distribution( ) (: , ) . Export() CSV . Outgoing Senders( ) . · , IP ? · IP ? · ? Geo Distribution( ) Geo Distribution( ) . · . · . . "Total Messages( )" SMTP . : · IP " IP " . · SBRS 'No Country Info( )' . Delivery Status( ) , Monitor() > Delivery Status( ) . Delivery Status( ) CLI tophosts . ( CLI , 997 " " .) 3 20, 50 100 . , (), , , , . · Domain Name( ): Search() . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 810 Delivery Status Details( ) . "active()" . . · , 811 · Delivery Status Details( ) , 811 Retry All Delivery( ) . Retry All Delivery( ) . "Down()" . . Delivery Status Details( ) Retry Delivery( ) . CLI delivernow . , 1020 . Delivery Status Details( ) Delivery Status Details( ) . Mail Status( ), Counters() Gauges() CLI hoststatus . ( CLI , 997 ) Domain Name( ): Search() . altsrchost . Internal Users( ) Internal Users( ) ( , ). . · / . · (, , ) . Export() CSV . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 811 Columns() . User Mail Flow Details( ) , ( ), , , ( ) . . Internal Users( ) . · ? · ? · ? · ? · ? · ? Inbound Internal Users( ) Rcpt To: . Outbound Internal Users( ) Mail From: . (: ) null . "unknown( )" . Internal User detail( ) . Incoming Detected by Advanced Malware Protection(Advanced Malware Protection ) Outgoing Detected by Advanced Malware Protection(Advanced Malware Protection ) Columns() . · , 812 · , 813 Internal User detail( ) ( , , AMP , , , ) , . , Columns() Incoming Detected by Advanced Malware Protection(AMP ) . . . DLP . (Content Filters( ) , 814 ). . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 812 Internal Users( ) Internal User detail( ) ( ) . (: "ex" "example.com" ) . DLP Incidents(DLP ) DLP Incidents(DLP ) DLP(data loss prevention) . Outgoing Mail Policies( ) DLP . DLP . DLP Incidents(DLP ) . · ? · DLP ? · ? · ? · ? DLP Incidents(DLP ) . · (Low, Medium, High, Critical) DLP DLP · DLP Incidents Details(DLP ) (: , ) . Export() CSV Printable (PDF)( (PDF)) PDF . PDF , 832 . DLP DLP . . · DLP , 813 · DLP , 814 DLP DLP DLP Incidents(DLP ) DLP Incidents Details(DLP ) . DLP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 813 DLP DLP Incident Details(DLP ) DLP . . . DLP DLP Incidents Details(DLP ) DLP DLP Policy Detail(DLP ) DLP . DLP . DLP Incidents by Sender( ) . DLP , . Incidents by Sender( ) . Internal Users( ) . Internal Users( ) , 811 . Content Filters( ) Content Filters( ) ( ) . Content Filters( ) . · ? · ? Content Filter detail( ) . · , 814 Content Filter detail( ) . Matches by Internal User( ) ( ) Internal User details( ) ( , 812 ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 814 DMARC Verification(DMARC ) DMARC Verification(DMARC ) DMARC Verification(DMARC ) DMARC DMARC AsyncOS . DMARC . · DMARC ? · , DMARC AsyncOS ? DMARC Verification(DMARC ) . · DMARC . · . · . . · DMARC . · DMARC . (: , ) . Export() CSV Printable (PDF)( (PDF)) PDF . Macro Detection( ) Macro Detection( ) . · . · . . : · 1 . . · 1 . . External Threat Feeds( ) External Threat Feeds( ) . · ETF AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 815 Outbreak Filters · ETF · IOC · ETF · ETF 'Summary of External Threat Feed Sources( )' . · ETF . · IOC ETF . `Summary of Indicator of Compromise (IOC) Matches(IOC(Indicator of Compromise) )' . · ETF IOC . · IOC ETF IOC . Outbreak Filters Outbreak Filters Outbreak Filter Outbreak Filter . , . Threats By Type( ) . Threat Summary( ) Malware(), Phish(), Scam() Virus() . Message Tracking( ) . Past Year Outbreak Summary( Outbreak ) , . ( ) , . . Outbreak , Threat Operations Center . Outbreak , . Total Local Protection Time( ) Threat Operations Center . . "--" , ( ). (0) , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 816 Virus Types( ) Outbreak Filter Quarantined Messages( ) Outbreak Filter . . . . Outbreak ( ) . ( ) . Threat Details( ) (, ), , , . , Past Year Virus Outbreaks( Outbreaks) Outbreak ID, , Outbreak Filter . . . Message Tracking( ) . First Seen Globally( ) SenderBase Threat Operations Center . Threat Operations Center . "--" , ( ). (0) . . Hit Messages from Incoming Messages( ) , ( ) . Hit Messages by Threat Level( ) ( 1~5) ( ) . Messages resided in Outbreak Quarantine(Outbreak ) Outbreak . Top URL's Rewritten( URL) 10 URL . URL Items Displayed( ) . Message Tracking( ) URL . Outbreak Filters . · ? · Outbreak Filter ? · ? Virus Types( ) Virus Types( ) . Virus Types( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 817 URL Filtering(URL ) . PDF PDF . Virus Types( ) . . . Virus Types( ) . Top Incoming Virus Detected( ) . Top Outgoing Virus Detected( ) . Incoming Mail( ) , , . , IP Outgoing Senders( ) . VirusTypes Details( ) . . , . Incoming Messages( ), Outgoing Messages( ) Total Infected Messages( ) Virus Type details( ) . URL Filtering(URL ) · URL Filtering(URL ) URL . · URL Filtering(URL ) . · URL (/Outbreak Filter / ) . URL . · Top URL Categories( URL ) ( ) . · URL . URL URL . · Security Services( ) > URL Filtering(URL ) URL . URL . · URL Outbreak Filter URL. URL Outbreak Filter URL. URL Cisco Web Security . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 818 Web Interaction Tracking( ) · URL . · Cisco Web Security URL . Web Interaction Tracking( ) · Web Interaction Tracking( ) . · Web Interaction Tracking( ) 30 . URL Web Interaction Tracking( ) 2 . · Web Interaction Tracking( ) . URL Web Interaction Tracking( ) 2 . · Web Interaction Tracking( ) . · , URL( Outbreak Filter ) . · Web Interaction Tracking( ) . Top Rewritten Malicious URLs clicked by End Users( URL). URL . · URL . · URL . · URL Outbreak Filter . · URL (, ). URL Outbreak Filter unknown( ) . Top End Users who clicked on Rewritten Malicious URLs( URL ) Web Interaction Tracking Details( ). . · URL( URL URL) . URL . · URL (, ). . · Incoming Mail Policies( ) > Outbreak Filters URL . · Cisco Security Proxy . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 819 URL( URL URL) unknown( ) . URL . · URL . URL . · Web Interaction Tracking( ) . · URL (: ) , URL . · URL (: ) , ( ) URL . · (UTC) . , 612 . , 484 . · AMP(Advanced Malware Protection) · · AMP Mailbox Auto Remediation( ) (Monitor() > Mailbox Auto Remediation( )) . . · · · SHA-256 SHA-256 . Office 365 , 561 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 820 TLS Connections(TLS ) TLS Connections(TLS ) TLS Connections(TLS ) TLS . TLS . TLS Connections(TLS ) . · TLS ? · TLS ? · TLS ? · DANE TLS ? · DANE TLS ? · TLS ? · TLS ? · DANE TLS ? · DANE ? TLS Connections(TLS ) . , , . TLS / . , / , / TLS , / DANE . TLS TLS . . / TLS , TLS ( ), DANE ( ) . TLS (TLS ) . Column() . Inbound SMTP Authentication( SMTP ) Inbound SMTP authentication( SMTP ) ESA SMTP SMTP AUTH . SMTP AUTH TLS . . , IP SMTP . . · SMTP ? AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 821 Rate Limits( ) · ? · SMTP AUTH ? · SMTP ? · SMTP ? Inbound SMTP Authentication( SMTP ) , SMTP , . Received Connections( ) SMTP . , SMTP , / , SMTP AUTH / . Received Recipients( ) SMTP ESA . . SMTP Authentication details(SMTP ) ESA . , SMTP AUTH , SMTP AUTH . IP . Rate Limits( ) mail-from . Rate Limits( ) . . · . · , . · . · . Internal Users( ) Outgoing Senders( ) . . Top Offenders by Incident( ) . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 822 System Capacity( ) Top Offenders by Rejected Recipients( ) . . , 108 . System Capacity( ) System Capacity( ) , , / (, ), CPU , CPU , . System Capacity( ) . · . · . · , . . , . , . · Volume(): "" "" . . Incoming Mail( ) Outgoing Mail( ) . - , 824 - , 825 . · Work Queue( ): ham " " . , . WorkQueue( ) . - , 824 . · Resource Conservation Mode( ): RCM(Resource Conservation Mode) CRITICAL . . RCM , . RCM . - , 825 . · - , 824 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 823 - · - , 824 · - , 825 · - , 825 · , 826 · - , 826 - Workqueue( ) ( , , ). 1 1 . . " " . . , . . . . . , 961 . 10,000 . - Incoming Mail( ) , , . . . Incoming Mail( ) . Incoming Mail( ) Sender Profile( ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 824 - - Outgoing Mail( ) , , . . . Outgoing Mail( ) . IP Outgoing Mail( ) Outgoing Destinations( ) . - . · CPU · · CPU Email Security Appliance CPU . CPU . CPU . CPU . System Administration( ) > System Health( ) CLI healthconfig . , 961 . , , , CPU . CPU . . . . System Administration( ) > System Health( ) CLI healthconfig . , 961 . RCM(Resource Conservation Mode) . n RCM n n-1 RCM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 825 RCM , . RCS , . , . ( C170 C190 ). . - All() . , . . PDF ( ) . PDF , 832 . System Status( ) System Status( ) DNS . CLI status detail dnsstatus . CLI , 997 status detail " " dnsstatus "DNS " . System Status( ) System Status( ), Gauges(), Rates() Counters() . · System Status, 826 · , 827 · , 827 · , 827 System Status System Status( ) Mail System Status( ) Version Information( ) . · , 827 · , 827 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 826 Mail System Status( ) . · ( Status(), 799 ) · · · , Version Information( ) . · · AsyncOS · AsyncOS · Cisco . ( , 1171 .) Gauges() . · · · · CPU Mail Gateway Appliance AsyncOS CPU . CASE Outbreak Filter . · · Rates() . · · . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 827 High Volume Mail( ) . . , 893 . Reset Counters( ) . CLI resetcounters . , 1013 . · · · · DNS High Volume Mail( ) High Volume Mail( ) Header Repeats( ) . High Volume Mail( ) . · Top Subjects( ). AsyncOS . · Top Envelope Senders( ). AsyncOS . · Top Message Filters by Number of Matches( ). ( ) . High Volume Mail( ) . Message Tracking( ) . (: , ) . Export() CSV Printable (PDF)( (PDF)) PDF . Message Filters( ) Message Filters( ) ( ) . . . Message AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 828 CSV Tracking( ) . (: , ) . Export() CSV Printable (PDF)( (PDF)) PDF . CSV Email Security Monitor( ) CSV . CSV . · CSV . CSV . Email Security Monitor( ) CSV . CSV(comma-separated values) ASCII . CSV 100 . CSV . CSV .zip , . , 831 . · HTTP CSV . Email Security Monitor( ) HTTP . . , , . · CSV , 829 CSV HTTP . Export() . URL. URL , ( ). URL ( HTTP ) . HTTP . CSV . · URL ( , , ). "Past Day( )" CSV URL URL AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 829 URL , URL "Past Day( )" . CSV (: date_range=current_day). · . . (: Outbreaks( ) "Global / Local" ). · CVS . · CSV . (: ). · . ( , 830 ) (, 831 ) . · URL, 830 · HTTP , 830 · , 830 · , 830 · , 831 · , 831 URL http://example.com/monitor/content_filters?format=csv&sort_col_ss_0_0_0= MAIL_CONTENT_FILTER_INCOMING.RECIPIENTS_MATCHED§ion=ss_0_0_0 &date_range=current_day&sort_order_ss_0_0_0=desc&report_def_id=mga_content_filters HTTP URL HTTP http://example.com/monitor/ : http://username:[email protected]/monitor/ CSV .csv. , . "" . . . GMT . . . Outbreak Details(Outbreak ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 830 TOC(Threat Operations Center) , . ( ). , . "key0," "key1" . . . (: Outbreak ). AsyncOS . · , . · ("" ). · ( ). Monitor() > Scheduled Reports( ) . Monitor() > Archived Reports( ) . ( 1,000) . 0 . . . 12 . /saved_reports . ( FTP, SSH SCP , 1199 .) · , 831 · , 832 . · Content Filters( ) · · DLP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 831 · Executive Summary · · · Outgoing Destinations( ) · · Outgoing Senders: Domains( : ) · · · TLS · Outbreak Filters · Virus Types( ) Email Security Monitor( ) . Content Filters( ) Monitor() > Content Filters( ) . Executive Summary( ) Monitor() > Overview() . · , 832 PDF Content Filter( ) 40 . CSV . Windows , PDF Adobe.com . , 960 . CLI addressconfig . . ( ). Content Filters( ), DLP Incident Summary(DLP ), Executive Summary( ), Incoming Mail Summary( ), Internal Users Summary( ), Outgoing Mail Summary( ), Sender Groups( ) Outbreak Filters . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 832 . . Monitor() > Scheduled Reports( ) . · , 833 · Archived Reports( ), 834 , . . , (: 3 ) . 1 . , . · , 833 · , 834 · , 834 1 Monitor() > Scheduled Reports( ) Add Scheduled Report( ) . 2 . . , 831 . 3 . AsyncOS . . 4 . (Outbreak Filters .) 5 . · PDF. , PDF . Preview PDF Report(PDF ) PDF . PDF , 832 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 833 · CSV. ASCII . CSV 100 . CSV . 6 . . 7 . . (: Yahoo, Gmail ) , . 8 Submit() . . 1 Services() > Centralized Reporting( ) . 2 . 3 . 1 Services() > Centralized Reporting( ) . All() . 2 . 3 . . Archived Reports( ) Monitor() > Archived Reports( ) . Report Title( ) . Generate Report Now( ) . Show() . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 834 . 30 , 1,000 . 30 . · , 835 . . 1 Archived Reports( ) Generate Report Now( ) . 2 . AsyncOS . . , 831 . 3 . (Virus Outbreak .) . . 4 . · PDF. , PDF . Preview PDF Report(PDF ) PDF . PDF , 832 . · CSV. ASCII . CSV 100 . CSV . . 5 . Archived Reports( ) . 6 . 7 Deliver this Report( ) . 8 . · , 836 · , 836 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 835 . , , (Security Management Appliance ) . ( ) , ( ) , . . Email Security Appliance . . ( ) , 475 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 836 32 . · , 837 · , 837 · , 838 · , 841 · , 844 · , 845 . , . . . . · , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 837 · . , 1053 . · : Email Security Appliance Security Management Appliance . Cisco Content Security Management Appliance . 1 Services() > Centralized Services( ) > Message Tracking( ) . . 2 Enable Message Tracking Service( ) . 3 Accept( ) . 4 . . Security Management Appliance Email Security Appliance . 5 ( ) . . 6 . Local Tracking( ) · DLP . , 898 . · ( ) . , 941 . 1 Email() > Message Tracking( ) > Message Tracking( ) . 2 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 838 · Advanced() . · . · / . · "AND" . , . , (and) . · . Envelope Sender( ) Begins With, Is Contains , . . . Envelope Recipient( ) Begins With, Is Contains , . . . Begins With, Is Contains . : . Message Received( ) . . . Email Security Appliance . : Sender IP Address/Domain/Network IP , . Owner( IP // ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 839 Begins With, Is Contains ASCII . . . · · · AMP(Advanced Malware Protection) SHA-256 SHA-256 , 484 . Advanced Malware Protection . Threat Name( ) Simple_Custom_ Detection Custom_Threshold Custom Detection( ) Custom Threshold( ) . Advanced Malware Protection . . . "OR" . . ID SMTP ID . RFC 822 , . Cisco IronPort MID . IronPort MID Email Security Appliance . Cisco IronPort Host(Cisco IronPort Email Security Appliance ) , . 3 Search() . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 840 · , 841 . · Email Security Appliance Security Management Appliance . . · Advanced Malware Protection( ) Message() Advanced Malware Protection , 486 . . · Advanced() , Query Settings( ) 1000 250 . · . · . · . . . , ( ) . · 1,000 Export All( )( ) 50,000 . · Show Details( ) . . · , . Message Tracking( ) , . · , 842 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 841 Envelope and Header Summary( ) Received Time( ) Email Security Appliance . Email Security Appliance . MID IronPort ID. . . "(No Subject)" . , 1053 . Envelope Sender( ) SMTP . Envelope Recipients( ) . " " " " . . ID RFC 822 . SMTP ID SMTP SMTP . N/A". AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 842 . . . , , DLP, . . ( ). · , · (OLE .ZIP ) . Sending Host Summary( ) DNS DNS(PTR) . IP IP . SBRS SenderBase Reputation . 10( ) ~ -10( ). . SBRS , 85 . Processing Details( ) Summary() Summary() ( . . (: Summary() ) (: .) ) . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 843 DLP Matched Content(DLP DLP . ) DLP . . DLP , 517 . , 898 . URL Details(URL ) URL URL , . . · URL · URL (, ) · URL URL . URL , 441 . , 898 . · , 838 , . 1 Monitor() > Message Tracking( ) . 2 Search() Data in time range( ): . 3 Data in time range( ): . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 844 · , 845 . . . · , 845 · , 845 . , 837 . , 842 . . · , . URL , URL . Email Security Appliance . , , . · , 835 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 845 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 846 33 , , . · , Outbreak , 847 · , Outbreak , 849 · , , 858 , Outbreak ", " File Analysis( ) . Email Security Appliance . Email Security Appliance Cisco Content Security Management Appliance , . . · . , . · . . · Outbreak . Outbreak Filter . · File Analysis( ) . , . · , 867 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 847 , , AMP(Advanced Malware Protection) . , . · , Outbreak · , Outbreak Outbreak Outbreak Filter . Policy , DLP . Policy() . , DLP . . ( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 848 , , , Outbreak , DLP Policy() . , 867 . , . , Outbreak · , Outbreak , 850 · , 850 · , 851 · , 851 · , , Outbreak , 852 · , Outbreak , 854 · , 854 · , 854 · , , 855 · , 856 · , 856 · , 856 · , 856 · , Outbreak , 857 · , Outbreak , 857 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 849 , Outbreak , , , Outbreak , , 941 . , Email Security Appliance . . Outbreak Filter Centralized Quarantines( ) · , , Email Security Appliance . · · , , 855 · , 856 · , 850 . · - . . , . . Outbreak Filter Outbreak Filter . · - . . · , Outbreak , 850 . , . FIFO(First In First Out) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 850 , , ( ) . . . , 856 . · . . , 851 . ( (Outbreak Filter) ) . · . · . · , . · . , 850 , . . · - . · - . . , 863 . X-Header . , , Outbreak , 852 . Unclassified() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 851 , , Outbreak , , · , , Outbreak , 852 , , Outbreak · , Outbreak , 854 . · . , 850 , 851 . · , . , , 857 . 1 Monitor() > Policy, Virus, and Outbreak Quarantines(, ) . 2 . · Add Policy Quarantine( ) . · . 3 . . · 1 . · Retention Period( ) Free up space by applying default action on messages upon space overflow( ) . . . · Release() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 852 , , , , Outbreak X-Header . . ASCII RFC 2047 . X-Header . . . : = Inappropriate-release-early Value = True . 4 . . . . . 5 . , DLP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 853 , Outbreak , , , Outbreak · . · , 850 . Monitor() > Policy, Virus, and Outbreak Quarantines . , , DLP(Data Loss Prevention) DMARC , . 1 Monitor() > Policy, Virus, and Outbreak Quarantines . 2 . 3 Associated Message Filters/Content Filters/DLP Message Actions( / /DLP ) . · . , 854 . · . · , . , 851 . · Unclassified() . Unclassified() . · Unclassified() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 854 , , , , Monitor() > Policy, Virus, and Outbreak Quarantines(, ) . , 941 . Monitor() > Policy, Virus, and Outbreak Quarantines ) . Monitor() > System Status( ) Queue Space Used by Quarantine( ) . Monitor() > Policy, Virus, and Outbreak Quarantines , , . Monitor() > System Status( ) Active Messages in Quarantine( ) . Monitor() > Policy, Virus, and Outbreak Quarantines . CPU Monitor() > System Status( ) CPU Utilization(CPU ) . Monitor() > Policy, Virus, and Outbreak Quarantines ( ) . Monitor() > Policy, Virus, and Outbreak Quarantines , , . . , 854 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 855 , , . . , , . Email Security Appliance 20,000 . , , 855 . , , 75%, 85%, 95% . . , 75% . , 962 . AsyncOS . Info: MID 482 quarantined to "Policy" (message filter:policy_violation) Outbreak Filter . . AsyncOS . Info: MID 483 released from quarantine "Policy" (queue full) Info: MID 484 deleted from quarantine "Anti-Virus" (expired) . . Info: MID 483 released from all quarantines Info: MID 484 deleted from all quarantines MID(Message ID) Message . MID "byline" . . Info: MID 483 rewritten to 513 by Policy Quarantine . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 856 , , , · Policy Quarantine( ) . · Confidential Material Quarantine( ) . . . . GUI CLI . · , , 857 · , 893 , . · . · Operators, Guests, Read-Only Operators, Help Desk Users , . . · Technicians . (: Message Tracking Data Loss Prevention) Quarantine() . Message Tracking( ) . , . , Outbreak , . , Outbreak Cisco Content Security Management Appliance , . , Outbreak . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 857 , , , , · , 858 · , 859 · , 859 · , 861 · , 861 · , 863 · Outbreak , 864 Monitor() > Policy, Virus, and Outbreak Quarantines . Messages() . Outbreak Monitor() > Policy, Virus, and Outbreak Quarantines . Messages() . [ ] Manage by Rule Summary( ) , 865 . Previous(), Next(), . (<<) (>>) . ( "In other quarantines( )" ). . , 862 . · , 859 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 858 , , ( , , ASCII ) Policy Quarantine( ) ASCII . · . · , Outbreak . 1 Monitor() > Policy, Virus, and Outbreak Quarantines(, ) . 2 Search Across Quarantines( ) . Outbreak , . Outbreak( ) Manage by Rule Summary( ) . 3 ( ) . · Envelope Sender( ) Envelope Recipient( ) : . . · . Envelope Recipient( ) Subject() Envelope Recipient( ) Subject() . . , 859 . Message Actions( ) Message Action( ) . . · · Release · Delay Scheduled Exit( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 859 , , · · . . · Monitor() > Policy, Virus, and Outbreak Quarantines . · Search Across Quarantines( ) . · . . · . · . · . . . . . · , 860 · , 860 · , 861 · , 851 Administrators . Send Copy To:( :) Submit() . . . · . . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 860 , , · , . , "In other quarantines( )" "Yes()" . · . . · . . · . · Deleted() , . ( .) · . · GUI . ( .) · . · . · . · , ( " " ) . Quarantined Message( ) . Quarantined Message( ) Quarantine Details( ) Message Details( ) . Quarantined Message( ) , Message Action( ) , . Encrypt on Delivery( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 861 , , Message Details( ) , . 100K . 100K (...) . . . Message Details( ) Message Parts( ) [message body] . . , . . Message Tracking( ) . Outbreak . Outbreak , 864 . · , 862 · , 863 · , 863 Attachment Content( ) , Message Body or Attachment( ) , Message Body( ) , Attachment Content( ) . DLP , . $MatchedContent . DLP , , , Image Analysis( ) . , GUI . GUI , . GUI . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 862 , , 71: Message Parts( ) Matched Content( ) . AsyncOS . . Message Parts( ) [message body] . Start Test( ) . . . Quarantines() . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 863 Outbreak , , · , AMP(Advanced Malware Protection) . · Outbreak . .) · File Analysis( ) . · Policy(), Virus() Outbreak . , . , . . , Virus() . . . . Virus() . Outbreak Outbreak Filter Outbreak . Outbreak Filter Outbreak . . Outbreak . , . · Standard() · Manage by Rule Summary( ) , Send to Cisco(Cisco ) , Scheduled Exit( ) . Outbreak Filter Outbreak . Outbreak GUI Quarantines() . · Outbreak , 864 · Manage by Rule Summary( ) , 865 · Cisco Systems , 865 Outbreak Outbreak . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 864 , , Manage by Rule Summary( ) , Outbreak . Manage by Rule Summary( ) Manage by Rule Summary( ) Outbreak Manage by Rule Summary( ) . (Release, Delete, Delay Exit) . Outbreak . Outbreak Quarantine( ) Manage by Rule Summary( ) . Cisco Systems Outbreak Cisco . 1 Outbreak . 2 Message Details( ) Send a Copy to Cisco Systems(Cisco Systems ) . 3 Send() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 865 Cisco Systems , , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 866 34 . · , 867 · , 868 · , 868 · , 873 · , 881 · , 889 · , 892 · , 892 · , 892 (ISQ ) (EUQ ) "" . , . . Email Security Appliance . ( ) . , . · Anti-Spam, 355 · , , , 847 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 867 Email Security Appliance . Cisco Content Security Management Appliance . . · Email Security Appliance . · Email Security Appliance . · · , 892 · , 1188 . 1 Anti-Spam() Anti-Spam, 355 . . 2 . , 869 . 3 . , 941 . 4 . IP , 871 . 5 Email Security Appliance . . · , 872 · , 872 6 . , 872 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 868 · IP , 871 · , 871 · , 872 · , 872 · , 872 · , 873 Security Management Appliance . 1 Monitor() >Spam Quarantine( ) . 2 Enable Spam Quarantine( ) . Spam Quarantine( ) Quarantine Name( ) Spam Quarantine( ) . 3 . Deliver Messages Via( ) (: ) . SMTP , Email Security Appliance ( Data 2 ) . . Email Security Appliance , Email Security Appliance . (Data 1 Data 2) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 869 When storage space is full, automatically delete oldest messages first( ) . () . , 941 . Schedule Delete After( ) . , . Notify Cisco Upon Message Release( -- Cisco ) Spam Quarantine Appearance( ) Cisco . . 50() X 500() .jpg, .gif .png . ( ) . . . Enter your login information below. If you are unsure what to enter, please contact your administrator.( . .) , 871 . 4 . · . , 868 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 870 IP IP . 1 Network() > IP Interfaces(IP ) . 2 ( Management ). 3 Spam Quarantine( ) . · HTTP 82 HTTPS 83 . · URL . Security Management Appliance . 4 . DNS . . . . · · Read-only operator · Help desk user · · . . , 893 . 1 a) Monitor() > Spam Quarantine( ) . b) Edit Settings( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 871 2 (, ) . . 3 . . 4 OK() . 5 . , 884 . . 1 Mail Policies( ) > Incoming Mail Policies( ) Anti-Spam( ) . 2 Anti-Spam Settings( ) Use IronPort Anti-Spam service(IronPort ) . 3 Positively-Identified Spam Settings( ) Apply This Action to Message( ) Spam Quarantine( ) . 4 . 5 . Email Security Appliance (Mail Policies( ) > Incoming Mail Policy( )) . 'Deliver()' 'Drop()' . AsyncOS . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 872 . · , 873 , . . . . . (ISO-2022-JP) , Scan Behavior( ) Japanese (ISO-2022-JP) . 1 Security Services( ) > Scan Behavior( ) . 2 Global Settings( ) Edit Global Settings( ) . 3 Encoding to use when none is specified( ) . 4 Submit() . 5 Commit Changes( ) . Options() . . . . ( ) . , . . , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 873 . . . · , 874 · , 875 · / , 875 · () , 876 · , 878 · Email Security Appliance (Security Management Appliance ) , 879 · / , 880 · , 880 , . . / . , ( / ) . A B , A B . ID . A X-SLBL-Result-Safelist , B . ( , ) . , / . , / . . . / . . HAT(Host Access Table) "Accept()" , . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 874 · , 875 · / , 875 · . , 868 . · / Email Security Appliance . Email Security Appliance . 1 Monitor() > Spam Quarantine( ) . 2 End-User Safelist/Blocklist (Spam Quarantine)( / ( )) Enable( ) . 3 Enable End User Safelist/Blocklist Feature( / ) . 4 Blocklist Action( ) Quarantine() Delete() . 5 Maximum List Items Per User( ) . . . 6 . AsyncOS Email Security Appliance / . / , 875 . 7 . / Security Management Appliance / . . Email Security Appliance , Security Management Appliance Email Security Appliance . Security Management Appliance / . Security Management Appliance Cisco Content Security Management Appliance . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 875 () () . ( ) . . · . ( ), 890 . · / . , 875 . · ( ) / / , 880 . · . , 877 . 1 . 2 . 3 Options() . 4 Safelist( ) Blocklist( ) . 5 ( ) . 6 . 1. View by: Recipient( : ) . 2. Add() , Edit() . 3. . 4. . , . 5. Submit() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 876 1. View by: Sender( : ) . 2. Add() , Edit() . 3. . 4. . , . 5. Submit() . 1. View by( ) . 2. . 1. View by( ) . 2. Edit() . 3. . . 4. Submit() . · , 877 · , 878 . · [email protected] · server.domain.com · domain.com · [10.1.1.0] · [ipv6:2001:DB8:1::1] · user@[1.2.3.4] · user@[ipv6:2001:db8::1] (: ) . ( ) , . example.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 877 [email protected] . example.com , [email protected] . .domain.com . server.domain.com . / , 880 . . , 883 . URL ( ) . · ( ) , 878 · ( ) , 879 ( ) . , 874 . . · , 878 · , 879 . 1 Spam Quarantine( ) . 2 Safelist( ) Release and Add to Safelist( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 878 from , . 1 . 2 Options() . 3 Safelist( ) . 4 Safelist( ) . . 5 Add to List( ) . ( ) / . . 1 . 2 Options() Blocklist( ) . 3 . . 4 Add to List( ) . Email Security Appliance (Security Management Appliance ) Security Management Appliance Email Security Appliance Email Security Appliance / . / , 880 .csv , FTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 879 / / / . / XML . Email Security Appliance / . 1 System Administration( ) > Configuration File( ) . 2 End-User Safelist/Blocklist Database (Spam Quarantine)( / ( )) . / .csv . Backup Now( ) . .csv /configuration . slbl<serial number><timestamp>.csv / . Select File to Restore( ) . configuration . / . Restore() . . / ISQ_log antispam . X-SLBL-Result-Safelist . X-SLBL-Result-Blocklist . / . , 962 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 880 , 1053 . · , 881 . · . , 874 . · , / . / , 875 Email Security Appliance (Security Management Appliance ) , 879 . . , 884 . , 882 . , 886 . , 873 . · , 882 · , 883 · , 886 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 881 . , 1. End User Quarantine Access( ) LDAP, SAML 2.0 Mailbox (IMAP/POP)( , (IMAP/POP)) . 2. Spam Notifications( ) Enable login without credentials for quarantine access( ) . , 1. End User Quarantine Access( ) LDAP, SAML 2.0 Mailbox (IMAP/POP)( (IMAP/POP)) . 2. Spam Notifications( ) Enable login without , credentials for quarantine access( ) . , End User Quarantine Access( ) None() . End User Quarantine Access( ) Enable End-User Quarantine Access( ) . · LDAP , 882 · , 884 · , 886 · , 882 · , 878 LDAP 1. UI . 2. " " DN LDAP . Active Directory " "(6000s ) , LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 882 IMAP/POP 3. BaseDN . LDAP DN , DN . , . 4. . LDAP LDAP " " . " " , . · , 882 IMAP/POP 1. UI (joe) ([email protected]) . ( , 884 ). 2. IMAP POP , ( ) IMAP/POP . , IMAP/POP . 3. . · (bare) (: joe) . · . IMAP University of Washington . http://www.washington.edu/imap/ 1 Cisco Content Security Management Appliance . SAML 2.0 SSO . 2 LDAP System Administration( ) > LDAP > LDAP Server Profile(LDAP ) Spam Quarantine AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 883 End-User Authentication Query( ) LDAP . : If you will authenticate end users using SAML 2.0 (SSO), configure the settings on the System Administration > SAML page. 3 . , 884 4 URL URL , 885 . · , 884 · URL , 885 · , 885 . , 882 . 1 Monitor() >Spam Quarantine( ) . 2 Spam Quarantine( ) Quarantine Name( ) Spam Quarantine( ) . 3 End-User Quarantine Access( ) . 4 Enable End-User Quarantine Access( ) . 5 . None -- AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 884 URL Mailbox(IMAP/POP) LDAP SAML 2.0 LDAP IMAP POP . . POP APOP (, ) Cisco APOP . APOP APOP POP . SSL SSL . . " " . ' ' LDAP . Single Sign-On . Management Appliance( ) > System Administration( ) > SAML . Cisco Content Security Management Appliance SAML 2.0 SSO . 6 . . (: Microsoft Outlook) . (: ). 7 . URL URL IP (HTTP/S ) . : HTTP://mail3.example.com:82 . ( ) (LDAP IMAP/POP) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 885 LDAP Primary Email( ) LDAP () . LDAP . IMAP/POP ( ) . , 887 . · , 884 · , 887 . . . . . , . · . , 884 . · . , 882 . · , 887 . 1 Monitor() >Spam Quarantine( ) . 2 Spam Quarantine( ) Quarantine Name( ) Spam Quarantine( ) . 3 Spam Notifications( ) . 4 Enable Spam Notification( ) . 5 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 886 a) ( ) . Message Variables( ) . . . · (%new_message_count%) - . · (%total_message_count%) - . · (%days_until_expire%) · URL(%quarantine_url%) - URL. · (%username%) · (%new_quarantine_messages%) - , , , . . · (%new_quarantine_messages_no_subject%) - "View Message( )" . b) End User Quarantine Access( ) · Enable login without credentials for quarantine access( ) . "Release" . · . "Release" . c) Preview Message( ) . 6 . , (: Microsoft Outlook Mozilla Thunderbird) "" From: . · , 887 · , 888 · , 888 . digest . . , LDAP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 887 . . 83: / Sam [email protected] -- 1 Mary [email protected] [email protected] 4 [email protected] [email protected] Joe [email protected], [email protected] [email protected] 3 LDAP . . , 778 . , . . , . . LDAP , LDAP POP/IMAP . . . Enable Spam Notification( ) Enable End-User Quarantine Access( ) . Deliver Bounced Messages To( ) . · , 889 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 888 · , 889 · , 889 · , 889 . · . · . , 887 . . · "Deliver Bounce Messages To( ):" , . , 882 . · . . . · ( ), 890 · , 890 · , 891 · , 891 · , 891 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 889 ( ) ( ) . ( ) . Monitor() > Spam Quarantine( ) Messages() . 1 . . 2 , , . 3 . . 4 From: , , . 5 Search() . Search() . , 890 , . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 890 . . . . . Message Details( ) . 20K . 20K , . Message Details( ) (Delete ) (Release ). . Message Tracking( ) . . · . · HTML HTML . . · Base64 . , Release() . Submit() . . , . . . . Delete( ) . Submit() . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 891 ( , 892 ) Delete All Messages( ) . . . . · , 941 · . · . . · Email Security Appliance Security Management Appliance . Email Security Appliance . · , 880 · , 888 · , 872 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 892 35 . · , 893 · , 899 · , 907 · Email Security Appliance , 913 · , 917 · SSH(Secure Shell) , 918 · , 921 Cisco . Cisco , (LDAP RADIUS ) . GUI System Administration( ) > Users() ( CLI userconfig ) . , 909 . , . · System Administration( ) > Users() , 912 . · CLI userconfig > twofactorauth AsyncOS for Cisco Email Security Appliances CLI . admin . admin , . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 893 , . "operator" "root" . 84: admin Administrator() Technician admin . , . , . admin resetconfig revert . . admin resetconfig revert . AsyncOS GUI Email Security Appliance . , , . . · . · . · . · . . · . · Cisco . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 894 Operator() . · . · resetconfig . · . · systemsetup . · adminaccessconfig . · ( , , ). · LDAP LDAP . , . . . . Read-Only Operator( . ) , . . . · , FTP SCP. · , , . Help Desk User Help Desk . · . · . CLI . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 895 . DLP , , , , , . . . , 899 . CLI . GUI Help Desk User , GUI CLI . LDAP . . , 909 . · , 896 Users() , . Users() . · . , 897 . · . , 898 . · , . , 897 . · . , 897 . · . , 908 . · LDAP RADIUS . , 909 . · . , 912 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 896 · DLP . , 898 . · . · , 894 . · , 899 . · . , 908 . 1 System Administration( ) > Users() . 2 Add User( ) . 3 . (: "operator" "root"). 4 . 5 . 6 . 7 . . 1 System Administration( ) > Users() . 2 . 3 . 4 . 1 System Administration( ) > Users() . 2 . 3 Enforce Passphrase Change( ) . 4 , () . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 897 5 ( ) () . 6 OK() . 7 . 1 . 2 Delete() . 3 . . · DLP( ) ( ) . . · URL Outbreak Filter URL . . Message Tracking( ) Message Details( ) . . . . URL , 441 . 1 System Administration( ) > Users() . 2 Access to Sensitive Information in Message Tracking( ) Edit Settings( ) . 3 . . 4 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 898 · , 842 · DLP , 517 · URL , 441 . . , Help Desk . Email Security Appliance , ( Administrator Operator ) . . , . (: , RSA ELP , ) GUI System Administration( ) > User Roles( ) ( CLI userconfig -> role ) . , 900 . System Administration( ) > Users() . , 905 . . . . , 893 . CLI . · , 900 · , 900 · , 905 · , 905 · , 906 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 899 · , 906 · , 906 · , 907 Account Privileges( ) . Options() . . , , Account Privileges( ) . 72: . . · . · DLP( ) . · . · . · . · , , . · Cisco . , , DLP , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 900 DLP 2 DLP . DLP DLP . DLP . DLP . User Roles( ) . , 906 . · , 901 · DLP , 902 · , 903 · Message Tracking( ), 904 · Trace, 904 · , 904 · , 905 Email Security Appliance . , . . . . , . . , . , AsyncOS . AsyncOS . . , GUI Text Resources( ) Dictionaries() . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 901 DLP DLP DLP , DLP DLP . . · : Email Security Appliance . · , : . , (Outbreak Filter) . . , . . · , : , . , ( ): , . , . . Email Security Manager User Roles( ) . , 906 . DLP Email Security Appliance DLP DLP . DLP . DLP Data Loss Prevention Global Settings( ) DLP . DLP . DLP DLP , DLP . DLP . · No access( ): Email Security Appliance DLP . · View assigned, edit assigned( , ): DLP DLP . DLP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 902 DLP . DLP . · View all, edit assigned( , ): DLP . DLP . DLP . DLP DLP . · View all, edit all (full access)( , ( )): , DLP . DLP DLP . DLP . DLP User Roles( ) DLP . DLP DLP , 491 . Custom User Roles for Delegated Administration( ) DLP , 906 . , DLP Email Security Monitor( ) . . DLP . . · No access( ): Email Security Appliance . · View relevant reports( ): DLP Email Security Monitor( ) . Email Security Monitor( ) . · Overview() · Incoming Mail( ) · Outgoing Destinations( ) · Outgoing Senders( ) · Internal Users( ) · Content Filters( ) · Virus Outbreaks( ) · · Archived Reports( ) DLP Email Security Monitor( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 903 Message Tracking( ) · Overview() · DLP Incidents(DLP ) · Archived Reports( ) · View all reports( ): Email Security Appliance Email Security Monitor( ) . , 793 . Message Tracking( ) System Administration( ) > Users() DLP Tracking Policies(DLP ) DLP , DLP . DLP DLP . , 837 . DLP , 898 . Trace . . DLP . : , 1149 . . ( ) . (: , ) . Monitor() > Quarantines() User Roles( ) Custom User Roles for Delegated Administration( ) . , 856 , 871 . , 906 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 904 DLP . DLP . DLP . . Security Services( ) > IronPort Email Encryption . GUI User Roles( ) ( CLI userconfig -> role ) . User Roles( ) . 1 System Administration( ) > User Roles( ) . 2 Add User Role( ) . 3 . 4 . 5 . ( , 900 .) 6 . Email Security Appliance . , 896 . 1 2 3 4 5 6 System Administration( ) > Users() . Add User( ) . . Add Role( ) . . . AsyncOS . 7 System Administration( > User Roles( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 905 8 . 9 . 10 . ( , 900 .) 11 . 1 System Administration( ) > User Roles( ) . 2 . AsyncOS , , DLP . 3 , , DLP . 4 . 1 System Administration( ) > User Roles( ) . 2 . 3 . 4 . . , Email Security Appliance , . . 1 System Administration( ) > User Roles( ) . 2 . 3 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 906 4 . 5 . . . . 1 System Administration( ) > User Roles( ) . 2 . 3 Delete() . 4 . · , 907 · , 908 · , 908 · , 909 · , 912 GUI Options() > Change Passphrase( ) . . CLI passphrase passwd . admin . passphrase . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 907 . . · AsyncOS Local User Account & Passphrase Settings( ) . · System Administration( ) > Users() . AsyncOS Edit User( ) . Unlock Account( ) . Users() Lock Account( ) . AsyncOS . , . , 908 . admin admin . admin admin . , 23 . . Cisco . . · . · . . · . (: ) . System Administration( ) > Users() Local User Account and Passphrase Settings( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 908 LDAP RADIUS Cisco . GUI System Administration( ) > Users() CLI userconfig external . Email Security Appliance , "admin" . admin . . LDAP , Email Security Appliance . . RADIUS . Email Security Appliance . RADIUS (: ) . · LDAP , 909 · RADIUS , 910 LDAP LDAP LDAP Cisco . IT , Help Desk User . LDAP AsyncOS . Operator Help Desk User AsyncOS Help Desk User . LDAP . . LDAP LDAP . LDAP , 735 . 1 System Administration( ) > Users() . 2 External Authentication( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 909 RADIUS 3 Enable() . 4 Enable External Authentication( ) . 5 LDAP . 6 . 7 LDAP . 8 () 9 LDAP , . 10 , Add Row( ) . 9 10 . 11 . RADIUS RADIUS Cisco . RADIUS Cisco AsyncOS CLASS RADIUS . AsyncOS RADIUS 2 , PAP( ) CHAP( ) . RADIUS Cisco RADIUS <radius-group> CLASS . Cisco . CLASS , . AsyncOS CLASS . CLASS CLASS RADIUS . RADIUS . RADIUS . . 1 2 3 4 5 6 7 System Administration( ) > Users() Enable() . Enable External Authentication( ) . RADIUS . RADIUS . 1812. RADIUS . () . ( ) RADIUS Add Row( ) . RADIUS 3~6 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 910 RADIUS 10 RADIUS . 8 AsyncOS RADIUS () "External Authentication Cache Timeout( )" . 0. RADIUS (: ) 0 . 0 AsyncOS RADIUS . 9 : AsyncOS RADIUS CLASS RADIUS . . CLASS : · 3 · 253 · , · RADIUS CLASS ( AsyncOS CLASS RADIUS .) CLASS RADIUS AsyncOS . RADIUS CLASS 2 AsyncOS RADIUS . . · admin · Administrator · Technician · Operator cloudadmin · · Help Desk User · Map all externally authenticated users to the AsyncOS RADIUS . Administrator role( Administrator ) 10 , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 911 11 Group Name( ) Directory() RADIUS CLASS Role() . Add Row( ) . , 893 . 12 . RADIUS . RADIUS . · PAP(Password Authentication Protocol) · CHAP(Challenge Handshake Authentication Protocol) . · · custom : · RSA Authentication Manager v8.2 · FreeRADIUS v1.1.7 · ISE v1.4 · , 912 · , 913 IT RADIUS . 1 System Administration( ) > Users() Two-Factor Authentication( ) Enable( ) . 2 RADIUS IP . 3 RADIUS . 4 RADIUS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 912 5 () . 6 . 7 ( ) RADIUS Add Row( ) . RADIUS 2~6 . 10 RADIUS . 8 . 9 . . . 1 System Administration( ) > Users() Two-Factor Authentication( ) Edit Global Settings( ) . 2 Enable Two-Factor Authentication( ) . 3 . Email Security Appliance AsyncOS Email Security Appliance , Web UI , IP . · IP , 913 · , 916 IP ( ) Email Security Appliance IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 913 · , 914 · , 914 · , 914 · , 915 Email Security Appliance IP , CIDR . IP . . Email Security Appliance AsyncOS IP . AsyncOS IP IP . IP Email Security Appliance , x-forwarded-for HTTP . x-forwarded-for RFC HTTP . x-forwarded-for: client-ip, proxy1, proxy2,... CRLF . IP , . ( .) Email Security Appliance IP IP IP . AsyncOS x-forwarded-for IPv4 . ! . · Only Allow Specific Connections( ) (PC, Email Security Appliance Security Management Appliance ) IP . · Only Allow Specific Connections Through Proxy( ) , IP Origin IP IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 914 · Only Allow Specific Connections Directly or Through Proxy( ) · IP IP . · IP IP IP . GUI adminaccessconfig > ipaccess CLI . . , 914 . 1 System Administration( ) > Network Access( ) . 2 Edit Settings( ) . 3 . Allow All( ) . . IP IP , IP CIDR . . · IP IP Address of Proxy Server( IP ) . · x-forwarded-header HTTP . · x-forwarded-header . · IP x-forwarded-header , IP , IP CIDR . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 915 Only Allow Specific Connections Directly or IP IP , IP Through Proxy( CIDR ) . . 4 IP . IP , IP CIDR . . 5 . 1. IP . 2. IP . IP . x-forwarded-for. 6 . 7 . · UI , 916 · CLI , 917 UI AsyncOS Email Security Appliance UI . UI . · · HTTP HTTPS · Cisco AsyncOS . 1 System Administration( ) > Network Access( ) . 2 Edit Settings( ) . 3 Web UI Inactivity Timeout( UI ) () . 5~1440 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 916 CLI 4 . CLI adminaccessconfig UI . AsyncOS for Cisco Email Security Appliances CLI . CLI AsyncOS Email Security Appliance CLI . CLI . · · SSH(Secure Shell), SCP CLI . . 1 System Administration( ) > Network Access( ) . 2 Edit Settings( ) . 3 CLI Inactivity Timeout( UI ) () . 5~1440 . 4 . CLI adminaccessconfig CLI . AsyncOS for Cisco Email Security Appliances CLI . · , 917 · , 918 SSH, FTP UI Email Security Appliance . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 917 . , . CLI adminaccessconfig > banner . 80x25 2000. /data/pub/configuration . . SSH, FTP UI AsyncOS . . CLI adminaccessconfig > welcome . 1,600. /data/pub/configuration . . AsyncOS for Cisco Email Security Appliance CLI . SSH(Secure Shell) sshconfig . · admin authorized_keys SSH(Secure Shell) . SSH . · SSH . · · · KEX · MAC · Cisco SCP logconfig -> hostkeyconfig . , 1053 . hostkeyconfig Cisco . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 918 : · : , 919 · : SSH , 919 : . mail.example.com> sshconfig Choose the operation you want to perform: - SSHD - Edit SSH server settings. - USERKEY - Edit SSH User Key settings []> userkey Currently installed keys for admin: Choose the operation you want to perform: - NEW - Add a new key. - USER - Switch to a different user to edit. []> new Please enter the public SSH key for authorization. Press enter on a blank line to finish. [-paste public key for user authentication here-] Choose the operation you want to perform: - SSHD - Edit SSH server settings. - USERKEY - Edit SSH User Key settings []> : SSH SSH . mail.example.com> sshconfig Choose the operation you want to perform: - SSHD - Edit SSH server settings. - USERKEY - Edit SSH User Key settings []> sshd ssh server config settings: Public Key Authentication Algorithms: rsa1 ssh-dss ssh-rsa Cipher Algorithms: aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour [email protected] MAC Methods: hmac-md5 hmac-sha1 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 919 SSH [email protected] hmac-ripemd160 [email protected] hmac-sha1-96 hmac-md5-96 Minimum Server Key Size: 1024 KEX Algorithms: diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 Choose the operation you want to perform: - SETUP - Setup SSH server configuration settings []> setup Enter the Public Key Authentication Algorithms do you want to use [rsa1,ssh-dss,ssh-rsa]> rsa1 Enter the Cipher Algorithms do you want to use [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc, cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]]> aes192-ctr Enter the MAC Methods do you want to use [hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96, hmac-md5-96]> hmac-sha1 Enter the Minimum Server Key Size do you want to use [1024]> 2048 Enter the KEX Algorithms do you want to use [diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1, diffie-hellman-group1-sha1]> diffie-hellman-group-exchange-sha1 ssh server config settings: Public Key Authentication Algorithms: rsa1 Cipher Algorithms: aes192-ctr MAC Methods: hmac-sha1 Minimum Server Key Size: 2048 KEX Algorithms: diffie-hellman-group-exchange-sha1 Choose the operation you want to perform: - SETUP - Setup SSH server configuration settings []> SSH CLI SSH . Cisco admin SSH . # ssh [email protected] status Enter "status detail" for more information. Status as of: Mon Jan 20 17:24:15 2003 Last counter reset: Mon Jan 20 17:08:21 2003 System status: online [rest of command deleted] AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 920 Options() > Active Sessions( ) . w , whoami who . l ast . . IP , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 921 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 922 . 36 . B "IP " . · , 924 · Cisco Email Security Appliance , 926 · Cisco Email Security Virtual Appliance , 934 · , 935 · Configuration File( ) , 941 · , 941 · Security Services , 943 · , 945 · , 945 · AsyncOS , 953 · , 958 · AsyncOS , 959 · , 960 · , 961 · Email Security Appliance , 962 · , 962 · , 986 · , 991 · , 993 · Internet Explorer , 994 · HTTP , 994 · , 995 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 923 . · , 924 · , 924 · , 925 , . CLI shutdown reboot . 1 System Administration( ) > Shutdown/Suspend(/ ) . 2 System Operations( ) Operation() Shutdown() Reboot() . 3 () . 30. 4 Commit() . AsyncOS . . · . · . CLI suspend . 1 System Administration( ) > Shutdown/Suspend(/ ) . 2 . Mail Operations( ) / . . 3 . . 1. Specify Domain(s)/Subdomain(s)(/ ) ALL Enter . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 924 2. Specify Domain(s)/Subdomain(s)( / ) / IP Enter . . 4 () . . 30. 5 Commit() . , 925 . Shutdown/Suspend(/ ) resume . 1 System Administration( ) > Shutdown/Suspend(/ ) . 2 Mail Operations( ) / . . 3 . Specify Domain(s)/Subdomain(s)(/ ) . 4 Commit() . Serial Management Admin CLI . . , . CLI , (FTP, SSH, HTTP, HTTPS) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 925 , . . · System Administration( ) > Configuration File( ) Reset() , System Administration( ) > System Setup Wizard( ) Reset Configuration( ) . · CLIresetconfig . resetconfig . . · . , 28 . · . AsyncOS AsyncOS Monitor( ) System Overview( ) (System Status, 826 ), CLI version . Cisco Email Security Appliance · , 926 · Smart Software Licensing, 928 · , 926 · , 927 · , 928 ( ). CLI featurekey . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 926 1 System Administration( ) > Feature Keys( ) . 2 . Feature Keys for <serial number>(< > ) . Pending Activation( ) . . Pending Activation( ) Check for New Keys( ) . . Pending Activation( ) Activate Selected Keys( ) . Feature Activation( ) . · , 927 · Configuration File( ) , 941 , . 1 System Administration( ) > Feature Key Settings( ) . 2 Edit Feature Key Settings( ) . 3 (?) . 4 . 5 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 927 · , 926 90, 60, 30, 15, 5 . System Alerts( ) . , 962 . Cisco . Smart Software Licensing · , 928 · Smart Software Licensing , 930 · Cisco Smart Software Manager , 931 · , 931 · Smart Cisco Software Manager , 932 · Smart Cisco Software Manager , 932 · , 932 · , 933 · Smart Agent , 934 · , 933 · Smart Licensing, 934 Smart Software Licensing Cisco Email Security Appliance . Smart Software Licensing Cisco CSSM(Cisco Smart Software Manager) . Smart Licensing PAK(Product Authorization Key) . CSSM . Smart Agent CSSM CSSM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 928 Cisco Smart Software Manager https://www.cisco.com/c/en/us/td/docs/wireless/ technology/mesh/8-2/b_Smart_Licensing_Deployment_Guide.html . · . · Cisco Smart Software Manager (https://software.cisco.com/#module/SmartLicensing) Cisco Smart Software Manager Satellite Cisco . Cisco Smart Software Manager Cisco Smart Software Manager Satellite https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_Smart_Licensing_ Deployment_Guide.html . , Smart Software Manager Satellite CSSM . Satellite CSSM . CSSM Satellite . Smart Software Manager Satellite Smart Software Manager Satellite Enhanced Edition 6.1.0 . · () . https://video.cisco.com/detail/video/5841741892001/ convert-classic-licenses-to-smart-licenses?autoStart=true&q=classic . · CSSM . CSSM Smart Licensing . CSSM Security Services -> Service updates( ) . PAK ( ) . PAK Smart Licensing . Smart Licensing feature keys . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 929 Smart Software Licensing Smart Software Licensing . 1 Smart Software Licensing Smart Software Licensing , 930 2 Cisco Smart Software Manager Cisco Smart Software Manager , 931 3 ( ) , 931 Smart Software Licensing 1 System Administration( ) > Smart Software Licensing . 2 Enable Smart Software Licensing( ) . Smart Software Licensing Smart Software Licensing . 3 Smart Software Licensing OK() . 4 . Smart Software Licensing Smart Licensing( ) Classic Licensing( ) . Classic Licensing( ) 90 CSSM Smart Software Licensing . (90, 60, 30, 15, 5 ) . CSSM . Classic Licensing( ) Smart Software Licensing . Classic Licensing( ) . Cisco . . Smart Licensing Smart Licensing Classic Licensing . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 930 Cisco Smart Software Manager Cisco Smart Software Manager Cisco Smart Software Manager System Administration( ) Smart Software Licensing . 1 System Administration( ) > Smart Software Licensing . 2 Transport Settings( ) Edit() . . · : HTTP Cisco Smart Software Manager . . · : Smart Software Manager Satellite Cisco Smart Software Manager . Smart Software Manager Satellite URL OK() . HTTP HTTPS . FIPS HTTPS . https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_Smart_Licensing_ Deployment_Guide.html . Cisco Smart Software Manager (https://software.cisco.com/#module/SmartLicensing) . Virtual Accounts( ) General() . . https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_Smart_Licensing_ Deployment_Guide.html . 3 . 4 Register() . 5 Smart Software Licensing Reregister this product instance if it is already registered( ) . Smart Cisco Software Manager , 932 . Smart Software Licensing . . 1 System Administration( ) > Licenses() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 931 Smart Cisco Software Manager 2 Edit Settings( ) . 3 License Request/Release( /) . 4 Submit() . Email Security Appliance . , , . Email Security Appliance . . (OOC) 30 . OOC (30, 15, 5 ) . OOC . CSSM . Smart Cisco Software Manager 1 System Administration( ) > Smart Software Licensing . 2 Action() Deregister( ) Go() . 3 . Smart Cisco Software Manager 1 System Administration( ) > Smart Software Licensing . 2 Action() Reregister( ) Go() . Cisco Smart Software Manager , 931 . . CSSM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 932 Smart Licensing . . . Cisco Smart Software Manager . Smart Cisco Software Manager . . 1 System Administration( ) > Smart Software Licensing . 2 Action() . · · 3 Go() . . · Smart Software Licensing · Smart Software Licensing · · ( ) · · . · · · · · ID AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 933 Smart Agent · ID · · ID · OOC (OOC ) · Smart Agent Smart Agent . 1 System Administration( ) > Smart Software Licensing . 2 Smart Agent Update Status(Smart Agent ) Update Now( ) . CLI saveconfig System Administration( ) > Configuration Summary( ) Smart Licensing . Smart Licensing Smart Licensing . Smart Licensing Smart Licensing . Smart Licensing . , 1117 . Cisco Email Security Virtual Appliance Email Security Virtual Appliance Cisco Content Security Virtual Appliance . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 934 180 . . 180, 150, 120, 90, 60, 30, 15, 5, 1 0 . "Critical" "System" . , 964 . . . . · AsyncOS , 959 . XML(Extensible Markup Language) . . · . "" . · . ( XML .) (: ) . · . CLI "" . · FTP , CLI . · XML , XML DTD(document type definition) . XML DTD . ( XML .) XML · , . . C/X-Series M-Series . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 935 · . ( ), . Global Unsubscribe . Global Unsubscribe( ) Global Unsubscribe( ) . System Administration( ) > Configuration File( ) . Configuration File( ) . · Current Configuration( ) - . · Load Configuration( ) - . · End-User Safelist/Blocklist Database (Spam Quarantine)( / ( )) - , 873 / , 880 . · Reset Configuration( ) - ( ). PEM . · , 936 · , 937 · , 937 · , 940 System Administration( ) > Configuration File( ) Current Configuration( ) , (FTP/SCP configuration ), . . · URL . · CCO ID ID. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 936 Mask passphrases in the Configuration Files( ) . "*****" . AsyncOS . Encrypt passphrases in the Configuration Files( ) . . · · RADIUS · LDAP · · SNMP · DK/DKIM · SMTP · PostX · PostX · FTP · IPMI LAN · URL CLI saveconfig . System Administration( ) > Configuration File( ) Email file to( ) mailconfig . System Administration( ) > Configuration File( ) Load Configuration( ) . CLI loadconfig . . · configuration . · . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 937 . , . , 1139 . . <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE config SYSTEM "config.dtd"> <config> ... your configuration information in valid XML </config> </config> . configuration DTD(document type definition) XML . DTD config.dtd. loadconfig . DTD . () <config></config> , ( <config></config> ) complete unique . "Complete" DTD . <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE config SYSTEM "config.dtd"> <config> <autosupport_enabled>0</autosu </config> . <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE config SYSTEM "config.dtd"> <config> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 938 <autosupport_enabled>0</autosupport_enabled> </config> . "Unique" . ( <config></config> ) <hostname>mail4.example.com</hostname> . Recipient Access Table <rat> <rat_entry> <rat_address>ALL</rat_address> <access>RELAY</access> </rat_entry> </rat> "complete" . ( ) . . . . . <listeners></listeners> . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 939 , CLI . , Serial Management . DTD . . (: FTP ) loadconfig . logconfig FTP . , XML "encoding" "ISO-8859-1" . showconfig, saveconfig mailconfig . <?xml version="1.0" encoding="ISO-8859-1"?> . · , 1139 . . GUI . , 925 . showconfig . showconfig . mail3.example.com> showconfig Do you want to include passphrases? Please be aware that a configuration without passphrases will fail when reloaded with loadconfig. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE config SYSTEM "config.dtd"> <!-Product: IronPort model number Messaging Gateway Appliance(tm) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 940 Configuration File( ) Model Number: model number Version: version of AsyncOS installed Serial Number: serial number Current Time: current time and date [The remainder of the configuration file is printed to the screen.] Configuration File( ) · , 935 · , 925 · / , 880 · ( ) , 941 · , 942 · , 942 · , 943 ( ) ESXi 5.5 VMFS 5 2TB . ESXi 5.1 2TB. . VMware . . 1 Email Security Appliance . 2 VMware . VMware . ESXi 5.5 http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.hostclient.doc% 2FGUID-81629CAB-72FA-42F0-9F86-F8FD0DE39E57.html . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 941 3 System Administration( ) > Disk Management( ) . . · System Administration( ) > Disk Management( ) . · · . · , . , 851 . · , . , 942 . . . . System Administration( ) > Log Subscriptions( ) . · . · . · . · . Help and Support( )( ) > Packet Capture( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 942 FTP /data/pub . ( FTP FTP, SSH SCP , 1199 . .) System Administration( ) > Disk Management( ) . Miscellaneous() 75% . . , 962 . , . Security Services Services Overview( ) . · · McAfee · Sophos Services Overview( ) . · . , 944 . · . , 944 . Auto Update( ) . Global Settings( ) . . Security Services > Service updates( ) Alert Interval for Disabled Automatic Engine Updates( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 943 . · , 944 · , 944 · , 944 · , 971 1 Security Services > Services Overview( ) . 2 Available Updates( ) Update( ) . Update () . 1 Security Services > Services Overview( ) . 2 Modify Versions( ) Change() . 3 Apply() . . . Apply() . Global Settings( ) . . · Updater Logs( ): . Info() Debug() . , 1101 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 944 . · · McAfee Anti-Virus · PXE · Sophos Anti-Virus · IronPort · · · URL (URL . URL , 459 ) · (URL . Cisco Web Security Services , 428 ) · DLP Security Services( ) > Data Loss Prevention( ) . DLP , 518 . DLP , . DLP . , 945 . · , 946 · Cisco , 946 · , 946 · , 947 · , 948 · , 948 · , 949 · , 951 · , 951 · , 952 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 945 AsyncOS . · Cisco . . · Cisco . , 947 . , 949 . Cisco Cisco . 73: Cisco IP . . , 946 . 80 443 Cisco . Cisco IronPort IP . AsyncOS . 1 Cisco URL . 2 80 IP . 3 Security Services( ) > Service Updates( ) . 4 Edit Update Settings( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 946 5 Edit Update Settings( ) "Update Servers( )()" Local Update Servers( ) , AsyncOS McAfee Anti-Virus Base URL( URL) 1 URL . 6 "Update Servers( )()" IronPort Update Servers(IronPort ) . 7 . Cisco AsyncOS . HTTP . AsyncOS HTTP (" ") . . AsyncOS Cisco IronPort . AsyncOS . Cisco IronPort , . 74: 1 . 2 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 947 3 GUI Security Services( ) > Service Updates( ) CLI updateconfig . 4 System Administration( ) > System Upgrade( ) CLI upgrade . AsyncOS . · Cisco Systems · ( , 11 ) HTTP , IP DNS . AsyncOS . · (: Microsoft IIS(Internet Information Services) Apache ): · 24 · · ( ) ("") · AsyncOS 350MB http://updates.ironport.com/fetch_manifest.html ZIP . ( ) VLN( ) . . , ZIP . , Edit Update Settings( ) ( CLI updateconfig) . AsyncOS XML . "" . ZIP asyncos . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 948 ZIP Edit Update Settings( ) ( CLI updateconfig) XML URL . , Cisco . Cisco . 80 HTTP . , . . , . . . AsyncOS . Cisco , . . , 945 . 1 Security Services( ) > Service Updates( ) . 2 Edit Update Settings( ) . 3 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 949 Update Servers( )( Cisco IronPort AsyncOS Cisco IronPort ) , . Cisco IronPort . . URL . . AsyncOS McAfee Anti-Virus Click to use different settings for AsyncOS( AsyncOS ) . Cisco Intelligent Multi-Scan . () Cisco IronPort . Cisco IronPort , . AsyncOS . Cisco IronPort . , HTTP XML . AsyncOS 80 . . Sophos McAfee Anti-Virus , Cisco Anti-Spam , Cisco Intelligent Multi-Scan , PXE Engine , , ( ) . s, m h , . (0) . DLP Security Services( ) > Data Loss Prevention( ) . . DLP , 518 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 950 ' ' . m, h d , . 30 . Interface() . . . HTTP : GUI . . HTTPS Proxy Server((HTTPS HTTPS . HTTPS GUI ) . 4 . 1 Security Services( ) > Service Updates( ) Edit Update Settings( ) . 2 . 3 ( ) . m, h . 1. Email Security Appliance Cisco . , . updateconfig . . mail.example.com> updateconfig Service (images): Update URL: ------------------------------------------------------------------------------------------ Feature Key updates http://downloads.ironport.com/asyncos Timezone rules Cisco IronPort Servers Enrollment Client Updates Cisco IronPort Servers Support Request updates Cisco IronPort Servers AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 951 Cisco IronPort AsyncOS upgrades Cisco IronPort Servers Service (list): Update URL: ------------------------------------------------------------------------------------------ Timezone rules Cisco IronPort Servers Enrollment Client Updates Cisco IronPort Servers Support Request updates Cisco IronPort Servers Service (list): Update URL: ------------------------------------------------------------------------------------------ Cisco IronPort AsyncOS upgrades Cisco IronPort Servers Update interval: 5m Proxy server: not enabled HTTPS Proxy server: not enabled Choose the operation you want to perform: - SETUP - Edit update configuration. - VALIDATE_CERTIFICATES - Validate update server certificates - TRUSTED_CERTIFICATES - Manage trusted certificates for updates []> validate_certificates Should server certificates from Cisco update servers be validated? [Yes]> Service (images): Update URL: ------------------------------------------------------------------------------------------ Feature Key updates http://downloads.ironport.com/asyncos Timezone rules Cisco IronPort Servers Enrollment Client Updates Cisco IronPort Servers Support Request updates Cisco IronPort Servers Cisco IronPort AsyncOS upgrades Cisco IronPort Servers Service (list): Update URL: ------------------------------------------------------------------------------------------ Timezone rules Cisco IronPort Servers Enrollment Client Updates Cisco IronPort Servers Support Request updates Cisco IronPort Servers Service (list): Update URL: ------------------------------------------------------------------------------------------ Cisco IronPort AsyncOS upgrades Cisco IronPort Servers Update interval: 5m Proxy server: not enabled HTTPS Proxy server: not enabled Choose the operation you want to perform: - SETUP - Edit update configuration. - VALIDATE_CERTIFICATES - Validate update server certificates - TRUSTED_CERTIFICATES - Manage trusted certificates for updates []> , CA . . updateconfig . . mail.example.com> updateconfig ... ... ... Choose the operation you want to perform: - SETUP - Edit update configuration. - VALIDATE_CERTIFICATES - Validate update server certificates - TRUSTED_CERTIFICATES - Manage trusted certificates for updates []> trusted_certificates Choose the operation you want to perform: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 952 AsyncOS - ADD - Upload a new trusted certificate for updates. []> add Paste certificates to be trusted for secure updater connections, blank to quit Trusted Certificate for Updater: Paste cert in PEM format (end with '.'): -----BEGIN CERTIFICATE----MMIICiDCCAfGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCSU4x DDAKBgNVBAgTA0tBUjENM............................................ -----END CERTIFICATE----. Choose the operation you want to perform: - ADD - Upload a new trusted certificate for updates. - LIST - List trusted certificates for updates. - DELETE - Delete a trusted certificate for updates. []> AsyncOS 1 , , 945 , , . 2 , 953 . 3 . AsyncOS , 954 , 1129 4 . , 955 , 1129 . AsyncOS for Cisco Email Security Appliances CLI (http://www.cisco.com/en/US/products/ps10154/prod_command_reference_list.html) . AsyncOS . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 953 . . . Clear the notification( ) Close() . . ( Management Appliance( ) > System ) Administration( ) > System Upgrade( ) . AsyncOS . . . . . Clear the notification( ) Close() . . ( Management Appliance( ) > System ) Administration( ) > System Upgrade( ) . AsyncOS . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 954 1 XML . . 2 / . 3 . CLI suspendlistener . GUI . 4 . CLI workqueue , rate . . , . Cisco IronPort AsyncOS , . 10 . , Ctrl-C . · Cisco , . . . , 945 , 949 . · AsyncOS , 954 . · , 1129 . · . 1 System Administration( ) > System Upgrade( ) . 2 Upgrade Options( ) . ( 3) , . 1 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 955 3 . · . · · · CPU · · · . . · 4 . 4 . Download and Install( ) . . Download only() . . . Install() . . AsyncOS Install() . 5 AsyncOS . 6 a) configuration . b) . GUI Configuration File( ) CLI loadconfig . c) . . 7 Proceed() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 956 , 8 a) . . . b) Reboot Now( ) . c) 10 . 20 . · . · : ' ' , Install() . · : · ( ). · . , 935 . · . , 1 System Administration( ) > System Upgrade( ) . 2 Upgrade Options( ) . 3 . . . Cancel Download( ) . . Delete File( ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 957 4 ( ) . 80- 90- . . · RPC( ) . Hardware Installation Guide . · . . · IPv4 . , ipconfig . · IPMI(Intelligent Platform Management Interface) 2.0 . . · CLI(Command Line Interface) CLI . 1 SSH CLI . 2 . 3 . remotepower setup 4 . 1. IP . 2. power-cycle . . 5 Commit . 6 . 7 . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 958 AsyncOS · , 1170 AsyncOS AsyncOS AsyncOS . revert . . . . revert , . . . AsyncOS AsyncOS 9.0 for Email AsyncOS 8.5 for Email . AsyncOS 9.0 for Email AsyncOS 8.0 for Email , 180 . . · , 935 AsyncOS 1 2 . . FTP . , 937 . ( ). . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 959 3 4 5 / / . . CLI . revert . . . 6 CLI revert . . 15 20 , . 7 . 8 interfaceconfig IP . 9 FTP HTTP . 10 XML FTP GUI . 11 XML . 12 / / . 13 . AsyncOS . AsyncOS . · · · DMARC · (notify() notify-copy() ) · ( "Send Copy") · · , . . GUI CLI addressconfig . 1 System Administration( ) > Return Addresses( ) . 2 Edit Settings( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 960 3 . 4 . CPU , . . CLI healthconfig . CLI AsyncOS for Cisco Email Security Appliance CLI . . 1 System Administration( ) > System Health( ) . 2 Edit Settings( ) . 3 . · CPU (). CPU . 15 CPU 5 . CPU . · ( ) . . 15 150 . , 10 · 10.1% . · 15 15.1% . · ( ). . 15 150 . 1000 · 1002 . · 15 1510 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 961 Email Security Appliance . 4 . . , 964 . Email Security Appliance Email Security Appliance . ( 3) . 1 . · System Administration( ) > System Health( ) Run Health Check( ) . · CLI healthconfig . . · · · CPU · · . http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118881-technote-esa-00.html . . ( ) , . . , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 962 . GUI System Administration( ) > Alerts() ( CLI alertconfig ) . . · Critical(): . · Warning(): . · Information(): . AutoSupport Cisco , Cisco Systems . AutoSupport Cisco . AutoSupport , status AsyncOS . Cisco . . , 965 . Alert Recipient( ) SMTP . AsyncOS . AsyncOS . AsyncOS . , . · DNS MX A . · DNS 30 30 , DNS . · . . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 963 Date: 23 Mar 2005 21:10:19 +0000 To: [email protected] From: IronPort C60 Alert [[email protected]] Subject: Critical-example.com: (Anti-Virus) update via http://newproxy.example.com failed The Critical message is: update via http://newproxy.example.com failed Version: 4.5.0-419 Serial Number: XXXXXXXXXXXX-XXXXXXX Timestamp: Tue May 10 09:39:24 2005 For more information about this error, please see http://support.ironport.com If you desire further information, please contact your support provider. . , System( ) Critical() . AutoSupport , . . 1 System Administration( ) > Alerts() . 2 Add Recipient( ) . 3 . . 4 ( ) Cisco Release and Support Notifications( ) . 5 . 6 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 964 . alertconfig CLI . 1 Alerts() Edit Settings( ) . 2 Header From: Automatically Generated( )("alert@< >") . 3 () . , 965 . · () . · () . 4 IronPort AutoSupport AutoSupport . AutoSupport AutoSupport, 963 . · AutoSupport , Information() System() AutoSupport . . 5 . . · RFC 2822 Header From:( "alert@< >" ). CLI alertconfig -> from . · () · () · AutoSupport ( ) · Information() System() AutoSupport AsyncOS () . ( ). ()( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 965 . () . 5 5, 15 , 35, 75, 155, 315 . . () () . 5 60 5, 15, 35, 60, 120 . Email Security Appliance GUI CLI . . Alerts() View Top Alerts( ) CLI displayalerts . GUI , , , . Top Alerts( ) 50 . CLI alertconfig -> setup . 0 . (Cisco ), , , (critical( ) information() warning()), ( ) . . "$ip" . "$ip" IP . · , 967 · , 967 · DHAP(Directory Harvest Attack Prevention) , 968 · , 968 · , 969 · / , 971 · , 971 · , 981 · , 982 · , 983 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 966 AsyncOS . 85: AS.SERVER.ALERT AS.TOOL.INFO_ALERT AS.TOOL.ALERT $engine anti-spam - $message $tb `engine' - . Critical(). Sent when the anti-spam engine fails. 'message' - . 'tb' - (traceback). Update - $engine - $message `engine' - . Information(). 'message' - . Update - $engine - $message `engine' - . Critical(). 'message' - . AsyncOS . 86: AV.SERVER.ALERT /AV.SERVER.CRITICAL AV.SERVER.ALERT.INFO AV.SERVER.ALERT.WARN $engine antivirus - $message $tb `engine' - . Critical(). 'message' - . . 'tb' - (traceback). $engine antivirus - $message $tb `engine' - . Information(). 'message' - . . 'tb' - (traceback). $engine antivirus - $message $tb `engine' - . Warning() 'message' - . . 'tb' - (traceback). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 967 DHAP(Directory Harvest Attack Prevention) MAIL.ANTIVIRUS.ERROR_MESSAGE MID $mid antivirus $what error $tag `mid' - MID Critical(). 'what' - . . 'tag' - . MAIL.SCANNER. PROTOCOL_MAX_RETRY MID $mid is malformed and cannot be scanned `mid' - MID by $engine. 'engine' - Critical(). , . , . DHAP(Directory Harvest Attack Prevention) AsyncOS DHAP . 87: Directory Harvest Attack Prevention LDAP.DHAP_ALERT LDAP: Potential Directory Harvest Attack detected. See the system mail logs for more information about this attack. Warning() . AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 968 88: INTERFACE.ERRORS Port $port: has detected $in_err input errors, $out_err `port' - . output errors, $col collisions please check your media settings. 'in_err' - . Warning() . 'out_err' - . 'col' - . MAIL.MEASUREMENTS_FILESYSTEM The $file_system partition is at $capacity% capacity `file_system' - . Warning() (75%) . 'capacity' - . MAIL.MEASUREMENTS_FILESYSTEM. The $file_system partition is at $capacity% capacity `file_system' - . Critical(). 90%(95%, 96%, 97% ) . 'capacity' - . SYSTEM.RAID_EVENT_ALERT A RAID-event has occurred: $error `error' - RAID . Warning() RAID . SYSTEM.RAID_EVENT_ALERT_INFO A RAID-event has occurred: $error `error' - RAID . Information(). RAID . AsyncOS . 89: ISQ.CANNOT_CONNECT_OFF_BOX ISQ: Could not connect to off-box quarantine at $host:$port Information(). AsyncOS () IP . `host' - 'port' - AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 969 ISQ.CRITICAL ISQ: $msg 'msg' - Critical(). . ISQ.DB_APPROACHING_FULL ISQ: Database over $threshold% full `threshold' - Warning() . ISQ.DB_FULL ISQ: database is full Critical(). . ISQ.MSG_DEL_FAILED ISQ: Failed to delete MID $mid for $rcpt: $reason 'mid' - MID Warning() 'rcpt' - "all" . 'reason' - ISQ.MSG_NOTIFICATION_FAILED ISQ: Failed to send notification message: $reason Warning() . 'reason' - ISQ.MSG_QUAR_FAILED Warning() . ISQ.MSG_RLS_FAILED ISQ: Failed to release MID $mid to $rcpt: $reason `mid' - MID Warning() 'rcpt' - "all" . 'reason' - ISQ.MSG_RLS_FAILED_UNK_RCPTS ISQ: Failed to release MID $mid: $reason `mid' - MID Warning() 'reason' - . ISQ.NO_EU_PROPS ISQ: Could not retrieve $user's properties. Setting defaults 'user' - Information(). AsyncOS . ISQ.NO_OFF_BOX_HOST_SET ISQ: Setting up off-box ISQ without setting host Information(). AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 970 / / AsyncOS / . 90: / SLBL.DB.RECOVERY_FAILED SLBL: Failed to recover End-User Safelist/Blocklist database: '$error'. 'error' - Critical(). / . SLBL.DB.SPACE_LIMIT SLBL: End-User Safelist/Blocklist database exceeded allowed disk 'current' - (MB space: $current of $limit. ) Critical(). / 'limit' - (MB . ) AsyncOS . 91: / AMP.ENGINE.ALERT AsyncOS API Alerts COMMON.APP_FAILURE Advanced Malware Protection , 483 . AsyncOS API for Cisco Email Security Appliances - "" . "" Office 365 , 561 An application fault occurred: $error Warning() . 'error' - ( ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 971 / COMMON.ENGINE_AUTO_UPDATE_ <$level>: <$class> '$engine' - . ENABLED Information: Automatic updates have been enabled . for the particular engine <$engine>. You will now · Sophos receive automatic engine updates for this engine. · McAfee · Graymail COMMON.ENGINE_AUTO_UPDATE_ <$level>: <$class> '$engine' - . DISABLED Information: Automatic updates have been disabled . for the particular engine <$engine>. You will not · Sophos receive any automatic updates for this engine, unless you enable automatic updates in the global · McAfee setting page of the particular engine. · Graymail COMMON.KEY_EXPIRED_ ALERT Your "$feature" key has expired. Please contact 'feature' - . your authorized Cisco sales representative. Warning() . COMMON.KEY_EXPIRING_ ALERT Your "$feature" key will expire in under $days 'feature' - . day(s). Cisco . 'days' - . Warning() . COMMON.KEY_FINAL_EXPIRING_ This is a final notice. Your "$feature" key will 'feature' - . ALERT expire in under $days day(s). Cisco . 'days' - . Warning() . KEYS.GRACE_EXPIRING_ ALERT All security services licenses for this Cisco Email 'days' - Security Appliance have expired. The appliance . will continue to deliver mail without security services for $days days. To renew security services licenses, Please contact , 935 your authorized Cisco sales representative. . Critical(). . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 972 / KEYS.GRACE_FINAL_EXPIRING_ This is the final notice. All security services ALERT licenses for this Cisco Email Security , 935 Appliancehave expired. The appliance will . continue to deliver mail without security services for 1 day. To renew security services licenses, Please contact your authorized Cisco sales representative. Critical(). . KEYS.GRACE_EXPIRED_ALERT Your grace period has expired. All security sevice have expired, and your appliance is non-functional. , 935 The appliance will no longer deliver mail until a . new license is applied. To renew security services licenses, Please contact your authorized Cisco sales representative. Critical(). . DNS.BOOTSTRAP_FAILED Failed to bootstrap the DNS resolver. Unable to contact root servers. Warning() DNS . COMMON.INVALID_FILTER Invalid $class: $error `class' - "Filter", "SimpleFilter" . Warning() 'error' - . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 973 / IPBLOCKD.HOST_ADDED_TO_ The host at $ip has been added to the blacklist 'ip' - IP . WHITELIST because of an SSH DOS attack. IPBLOCKD.HOST_ADDED_TO_ The host at $ip has been permanently added to the BLACKLIST ssh whitelist. IPBLOCKD.HOST_REMOVED_ The host at $ip has been removed from the FROM_BLACKLIST blacklist Warning() SSH IP 10 10 SSH . IP IP . . . LDAP.GROUP_QUERY_FAILED_ LDAP: Failed group query $name, comparison in 'name' - . ALERT filter will evaluate as false Critical(). LDAP . LDAP.HARD_ERROR LDAP: work queue processing error in $name reason $why 'name' - . 'why' - . Critical(). LDAP ( ). LOG.ERROR.* Critical(). . MAIL.FILTER.RULE_MATCH_ ALERT MID $mid matched the $rule_name rule. \n Details: $details Information(). Header Repeats( ) true . `mid' - . `rule_name' - . `details' - . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 974 / MAIL.PERRCPT.LDAP_GROUP_ LDAP group query failure during per-recipient QUERY_FAILED scanning, possible LDAP misconfiguration or unreachable server. Critical(). LDAP . MAIL.QUEUE.ERROR.* Critical(). . MAIL.OMH.DELIVERY_RETRY Subject - 'Alert: Message Delivery failed for 'host' - DANE $hostname. DANE verification failed for one or more Domain(s).' Message - The message delivery failed due to DANE verification failure for all mail exchange (MX) hosts in $hostname. The appliance will attempt message delivery again or bounce the message. MAIL.RES_CON_START_ ALERT. This system (hostname: $hostname) has entered a 'hostname' - . `resource conservation' mode in order to prevent the rapid depletion of critical system resources. 'memory_threshold_start' - RAM utilization for this system has exceeded the . resource conservation threshold of 'memory_threshold_halt' - $memory_threshold_start%. The allowed receiving rate for this system will be gradually decreased as . RAM utilization approaches $memory_threshold_halt%. Critical(). RAM . MAIL.RES_CON_START_ ALERT. QUEUE_SLOW This system (hostname: $hostname) has entered a 'hostname' - . `resource conservation' mode in order to prevent the rapid depletion of critical system resources. The queue is overloaded and is unable to maintain the current throughput. Critical(). . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 975 / MAIL.RES_CON_START_ ALERT. QUEUE This system (hostname: $hostname) has entered a `hostname' - . `resource conservation' mode in order to prevent the rapid depletion of critical system resources. `queue_threshold_start' - Queue utilization for this system has exceeded the . resource conservation threshold of `queue_threshold_halt' - $queue_threshold_start%. The allowed receiving rate for this system will be gradually decreased as . queue utilization approaches $queue_threshold_halt%. Critical(). . MAIL.RES_CON_START_ ALERT. WORKQ This system (hostname: $hostname) has entered a `hostname' - . `resource conservation' mode in order to prevent the rapid depletion of critical system resources. `suspend_threshold' - Listeners have been suspended because the current . work queue size has exceeded the threshold of $suspend_threshold. Listeners will be resumed once the work queue size has dropped to `resume_threshold' - . $resume_threshold. These thresholds may be altered via use of the `tarpit' command on the system CLI. Information(). . MAIL.RES_CON_START_ ALERT This system (hostname: $hostname) has entered a `hostname' - . `resource conservation' mode in order to prevent the rapid depletion of critical system resources. Critical(). " " . MAIL.RES_CON_STOP_ALERT This system (hostname: $hostname) has exited `resource conservation' mode as resource utilization has dropped below the conservation threshold. `hostname' - . Information(). " " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 976 / MAIL.SDS.CATEGORY_CHANGE URL , 459 -- . MAIL.SDS.CERTIFICATE_ INVALID URL , 441 . MAIL.SDS.ERROR_FETCHING_ CERTIFICATE MAIL.WORK_QUEUE_PAUSED_ work queue paused, $num msgs, $reason `num' - NATURAL . Critical(). . `reason' - . MAIL.WORK_QUEUE_UNPAUSED_ work queue resumed, $num msgs `num' - NATURAL . Critical(). . NTP.NOT_ROOT Not running as root, unable to adjust system time Warning() NTP . QUARANTINE.ADD_DB_ERROR Unable to quarantine MID $mid - quarantine system unavailable 'mid' - MID Critical(). . QUARANTINE.DB_UPDATE_ FAILED Unable to update quarantine database (current version: $version; target $target_version) 'version' - . 'target_version' - . Critical(). . QUARANTINE.DISK_SPACE_ The quarantine system is unavailable due to a lack 'file_system' - . LOW of space on the $file_system partition. Critical(). . QUARANTINE.THRESHOLD_ ALERT Quarantine "$quarantine" is $full% full Warning() 5%, 50% 75% . 'quarantine' - . 'full' - . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 977 / QUARANTINE.THRESHOLD_ ALERT.SERIOUS Quarantine "$quarantine" is $full% full 'quarantine' - . Critical(). 95% 'full' - . . REPORTD.DATABASE_OPEN_ FAILED_ALERT The reporting system has encountered a critical 'err_msg' - error while opening the database. In order to prevent disruption of other services, reporting has been disabled on this machine. Please contact customer support to have reporting enabled. The error message is: $err_msg Critical(). . REPORTD.AGGREGATION_ DISABLED_ALERT Processing of collected reporting data has been 'threshold' - disabled due to lack of logging disk space. Disk usage is above $threshold percent. Recording of reporting events will soon become limited and reporting data may be lost if disk space is not freed up (by removing old logs, etc.). Once disk usage drops below $threshold percent, full processing of reporting data will be restarted automatically. Warning() . . REPORTING.CLIENT.UPDATE_ FAILED_ALERT Reporting Client: The reporting system has not responded for an extended period of time ($duration). Warning() . 'duration' - . ('1h 3m 27s'). REPORTING.CLIENT.JOURNAL. Reporting Client: The reporting system is unable FULL to maintain the rate of data being generated. Any new data generated will be lost. Critical(). . REPORTING.CLIENT.JOURNAL. Reporting Client: The reporting system is now able to handle new data. Information(). . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 978 / PERIODIC_REPORTS.REPORT_ A failure occurred while building periodic report `report_title' - TASK.BUILD_FAILURE `$report_title'. This subscription has been removed from the scheduler. Critical(). . PERIODIC_REPORTS.REPORT_ A failure occurred while emailing periodic report 'report_title' - TASK.EMAIL_FAILURE `$report_title'. This subscription has been removed from the scheduler. Critical(). . PERIODIC_REPORTS.REPORT_ A failure occurred while archiving periodic report 'report_title' - TASK.ARCHIVE_FAILURE '$report_title'. This subscription has been removed from the scheduler. Critical(). . SENDERBASE.ERROR Error processing response to query $query: response was $response 'query' - . 'response' - . Information(). SenderBase . SMTPAUTH.FWD_SERVER_ FAILED_ ALERT SMTP Auth: could not reach forwarding server 'ip' - IP. $ip with reason: $why 'why' - . Warning() SMTP . SMTPAUTH.LDAP_QUERY_ FAILED SMTP Auth: LDAP query failed, see LDAP debug logs for details. Warning() LDAP . SYSTEM.HERMES_SHUTDOWN_ While preparing to ${what}, failed to stop mail 'error' - . FAILURE. server gracefully: ${error}$what:=reboot REBOOT Warning() . SYSTEM.HERMES_SHUTDOWN_ While preparing to ${what}, failed to stop mail 'error' - . FAILURE. server gracefully: ${error}$what:=shut down SHUTDOWN Warning() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 979 / SYSTEM.LOGIN_FAILURES_LOCK_ALERT User "$user" is locked after $numlogins 'user' - consecutive login failures. Last login attempt was from $rhost 'numlogins' - Information: Sent when the user account is locked 'rhost' - because of maximum number of failed login attempts SYSTEM.RCPTVALIDATION.UPDATE_ Error updating recipient validation data: $why 'why' - . FAILED Critical(). . SYSTEM.SERVICE_TUNNEL. Tech support: Service tunnel has been disabled Information(). Cisco . SYSTEM.SERVICE_TUNNEL. Tech support: Service tunnel has been enabled, 'port' - . port $port Information(). Cisco . IPBLOCKD.HOST_ADDED_TO_ The host at $ip has been added to the blacklist 'ip' - IP . WHITELIST because of an SSH DOS attack. IPBLOCKD.HOST_ADDED_TO_ The host at $ip has been permanently added to the BLACKLIST ssh whitelist. IPBLOCKD.HOST_REMOVED_FROM_ The host at $ip has been removed from the BLACKLIST blacklist Warning() SSH IP 10 10 SSH . IP IP . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 980 / WATCHDOG_RESTART_ALERT_ <$level>: <$class>, <$hostname>: $subject $text 'subject' - Watchdog MSG Warning() Cisco Email Security Appliance watchdog 'text' - Watchdog . · Anti-Spam · Anti-Virus · · watchdog , watchdog . MAIL.IMH.GEODB_UPDATE_ COUNTRIES' Warning() Geolocation Update - the list of 'added' - The following countries are supported countries has changed. added: <iso_code1>:<country_nam Added Countries - <$added> e1>,<iso_code2>:<country_name2>, Deleted Countries - <$deleted> 'deleted' - The following countries are deleted: <iso_code1>:<country_nam Review your HAT sender groups, Message Filters, e1>:<iso_code2>:<country_name2>, and Content Filters settings accordingly. MAIL.UPDATED_SHORT_URL_DOMAIN_LIST Info. The list of shortened URL domains has been 'added_domains': The following domains updated.. are added: <domains_1>, <domain_2> Added Domains: <$added_domains> Deleted Domains - <$deleted_domains> 'deleted_domains' : The following domains are deleted: <domain_3>, <domain_4> MAIL.DOMAINS_NOT_REACHABLE Warning() The following domains are not reachable by the appliance for shortened URL support: <$domains> <$domains>: comma separated list of domains Check your firewall rules to allow your appliance to connect to these domains. AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 981 92: UPDATER.APP.UPDATE_ ABANDONED UPDATER.UPDATERD. ANIFEST_FAILED_ALERT UPDATER.UPDATERD. RELEASE_NOTIFICATION UPDATER.UPDATERD. UPDATE_FAILED $app abandoning updates until a new version `app' - . is published. The $app application tried and failed $attempts times to successfully complete `attempts' - . an update. This may be due to a network configuration issue or temporary outage Warning() . The updater has been unable to communicate `threshold' - with the update server for at least $threshold. . Warning() . $mail_text Warning() . `mail_text' - . `notification_subject' - . Unknown error occured: $traceback `traceback' - (traceback). Critical(). . AsyncOS . ( ) . 93: VOF.GTL_THRESHOLD_ALERT Outbreak Filters Rule Update Alert:$text All rules last updated at: 'text' - $time on $date. . Information(). 'time' - . . 'date' - . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 982 AS.UPDATE_FAILURE $engine update unsuccessful. This may be due to transient network `engine' - or DNS issues, HTTP proxy configuration causing update . transmission errors or unavailability of downloads.ironport.com. The specific error on the appliance for this failure is: $error 'error' - . Warning() CASE . AsyncOS . 94: CLUSTER.CC_ERROR. AUTH_ERROR Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Machine does not . appear to be in the cluster 'ip' - IP. Critical(). . 'why' - . . CLUSTER.CC_ERROR.DROPPED Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Existing connection . dropped 'ip' - IP. Warning() . 'why' - . CLUSTER.CC_ERROR.FAILED Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Connection failure . Warning() 'ip' - IP. . 'why' - . CLUSTER.CC_ERROR. FORWARD_FAILED Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Message forward . failed, no upstream connection 'ip' - IP. Critical(). 'why' - . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 983 CLUSTER.CC_ERROR.NOROUTE Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=No route found . Critical(). 'ip' - IP. 'why' - . . CLUSTER.CC_ERROR.SSH_KEY Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Invalid host key . Critical(). SSH 'ip' - IP. . 'why' - . CLUSTER.CC_ERROR.TIMEOUT Error connecting to cluster machine $name at IP 'name' - / $ip - $error - $why$error:=Operation timed out . Warning() 'ip' - IP. . 'why' - . CLUSTER.CC_ERROR_NOIP Error connecting to cluster machine $name - 'name' - / $error - $why . Critical(). 'why' - . IP . CLUSTER.CC_ERROR_NOIP. AUTH_ERROR Error connecting to cluster machine $name - 'name' - / $error - $why$error:=Machine does not appear . to be in the cluster 'why' - . Critical(). . . CLUSTER.CC_ERROR_NOIP. DROPPED Error connecting to cluster machine $name - 'name' - / $error - $why$error:=Existing connection dropped . 'why' - . Warning() IP , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 984 CLUSTER.CC_ERROR_NOIP. FAILED Error connecting to cluster machine $name - 'name' - / $error - $why$error:=Connection failure . Warning() , IP . 'why' - . CLUSTER.CC_ERROR_NOIP. FORWARD_FAILED Error connecting to cluster machine $name $error - $why$error:=Message forward failed, no upstream connection 'name' - / . 'why' - . Critical(). IP , . CLUSTER.CC_ERROR_NOIP. NOROUTE Error connecting to cluster machine $name - 'name' - / $error - $why$error:=No route found . Critical(). 'why' - . IP , . CLUSTER.CC_ERROR_NOIP. SSH_KEY Error connecting to cluster machine $name - 'name' - / $error - $why$error:=Invalid host key . Critical(). 'why' - . IP , SSH . CLUSTER.CC_ERROR_NOIP. TIMEOUT Error connecting to cluster machine $name - 'name' - / $error - $why$error:=Operation timed out . Warning() 'why' - . IP , . CLUSTER.SYNC.PUSH_ALERT Overwriting $sections on machine $name Critical(). . 'name' - / . 'sections' - . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 985 . , 28 ( systemsetup ) , DNS . . · sethostname · DNS (GUI dnsconfig ) · (GUI routeconfig setgateway ) · dnsflush · Passphrase( ) · · . . . · Network() > IP Interfaces(IP ) , Management( ) , Hostname( ) . · CLI sethostname . . DNS(Domain Name System) GUI Network() DNS dnsconfig DNS . . · DNS , · DNS · DNS () · DNS DNS AsyncOS DNS , DNS DNS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 986 . DNS , ( DNS ). DNS AsyncOS DNS "" . DNS . " DNS" in-addr.arpa(PTR) . ".eng" 1.2.3.4 .eng 172.16 , DNS "eng,16.172.in-addr.arpa" . DNS . AsyncOS 0 DNS . DNS AsyncOS . DNS DNS . " " , . DNS . IP . , . 60. 60. 2 15, 45. 3 5, 10, 45. 4 DNS 2 0, 1, 2 . 95: DNS , Priority( ) 0 1.2.3.4, 1.2.3.5 1 1.2.3.6 2 1.2.3.7 () 5, 5 10 45 AsyncOS 0 . 0 . 0 1 (1.2.3.6) , 2(1.2.3.7) . 0 , 1 , 2 . AsyncOS DNS DNS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 987 DNS DNS , . DNS " DNS " . , DNS IP . IP DNS(PTR) PTR DNS(A) . A PTR . A IP HAT(Host Access Table) . , 987 DNS . DNS 20. DNS (DNS DNS ) . , DNS 8 DNS 20 , (8 * 20) = 160. () '0' DNS . 0 , DNS . IP CN(common name) TLS . DNS "Failed to bootstrap the DNS cache(DNS )" . DNS . DNS . DNS . DNS GUI Clear Cache( ) dnsflush (dnsflush AsyncOS for Cisco Email Security Appliances CLI ) DNS . DNS . , . DNS 1 Network() > DNS . 2 Edit Settings( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 988 TCP/IP 3 DNS DNS DNS . 4 DNS ID Add Row( ) . . DNS . DNS , 986 . 5 DNS DNS IP . Add Row( ) . DNS . IP DNS . 6 DNS . 7 DNS () . 8 Clear Cache( ) DNS . 9 . TCP/IP . Email Security Appliance IPv4(Internet Protocol version 4) IPv6(Internet Protocol version 6) . CLI routeconfig . 1 Network() > Routing() . 2 (IPv4 IPv6) Add Route( ) . 3 . 4 IP . 5 IP . 6 . CLI setgateway . 1 Network() > Routing() . 2 Default Route( ) . 3 IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 989 SSL 4 . SSL SSL Configuration Settings(SSL ) sslconfig SSL . 1 System Administration( ) > SSL Configuration Settings(SSL ) . 2 Edit Settings( ) . 3 . · GUI HTTPS SSL . GUI HTTPS SSL . · SMTP SSL . Inbound SMTP( SMTP) SSL . · SMTP SSL . Outbound SMTP( SMTP) SSL . · SSL v2 TLS v1 . SSL v3 . · TLS v1.0 v1.1 . TLS v1.2 . 4 Submit() . 5 Commit Changes( ) . SSLv3 SSLv3 . · Updater · URL · · LDAP SSLv3 sslv3config . SSLv3 . mail.example.com> sslv3config Current SSLv3 Settings: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 990 -------------------------------------------------- UPDATER : Enabled WEBSECURITY : Enabled EUQ : Enabled LDAP : Enabled -------------------------------------------------- Choose the operation you want to perform: - SETUP - Toggle SSLv3 settings. []> setup Choose the service to toggle SSLv3 settings: 1. EUQ Service 2. LDAP Service 3. Updater Service 4. Web Security Service [1]> Do you want to enable SSLv3 for EUQ Service ? [Y]>n Choose the operation you want to perform: - SETUP - Toggle SSLv3 settings. []> , NTP , GUI System Administration( ) Time Zone or Time Settings( ) . CLI ntpconfig, settime settz . System Administration( ) > Time Settings( ) tzupdate CLI AsyncOS . GUI System Administration( ) Time Zone( ) . GMT . 1 System Administration( ) > Time Zone( ) Edit Settings( ) . 2 , . 3 . GMT 1 System Administration( ) > Time Zone( ) Edit Settings( ) . 2 GMT Offset(GMT ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 991 3 Time Zone( ) . GMT() . ("-") . ("+") . 4 . . · ( ) NTP(Network Time Protocol) , 992 · , 992 ( ) NTP(Network Time Protocol) . NTP . 1 System Administration( ) > Time Settings( ) . 2 Edit Settings( ) . 3 Time Keeping Method( ) Use Network Time Protocol(NTP ) . 4 NTP Add Row( ) . NTP . 5 NTP . 6 NTP . NTP IP . 7 . . Network Time Protocol . 1 System Administration( ) > Time Settings( ) . 2 Edit Settings( ) . 3 Time Keeping Method( ) Set Time Manually( ) . 4 , , , , . 5 A.M P.M . 6 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 992 · , 993 · , 993 ( ) . , My Favorites( ) Add This Page To My Favorites( ) . My Favorites( ) . My Favorites( ) > View All My Favorites( ) . My Favorites( ) > View All My Favorites( ) . My Favorites( ) . My Dashboard( ) , 797 . . . , . , . . Options() . 1 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 993 Internet Explorer 2 Options() > Preferences( ) . . 3 Edit Preferences( ) . 4 . Language Display( ) CLI AsyncOS for Web Landing Page( ) Reporting Time Range Displayed( Reporting() )() Number of Reporting Rows Displayed( ) 5 . 6 Return to previous page( ) . Internet Explorer Internet Explorer . . 1 System Administration( ) > General Settings( ) . 2 Override IE Compatibility Mode(IE ) . 3 . HTTP CLI adminaccessconfig > maxhttpheaderfieldsize HTTP HTTP . HTTP 4096(4KB) 33554432(32MB). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 994 CLI diagnostic > servicessub . · . · . : DLP services DLP . mail.example.com> diagnostic Choose the operation you want to perform: - RAID - Disk Verify Utility. - DISK_USAGE - Check Disk Usage. - NETWORK - Network Utilities. - REPORTING - Reporting Utilities. - TRACKING - Tracking Utilities. - RELOAD - Reset configuration to the initial manufacturer values. - SERVICES - Service Utilities. []> services Choose one of the following services: - ANTISPAM - Anti-Spam services - ANTIVIRUS - Anti-Virus services - DLP - Cisco Data Loss Prevention services - ENCRYPTION - Encryption services - GRAYMAIL - Graymail services - REPORTING - Reporting associated services - SBRS - Reputation Engine services - TRACKING - Tracking associated services - URLFILTERING - URL Filtering - EUQWEB - End User Quarantine GUI - WEBUI - Web GUI []> dlp Choose the operation you want to perform: - RESTART - Restart the service - STATUS - View status of the service []> status Cisco Data Loss Prevention has been up for 3s. : services . mail.example.com> diagnostic Choose the operation you want to perform: - RAID - Disk Verify Utility. - DISK_USAGE - Check Disk Usage. - NETWORK - Network Utilities. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 995 - REPORTING - Reporting Utilities. - TRACKING - Tracking Utilities. - RELOAD - Reset configuration to the initial manufacturer values. - SERVICES - Service Utilities. []> services Choose one of the following services: - ANTISPAM - Anti-Spam services - ANTIVIRUS - Anti-Virus services - DLP - Cisco Data Loss Prevention services - ENCRYPTION - Encryption services - GRAYMAIL - Graymail services - REPORTING - Reporting associated services - SBRS - Reputation Engine services - TRACKING - Tracking associated services - URLFILTERING - URL Filtering - EUQWEB - End User Quarantine GUI - WEBUI - Web GUI []> graymail Choose the operation you want to perform: - RESTART - Restart the service - STATUS - View status of the service []> restart AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 996 37 CLI . · CLI , 997 · , 998 · CLI , 1003 · , 1014 · SNMP , 1023 CLI CLI Email Security Appliance . · . · , · 1, 5 15 · : · · · · SNMP(Simple Network Management Protocol) : · · · · . : · · · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 997 CLI · , · · , 998 · , 1000 · , 1002 . , , . . resetcounters Cisco Cisco . . . . 96: Receiving() Rejection() . . . RAT(Recipient Access Table) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 998 CLI (drop) Black Hole . /dev/null . ( ) . Queue() Soft Bounced Events( - ) . Completion() , . . Hard Bounced Recipients( DNS , 5XX , , ) . . DNS DNS . 5XX "5XX" . . bounce . ( ) . bouncerecipients . Delivered Recipients( ) . deleterecipients Global Unsubscribe Hit( ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 999 CLI Current IDs( ID) ID(MID) ICID(Injection Connection ID) DCID(Delivery Connection ID) ID . MID Cisco . MID 231 (0) . Injection Connection ID. ICID 231 (0 ). Delivery Connection ID. DCID 231 (0 ). , , . Cisco . . . . 97: System Gauges( ) RAM CPU RAM(Random Access Memory) . CPU . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1000 CLI I/O I/O . Disk I/O Utilization( I/O ) . I/O . 100% I/O ( I/O 100% ). (conservation) 0 60 999 . 0~60 . . (0) . 999 " " . . : LogUsd XML log_used , . Connections Gauges( ) . . Queue Gauges( ) Active Recipients( ) . Unattempted Recipients( ) Attempted Recipients( ) . Active Recipients( ) . . Active Recipients( ) . . , , , , , LDAP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1001 CLI Messages in Quarantine( ) . Outbreak( ) (0) , . Destinations in Memory( ) . . 3 . 3 (: tophosts ). "1" . ( ) "0" . . ( 3 yahoo.com yahoo.com 3 .) ( ). Kilobytes in Quarantine( . ) 30 , "Messages in Quarantine( )" . . ( ). . 1, 5, 15 , . Cisco 1 100 1 6,000 . 5 1,200 , 15 400 . 1 . 1 100 15 100 . Cisco . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1002 CLI CLI . . . 98: Messages Received( ) . Recipients Received( ) . Soft Bounced Events( . ( ) .) Completed Recipients( , ) . . Hard Bounced Recipients( ) DNS , 5XX , , . . Delivered Recipients( . ) CLI · , 1004 · , 1005 · , 1006 · , 1009 · , 1010 · , 1011 · DNS , 1012 · , 1013 · TCP/IP , 1014 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1003 CLI Cisco . status . , . . , , . , , . CLI , 997 . 99: Status as of(/) . Last counter reset( . ) System status( ) Online(), offline(), receiving suspended( ) delivery suspended( ). "receiving suspended( )" . "offline()" . Oldest Message( . ) Features() featurekey . mail3.example.com> status Status as of: Up since: Last counter reset: System status: Oldest Message: Counters: Receiving Messages Received Recipients Received Rejection Rejected Recipients Dropped Messages Queue Soft Bounced Events Completion Completed Recipients Thu Oct 21 14:33:27 2004 PDT Wed Oct 20 15:47:58 2004 PDT (22h 45m 29s) Never Online 4 weeks 46 mins 53 secs Reset Uptime Lifetime 62,049,822 62,049,823 290,920 290,920 62,049,822 62,049,823 3,949,663 11,606,037 11,921 219 3,949,663 11,606,037 2,334,552 13,598 2,334,552 50,441,741 332,625 50,441,741 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1004 CLI Current IDs Message ID (MID) Injection Conn. ID (ICID) Delivery Conn. ID (DCID) Gauges: Connections Current Inbound Conn. Current Outbound Conn. Queue Active Recipients Messages In Work Queue Messages In Quarantine Kilobytes Used Kilobytes In Quarantine Kilobytes Free mail3.example.com> Current 0 14 7,166 0 16,248 387,143 338,206 39,458,745 99524480 51180368 17550674 status detail . , . . , , . , , . . 1, 5, 15 , . CLI , 997 . mail3.example.com> status detail Status as of: Thu Jun 30 13:09:18 2005 PDT Up since: Thu Jun 23 22:21:14 2005 PDT (6d 14h 48m 4s) Last counter reset: Tue Jun 29 19:30:42 2004 PDT System status: Online Oldest Message: No Messages Feature - IronPort Anti-Spam: 17 days Feature - Sophos: Dormant/Perpetual Feature - Outbreak Filters: Dormant/Perpetual Feature - Central Mgmt: Dormant/Perpetual Counters: Reset Uptime Lifetime Receiving Messages Received 2,571,967 24,760 3,113,176 Recipients Received 2,914,875 25,450 3,468,024 Gen. Bounce Recipients 2,165 0 7,451 Rejection Rejected Recipients 1,019,453 792 1,740,603 Dropped Messages 1,209,001 66 1,209,028 Queue Soft Bounced Events 11,236 0 11,405 Completion Completed Recipients 2,591,740 49,095 3,145,002 Hard Bounced Recipients 2,469 0 7,875 DNS Hard Bounces 199 0 3,235 5XX Hard Bounces 2,151 0 4,520 Expired Hard Bounces 119 0 120 Filter Hard Bounces 0 0 0 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1005 CLI Other Hard Bounces 0 0 Delivered Recipients 2,589,270 49,095 Deleted Recipients 1 0 Global Unsub. Hits 0 0 DomainKeys Signed Msgs 10 9 Current IDs Message ID (MID) Injection Conn. ID (ICID) Delivery Conn. ID (DCID) Rates (Events Per Hour): 1-Minute 5-Minutes Receiving Messages Received 180 300 Recipients Received 180 300 Queue Soft Bounced Events 0 0 Completion Completed Recipients 360 600 Hard Bounced Recipients 0 0 Delivered Recipients 360 600 Gauges: Current System RAM Utilization 1% CPU Utilization MGA 0% AntiSpam 0% AntiVirus 0% Disk I/O Utilization 0% Resource Conservation 0 Connections Current Inbound Conn. 0 Current Outbound Conn. 0 Queue Active Recipients 0 Unattempted Recipients 0 Attempted Recipients 0 Messages In Work Queue 0 Messages In Quarantine 19 Destinations In Memory 3 Kilobytes Used 473 Kilobytes In Quarantine 473 Kilobytes Free 39,845,415 0 3,137,126 1 0 10 7615199 3263654 1988479 15-Minutes 188 188 0 368 0 368 , . ( ) "0" "1" . . . , hoststatus . hoststatus . . AsyncOS DNS . resetcounters . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1006 CLI . CLI , 997 . hoststatus . 100: hoststatus , " " . Pending Outbound Connection( ) greeting . Oldest Message( . ) / . . IP IP TTL(time to live), MX . MX IP . MX . MX . MX . Last 5XX error( 5XX "5XX" ) . 5XX . MX MX IP . MX . MX . MX . SMTP SMTP . Last TLS Error( TLS TLS ) TLS . TLS . ( , 69 ). AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1007 CLI 101: hoststatus up/down hoststatus - . hoststatus - . Recipients() hoststatus . Active Recipients( ) - . Last 5XX error( 5XX 5XX ) . 5XX . mail3.example.com> hoststatus Recipient host: []> aol.com Host mail status for: 'aol.com' Status as of: Tue Mar 02 15:17:32 2010 Host up/down: up Counters: Queue Soft Bounced Events 0 Completion Completed Recipients 1 Hard Bounced Recipients 1 DNS Hard Bounces 0 5XX Hard Bounces 1 Filter Hard Bounces 0 Expired Hard Bounces 0 Other Hard Bounces 0 Delivered Recipients 0 Deleted Recipients 0 Gauges: Queue Active Recipients 0 Unattempted Recipients 0 Attempted Recipients 0 Connections Current Outbound Connections 0 Pending Outbound Connections 0 Oldest Message No Messages Last Activity Tue Mar 02 15:17:32 2010 Ordered IP addresses: (expiring at Tue Mar 02 16:17:32 2010) Preference IPs 15 64.12.137.121 64.12.138.89 64.12.138.120 15 64.12.137.89 64.12.138.152 152.163.224.122 15 64.12.137.184 64.12.137.89 64.12.136.57 15 64.12.138.57 64.12.136.153 205.188.156.122 15 64.12.138.57 64.12.137.152 64.12.136.89 15 64.12.138.89 205.188.156.154 64.12.138.152 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1008 CLI 15 64.12.136.121 152.163.224.26 64.12.137.184 15 64.12.138.120 64.12.137.152 64.12.137.121 MX Records: Preference TTL Hostname 15 52m24s mailin-01.mx.aol.com 15 52m24s mailin-02.mx.aol.com 15 52m24s mailin-03.mx.aol.com 15 52m24s mailin-04.mx.aol.com Last 5XX Error: ---------- 550 REQUESTED ACTION NOT TAKEN: DNS FAILURE (at Tue Mar 02 15:17:32 2010 GMT) IP: 10.10.10.10 ---------- Last TLS Error: Required - Verify ---------- TLS required, STARTTLS unavailable (at Tue Mar 02 15:17:32 2010 GMT) IP: 10.10.10.10 Virtual gateway information: ============================================================ example.com (PublicNet_017): Host up/down: up Last Activity Wed June 22 13:47:02 2005 Recipients 0 altsrchost . (: ) tophosts . tophosts 20 . , , , , . CLI , 997 . mail3.example.com> tophosts Sort results by: 1. Active Recipients 2. Connections Out 3. Delivered Recipients 4. Soft Bounced Events 5. Hard Bounced Recipients [1]> 1 Status as of: Mon Nov 18 22:22:23 2003 Active Conn. Deliv. # Recipient Host Recip Out Recip. 1 aol.com 365 10 255 2 hotmail.com 290 7 198 3 yahoo.com 134 6 123 4 excite.com 98 3 84 5 msn.com 84 2 76 mail3.example.com> Soft Bounced 21 28 11 9 33 Hard Bounced 8 13 19 4 29 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1009 CLI Cisco , . rate . . Ctrl-C rate . . 102: rate Connections In( ) Connections Out( ) Recipients Received( ) Recipients Completed( ) / Queue Used( ) ( ) mail3.example.com> rate Enter the number of seconds between displays. [10]> 1 Hit Ctrl-C to return to the main prompt. Time Connections Recipients Recipients In Out Received Delta Completed 23:37:13 10 2 41708833 0 40842686 23:37:14 8 2 41708841 8 40842692 23:37:15 9 2 41708848 7 40842700 23:37:16 7 3 41708852 4 40842705 23:37:17 5 3 41708858 6 40842711 23:37:18 9 3 41708871 13 40842722 23:37:19 7 3 41708881 10 40842734 23:37:21 11 3 41708893 12 40842744 ^C Delta 0 6 8 5 6 11 12 10 Queue K-Used 64 105 76 64 64 67 64 79 hostrate . status detail . ( , 1005 .) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1010 CLI 103: hostrate Host Status( ) : up(), down() unknown( ) Current Connections Out( ) Active Recipients in Queue( ) Active Recipients in Queue Delta( ) Delivered Recipients Delta( ) Hard Bounced Recipients Delta( ) Soft Bounce Events Delta( ) Ctrl-C hostrate . mail3.example.com> hostrate Recipient host: []> aol.com Enter the number of seconds between displays. [10]> 1 Time Host CrtCncOut ActvRcp ActvRcp DlvRcp HrdBncRcp SftBncEvt Status Delta Delta Delta Delta 23:38:23 up 1 0 0 4 0 0 23:38:24 up 1 0 0 4 0 0 23:38:25 up 1 0 0 12 0 0 ^C Cisco . topin , IP . IP 2 . topin . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1011 CLI 104: topin Remote Hostname( ) DNS . IP IP . Cisco . Connections In( ) IP . DNS , DNS . IP DNS IP . , 119 . mail3.example.com> topin Status as of: # Remote hostname 1 mail.remotedomain01.com 2 mail.remotedomain01.com 3 mail.remotedomain03.com 4 mail.remotedomain04.com 5 mail.remotedomain05.com 6 mail.remotedomain06.com 7 mail.remotedomain07.com 8 mail.remotedomain08.com 9 mail.remotedomain09.com 10 mail.remotedomain10.com 11 mail.remotedomain11.com 12 mail.remotedomain12.com 13 mail.remotedomain13.com 14 mail.remotedomain14.com 15 mail.remotedomain15.com 16 mail.remotedomain16.com 17 mail.remotedomain17.com 18 mail.remotedomain18.com 19 mail.remotedomain19.com 20 mail.remotedomain20.com Sat Aug 23 21:50:54 2003 Remote IP addr. listener 172.16.0.2 Incoming01 172.16.0.2 Incoming02 172.16.0.4 Incoming01 172.16.0.5 Incoming02 172.16.0.6 Incoming01 172.16.0.7 Incoming02 172.16.0.8 Incoming01 172.16.0.9 Incoming01 172.16.0.10 Incoming01 172.16.0.11 Incoming01 172.16.0.12 Incoming01 172.16.0.13 Incoming02 172.16.0.14 Incoming01 172.16.0.15 Incoming01 172.16.0.16 Incoming01 172.16.0.17 Incoming01 172.16.0.18 Incoming01 172.16.0.19 Incoming02 172.16.0.20 Incoming01 172.16.0.21 Incoming01 Conn. In 10 10 5 4 3 3 3 3 3 2 2 2 2 2 2 2 1 1 1 1 DNS dnsstatus DNS . , , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1012 CLI 105: dnsstatus DNS DNS . DNS ( ) . DNS . DNS . DNS . , , DNS . TTL(time to live) . . ( ) . . mail3.example.com> dnsstatus Status as of: Sat Aug 23 21:57:28 2003 Counters: Reset DNS Requests 211,735,710 Network Requests 182,026,818 Cache Hits 474,675,247 Cache Misses 624,023,089 Cache Exceptions 35,246,211 Cache Expired 418,369 mail3.example.com> Uptime 8,269,306 6,858,332 17,934,227 24,072,819 1,568,005 7,800 Lifetime 252,177,342 206,963,542 541,605,545 704,767,877 51,445,744 429,015 resetcounters . . . GUI . System Status( ) , 826 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1013 CLI mail3.example.com> resetcounters Counters reset: Mon Jan 01 12:00:01 2003 TCP/IP Email Security Appliance TCP/IP CLI tcpservices . Cisco AsyncOS . , , . . deleterecipients . deleterecipients . Envelope From . ( ) . deleterecipients Cisco ( , 924 ). , . . . deleterecipients . (IronPort ) . mail3.example.com> deleterecipients Please select how you would like to delete messages: 1. By recipient host. 2. By Envelope From address. 3. All. [1]> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1014 CLI Cisco . , Envelope From . Please enter the hostname for the messages you wish to delete. []> example.com Are you sure you want to delete all messages being delivered to "example.com"? [N]> Y Deleting messages, please wait. 100 messages deleted. Envelope From Please enter the Envelope From address for the messages you wish to delete. []> [email protected] Are you sure you want to delete all messages with the Envelope From address of "[email protected]"? [N]> Y Deleting messages, please wait. 100 messages deleted. Are you sure you want to delete all messages in the delivery queue (all active recipients)? [N]> Y Deleting messages, please wait. 1000 messages deleted. deleterecipients bouncerecipients . bounceconfig . bouncerecipients Cisco ( , 924 ). , . . . bouncerecipients . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1015 CLI bouncerecipients . ( ) , resume Cisco AsyncOS . mail3.example.com> bouncerecipients Please select how you would like to bounce messages: 1. By recipient host. 2. By Envelope From address. 3. All. [1]> . Envelope From . . Please enter the hostname for the messages you wish to bounce. []> example.com Are you sure you want to bounce all messages being delivered to "example.com"? [N]> Y Bouncing messages, please wait. 100 messages bounced. Envelope From Please enter the Envelope From address for the messages you wish to bounce. []> [email protected] Are you sure you want to bounce all messages with the Envelope From address of "[email protected]"? [N]> Y Bouncing messages, please wait. 100 messages bounced. Are you sure you want to bounce all messages in the queue? [N]> Y Bouncing messages, please wait. 1000 messages bounced. redirectrecipients . SMTP IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1016 CLI /dev/null . CLI . SMTP . example2.com . mail3.example.com> redirectrecipients Please enter the hostname or IP address of the machine you want to send all mail to. []> example2.com WARNING: redirecting recipients to a host or IP address that is not prepared to accept large volumes of SMTP mail from this host will cause messages to bounce and possibly result in the loss of mail. Are you sure you want to redirect all mail in the queue to "example2.com"? [N]> y Redirecting messages, please wait. 246 recipients redirected. Envelope From showrecipients . . mail3.example.com> showrecipients Please select how you would like to show messages: 1. By recipient host. 2. By Envelope From address. 3. All. [1]> 3 Showing messages, please wait. MID/ Bytes/ Sender/ Subject [RID] [Atmps] Recipient 1527 1230 [email protected] Testing [0] [0] [email protected] 1522 1230 [email protected] Testing [0] [0] [email protected] 1529 1230 [email protected] Testing [0] [0] [email protected] 1530 1230 [email protected] Testing [0] [0] [email protected] 1532 1230 [email protected] Testing [0] [0] [email protected] 1531 1230 [email protected] Testing [0] [0] [email protected] 1518 1230 [email protected] Testing [0] [0] [email protected] 1535 1230 [email protected] Testing [0] [0] [email protected] 1533 1230 [email protected] Testing [0] [0] [email protected] AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1017 CLI 1536 [0] 1230 [0] [email protected] Testing [email protected] . suspenddel . suspenddel Cisco AsyncOS . . · · · · CLI suspenddel , . suspenddel , . resumedel . " " . suspenddel , resumedel . mail3.example.com> suspenddel Enter the number of seconds to wait before abruptly closing connections. [30]> Waiting for outgoing deliveries to finish... Mail delivery suspended. suspenddel resumedel Cisco AsyncOS . resumedel mail3.example.com> resumedel Mail delivery resumed. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1018 CLI suspendlistener . . AsyncOS . . · SMTP: 421 hostname Service not available, closing transaction channel · QMQP: ZService not available " " . suspendlistener , resumelistener . Syntax suspendlistener mail3.example.com> suspendlistener Choose the listener(s) you wish to suspend. Separate multiple entries with commas. 1. All 2. InboundMail 3. OutboundMail [1]> 1 Enter the number of seconds to wait before abruptly closing connections. [30]> Waiting for listeners to exit... Receiving suspended. mail3.example.com> suspendlistener resumelistener Cisco AsyncOS . Syntax resumelistener mail3.example.com> resumelistener Choose the listener(s) you wish to resume. Separate multiple entries with commas. 1. All 2. InboundMail 3. OutboundMail [1]> 1 Receiving resumed. mail3.example.com> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1019 CLI resume . Syntax resume mail3.example.com> resume Receiving resumed. Mail delivery resumed. mail3.example.com> delivernow . delivernow . Down() . ( ) delivernow . . . Syntax delivernow mail3.example.com> delivernow Please choose an option for scheduling immediate delivery. 1. By recipient host 2. All messages [1]> 1 Please enter the domain to schedule for immediate delivery. []> recipient.example.com Rescheduling all messages to recipient.example.com for immediate delivery. mail3.example.com> LDAP , , LDAP , , " " . , 665 . " " , 1000 . workqueue . LDAP . LDAP . (antivirusupdate AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1020 CLI ) . workqueue . . Sun Aug 17 20:01:36 2003 Info: work queue paused, 1900 msgs S Sun Aug 17 20:01:39 2003 Info: work queue resumed, 1900 msgs . mail3.example.com> workqueue Status as of: Sun Aug 17 20:02:30 2003 GMT Status: Operational Messages: 1243 Choose the operation you want to perform: - STATUS - Display work queue status - PAUSE - Pause the work queue - RATE - Display work queue statistics over time []> pause Manually pause work queue? This will only affect unprocessed messages. Reason for pausing work queue: []> checking LDAP server Status as of: Sun Aug 17 20:04:21 2003 GMT Status: Paused by admin: checking LDAP server Messages: 1243 [N]> y . "Manually paused by user( )" . . mail3.example.com> workqueue Status as of: Sun Aug 17 20:42:10 2003 GMT Status: Paused by admin: checking LDAP server Messages: 1243 Choose the operation you want to perform: - STATUS - Display work queue status - RESUME - Resume the work queue - RATE - Display work queue statistics over time []> resume Status: Operational Messages: 1243 . . showmessage CLI ID . oldmessage CLI . removemessage ID . , . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1021 Syntax CLI archivemessage[mid] CLI ID configuration mbox . oldmessage ID . ID . , removemessage . Cisco . Syntax Syntax archivemessage example.com> archivemessage Enter the MID to archive and remove. [0]> 47 MID 47 has been saved in file oldmessage_47.mbox in the configuration directory example.com> oldmessage example.com> oldmessage MID 9: 1 hour 5 mins 35 secs old Received: from example.com ([172.16.0.102]) by example.com with SMTP; 14 Feb 2007 22:11:37 -0800 From: [email protected] To: [email protected] Subject: Testing Message-Id: <[email protected]> findevent CLI . findevent CLI , ID . . . findevent ID ( , ). "confidential" findevent CLI . example.com> findevent Please choose which type of search you want to perform: 1. Search by envelope FROM 2. Search by Message ID AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1022 CLI SNMP 3. Search by Subject 4. Search by envelope TO [1]> 3 Enter the regular expression to search for. []> confidential Currently configured logs: 1. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll Enter the number of the log you wish to use for message tracking. []> 1 Please choose which set of logs to search: 1. All available log files 2. Select log files by date list 3. Current log file [3]> 3 The following matching message IDs were found. Please choose one to show additional log information: 1. MID 4 (Tue Jul 31 17:37:35 2007) sales: confidential [1]> 1 Tue Jul 31 17:37:32 2007 Info: New SMTP ICID 2 interface Data 1 (172.19.1.86) address 10.251.20.180 reverse dns host unknown verified no Tue Jul 31 17:37:32 2007 Info: ICID 2 ACCEPT SG None match ALL SBRS None Tue Jul 31 17:37:35 2007 Info: Start MID 4 ICID 2 Tue Jul 31 17:37:35 2007 Info: MID 4 ICID 2 From: <[email protected]> Tue Jul 31 17:37:35 2007 Info: MID 4 ICID 2 RID 0 To: <[email protected]> Tue Jul 31 17:37:35 2007 Info: MID 4 Subject 'sales: confidential' Tue Jul 31 17:37:35 2007 Info: MID 4 ready 4086 bytes from <[email protected]> Tue Jul 31 17:37:35 2007 Info: MID 4 matched all recipients for per-recipient policy DEFAULT in the inbound table Tue Jul 31 17:37:35 2007 Info: ICID 2 close Tue Jul 31 17:37:37 2007 Info: MID 4 interim verdict using engine: CASE spam negative Tue Jul 31 17:37:37 2007 Info: MID 4 using engine: CASE spam negative Tue Jul 31 17:37:37 2007 Info: MID 4 interim AV verdict using Sophos CLEAN Tue Jul 31 17:37:37 2007 Info: MID 4 antivirus negative Tue Jul 31 17:37:37 2007 Info: MID 4 queued for delivery Tue Jul 31 17:37:37 2007 Info: Delivery start DCID 0 MID 4 to RID [0] Tue Jul 31 17:37:37 2007 Info: Message done DCID 0 MID 4 to RID [0] Tue Jul 31 17:37:37 2007 Info: MID 4 RID [0] Response '/null' Tue Jul 31 17:37:37 2007 Info: Message finished MID 4 done SNMP AsyncOS SNMP(Simple Network Management Protocol) . RFC 1213 1907 MIB-II . (SNMP RFCs 1065, 1066 1067 .) : · SNMP off. · SNMP SET () . · AsyncOS SNMPv1, v2 v3 . · SNMPv3 . . AES() DES . SHA-1() MD5 . snmpconfig "" . · SNMPv3 : v3get > snmpwalk -v 3 -l AuthNoPriv -u v3get -a SHA -A ironport mail.example.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1023 MIB CLI · SNMPv1 SNMPv2 . public . · SNMPv1 SNMPv2 SNMP GET . · SNMP (AsyncOS ) IP . ( , DNS .) SNMP snmpconfig . SNMPv3 GET . 3 . 1 2 . 1 2 . MIB Cisco Email Security Appliance MIB http://www.cisco.com/c/en/us/support/security/email-security-appliance/tsd-products-support-series-home.html . MIB . · ASYNCOS-MAIL-MIB.txt - Cisco MIB SNMPv2 . · AsyncOS-SMI.txt (IRONPORT-SMI.txt) - Cisco ASYNCOS-MAIL-MIB "SMI(Structure of Management Information)" . IPMI(Intelligent Platform Management Interface) , . . 10 . . , 6 . . 5 . . ( ). C170 . 106: C170 : (CPU) () () () RAID C170 90C 47C 0 RPMs AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1024 CLI SNMP snmpconfig . , . . · : snmpconfig , 1025 SNMP SNMP ( SNMP ) . . SNMP ( Email Security Appliance) . SNMP SNMP SNMP . SNMP snmpconfig . , IP 10 . : snmpconfig 161 "PublicNet" SNMP snmpconfig C690 . 1 2 GET public . esa.example.com> snmpconfig Current SNMP settings: SNMP Disabled. Choose the operation you want to perform: - SETUP - Configure SNMP. []> SETUP Do you want to enable SNMP? [Y]> Please choose an IP interface for SNMP requests. 1. Management (198.51.100.1: esa.example.com) [1]> Which port shall the SNMP daemon listen on interface "Management"? [161]> Please select SNMPv3 authentication type: 1. MD5 2. SHA [1]> 2 Please select SNMPv3 privacy protocol: 1. DES 2. AES [1]> 2 Enter the SNMPv3 authentication passphrase. []> Please enter the SNMPv3 authentication passphrase again to confirm. []> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1025 : snmpconfig CLI Enter the SNMPv3 privacy passphrase. []> Please enter the SNMPv3 privacy passphrase again to confirm. []> Service SNMP V1/V2c requests? [N]> Y Enter the SNMP V1/V2c community string. [ironport]> public Shall SNMP V2c requests be serviced from IPv4 addresses? [Y]> From which IPv4 networks shall SNMP V1/V2c requests be allowed? Separate multiple networks with commas. [127.0.0.1/32]> Enter the Trap target as a host name, IP address or list of IP addresses separated by commas (IP address preferred). Enter "None" to disable traps. [127.0.0.1]> 203.0.113.1 Enter the Trap Community string. [ironport]> tcomm Enterprise Trap Status 1. CPUUtilizationExceeded Disabled 2. FIPSModeDisableFailure Enabled 3. FIPSModeEnableFailure Enabled 4. FailoverHealthy Enabled 5. FailoverUnhealthy Enabled 6. RAIDStatusChange Enabled 7. connectivityFailure Disabled 8. fanFailure Enabled 9. highTemperature Enabled 10. keyExpiration Enabled 11. linkUpDown Enabled 12. memoryUtilizationExceeded Disabled 13. powerSupplyStatusChange Enabled 14. resourceConservationMode Enabled 15. updateFailure Enabled Do you want to change any of these settings? [N]> Y Do you want to disable any of these traps? [Y]> n Do you want to enable any of these traps? [Y]> y Enter number or numbers of traps to enable. Separate multiple numbers with commas. []> 1,7,12 What threshold would you like to set for CPU utilization? [95]> What URL would you like to check for connectivity failure? [http://downloads.ironport.com]> What threshold would you like to set for memory utilization? [95]> Enter the System Location string. [Unknown: Not Yet Configured]> Network Operations Center - west; rack #30, position 3 Enter the System Contact string. [snmp@localhost]> [email protected] Current SNMP settings: Listening on interface "Management" 198.51.100.1 port 161. SNMP v3: Enabled. SNMP v1/v2: Enabled, accepting requests from subnet 127.0.0.1/32 . SNMP v1/v2 Community String: public Trap target: 203.0.113.1 Location: Network Operations Center - west; rack #30, position 3 System Contact: [email protected] Choose the operation you want to perform: - SETUP - Configure SNMP. []> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1026 CLI esa.example.com> commit Please enter some comments describing your changes: []> Enable and configure SNMP Changes committed: Fri Nov 06 18:13:16 2015 GMT esa.example.com> : snmpconfig AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1027 : snmpconfig CLI AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1028 38 SenderBase . · SenderBase , 1029 · SenderBase , 1029 · FAQ( ), 1030 SenderBase SenderBase . SenderBase Cisco . . Cisco Cisco . Cisco . . SenderBase 1 Security Services( ) > SenderBase . 2 Edit Global Settings( ) . 3 SenderBase Information Service . . , CASE(Context Adaptive Scanning Engine) (Cisco ). CLI senderbaseconfig . 4 ( ) SenderBase Information Service . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1029 FAQ( ) SenderBase , 949 . CLI updateconfig . FAQ( ) Cisco . SenderBase Cisco . . Cisco . SenderBase . , . . · . . · . . Cisco . . , Cisco . ( Cisco , 1034 ). " " . 107: Cisco MGA MGS 10012 2005 7 1, 8~ 8 5 MGA 4.7.0 102 10 500MB AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1030 SenderBase 50 3 120 30( 4 ) 12 , .exe 50 30, 30 Outbreak 10 20 108: IP : 100 : 80 2,000( ) 100 A B 50 A 20 SMTP 50 10 : (a) <one-way-hash>.pif <one-way-hash>.zip : (b) aaaaaaa0.aaa.pif aaaaaaa.zip AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1031 SenderBase URL (c) www.domain.com . URL (d) www.domain.com aaa000aa/aa00aaa 10 10 5 4 16 5 500, HAM 300 30K-35K 125 ".exe" 300 , ".doc" ".exe" 100 zip ".exe" 50 50-55K ".exe" 30 1110 (AMP ) 10 (AMP ) 100 1000 37 50 (AMP ) 57 50 61 1 99 9 (AMP ) example.pdf testfile.doc AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1032 SenderBase Trojan-Test (AMP ) 109: AMP - 10010 - 15 -5 Advanced Malware Protection Ironport Ironport Ironport (a) 1 (MD5). (b) . ASCII ([a-z]) "a" ASCII ([A-Z]) "A" , UTF-8 "x" ( ), ASCII ([0-9]) "0" , (, ) . Britney1.txt.pif Aaaaaaa0.aaa.pif . (c) URL IP . . (d) URL . AsyncOS 8.5 for Email , IronPort Anti-Spam Intelligent Multi-Scan SenderBase AsyncOS . · , , . Cisco . . Cisco Cisco , 370 . · SBRS , CASE . CASE . AsyncOS AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1033 Cisco SenderBase . . Cisco SenderBase : · Cisco HTTPS Cisco SenderBase Network . · Cisco . , Cisco . · Cisco Systems . Cisco ? Cisco . Cisco . 5 SenderBase . HTTPS 1% . , CASE(Context Adaptive Scanning Engine) (Cisco ). SenderBase " " . . "Body Scanning( ) , 172 " . Cisco . Cisco Support Community, 7 . Cisco . URL . Cisco . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1034 39 GUI . · (GUI), 1035 · GUI , 1036 · GUI XML , 1036 (GUI) (GUI) CLI(Command Line Interface) . GUI AsyncOS . HTTP / HTTPS GUI . " " . GUI Management HTTP . GUI CLI interfaceconfig , , HTTP HTTP . GUI Network() > IP Interfaces(IP ) GUI . IP , 1199 . HTTP . "HTTPS " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1035 GUI GUI , . 80 HTTP 443 HTTPS . HTTP . HTTP HTTPS GUI ( , 893 ) . GUI commit . Data 1 GUI . 80 HTTP 443 HTTPS interfaceconfig . (certconfig HTTP . "Cisco " .) 80 HTTP Data1 443 . GUI · System Overview( ) . · . · AsyncOS . · . · System Status( ) DNS . . GUI XML XML , XML . XML . XML . GUI URL XML . GUI XML URL Mail Status( ) http:// hostname /xml/status Host Mail Status for a Specified Host( http:// hostname /xml/hoststatus?hostname= host ) DNS Status(DNS ) http:// hostname /xml/dnsstatus AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1036 GUI GUI XML GUI XML URL Top Incoming Domains( ) http:// hostname /xml/topin Top Outgoing Domains( )1 http:// hostname /xml/tophosts 1 . URL "?sort=order" . order conn_out, deliv_recip, soft_bounced hard_bounced . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1037 GUI XML GUI AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1038 40 . · , 1039 · NIC(Network Interface Card) /, 1040 · VLAN(Virtual Local Area Network), 1043 · Direct Server Return, 1047 · , 1051 · ARP , 1052 etherconfig . . . , 1040 . etherconfig etherconfig (/) (10/100/1,000Mbps) . , . " " GUI ( Command Line Interface systemsetup ) . . , 2( 3 4) . ( 1, 2 ) . NIC(Network Interface Card) /, 1040 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1039 mail3.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> media Ethernet interfaces: 1. Data 1 (Autoselect: <100baseTX full-duplex>) 00:06:5b:f3:ba:6d 2. Data 2 (Autoselect: <100baseTX full-duplex>) 00:06:5b:f3:ba:6e 3. Management (Autoselect: <100baseTX full-duplex>) 00:02:b3:c7:a2:da Choose the operation you want to perform: - EDIT - Edit an ethernet interface. []> edit Enter the name or number of the ethernet interface you wish to edit. []> 2 Please choose the Ethernet media options for the Data 2 interface. 1. Autoselect 2. 10baseT/UTP half-duplex 3. 10baseT/UTP full-duplex 4. 100baseTX half-duplex 5. 100baseTX full-duplex 6. 1000baseTX half-duplex 7. 1000baseTX full-duplex [1]> 5 Ethernet interfaces: 1. Data 1 (Autoselect: <100baseTX full-duplex>) 00:06:5b:f3:ba:6d 2. Data 2 (100baseTX full-duplex: <100baseTX full-duplex>) 00:06:5b:f3:ba:6e 3. Management (Autoselect: <100baseTX full-duplex>) 00:02:b3:c7:a2:da Choose the operation you want to perform: - EDIT - Edit an ethernet interface. []> Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> NIC(Network Interface Card) / NIC NIC 2 . . (, NIC ), AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1040 NIC VLAN . . NIC NIC . Email Security NIC . NIC . NIC . . 1 2 3 4 2 3 Cisco . , 2( 3 4) . ( 1, 2 ) . NIC VLAN VLAN(VLAN(Virtual Local Area Network), 1043 ) . NIC NIC . AsyncOS 4.5 NIC `Pair 1' . NIC NIC . NIC NIC , . etherconfig NIC Email Security NIC . mail3.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1041 etherconfig NIC - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> pairing Paired interfaces: Choose the operation you want to perform: - NEW - Create a new pairing. []> new Please enter a name for this pair (Ex: "Pair 1"): []> Pair 1 Warning: The backup (Data 2) for the NIC Pair is currently configured with one or more IP addresses. If you continue, the Data 2 interface will be deleted. Do you want to continue? [N]> y The interface you are deleting is currently used by listener "OutgoingMail". What would you like to do? 1. Delete: Remove the listener and all its settings. 2. Change: Choose a new interface. 3. Ignore: Leave the listener configured for interface "Data 2" (the listener will be disabled until you add a new interface named "Data 2" or edit the listener's settings). [1]> Listener OutgoingMail deleted for mail3.example.com. Interface Data 2 deleted. Paired interfaces: 1. Pair 1: Primary (Data 1) Active, Link is up Backup (Data 2) Standby, Link is up Choose the operation you want to perform: - DELETE - Delete a pairing. - STATUS - Refresh status. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1042 VLAN(Virtual Local Area Network) []> VLAN(Virtual Local Area Network) VLAN(Virtual Local Area Network) . VLAN . · . · "" . · , . : VLAN Email Security Appliance . Data 2 VLAN1 VLAN2 . Sales (VLAN1) . , VLAN2 ( ) . VLAN 75: VLAN VLAN "Data" "Management" VLAN . AsyncOS 30 VLAN . VLAN IP . VLAN VLAN IP . VLAN VLAN . VLAN NIC ( NIC ) DSR(Direct Server Return) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1043 VLAN VLAN "VLAN DDDD" " " . "DDDD" ID 4 (: VLAN 2 VLAN 4094). VLAN ID . FTP, SSH SCP , 1199 VLAN etherconfig VLAN . VLAN Network > Interfaces( > ) CLI interfaceconfig . . etherconfig VLAN 1 VLAN 2 (: VLAN 31 VLAN 34). mail3.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> vlan VLAN interfaces: Choose the operation you want to perform: - NEW - Create a new VLAN. []> new VLAN ID for the interface (Ex: "34"): []> 34 Enter the name or number of the ethernet interface you wish bind to: 1. Data 1 2. Data 2 3. Management [1]> 1 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1044 etherconfig VLAN VLAN interfaces: 1. VLAN 34 (Data 1) Choose the operation you want to perform: - NEW - Create a new VLAN. - EDIT - Edit a VLAN. - DELETE - Delete a VLAN. []> new VLAN ID for the interface (Ex: "34"): []> 31 Enter the name or number of the ethernet interface you wish bind to: 1. Data 1 2. Data 2 3. Management [1]> 1 VLAN interfaces: 1. VLAN 31 (Data 1) 2. VLAN 34 (Data 1) Choose the operation you want to perform: - NEW - Create a new VLAN. - EDIT - Edit a VLAN. - DELETE - Delete a VLAN. []> Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1045 interfaceconfig VLAN IP interfaceconfig VLAN IP VLAN 31 IP . . mail3.example.com> interfaceconfig Currently configured interfaces: 1. Data 1 (10.10.1.10/24: example.com) 2. Management (10.10.0.10/24: example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []> new Please enter a name for this IP interface (Ex: "InternalNet"): []> InternalVLAN31 Would you like to configure an IPv4 address for this interface (y/n)? [Y]> IPv4 Address (Ex: 10.10.10.10): []> 10.10.31.10 Netmask (Ex: "255.255.255.0" or "0xffffff00"): [255.255.255.0]> Would you like to configure an IPv6 address for this interface (y/n)? [N]> Ethernet interface: 1. Data 1 2. Data 2 3. Management 4. VLAN 31 5. VLAN 34 [1]> 4 Hostname: []> mail31.example.com Do you want to enable SSH on this interface? [N]> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1046 VLAN Do you want to enable FTP on this interface? [N]> Do you want to enable HTTP on this interface? [N]> Do you want to enable HTTPS on this interface? [N]> Currently configured interfaces: 1. Data 1 (10.10.1.10/24: example.com) 2. InternalVLAN31 (10.10.31.10/24: mail31.example.com) 3. Management (10.10.0.10/24: example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []> VLAN etherconfig VLAN Network > Listeners( > ) . Direct Server Return DSR(Direct Server Return) VIP( IP) Email Security Appliance . DSR "" IP . Email Security Appliance . DSR(Direct Server Return) "" DSR . CLI interfaceconfig GUI Network > Interfaces( > ) VIP( IP) IP . CLI listenerconfig GUI Network > Listeners( > ) IP . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1047 etherconfig ARP . DSR . VIP( IP) . . 76: Email Security Appliance DSR Email Security Appliance DSR etherconfig , (: 1) . mail3.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> loopback Currently configured loopback interface: Choose the operation you want to perform: - ENABLE - Enable Loopback Interface. []> enable Currently configured loopback interface: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1048 interfaceconfig IP 1. Loopback Choose the operation you want to perform: - DISABLE - Disable Loopback Interface. []> Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> interfaceconfig IP IP . mail3.example.com> interfaceconfig Currently configured interfaces: 1. Data 1 (10.10.1.10/24: example.com) 2. InternalV1 (10.10.31.10/24: mail31.example.com) 3. Management (10.10.0.10/24: example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []> new Please enter a name for this IP interface (Ex: "InternalNet"): []> LoopVIP Would you like to configure an IPv4 address for this interface (y/n)? [Y]> IPv4 Address (Ex: 10.10.10.10): []> 10.10.1.11 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1049 interfaceconfig IP Netmask (Ex: "255.255.255.0" or "0xffffff00"): [255.255.255.0]> 255.255.255.255 Would you like to configure an IPv6 address for this interface (y/n)? [N]> Ethernet interface: 1. Data 1 2. Data 2 3. Loopback 4. Management 5. VLAN 31 6. VLAN 34 [1]> 3 Hostname: []> example.com Do you want to enable SSH on this interface? [N]> Do you want to enable FTP on this interface? [N]> Do you want to enable HTTP on this interface? [N]> Do you want to enable HTTPS on this interface? [N]> Currently configured interfaces: 1. Data 1 (10.10.1.10/24: example.com) 2. InternalV1 (10.10.31.10/24: mail31.example.com) 3. LoopVIP (10.10.1.11/24: example.com) 4. Management (10.10.0.10/24: example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1050 IP IP GUI CLI IP . GUI Add Listener( ) IP . 77: IP MTU( ) . etherconfig MTU . MTU 1,500, MTU. MTU . mail3.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - PAIRING - View and configure NIC Pairing. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> mtu Ethernet interfaces: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1051 ARP 1. Data 1 mtu 1400 2. Data 2 default mtu 1500 3. Management default mtu 1500 Choose the operation you want to perform: - EDIT - Edit an ethernet interface. []> edit Enter the name or number of the ethernet interface you wish to edit. []> 2 Please enter a non-default (1500) MTU value for the Data 2 interface. []> 1200 Ethernet interfaces: 1. Data 1 mtu 1400 2. Data 2 mtu 1200 3. Management default mtu 1500 Choose the operation you want to perform: - EDIT - Edit an ethernet interface. []> ARP ARP . MULTICAST . ARP . mail.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. - MULTICAST - Accept or reject ARP replies with a multicast address. []> multicast ARP replies with a multicast address will be rejected. Choose the operation you want to perform: - ACCEPT - Accept ARP replies with a multicast address. []> accept ARP replies with a multicast address will be accepted. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1052 41 . · , 1053 · , 1061 · , 1105 · , 1053 · , 1053 · , 1059 AsyncOS . . (: ). (ASCII) . ASCII . Cisco Email Security Appliance M-Series Content Security Management . Cisco . , ( ) . . (: , , ). . , 1105 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1053 AsyncOS . 110: qmail Delivery Logs Status Logs Domain Debug Logs Injection Debug Logs . , , , , TLS . qmail qmail . Email Security Appliance (: ). "(stateless)". , . . XML CSV(comma-separated values) . . https://supportforums.cisco.com/document/33721/ cisco-ironport-systems-contributed-tools . ID, ID, Envelope From , Envelope To , , . . (0). CLI (status detail dnsstatus ) . logconfig setup . . Email Security Appliance SMTP . . SMTP . . . Email Security Appliance SMTP . Email Security Appliance . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1054 CLI Audit Logs FTP GUI HTTP NTP LDAP Anti-Spam Logs Anti-Spam Archive Anti-Virus Logs , , DNS , commit . . CLI CLI . FTP FTP . . HTTP . HTTP HTTP / HTTP . GUI HTTP , GUI HTTP CLI . GUI ( , ) . SMTP (: ). NTP NTP(Network Time Protocol) . " " "NTP(Network Time Protocol) ( )" . LDAP LDAP . ("LDAP " .) Email Security Appliance LDAP . . Context Adaptive Scanning Engine . " " . mbox . "" . , , . Info() Debug() . ( " " ) . mbox . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1055 " " . mbox . "" . AMP AMP Engine Advanced Malware Protection . File Reputation Filtering and File Analysis( ), 461 . AMP Advanced Malware Protection . mbox . Scanning Logs LOG COMMON (, 962 ). , , . . . GUI GUI , , ( ) . SMTP SMTP SMTP . / / / . . . McAfee Anti-Virus . Tracking Logs . . . Email Security Appliance . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1056 API . API AsyncOS API for Cisco Email Security Appliances . · API · API ( ) · · · AsyncOS API . 111: Contains() SMTP SMTP · · · · ·· · · qmail · · · ·· · · · · ·· · · · ·· · ·· · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1057 Domain · Debug Logs Injection · Debug Logs · CLI · FTP · HTTP · NTP · LDAP · · Anti-Spam Archive · · · · · · · · · · · · · · · · Contains() ·· · · · · · · · · · · · · AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1058 AMP · AMP Scanning · Logs · · GUI · / · · Updater Logs Tracking · Logs · · API · · · · · · · Contains() · · · · · · · · · · ·· · ·· · · · · · · · . GUI logconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1059 log Push , CLI . 112: FTP Push SCP Push Syslog Push Log Subscriptions( ) . , . HTTP(S) . CLI , (, ) . FTP . , , . . SCP . SSH1 SSH2 SSH SCP . , SSH , . . syslog . RFC 3164 . Syslog UDP TCP . 514 . (facility) . . syslog push . AsyncOS . , . . /LogSubscriptionName/[email protected] .current .s(saved ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1060 , ( ) ( ). CLI logconfig GUI Log Subscriptions( ) . GUI Rollover Now( ) CLI rollovernow . , 1109 . ( 10) . Email Security Appliance ( ). "Manually Download( )". 3. , error_logs 1 . , 1106 . , 1105 . · , 1062 · , 1075 · , 1077 · , 1079 · , 1082 · , 1083 · , 1084 · CLI , 1085 · FTP , 1085 · HTTP , 1086 · NTP , 1087 · , 1087 · , 1088 · , 1089 · , 1089 · AMP , 1090 · , 1095 · GUI , 1095 · LDAP , 1096 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1061 · / , 1097 · , 1098 · , 1099 · , 1100 · , 1101 · , 1102 · , 1103 · , 1104 , AsyncOS GMT ( , ) . · · LDAP · · , . . . . . , 837 , 837 . . 113: ICID DCID RCID MID RID Injection Connection ID. SMTP . 1~1000 . Delivery Connection ID. 1~1000 SMTP . RID . RPC Connection ID. RPC . . Message ID. . Recipient ID. ID . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1062 New Start . . . . . 114: 1 Mon Apr 17 19:56:22 2003 Info: New SMTP ICID 5 interface Management (10.1.1.1) address 10.1.1.209 reverse dns host remotehost.com verified yes 2 Mon Apr 17 19:57:20 2003 Info: Start MID 6 ICID 5 3 Mon Apr 17 19:57:20 2003 Info: MID 6 ICID 5 From: <[email protected]> 4 Mon Apr 17 19:58:06 2003 Info: MID 6 ICID 5 RID 0 To: <[email protected]> 5 Mon Apr 17 19:59:52 2003 Info: MID 6 ready 100 bytes from <[email protected]> 6 Mon Apr 17 19:59:59 2003 Info: ICID 5 close 7 Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 8 interface 192.168.42.42 address 10.5.3.25 8 Mon Mar 31 20:10:58 2003 Info: Delivery start DCID 8 MID 6 to RID [0] 9 Mon Mar 31 20:10:58 2003 Info: Message done DCID 8 MID 6 to RID [0] 10 Mon Mar 31 20:11:03 2003 Info: DCID 8 close . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1063 115: 1 ICID(Injection ID) "5" . Management IP 10.1.1.209 . 2 MAIL FROM MID(Message ID) "6" . 3 . 4 RID(Recipient ID) "0" . 5 MID 5 . 6 . 7 . 192.168.42.42 10.5.3.25 DCID(Delivery Connection ID) "8" . 8 RID "0" . 9 MID 6 RID "0" . 10 . . Email Security Appliance . . Wed Jun 16 21:42:34 2004 Info: New SMTP ICID 282204970 interface mail.example.com (1.2.3.4) address 2.3.4.5 reverse dns host unknown verified no Wed Jun 16 21:42:34 2004 Info: ICID 282204970 SBRS None Wed Jun 16 21:42:35 2004 Info: Start MID 200257070 ICID 282204970 Wed Jun 16 21:42:35 2004 Info: MID 200257070 ICID 282204970 From: <[email protected]> Wed Jun 16 21:42:36 2004 Info: MID 200257070 ICID 282204970 RID 0 To: <[email protected]> Wed Jun 16 21:42:38 2004 Info: MID 200257070 Message-ID '<[email protected]>' Wed Jun 16 21:42:38 2004 Info: MID 200257070 Subject 'Hello' Wed Jun 16 21:42:38 2004 Info: MID 200257070 ready 24663 bytes from <[email protected]> Wed Jun 16 21:42:38 2004 Info: MID 200257070 antivirus negative AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1064 Wed Jun 16 21:42:38 2004 Info: MID 200257070 queued for delivery Wed Jun 16 21:42:38 2004 Info: New SMTP DCID 2386069 interface 1.2.3.4 address 1.2.3.4 Wed Jun 16 21:42:38 2004 Info: Delivery start DCID 2386069 MID 200257070 to RID [0] Wed Jun 16 21:42:38 2004 Info: ICID 282204970 close Wed Jun 16 21:42:38 2004 Info: Message done DCID 2386069 MID 200257070 to RID [0] [('X-SBRS', 'None')] Wed Jun 16 21:42:38 2004 Info: MID 200257070 RID [0] Response 2.6.0 <[email protected]> Queued mail for delivery Wed Jun 16 21:42:43 2004 Info: DCID 2386069 close Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 5 interface 172.19.0.11 address 63.251.108.110 Mon Mar 31 20:10:58 2003 Info: Delivery start DCID 5 MID 4 to RID [0] Mon Mar 31 20:10:58 2003 Info: Message done DCID 5 MID 4 to RID [0] Mon Mar 31 20:11:03 2003 Info: DCID 5 close ( ) 2 Email Security Appliance . 5XX . . Mon Mar 31 20:00:23 2003 Info: New SMTP DCID 3 interface 172.19.0.11 address 64.81.204.225 Mon Mar 31 20:00:23 2003 Info: Delivery start DCID 3 MID 4 to RID [0, 1] Mon Mar 31 20:00:27 2003 Info: Bounced: DCID 3 MID 4 to RID 0 - 5.1.0 - Unknown address error ('550', ['<[email protected]>... Relaying denied']) [] Mon Mar 31 20:00:27 2003 Info: Bounced: DCID 3 MID 4 to RID 1 - 5.1.0 - Unknown address error ('550', ['<[email protected]>... Relaying denied']) [] Mon Mar 31 20:00:32 2003 Info: DCID 3 close Email Security Appliance . . . Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 5 interface 172.19.0.11 address 63.251.108.110 Mon Mar 31 20:00:23 2003 Info: Delivery start DCID 3 MID 4 to RID [0, 1] Mon Mar 31 20:00:23 2003 Info: Delayed: DCID 5 MID 4 to RID 0 - 4.1.0 - Unknown address error ('466', ['Mailbox temporarily full.'])[] Mon Mar 31 20:00:23 2003 Info: Message 4 to RID [0] pending till Mon Mar 31 20:01:23 2003 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1065 scanconfig Mon Mar 31 20:01:28 2003 Info: DCID 5 close Mon Mar 31 20:01:28 2003 Info: New SMTP DCID 16 interface PublicNet address 172.17.0.113 Mon Mar 31 20:01:28 2003 Info: Delivery start DCID 16 MID 4 to RID [0] Mon Mar 31 20:01:28 2003 Info: Message done DCID 16 MID 4 to RID [0] Mon Mar 31 20:01:33 2003 Info: DCID 16 close scanconfig ( ) scanconfig . Deliver, Bounce Drop. scanconfig Deliver . Tue Aug 3 16:36:29 2004 Info: MID 256 ICID 44784 From: <[email protected]> Tue Aug 3 16:36:29 2004 Info: MID 256 ICID 44784 RID 0 To: <[email protected]> Tue Aug 3 16:36:29 2004 Info: MID 256 Message-ID '<[email protected]>' Tue Aug 3 16:36:29 2004 Info: MID 256 Subject 'Virus Scanner Test #22' Tue Aug 3 16:36:29 2004 Info: MID 256 ready 1627 bytes from <[email protected]> Tue Aug 3 16:36:29 2004 Warning: MID 256, Message Scanning Problem: Continuation line seen before first header Tue Aug 3 16:36:29 2004 Info: ICID 44784 close Tue Aug 3 16:36:29 2004 Info: MID 256 antivirus positive 'EICAR-AV-Test' Tue Aug 3 16:36:29 2004 Info: Message aborted MID 256 Dropped by antivirus Tue Aug 3 16:36:29 2004 Info: Message finished MID 256 done scanconfig drop . Tue Aug 3 16:38:53 2004 Info: Start MID 257 ICID 44785 Tue Aug 3 16:38:53 2004 Info: MID 257 ICID 44785 From: [email protected] Tue Aug 3 16:38:53 2004 Info: MID 257 ICID 44785 RID 0 To: <[email protected]> Tue Aug 3 16:38:53 2004 Info: MID 257 Message-ID '<[email protected]>' Tue Aug 3 16:38:53 2004 Info: MID 25781 Subject 'Virus Scanner Test #22' Tue Aug 3 16:38:53 2004 Info: MID 257 ready 1627 bytes from <[email protected]> Tue Aug 3 16:38:53 2004 Warning: MID 257, Message Scanning Problem: Continuation line seen before first header Tue Aug 3 16:38:53 2004 Info: Message aborted MID 25781 Dropped by filter 'drop_zip_c' Tue Aug 3 16:38:53 2004 Info: Message finished MID 257 done Tue Aug 3 16:38:53 2004 Info: ICID 44785 close "Message Body Contains" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1066 DANE Sat Apr 23 05:05:42 2011 Info: New SMTP ICID 28 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host test.com verified yes Sat Apr 23 05:05:42 2011 Info: ICID 28 ACCEPT SG UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 0.0 Sat Apr 23 05:05:42 2011 Info: Start MID 44 ICID 28 Sat Apr 23 05:05:42 2011 Info: MID 44 ICID 28 From: <[email protected]> Sat Apr 23 05:05:42 2011 Info: MID 44 ICID 28 RID 0 To: <[email protected]> Sat Apr 23 05:05:42 2011 Info: MID 44 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Sat Apr 23 05:05:42 2011 Info: MID 44 Subject 'Message 001' Sat Apr 23 05:05:42 2011 Info: MID 44 ready 240129 bytes from <[email protected]> Sat Apr 23 05:05:42 2011 Info: MID 44 matched all recipients for per-recipient policy DEFAULT in the inbound table Sat Apr 23 05:05:42 2011 Info: ICID 28 close Sat Apr 23 05:05:42 2011 Info: MID 44 interim verdict using engine: CASE spam negative Sat Apr 23 05:05:42 2011 Info: MID 44 using engine: CASE spam negative Sat Apr 23 05:05:43 2011 Info: MID 44 attachment 'Banner.gif' Sat Apr 23 05:05:43 2011 Info: MID 44 attachment '=D1=82=D0=B5=D1=81=D1=82.rst' Sat Apr 23 05:05:43 2011 Info: MID 44 attachment 'Test=20Attachment.docx' Sat Apr 23 05:05:43 2011 Info: MID 44 queued for delivery . QP(quoted-printable) . DANE . DNS DNS MX , DNS A TLSA . DANE "Mandatory" x.509 TLSA . TLSA . Tue Nov 13 12:13:33 2018 Debug: Trying DANE MANDATORY for example.org Tue Nov 13 12:13:33 2018 Debug: SECURE MX record(mail.example.org) found for example.org Tue Nov 13 12:13:33 2018 Debug: DNS query: Q('mail.example.org', 'CNAME') Tue Nov 13 12:13:33 2018 Debug: DNS query: QN('mail.example.org', 'CNAME', 'recursive_nameserver0.parent') Tue Nov 13 12:13:33 2018 Debug: DNS query: QIP ('mail.example.org','CNAME','8.8.8.8',60) Tue Nov 13 12:13:33 2018 Debug: DNS query: Q ('mail.example.org', 'CNAME', '8.8.8.8') Tue Nov 13 12:13:34 2018 Debug: DNSSEC Response data([], , 0, 1799) Tue Nov 13 12:13:34 2018 Debug: Received NODATA for domain mail.example.org type CNAME Tue Nov 13 12:13:34 2018 Debug: No CNAME record(NoError) found for domain(mail.example.org) Tue Nov 13 12:13:34 2018 Debug: SECURE A record (4.31.198.44) found for MX(mail.example.org) in example.org Tue Nov 13 12:13:34 2018 Info: New SMTP DCID 92 interface 10.10.1.191 address 4.31.198.44 port 25 Tue Nov 13 12:13:34 2018 Info: ICID 13 lost Tue Nov 13 12:13:34 2018 Info: ICID 13 close Tue Nov 13 12:13:34 2018 Debug: DNS query: Q('_25._tcp.mail.example.org', 'TLSA') Tue Nov 13 12:13:34 2018 Debug: DNS query: QN('_25._tcp.mail.example.org', 'TLSA', 'recursive_nameserver0.parent') Tue Nov 13 12:13:34 2018 Debug: DNS query: QIP ('_25._tcp.mail.example.org','TLSA','8.8.8.8',60) Tue Nov 13 12:13:34 2018 Debug: DNS query: Q ('_25._tcp.mail.example.org', 'TLSA', '8.8.8.8') Tue Nov 13 12:13:35 2018 Debug: DNSSEC Response data(['0301010c72ac70b745ac19998811b13 1d662c9ac69dbdbe7cb23e5b514b56664c5d3d6'], secure, 0, 1799) Tue Nov 13 12:13:35 2018 Debug: DNS encache (_25._tcp.mail.example.org, TLSA, [(2550119024205761L, 0, 'SECURE', '0301010c72ac70b745ac19998811b131d662c9ac69dbdbe7cb23e5b514b56664c5d3d6')]) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1067 Tue Nov 13 12:13:35 2018 Debug: SECURE TLSA Record found for MX(mail.example.org) in example.org Tue Nov 13 12:13:36 2018 Info: DCID 92 Certificate verification successful Tue Nov 13 12:13:36 2018 Info: DCID 92 TLS success protocol TLSv1.2 cipher Tue Nov 13 12:13:36 2018 Info: DCID 92 TLS success protocol TLSv1.2 cipher ECDHE-RSA-AES256-GCM-SHA384 for example.org Tue Nov 13 12:13:36 2018 Info: Delivery start DCID 92 MID 23 to RID [0] . DNS DNS MX , DNS A TLSA . DANE "Mandatory" x.509 TLSA . . TLSA . Wed Nov 14 05:52:08 2018 Debug: DNS query: QN('server1.example.net', 'CNAME', 'recursive_nameserver0.parent') Wed Nov 14 05:52:08 2018 Debug: DNS query: QIP ('server1.example.net','CNAME','10.10.2.184',60) Wed Nov 14 05:52:08 2018 Debug: DNS query: Q ('server1.example.net', 'CNAME', '10.10.2.184') Wed Nov 14 05:52:08 2018 Debug: DNSSEC Response data([], , 0, 284) Wed Nov 14 05:52:08 2018 Debug: Received NODATA for domain server1.example.net type CNAME Wed Nov 14 05:52:08 2018 Debug: No CNAME record(NoError) found for domain(server1.example.net) Wed Nov 14 05:52:08 2018 Debug: Secure CNAME(server1.example.net) found for MX(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Debug: SECURE A record (10.10.1.198) found for MX(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Info: New SMTP DCID 102 interface 10.10.1.191 address 10.10.1.198 port 25 Wed Nov 14 05:52:08 2018 Debug: Fetching TLSA records with CNAME(server1.example.net) for MX(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Debug: DNS query: Q('_25._tcp.server1.example.net', 'TLSA') Wed Nov 14 05:52:08 2018 Debug: SECURE TLSA Record found for MX(server1.example.net) in example.net Wed Nov 14 05:52:08 2018 Debug: DCID 102 All TLSA records failed for certificate not trusted Wed Nov 14 05:52:08 2018 Debug: Fetching TLSA records with initial name(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Debug: DNS query: Q('_25._tcp.someone.cs2.example.net', 'TLSA') Wed Nov 14 05:52:08 2018 Debug: SECURE TLSA Record found for MX(someone.cs2.example.net) in example.net Wed Nov 14 05:52:08 2018 Info: DCID 102 Certificate verification successful Wed Nov 14 05:52:08 2018 Info: DCID 102 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-SHA256 for example.net Wed Nov 14 05:52:08 2018 Info: Delivery start DCID 102 MID 26 to RID [0] Wed Nov 14 05:52:08 2018 Info: Message done DCID 102 MID 26 to RID [0] Wed Nov 14 05:52:08 2018 Info: MID 26 RID [0] Response 'ok: Message 31009 accepted' Wed Nov 14 05:52:08 2018 Info: Message finished MID 26 done Wed Nov 14 06:36:22 2018 Debug: Trying DANE MANDATORY for example.net Wed Nov 14 06:36:22 2018 Debug: SECURE MX record(someone.cs2.example.net) found for example.net Wed Nov 14 06:36:22 2018 Debug: DNS query: Q('someone.cs2.example.net', 'CNAME') Wed Nov 14 06:36:22 2018 Debug: DNS query: QN('someone.cs2.example.net', 'CNAME', 'recursive_nameserver0.parent') Wed Nov 14 06:36:22 2018 Debug: DNS query: QIP ('someone.cs2.example.net','CNAME','10.10.2.184',60) Wed Nov 14 06:36:22 2018 Debug: DNS query: Q ('someone.cs2.example.net', 'CNAME', '10.10.2.184') Wed Nov 14 06:36:22 2018 Debug: DNSSEC Response data(['mail.example2.net.'], secure, 0, AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1068 TLSA 3525) Wed Nov 14 06:36:22 2018 Debug: DNS encache (someone.cs2.example.net, CNAME, [(2692348132363369L, 0, 'SECURE', 'mail.example2.net')]) Wed Nov 14 06:36:22 2018 Debug: DNS query: Q('mail.example2.net', 'CNAME') Wed Nov 14 06:36:22 2018 Debug: DNS query: QN('mail.example2.net', 'CNAME', 'recursive_nameserver0.parent') Wed Nov 14 06:36:22 2018 Debug: DNS query: QIP ('mail.example2.net','CNAME','10.10.2.184',60) Wed Nov 14 06:36:22 2018 Debug: DNS query: Q ('mail.example2.net', 'CNAME', '10.10.2.184') Wed Nov 14 06:36:22 2018 Debug: DNSSEC Response data([], , 0, 225) Wed Nov 14 06:36:22 2018 Debug: Received NODATA for domain mail.example2.net type CNAME Wed Nov 14 06:36:22 2018 Debug: No CNAME record(NoError) found for domain(mail.example2.net) Wed Nov 14 06:36:22 2018 Debug: Secure CNAME(mail.example2.net) found for MX(someone.cs2.example.net) in example.net Wed Nov 14 06:36:22 2018 Debug: INSECURE A record (10.10.1.197) found for MX(someone.cs2.example.net) in example.net Wed Nov 14 06:36:22 2018 Debug: Fetching TLSA records with initial name(someone.cs2.example.net) in example.net Wed Nov 14 06:36:22 2018 Info: New SMTP DCID 104 interface 10.10.1.191 address 10.10.1.197 port 25 Wed Nov 14 06:36:36 2018 Debug: DNS query: Q('_25._tcp.someone.cs2.example.net', 'TLSA') Wed Nov 14 06:36:36 2018 Debug: SECURE TLSA Record found for MX(someone.cs2.example.net) in example.net Wed Nov 14 06:36:36 2018 Debug: DCID 104 All TLSA records failed for certificate not trusted Wed Nov 14 06:36:36 2018 Info: MID 27 DCID 104 DANE failed for the domain example.net: DANE Certificate verification failed Wed Nov 14 06:36:36 2018 Info: Failed for all MX hosts in example.net TLSA . DNS DNS MX , DNS A TLSA . DANE "Mandatory" x.509 TLSA . TLSA . Tue Aug 7 05:15:18 2018 Debug: Trying DANE MANDATORY for example-dane.net Tue Aug 7 05:15:18 2018 Debug: SECURE MX record (someone.example-dane.net) found for test-tlsabogus.net Tue Aug 7 05:15:18 2018 Debug: DNS query: Q ('someone.example-dane.net', 'CNAME') Tue Aug 7 05:15:18 2018 Debug: DNS query: QN ('someone.example-dane.net', 'CNAME', 'recursive_nameserver0.parent') Tue Aug 7 05:15:18 2018 Debug: DNS query: QIP ('someone.example-dane.net','CNAME','10.10.2.183', 60) Tue Aug 7 05:15:18 2018 Debug: DNS query: Q ('someone.example-dane.net', 'CNAME', '10.10.2.183') Tue Aug 7 05:15:18 2018 Debug: DNSSEC Response data ([], , 0, 300) Tue Aug 7 05:15:18 2018 Debug: SECURE A record (10.10.1.198) found for MX (someone.example-dane.net) in example-dane.net Tue Aug 7 05:15:18 2018 Info: ICID 32 close Tue Aug 7 05:15:18 2018 Info: New SMTP DCID 61 interface 10.10.1.194 address 10.10.1.198 port 25 Tue Aug 7 05:15:18 2018 Debug: DNS query: Q ('_25._tcp.someone.example-dane.net', 'TLSA') Tue Aug 7 05:15:18 2018 Debug: DNS query: QN ('_25._tcp.someone.example-dane.net', 'TLSA', 'recursive_nameserver0.parent') Tue Aug 7 05:15:18 2018 Debug: DNS query: QIP ('_25._tcp.someone.example-dane.net','TLSA','10.10.2.183', 60) Tue Aug 7 05:15:18 2018 Debug: DNS query: Q ('_25._tcp.someone.example-dane.net', 'TLSA', '10.10.2.183') Tue Aug 7 05:15:18 2018 Debug: DNSSEC Response data AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1069 TLSA TLS (['03010160b3f16867357cdfef37bb6acd687af54f 225e3bfa945e1d37bfd37bd4eb6020'], bogus, 0, 60) Tue Aug 7 05:15:18 2018 Debug: DNS encache (_25._tcp.someone.example-dane.net, TLSA, [(11065394975822091L, 0, 'BOGUS', '03010160b3f16867357cdfef37bb6acd687af54f225e3bfa945e1d37bfd37bd4eb6020')]) Tue Aug 7 05:15:18 2018 Debug: BOGUS TLSA Record is found for MX (someone.example-dane.net) in example-dane.net Tue Aug 7 05:15:18 2018 Debug: Trying next MX record in example-dane.net Tue Aug 7 05:15:18 2018 Info: MID 44 DCID 61 DANE failed: TLSA record BOGUS Tue Aug 7 05:15:18 2018 Debug: Failed for all MX hosts in example-dane.net TLSA TLS . DNS DNS MX , DNS A TLSA . DANE "Opportunistic" x.509 TLSA . TLSA SMTP TLS . Wed Sep 12 06:51:32 2018 Debug: Trying DANE OPPORTUNISTIC for example-dane.com Wed Sep 12 06:51:32 2018 Debug: SECURE MX record (mx.example-dane.com) found for digitalhellion.com Wed Sep 12 06:51:32 2018 Debug: DNS query: Q ('mx.example-dane.com', 'CNAME') Wed Sep 12 06:51:32 2018 Debug: DNS query: QN ('mx.example-dane.com', 'CNAME', 'recursive_nameserver0.parent') Wed Sep 12 06:51:32 2018 Debug: DNS query: QIP ('mx.example-dane.com', 'CNAME','8.8.8.8',60) Wed Sep 12 06:51:32 2018 Debug: DNS query: Q ('mx.example-dane.com', 'CNAME', '8.8.8.8') Wed Sep 12 06:51:32 2018 Debug: DNSSEC Response data ([], , 0, 1799) Wed Sep 12 06:51:32 2018 Debug: Received NODATA for domain mx.example-dane.com type CNAME Wed Sep 12 06:51:32 2018 Debug: No CNAME record (NoError) found for domain (mx.example-dane.com) Wed Sep 12 06:51:32 2018 Debug: SECURE A record (162.213.199.115) found for MX (mx.example-dane.com) in example-dane.com Wed Sep 12 06:51:32 2018 Info: ICID 1 lost Wed Sep 12 06:51:32 2018 Info: ICID 1 close Wed Sep 12 06:51:33 2018 Info: New SMTP DCID 2 interface 10.10.1.173 address 162.213.199.115 port 25 Wed Sep 12 06:51:33 2018 Debug: DNS query: Q ('_25._tcp.mx.example-dane.com', 'TLSA') Wed Sep 12 06:51:33 2018 Debug: DNS query: QN ('_25._tcp.mx.example-dane.com', 'TLSA', 'recursive_nameserver0.parent') Wed Sep 12 06:51:33 2018 Debug: DNS query: QIP ('_25._tcp.mx.example-dane.com','TLSA','8.8.8.8', 60) Wed Sep 12 06:51:33 2018 Debug: DNS query: Q ('_25._tcp.mx.example-dane.com', 'TLSA', '8.8.8.8') Wed Sep 12 06:51:34 2018 Debug: DNSSEC Response data ([], , 3, 1798) Wed Sep 12 06:51:34 2018 Debug: Received NXDomain for domain _25._tcp.mx.example-dane.com' type TLSA Wed Sep 12 06:51:34 2018 Debug: No TLSA record (NXDomain) found for MX (mx.example-dane.com) Wed Sep 12 06:51:34 2018 Debug: Falling back to conventional TLS for MX (mx.example-dane.com) in example-dane.com Wed Sep 12 06:51:34 2018 Info: MID 1 DCID 2 DANE failed for the domain example-dane.com: No TLSA Record Wed Sep 12 06:51:34 2018 Info: DCID 2 TLS success protocol TLSv1.2 cipher ECDHE-RSA-AES256-GCM-SHA384 Wed Sep 12 06:51:35 2018 Info: Delivery start DCID 2 MID 1 to RID [0] . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1070 URL URL Thu Apr 6 06:50:18 2017 Info: ICID 73 ACCEPT SG WHITELIST match country[us] SBRS -10.0 country United States URL URL URL URL . Wed Nov 8 13:35:48 2017 Info: MID 976 not completely scanned by SDS. Error: The number of URLs in the message attachments exceeded the URL scan limit. URL URL URL URL . Wed Nov 8 13:37:42 2017 Info: MID 976 not completely scanned by SDS. Error: The number of URLs in the message body exceeded the URL scan limit. URL Cisco URL -3 URl Cisco Security Proxy . Tue Nov 7 10:42:41 2017 Info: MID 9 having URL: http://ow.ly/Sb6O30fJvVn has been expanded to http://bit.ly/2frAl1x Tue Nov 7 10:42:42 2017 Info: MID 9 having URL: http://bit.ly/2frAl1x has been expanded to http://thebest01.wayisbetter.cn/?cMFN Tue Nov 7 10:42:42 2017 Info: MID 9 URL http://thebest01.wayisbetter.cn/?cMFN has reputation -3.854 matched Action: URL redirected to Cisco Security proxy Tue Nov 7 10:42:42 2017 Info: MID 9 rewritten to MID 10 by url-reputation-proxy-redirect-action filter 'aa' URL URL URL . Mon Oct 30 10:58:59 2017 Info: MID 36 having URL: http://ow.ly/P0Kw30fVst3 has been expanded to http://bit.ly/2ymYWPR Mon Oct 30 10:59:00 2017 Info: MID 36 having URL: http://bit.ly/2ymYWPR has been expanded to http://ow.ly/cTS730fVssH Mon Oct 30 10:59:01 2017 Info: MID 36 having URL: http://ow.ly/cTS730fVssH has been expanded to http://bit.ly/2xK8PD9 Mon Oct 30 10:59:01 2017 Info: MID 36 having URL: http://bit.ly/2xK8PD9 has been expanded to http://ow.ly/lWOi30fVssl Mon Oct 30 10:59:02 2017 Info: MID 36 having URL: http://ow.ly/lWOi30fVssl has been expanded to http://bit.ly/2ggHv9e Mon Oct 30 10:59:03 2017 Info: MID 36 having URL: http://bit.ly/2ggHv9e has been expanded to http://ow.ly/4fSO30fVsqx Mon Oct 30 10:59:04 2017 Info: MID 36 having URL: http://ow.ly/4fSO30fVsqx has been expanded to http://bit.ly/2hKEFcW Mon Oct 30 10:59:05 2017 Info: MID 36 having URL: http://bit.ly/2hKEFcW has been expanded to http://ow.ly/NyH830fVsq6 Mon Oct 30 10:59:06 2017 Info: MID 36 having URL: http://ow.ly/NyH830fVsq6 has been expanded to http://bit.ly/2ysnsNi Mon Oct 30 10:59:06 2017 Info: MID 36 having URL: http://bit.ly/2ysnsNi has been expanded to http://ow.ly/JhUN30fVsnL Mon Oct 30 10:59:07 2017 Info: MID 36 having URL: http://ow.ly/JhUN30fVsnL has been expanded to http://bit.ly/2hKQmAe Mon Oct 30 10:59:07 2017 Info: MID 36 URL http://bit.ly/2hKQmAe is marked malicious due to : URL depth exceeded Mon Oct 30 11:04:48 2017 Warning: MID 40 Failed to expand URL http://mail1.example.com/abcd AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1071 URL Reason: Error while trying to retrieve expanded URL Mon Oct 30 11:04:48 2017 Info: MID 40 not completely scanned for URL Filtering. Error: Message has a shortened URL that could not be expanded URL -9.5 URL . Mon Nov 6 06:50:18 2017 Info: MID 935 Attachment file_1.txt URL http://jrsjvysq.net has reputation -9.5 matched Condition: URL Reputation Rule Unscannable( ) . Tue Oct 24 08:28:58 2017 Info: Start MID 811 ICID 10 Tue Oct 24 08:28:58 2017 Info: MID 811 ICID 10 From: <[email protected]> Tue Oct 24 08:28:58 2017 Info: MID 811 ICID 10 RID 0 To: <[email protected]> Tue Oct 24 08:28:58 2017 Info: MID 811 Message-ID '<[email protected]>' Tue Oct 24 08:28:58 2017 Info: MID 811 Subject 'Test mail' Tue Oct 24 08:28:58 2017 Info: MID 811 ready 5242827 bytes from <[email protected]> Tue Oct 24 08:28:58 2017 Info: MID 811 matched all recipients for per-recipient policy DEFAULT in the inbound table Tue Oct 24 08:28:59 2017 Info: MID 811 attachment 'gzip.tar.gz' Tue Oct 24 08:28:59 2017 Info: MID 811 was marked as unscannable due to extraction failures. Reason: Error in extraction process - Decoding Errors. Tue Oct 24 08:28:59 2017 Info: ICID 10 close Tue Oct 24 08:28:59 2017 Info: MID 811 quarantined to "Policy" (Unscannable: due to Extraction Failure) Tue Oct 24 08:28:59 2017 Info: Message finished MID 811 done RFC Unscannable( ) RFC . Tue Oct 24 08:23:26 2017 Info: Start MID 807 ICID 6 Tue Oct 24 08:23:26 2017 Info: MID 807 ICID 6 From: <[email protected]> Tue Oct 24 08:23:26 2017 Info: MID 807 ICID 6 RID 0 To: <[email protected]> Tue Oct 24 08:23:26 2017 Info: MID 807 Subject `Test Mail' Tue Oct 24 08:23:26 2017 Info: MID 807 ready 427 bytes from <[email protected]> Tue Oct 24 08:23:26 2017 Info: MID 807 matched all recipients for per-recipient policy DEFAULT in the inbound table Tue Oct 24 08:23:26 2017 Info: MID 807 was marked as unscannable due to an RFC violation. Reason: A Unix-From header was found in the middle of a header block. Tue Oct 24 08:23:26 2017 Info: MID 807 queued for delivery Tue Oct 24 08:23:26 2017 Info: ICID 6 close / (alt-rcpt-to , rcpt , bcc() , ) . MID (DCID ). . Tue Jun 1 20:02:16 2004 Info: MID 14 generated based on MID 13 by bcc filter 'nonetest' AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1072 Tue Jan 6 15:03:18 2004 Info: MID 2 rewritten to 3 by antispam Fri May 14 20:44:43 2004 Info: MID 6 rewritten to 7 by alt-rcpt-to-filter filter 'testfilt' `rewritten' , MID . RPC RCID(RPC connection ID) . . Wed Feb 14 12:11:40 2007 Info: Start MID 2317877 ICID 15726925 Wed Feb 14 12:11:40 2007 Info: MID 2317877 ICID 15726925 From: <[email protected]> Wed Feb 14 12:11:40 2007 Info: MID 2317877 ICID 15726925 RID 0 To: <[email protected]> Wed Feb 14 12:11:40 2007 Info: MID 2317877 Message-ID '<W1TH05606E5811BEA0734309D4BAF0.323.14460.pimailer44.DumpShot.2@email.chase.com>' Wed Feb 14 12:11:40 2007 Info: MID 2317877 Subject 'Envision your dream home - Now make it a reality' Wed Feb 14 12:11:40 2007 Info: MID 2317877 ready 15731 bytes from <[email protected]> Wed Feb 14 12:11:40 2007 Info: MID 2317877 matched all recipients for per-recipient policy DEFAULT in the inbound table Wed Feb 14 12:11:41 2007 Info: MID 2317877 using engine: CASE spam suspect Wed Feb 14 12:11:41 2007 Info: EUQ: Tagging MID 2317877 for quarantine Wed Feb 14 12:11:41 2007 Info: MID 2317877 antivirus negative Wed Feb 14 12:11:41 2007 Info: MID 2317877 queued for delivery Wed Feb 14 12:11:44 2007 Info: RPC Delivery start RCID 756814 MID 2317877 to local IronPort Spam Quarantine Wed Feb 14 12:11:45 2007 Info: EUQ: Quarantined MID 2317877 Wed Feb 14 12:11:45 2007 Info: RPC Message done RCID 756814 MID 2317877 Wed Feb 14 12:11:45 2007 Info: Message finished MID 2317877 done . Info() Debug() . Thu Jun 7 20:48:10 2018 Info: MID 91 Threat feeds source 'S1' detected malicious URL: 'http://digimobil.mobi/' in attachment(s): malurl.txt. Action: Attachment stripped SDR SDR . Info() Debug() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1073 · , 333 · , 333 · , 334 · , 334 SDR SDR . Mon Jul 2 08:57:18 2018 Info: New SMTP ICID 3 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 08:57:18 2018 Info: ICID 3 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled Mon Jul 2 08:57:18 2018 Info: Start MID 3 ICID 3 Mon Jul 2 08:57:18 2018 Info: MID 3 ICID 3 From: <[email protected]> Mon Jul 2 08:57:18 2018 Info: MID 3 ICID 3 RID 0 To: <[email protected]> Mon Jul 2 08:57:18 2018 Info: MID 3 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 08:57:18 2018 Info: MID 3 Subject 'Message 001' Mon Jul 2 08:57:19 2018 Info: MID 3 SDR: Message was not scanned for Sender Domain Reputation. Reason: Authentication failure. CLI sdradvancedconfig Cisco Email Security SDR . SDR SDR . Mon Jul 2 09:00:13 2018 Info: New SMTP ICID 4 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 09:00:13 2018 Info: ICID 4 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled Mon Jul 2 09:00:13 2018 Info: Start MID 4 ICID 4 Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 From: <[email protected]> Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 RID 0 To: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:00:13 2018 Info: MID 4 Subject 'Message 001' Mon Jul 2 09:00:13 2018 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation. Reason: Request timed out. SDR . SDR Cisco Email Security SDR . Mon Jul 2 09:04:08 2018 Info: ICID 7 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1074 Mon Jul 2 09:04:08 2018 Info: Start MID 7 ICID 7 Mon Jul 2 09:04:08 2018 Info: MID 7 ICID 7 From: <[email protected] > Mon Jul 2 09:04:08 2018 Info: MID 7 ICID 7 RID 0 To: <[email protected] > Mon Jul 2 09:04:08 2018 Info: MID 7 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:04:08 2018 Info: MID 7 Subject 'Message 001' Mon Jul 2 09:04:08 2018 Info: MID 7 SDR: Message was not scanned for Sender Domain Reputation. Reason: Invalid host configured. CLI sdradvancedconfig Cisco Email Security SDR . SDR . Mon Jul 2 09:00:13 2018 Info: New SMTP ICID 4 interface Management (192.0.2.10) address 224.0.0.10 reverse dns host unknown verified no Mon Jul 2 09:00:13 2018 Info: ICID 4 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled Mon Jul 2 09:00:13 2018 Info: Start MID 4 ICID 4 Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 From: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 ICID 4 RID 0 To: <[email protected] > Mon Jul 2 09:00:13 2018 Info: MID 4 Message-ID '<000001cba32e$f24ff2e0$d6efd8a0$@com>' Mon Jul 2 09:00:13 2018 Info: MID 4 Subject 'Test mail' Mon Jul 2 09:00:13 2018 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation. Reason: Unknown error. . AsyncOS . " (stateless)". , . . Cisco , . . https://supportforums.cisco.com/document/33721/ cisco-ironport-systems-contributed-tools . . 116: Delivery status Del_time ( ) ( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1075 Inj_time Bytes Mid Ip From Source_ip Rcpt Rid Injection time. del_time - inj_time = ID IP. IP Envelope From(Envelope Sender MAIL FROM ) IP. IP SMTP SMTP ID. ID <0> , ID Envelope To . 117: SMTP RFC 1893 Enhanced Mail Status Code SMTP SMTP logheaders ( , 1108 ) . 118: Customer_data XML AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1076 . Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 5 interface 172.19.0.11 address 63.251.108.110 Mon Mar 31 20:10:58 2003 Info: Delivery start DCID 5 MID 4 to RID [0] Mon Mar 31 20:10:58 2003 Info: Message done DCID 5 MID 4 to RID [0] Mon Mar 31 20:11:03 2003 Info: DCID 5 close <bounce del_time="Sun Jan 05 08:28:33.073 2003" inj_time="Mon Jan 05 08:28:32.929 2003" bytes="4074" mid="94157762" ip="0.0.0.0" from="[email protected]" source_ip="192.168.102.1 "reason="5.1.0 - Unknown address error" code="550" error="["Requested action not taken: mailbox unavailable"]"> <rcpt rid="0" to="[email protected]" attempts="1" /> </bounce> Logheaders <success del_time="Tue Jan 28 15:56:13.123 2003" inj_time="Tue Jan 28 15:55:17.696 2003" bytes="139" mid="202" ip="10.1.1.13" from="[email protected]" source_ip="192.168.102.1" code="250" reply="sent"> <rcpt rid="0" to="[email protected]" attempts="1" /> <customer_data> <header name="xname" value="sh"/> </customer_data> </success> . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1077 119: Log level Bounce type MID/RID From (: ) Message ID Recipient ID Envelope From Envelope To SMTP RFC 1893 Enhanced Mail Status Code SMTP logheaders ( , 1108 ) . 120: Soft-Bounced Recipient (Bounce Type = Delayed) Thu Dec 26 18:37:00 2003 Info: Delayed: 44451135:0 From:<[email protected]> To:<[email protected]> Reason: "4.1.0 - Unknown address error" Response: "('451', ['<[email protected]> Automated block triggered by suspicious activity from your IP address (10.1.1.1). Have your system administrator send e-mail to [email protected] if you believe this block is in error'])" Hard-Bounced Recipient (Bounce Type = Bounced) Thu Dec 26 18:36:59 2003 Info: Bounced: 45346670:0 From:<[email protected]> To:<[email protected]> Reason: "5.1.0 - Unknown address error" Response: "('550', ['There is no such active account.'])" AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1078 Bounce Log with Message Body and Logheaders Bounce Log with Message Body and Logheaders Wed Jan 29 00:06:30 2003 Info: Bounced: 203:0 From:<[email protected]> To:<[email protected]> Reason:"5.1.2 - Bad destination host" Response: "('000', [])" Headers: ['xname: userID2333']' Message: Message-Id: <[email protected]>\015\012xname: userID2333\015\012subject: Greetings.\015\012\015\012Hi Tom:' \015\012 (: CRLF). CLI status (status, status detail, dnsstatus ) . logconfig setup . . . 121: CPULd DskIO RAMUtil QKUsd QKFre CrtMID CrtICID CRTDCID InjBytes InjMsg InjRcp CPU I/O RAM Queue Kilobytes Used( ) Queue Kilobytes Free( ) ID(MID) ICID(Injection Connection ID) DCID(Delivery Connection ID) () Injected Messages( ) Injected Recipients( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1079 GenBncRcp RejRcp DrpMsg SftBncEvnt CmpRcp HrdBncRcp DnsHrdBnc 5XXHrdBnc FltrHrdBnc ExpHrdBnc OtrHrdBnc DlvRcp DelRcp GlbUnsbHt ActvRcp UnatmptRcp AtmptRcp CrtCncIn CrtCncOut DnsReq NetReq CchHit CchMis CchEct CchExp CPUTTm (drop) Soft Bounced Events Hard Bounced Recipients DNS 5XX Delivered Recipients Active Recipients DNS CPU AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1080 CPUETm MaxIO RamUsd SwIn SwOut SwPgIn SwPgOut MMLen DstInMem ResCon WorkQ QuarMsgs QuarQKUsd LogUsd BMLd CmrkLd SophLd McafLd CASELd TotalLd LogAvail EuQ EuqRls RptLD I/O () (tarpit) . () . , Outbreak ( ) , Outbreak CPU Cloudmark CPU Sophos CPU McAfee CPU CASE CPU CPU CPU AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1081 QtnLd EncrQ CPU Fri Feb 24 15:14:39 2006 Info: Status: CPULd 0 DskIO 0 RAMUtil 2 QKUsd 0 QKFre 8388608 CrtMID 19036 CrtICID 35284 CrtDCID 4861 InjMsg 13889 InjRcp 14230 GenBncRcp 12 RejRcp 6318 DrpMsg 7437 SftBncEvnt 1816 CmpRcp 6813 HrdBncRcp 18 DnsHrdBnc 2 5XXHrdBnc 15 FltrHrdBnc 0 ExpHrdBnc 1 OtrHrdBnc 0 DlvRcp 6793 DelRcp 2 GlbUnsbHt 0 ActvRcp 0 UnatmptRcp 0 AtmptRcp 0 CrtCncIn 0 CrtCncOut 0 DnsReq 143736 NetReq 224227 CchHit 469058 CchMis 504791 CchEct 15395 CchExp 55085 CPUTTm 228 CPUETm 181380 MaxIO 350 RAMUsd 21528056 MMLen 0 DstInMem 4 ResCon 0 WorkQ 0 QuarMsgs 0 QuarQKUsd 0 LogUsd 3 AVLd 0 BMLd 0 CASELd 3 TotalLd 3 LogAvail 17G EuQ 0 EuqRls 0 Email Security Appliance SMTP . . 122: Log level From Envelope From Envelope To SMTP RFC 1893 Enhanced Mail Status Code SMTP Sat Dec 21 02:37:22 2003 Info: 102503993 Sent: 'MAIL FROM:<[email protected]>' Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK' Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'RCPT TO:<[email protected]>' Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK' Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'DATA' AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1082 Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '354 START MAIL INPUT, END WITH "." ON A LINE BY ITSELF' Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '250 OK' Email Security Appliance SMTP . Email Security Appliance . , ("Sent to") ("Received from") . IP , IP , . IP IP . . IP DNS . DNS PTR IP . . . 123: ICID Sent/Received IP Injection Connection ID . "Sent to" . "Received from" . IP Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '220 postman.example.com ESMTP\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'HELO mail.remotehost.com\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '250 postman.example.com\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'MAIL FROM:<[email protected]>\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '250 sender <[email protected]> ok\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'RCPT TO:<[email protected]>\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '250 recipient AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1083 <[email protected]> ok\015\012' Wed Apr 2 14:30:04 Info: 6216 Rcvd from '172.16.0.22': 'DATA\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '354 go ahead\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'To: [email protected]\015\012Date: Apr 02 2003 10:09:44\015\012Subject: Test Subject\015\012From: Sender <[email protected]>\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Rcvd from '172.16.0.22': 'This is the content of the message' Wed Apr 2 14:30:04 Info: 6216 Sent to '172.16.0.22': '250 ok\015\012' Wed Apr 2 14:30:04 Info: 6216 Rcvd from '172.16.0.22': 'QUIT\015\012' Wed Apr 2 14:30:04 2003 Info: 6216 Sent to '172.16.0.22': '221 postman.example.com\015\012' 124: . Wed Sep 8 18:02:45 2004 Info: Version: 4.0.0-206 SN: XXXXXXXXXXXX-XXX Wed Sep 8 18:02:45 2004 Info: Time offset from UTC: 0 seconds Wed Sep 8 18:02:45 2004 Info: System is coming up Wed Sep 8 18:02:49 2004 Info: bootstrapping DNS cache Wed Sep 8 18:02:49 2004 Info: DNS cache bootstrapped Wed Sep 8 18:13:30 2004 Info: PID 608: User admin commit changes: SSW:Password Wed Sep 8 18:17:23 2004 Info: PID 608: User admin commit changes: Completed Web::SSW Thu Sep 9 08:49:27 2004 Info: Time offset from UTC: -25200 seconds Thu Sep 9 08:49:27 2004 Info: PID 1237: User admin commit changes: Added a second CLI log for examples Thu Sep 9 08:51:53 2004 Info: PID 1237: User admin commit changes: Removed example CLI log. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1084 CLI CLI 125: CLI PID CLI Process ID CLI , CLI (, ) . CLI CLI PID 16434 who, textconfig CLI . Thu Sep 9 14:35:55 2004 Info: PID 16434: User admin entered 'who'; prompt was '\nmail3.example.com> ' Thu Sep 9 14:37:12 2004 Info: PID 16434: User admin entered 'textconfig'; prompt was '\nUsername Login Time Idle Time Remote Host What\n======== ========== ========= =========== ====\nadmin Wed 11AM 3m 45s 10.1.3.14 tail\nadmin 02:32PM 0s 10.1.3.14 cli\nmail3.example.com> ' Thu Sep 9 14:37:18 2004 Info: PID 16434: User admin entered ''; prompt was '\nThere are no text resources currently defined.\n\n\nChoose the operation you want to perform:\nNEW - Create a new text resource.\n- IMPORT - Import a text resource from a file.\n[]> ' FTP 126: FTP ID Connection ID. FTP ID logfile FTP (, , , ) . FTP FTP (ID:1) . IP , ( ) . Wed Sep 8 18:03:06 2004 Info: Begin Logfile AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1085 HTTP Wed Sep 8 18:03:06 2004 Info: Version: 4.0.0-206 SN: 00065BF3BA6D-9WFWC21 Wed Sep 8 18:03:06 2004 Info: Time offset from UTC: 0 seconds Wed Sep 8 18:03:06 2004 Info: System is coming up Fri Sep 10 08:07:32 2004 Info: Time offset from UTC: -25200 seconds Fri Sep 10 08:07:32 2004 Info: ID:1 Connection from 10.1.3.14 on 172.19.0.86 Fri Sep 10 08:07:38 2004 Info: ID:1 User admin login SUCCESS Fri Sep 10 08:08:46 2004 Info: ID:1 Upload wording.txt 20 bytes Fri Sep 10 08:08:57 2004 Info: ID:1 Download words.txt 1191 bytes Fri Sep 10 08:09:06 2004 Info: ID:1 User admin logout HTTP 127: HTTP ID req user ID IP . GET POST , . HTTP HTTP GUI ( ). Wed Sep 8 18:17:23 2004 Info: http service on 192.168.0.1:80 redirecting to https port 443 Wed Sep 8 18:17:23 2004 Info: http service listening on 192.168.0.1:80 Wed Sep 8 18:17:23 2004 Info: https service listening on 192.168.0.1:443 Wed Sep 8 11:17:24 2004 Info: Time offset from UTC: -25200 seconds Wed Sep 8 11:17:24 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg POST /system_administration/system_setup_wizard HTTP/1.1 303 Wed Sep 8 11:17:25 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /system_administration/ssw_done HTTP/1.1 200 Wed Sep 8 11:18:45 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /monitor/incoming_mail_overview HTTP/1.1 200 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1086 NTP Wed Sep 8 11:18:45 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /monitor/mail_flow_graph?injector=&width=365&interval=0&type=recipientsin&height=190 HTTP/1.1 200 Wed Sep 8 11:18:46 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /monitor/classification_graph?injector=&width=325&interval=0&type=recipientsin&height=19 0 HTTP/1.1 200 Wed Sep 8 11:18:49 2004 Info: req:10.10.10.14 user:admin id:iaCkEh2h5rZknQarAecg GET /monitor/quarantines HTTP/1.1 200 NTP 128: NTP SNTP(Simple Network Time Protocol) adjust: . NTP NTP NTP . Thu Sep 9 07:36:39 2004 Info: sntp query host 10.1.1.23 delay 653 offset -652 Thu Sep 9 07:36:39 2004 Info: adjust: time_const: 8 offset: -652us next_poll: 4096 Thu Sep 9 08:44:59 2004 Info: sntp query host 10.1.1.23 delay 642 offset -1152 Thu Sep 9 08:44:59 2004 Info: adjust: time_const: 8 offset: -1152us next_poll: 4096 LOG COMMON . COMMON LOG " " . 129: , , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1087 Sophos . Wed Feb 23 22:05:48 2011 Info: Internal SMTP system attempting to send a message to [email protected] with subject 'Warning <Anti-Virus> mail3.example.com: sophos antivirus - The Anti-Virus database on this system is...' (attempt #0). Wed Feb 23 22:05:48 2011 Info: Internal SMTP system successfully sent a message to [email protected] with subject 'Warning <Anti-Virus> mail3.example.com: sophos antivirus - The Anti-Virus database on this system is...'. Wed Feb 23 22:05:48 2011 Info: A Anti-Virus/Warning alert was sent to [email protected] with subject "Warning <Anti-Virus> mail3.example.com: sophos antivirus - The Anti-Virus database on this system is...". 130: ( ). CASE . Fri Apr 13 18:59:47 2007 Info: case antispam - engine (19103) : case-daemon: server successfully spawned child process, pid 19111 Fri Apr 13 18:59:47 2007 Info: case antispam - engine (19111) : startup: Region profile: Using profile global Fri Apr 13 18:59:59 2007 Info: case antispam - engine (19111) : fuzzy: Fuzzy plugin v7 successfully loaded, ready to roll Fri Apr 13 19:00:01 2007 Info: case antispam - engine (19110) : uribllocal: running URI blocklist local Fri Apr 13 19:00:04 2007 Info: case antispam - engine (19111) : config: Finished loading configuration AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1088 , , . Tue Mar 24 08:56:45 2015 Info: graymail [BASE] Logging at DEBUG level Tue Mar 24 08:56:45 2015 Info: graymail [HANDLER] Initializing request handler Tue Mar 24 08:56:50 2015 Info: graymail [ENGINE] Loaded graymail scanner library Tue Mar 24 08:56:50 2015 Info: graymail [ENGINE] Created graymail scanner instance Tue Mar 24 08:56:50 2015 Info: graymail [HANDLER] Debug mode disabled on graymail process Tue Mar 24 08:56:50 2015 Info: graymail [HANDLER] Starting thread WorkerThread_0 131: ( ) (IDE) Sophos . Thu Sep 9 14:18:04 2004 Info: Checking for Sophos Update Thu Sep 9 14:18:04 2004 Info: Current SAV engine ver=3.84. No engine update needed Thu Sep 9 14:18:04 2004 Info: Current IDE serial=2004090902. No update needed. DEBUG . DEBUG . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1089 AMP AMP AMP . · · ( ) . AMP AMP . · , 1090 · , 1090 · , 1090 · , 1091 · , 1092 · , 1093 · , 1093 · , 1094 · , 1094 Wed Oct 5 15:17:31 2016 Info: File reputation service initialized successfully Wed Oct 5 15:17:31 2016 Info: The following file type(s) can be sent for File Analysis: Microsoft Windows / DOS Executable, Microsoft Office 97-2004 (OLE), Microsoft Office 2007+ (Open XML), Other potentially malicious file types, Adobe Portable Document Format (PDF). To allow analysis of new file type(s), go to Security Services > File Reputation and Analysis. Wed Oct 5 15:17:31 2016 Info: File Analysis service initialized successfully Tue Oct 4 23:15:24 2016 Warning: MID 12 reputation query failed for attachment 'Zombies.pdf' with error "Cloud query failed" Fri Oct 7 09:44:04 2016 Info: File reputation query initiating. File Name = 'mod-6.exe', MID = 5, File Size = 1673216 bytes, File Type = application/x-dosexec SHA-256 . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1090 MID ID. SHA-256 . SHA-256 . . · Microsoft Windows / DOS Executable · Microsoft Office 97-2004(OLE) · Microsoft Office 2007+(Open XML) · · Adobe PDF(Portable Document Format) Fri Oct 7 09:44:06 2016 Info: Response received for file reputation query from Cloud. File Name = 'mod-6.exe', MID = 5, Disposition = MALICIOUS, Malware = W32.061DEF69B5-100.SBX.TG, Reputation Score = 73, sha256 = 061def69b5c100e9979610fa5675bd19258b19a7ff538b5c2d230b467c312f19, upload_action = 2 MID SHA-256 . . ID. . · MALICIOUS · Clean · FILE UNKNOWN - 0 . · VERDICT UNKNOWN - FILE UNKNOWN 0 . . . VERDICT UNKNOWN . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1091 : · 0 - · 1 - . '1' . · 2 - · 3 - Wed Sep 28 11:31:58 2016 Info: File uploaded for analysis. SHA256: e7ae35a8227b380ca761c0317e814e4aaa3d04f362c6b913300117241800f0ea Wed Sep 28 11:36:58 2016 Info: File Analysis is running for SHA: e7ae35a8227b380ca761c0317e814e4aaa3d04f362c6b913300117241800f0ea Fri Oct 7 07:39:13 2016 Info: File Analysis complete. SHA256: 16454aff5082c2e9df43f3e3b9cdba3c6ae1766416e548c30a971786db570bfc, Submit Timestamp: 1475825466, Update Timestamp: 1475825953, Disposition: 3 Score: 100, run_id: 194926004 Details: Analysis is completed for the File SHA256[16454aff5082c2e9df43f3e3b9cdba3c6ae1766416e548c30a971786db570bfc] Spyname:[W32.16454AFF50-100.SBX.TG] SHA256 ID SHA-256 . . . . · 1 - · 2 - · 3 - . (ID) . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1092 . Wed Sep 14 12:27:52 2016 Info: File not uploaded for analysis. MID = 0 File SHA256[a5f28f1fed7c2fe88bcdf403710098977fa12c32d13bfbd78bbe27e95b245f82] file mime[text/plain] Reason: No active/dynamic contents exists MID MIME ID . MIME . upload_action '1' . · . . · - . · . · · - . · · · / · / Tue Jun 20 13:22:56 2017 Info: File analysis upload skipped. SHA256: b5c7e26491983baa713c9a2910ee868efd891661c6a0553b28f17b8fdc8cc3ef,Timestamp[1454782976] details[File SHA256[b5c7e26491983baa713c9a2910ee868efd891661c6a0553b28f17b8fdc8cc3ef] file mime[application/pdf], upload priority[Low] not uploaded, re-tries[3], backoff[986] discarding ...] Tue Jun 20 13:22:56 2017 Critical: The attachment could not be uploaded to the File Analysis server because the appliance exceeded the upload limit SHA256 SHA-256 . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1093 MIME Retries() (x) () MIME . . · High - PDF · Low - PDF . 3 . ((x)). . . Sat Feb 6 13:22:56 2016 Info:SHA256: 69e17e213732da0d0cbc48ae7030a4a18e0c1289f510e8b139945787f67692a5,Timestamp[1454959409] details[Server Response HTTP code:[502]] SHA256 SHA-256 . . Fri Oct 7 07:39:13 2016 Info: Retrospective verdict received. SHA256: 16454aff5082c2e9df43f3e3b9cdba3c6ae1766416e548c30a971786db570bfc, Timestamp: 1475832815.7, Verdict: MALICIOUS, Reputation Score: 0, Spyname: W32.16454AFF50-100.SBX. SHA256 Reputation Score Spyname SHA-256 . . . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1094 132: ( , ). [email protected] (MID 8298624) . Mon Aug 14 21:41:47 2006 Info: ISQ: Releasing MID [8298624, 8298625] for all Mon Aug 14 21:41:47 2006 Info: ISQ: Delivering released MID 8298624 (skipping work queue) Mon Aug 14 21:41:47 2006 Info: ISQ: Released MID 8298624 to [email protected] Mon Aug 14 21:41:47 2006 Info: ISQ: Delivering released MID 8298625 (skipping work queue) Mon Aug 14 21:41:47 2006 Info: ISQ: Released MID8298625 to [email protected] GUI 133: GUI . GUI , . Fri Aug 11 22:05:28 2006 Info: ISQ: Serving HTTP on 192.168.0.1, port 82 Fri Aug 11 22:05:29 2006 Info: ISQ: Serving HTTPS on 192.168.0.1, port 83 Fri Aug 11 22:08:35 2006 Info: Authentication OK, user admin Fri Aug 11 22:08:35 2006 Info: logout:- user:pqufOtL6vyI5StCqhCfO session:10.251.23.228 Fri Aug 11 22:08:35 2006 Info: login:admin user:pqufOtL6vyI5StCqhCfO session:10.251.23.228 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1095 LDAP Fri Aug 11 22:08:44 2006 Info: Authentication OK, user admin LDAP 134: LDAP LDAP LDAP . . 1 Thu Sep 9 12:24:56 2004 Begin Logfile 2 Thu Sep 9 12:25:02 2004 LDAP: Masquerade query sun.masquerade address [email protected] to [email protected] 3 Thu Sep 9 12:25:02 2004 LDAP: Masquerade query sun.masquerade address [email protected] to [email protected] 4 Thu Sep 9 12:25:02 2004 LDAP: Masquerade query sun.masquerade address [email protected] to [email protected] 5 Thu Sep 9 12:28:08 2004 LDAP: Clearing LDAP cache 6 Thu Sep 9 13:00:09 2004 LDAP: Query '(&(ObjectClass={g})(mailLocalAddress={a}))' to server sun (sun.qa:389) 7 Thu Sep 9 13:00:09 2004 LDAP: After substitute, query is '(&(ObjectClass=inetLocalMailRecipient) ([email protected]))' 8 Thu Sep 9 13:00:09 2004 LDAP: connecting to server 9 Thu Sep 9 13:00:09 2004 LDAP: connected 10 Thu Sep 9 13:00:09 2004 LDAP: Query (&(ObjectClass=inetLocalMailRecipient) ([email protected])) returned 1 results AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1096 / 11 Thu Sep 9 13:00:09 2004 LDAP: returning: [<LDAP:>] . 135: LDAP 1 2 3 4 5 6 7 8 9 10 . LDAP ( "sun.masquerade" LDAP ). [email protected] LDAP , , [email protected] . / envelope from . ldapflush . sun.qa, 389 . (&(ObjectClass={g})(mailLocalAddress={a})). {g} rcpt-to-group mail-from-group . {a} . . LDAP . . . (empty positive). , . . / / . 136: / . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1097 / / / . . Fri Sep 28 14:22:33 2007 Info: Begin Logfile Fri Sep 28 14:22:33 2007 Info: Version: 6.0.0-425 SN: XXXXXXXXXXXX-XXX Fri Sep 28 14:22:33 2007 Info: Time offset from UTC: 10800 seconds Fri Sep 28 14:22:33 2007 Info: System is coming up. Fri Sep 28 14:22:33 2007 Info: SLBL: The database snapshot has been created. Fri Sep 28 16:22:34 2007 Info: SLBL: The database snapshot has been created. Fri Sep 28 18:22:34 2007 Info: SLBL: The database snapshot has been created. Fri Sep 28 20:22:34 2007 Info: SLBL: The database snapshot has been created. Fri Sep 28 22:22:35 2007 Info: SLBL: The database snapshot has been created. ......................... Mon Oct 1 14:16:09 2007 Info: SLBL: The database snapshot has been created. Mon Oct 1 14:37:39 2007 Info: SLBL: The database snapshot has been created. Mon Oct 1 15:31:37 2007 Warning: SLBL: Adding senders to the database failed. Mon Oct 1 15:32:31 2007 Warning: SLBL: Adding senders to the database failed. Mon Oct 1 16:37:40 2007 Info: SLBL: The database snapshot has been created. . 137: . . . Wed Oct 3 13:39:53 2007 Info: Period minute using 0 (KB) Wed Oct 3 13:39:53 2007 Info: Period month using 1328 (KB) Wed Oct 3 13:40:02 2007 Info: Update 2 registered appliance at 2007-10-03-13-40 Wed Oct 3 13:40:53 2007 Info: Pages found in cache: 1304596 (99%). Not found: 1692 Wed Oct 3 13:40:53 2007 Info: Period hour using 36800 (KB) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1098 Wed Oct 3 13:40:53 2007 Info: Period day using 2768 (KB) Wed Oct 3 13:40:53 2007 Info: Period minute using 0 (KB) Wed Oct 3 13:40:53 2007 Info: Period month using 1328 (KB) Wed Oct 3 13:40:53 2007 Info: HELPER checkpointed in 0.00580507753533 seconds Wed Oct 3 13:41:02 2007 Info: Update 2 registered appliance at 2007-10-03-13-41 Wed Oct 3 13:41:53 2007 Info: Pages found in cache: 1304704 (99%). Not found: 1692 Wed Oct 3 13:41:53 2007 Info: Period hour using 36800 (KB) Wed Oct 3 13:41:53 2007 Info: Period day using 2768 (KB) Wed Oct 3 13:41:53 2007 Info: Period minute using 0 (KB) Wed Oct 3 13:41:53 2007 Info: Period month using 1328 (KB) Wed Oct 3 13:42:03 2007 Info: Update 2 registered appliance at 2007-10-03-13-42 . 138: . . 2007 8 29 10 10 . Tue Oct 2 11:30:02 2007 Info: Query: Closing interval handle 811804479. Tue Oct 2 11:30:02 2007 Info: Query: Closing interval handle 811804480. Tue Oct 2 11:30:02 2007 Info: Query: Closing query handle 302610228. Tue Oct 2 11:30:02 2007 Info: Query: Merge query with handle 302610229 for ['MAIL_OUTGOING_TRAFFIC_SUMMARY. DETECTED_SPAM', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.DETECTED_VIRUS', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.THREAT_CONTENT_FILTER', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_CLEAN_RECIPIENTS', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_RECIPIENTS_PROCESSED'] for rollup period "day" with interval range 2007-08-29 to 2007-10-01 with key constraints None sorting on ['MAIL_OUTGOING_TRAFFIC_SUMMARY.DETECTED_SPAM'] returning results from AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1099 0 to 2 sort_ascending=False. Tue Oct 2 11:30:02 2007 Info: Query: Closing query handle 302610229. Tue Oct 2 11:30:02 2007 Info: Query: Merge query with handle 302610230 for ['MAIL_OUTGOING_TRAFFIC_SUMMARY. TOTAL_HARD_BOUNCES', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_RECIPIENTS_DELIVERED', 'MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_RECIPIENTS'] for rollup period "day" with interval range 2007-08-29 to 2007-10-01 with key constraints None sorting on ['MAIL_OUTGOING_TRAFFIC_SUMMARY.TOTAL_HARD_BOUNCES'] returning results from 0 to 2 sort_ascending=False. Tue Oct 2 11:30:02 2007 Info: Query: Closing query handle 302610230. 139: . , AsyncOS / . McAfee Anti-Virus . Fri Sep 19 11:07:51 2008 Info: Starting scheduled update Fri Sep 19 11:07:52 2008 Info: Acquired server manifest, starting update 11 Fri Sep 19 11:07:52 2008 Info: Server manifest specified an update for mcafee Fri Sep 19 11:07:52 2008 Info: mcafee was signalled to start a new update Fri Sep 19 11:07:52 2008 Info: mcafee processing files from the server manifest Fri Sep 19 11:07:52 2008 Info: mcafee started downloading files Fri Sep 19 11:07:52 2008 Info: mcafee downloading remote file "http://stage-updates.ironport.com/mcafee/dat/5388" Fri Sep 19 11:07:52 2008 Info: Scheduled next update to occur at Fri Sep 19 11:12:52 2008 Fri Sep 19 11:08:12 2008 Info: mcafee started decrypting files Fri Sep 19 11:08:12 2008 Info: mcafee decrypting file "mcafee/dat/5388" with method "des3_cbc" Fri Sep 19 11:08:17 2008 Info: mcafee started decompressing files Fri Sep 19 11:08:17 2008 Info: mcafee started applying files Fri Sep 19 11:08:17 2008 Info: mcafee applying file "mcafee/dat/5388" AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1100 Fri Sep 19 11:08:18 2008 Info: mcafee verifying applied files Fri Sep 19 11:08:18 2008 Info: mcafee updating the client manifest Fri Sep 19 11:08:18 2008 Info: mcafee update completed Fri Sep 19 11:08:18 2008 Info: mcafee waiting for new updates Fri Sep 19 11:12:52 2008 Info: Starting scheduled update Fri Sep 19 11:12:52 2008 Info: Scheduled next update to occur at Fri Sep 19 11:17:52 2008 Fri Sep 19 11:17:52 2008 Info: Starting scheduled update Fri Sep 19 11:17:52 2008 Info: Scheduled next update to occur at Fri Sep 19 11:22:52 2008 Sophos . Fri Mar 10 15:05:55 2017 Debug: Skipping update request for "postx" Fri Mar 10 15:05:55 2017 Debug: postx updates disabled Fri Mar 10 15:05:55 2017 Debug: Skipping update request for "postx" Fri Mar 10 15:05:55 2017 Trace: command session starting Fri Mar 10 15:05:55 2017 Info: Automatic updates disabled for engine Sophos engine Fri Mar 10 15:05:55 2017 Info: Sophos: Backup update applied successfully Fri Mar 10 15:05:55 2017 Info: Internal SMTP system attempting to send a message to [email protected] with subject `Automatic updates are now disabled for sophos' attempt #0). Fri Mar 10 15:05:55 2017 Debug: amp feature key disabled Fri Mar 10 15:05:55 2017 Debug: Skipping update request for "amp" Fri Mar 10 15:05:55 2017 Debug: amp feature key disabled AsyncOS . . . . . Cisco Security Management Email Security Appliance . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1101 . 140: . . "admin," "joe" "dan" . Wed Sep 17 15:16:25 2008 Info: Begin Logfile Wed Sep 17 15:16:25 2008 Info: Version: 6.5.0-262 SN: XXXXXXX-XXXXX Wed Sep 17 15:16:25 2008 Info: Time offset from UTC: 0 seconds Wed Sep 17 15:18:21 2008 Info: User admin was authenticated successfully. Wed Sep 17 16:26:17 2008 Info: User joe failed authentication. Wed Sep 17 16:28:28 2008 Info: User joe was authenticated successfully. Wed Sep 17 20:59:30 2008 Info: User admin was authenticated successfully. Wed Sep 17 21:37:09 2008 Info: User dan failed authentication. . Thu Mar 16 05:47:47 2017 Info: Trying RADIUS server example.cisco.com Thu Mar 16 05:48:18 2017 Info: Two-Factor RADIUS Authentication failed. Thu Mar 16 05:48:48 2017 Info: An authentication attempt by the user **** from 21.101.210.150 failed . Thu Mar 16 05:46:04 2017 Info: Trying RADIUS server example.cisco.com Thu Mar 16 05:46:59 2017 Info: RADIUS server example.cisco.com communication error. No valid responses from server (timeout). Thu Mar 16 05:46:59 2017 Info: Two-Factor Authentication RADIUS servers timed out. Authentication could fail due to this. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1102 . Thu Mar 16 05:49:05 2017 Info: Trying RADIUS server example.cisco.com Thu Mar 16 05:49:05 2017 Info: Two-Factor RADIUS Authentication was successful. Thu Mar 16 05:49:05 2017 Info: The user admin successfully logged on from 21.101.210.150 using an HTTPS connection. , , . . (admin) . <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE config SYSTEM "config.dtd"> <!-XML generated by configuration change. Change comment: added guest user User: admin Configuration are described as: This table defines which local users are allowed to log into the system. Product: Cisco IronPort M160 Messaging Gateway(tm) Appliance Model Number: M160 Version: 6.7.0-231 Serial Number: 000000000ABC-D000000 Number of CPUs: 1 Memory (GB): 4 Current Time: Thu Mar 26 05:34:36 2009 Feature "Cisco IronPort Centralized Configuration Manager": Quantity = 10, Time Remaining = "25 days" Feature "Centralized Reporting": Quantity = 10, Time Remaining = "9 days" Feature "Centralized Tracking": Quantity = 10, Time Remaining = "30 days" Feature "Centralized Spam Quarantine": Quantity = 10, Time Remaining = "30 days" AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1103 Feature "Receiving": Quantity = 1, Time Remaining = "Perpetual" --> <config> ETF ETF , , . Info() Debug() . Thu Jun 7 04:54:15 2018 Info: THREAT_FEEDS: Job failed with exception: Invalid URL or Port Thu Jun 7 05:04:13 2018 Info: THREAT_FEEDS: A delta poll is scheduled for the source: S1 Thu Jun 7 05:04:13 2018 Info: THREAT_FEEDS: A delta poll has started for the source: S1, domain: s1.co, collection: sss Thu Jun 7 05:04:13 2018 Info: THREAT_FEEDS: Observables are being fetched from the source: S1 between 2018-06-07 04:34:13+00:00 and 2018-06-07 05:04:13.185909+00:00 Thu Jun 7 05:04:13 2018 Info: THREAT_FEEDS: 21 observables were fetched from the source: S1 Thu Jun 7 05:19:14 2018 Info: THREAT_FEEDS: A delta poll is scheduled for the source: S1 Thu Jun 7 05:19:14 2018 Info: THREAT_FEEDS: A delta poll has started for the source: S1, domain: s1.co, collection: sss ETF - . Info: THREAT_FEEDS: [TaxiiClient] Failed to poll threat feeds from following source: hailataxii.com, cause of failure: Invalid Collection name Mail Policies( ) > External Threat Feeds Manager( ) CLI threatfeedsconfig > sourceconfig . ETF - HTTP HTTP . Info: THREAT_FEEDS: [TaxiiClient] Failed to poll threat feeds from following source: hailataxii.com , cause of failure: HTTP Error Mail Policies( ) > External Threat Feeds Manager( ) CLI threatfeedsconfig > sourceconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1104 ETF - URL ETF - URL URL . Info: THREAT_FEEDS: [TaxiiClient] Failed to poll threat feeds from following source: hailataxii.com , cause of failure: HTTP Error Mail Policies( ) > External Threat Feeds Manager( ) CLI threatfeedsconfig > sourceconfig . · , 1105 · GUI , 1107 · , 1107 · , 1109 · , 1113 System Administration( ) Log Subscriptions( ) ( CLI logconfig ) . AsyncOS ( ) . (). . 141: Log type( ) . : . Log Name( ) . . Email Security Appliance . Rollover by File Size( . ) Rollover by Time( . ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1105 . 10. Log level( ) . Retrieval method( Email Security Appliance ) . . . . . . . 142: Critical() . . . . syslog "Alert" . . . syslog "Warning" . . Information() . syslog "Info" . . . syslog "Debug" . . . syslog "Debug" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1106 GUI GUI 1 System Administration( ) > Log Subscriptions( ) . 2 Add Log Subscription( ) . 3 ( ) . 4 AsyncOS . , 1109 . 5 . Critical(), Warning(), Information(), Debug() Trace(). 6 . 7 . 1 System Administration( ) > Log Subscriptions( ) . 2 Log Settings( ) . 3 . 4 . . System Administration( ) > Log Subscriptions( ) Global Settings( ) Edit Settings( ) ( CLI logconfig -> setup ) . · . (). · ID . · . · . · . . 1. ID ID ( ) . ID AsyncOS . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1107 Tue Apr 6 14:38:34 2004 Info: MID 1 Message-ID Message-ID-Content 2. ( ) . . Tue Apr 6 14:38:34 2004 Info: MID 1 RID [0] Response 'queued as 9C8B425DA7' , SMTP DATA . "queued as 9C8B425DA7". [...] 250 ok hostname 250 Ok: queued as 9C8B425DA7 , OK (250 ) . . Email Security Appliance "250 Ok: Message MID accepted" DATA . Email Security Appliance "Message MID accepted" . 3. . Tue May 31 09:20:27 2005 Info: Start MID 2 ICID 2 Tue May 31 09:20:27 2005 Info: MID 2 ICID 2 From: <[email protected]> Tue May 31 09:20:27 2005 Info: MID 2 ICID 2 RID 0 To: <[email protected]> Tue May 31 09:20:27 2005 Info: MID 2 Message-ID '<[email protected]>' Tue May 31 09:20:27 2005 Info: MID 2 Subject 'Monthly Reports Due' . Log Subscriptions Global Settings( ) ( CLI logconfig -> logheaders ) . Email Security Appliance , . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1108 GUI . SMTP RFC http://www.faqs.org/rfcs/rfc2821.html . logheaders . 143: , "date, x-subject" . Tue May 31 10:14:12 2005 Info: Message done DCID 0 MID 3 to RID [0] [('date', 'Tue, 31 May 2005 10:13:18 -0700'), ('x-subject', 'Logging this header')] GUI 1 System Administration( ) > Log Subscriptions( ) . 2 Global Settings( ) . 3 Edit Settings( ) . 4 , ID , , . 5 . 6 . AsyncOS "" , . . , 1059 . AsyncOS . · "s" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1109 Rollover By File Size( ) · "current" . · ( ). · ( ). · ( ). GUI System Administration( ) > Log Subscriptions( ) CLI logconfig . . · · Rollover By File Size( ) AsyncOS . m k . 10 10m . Rollover By Time( ) . · None(). AsyncOS . · Custom Time Interval( ). AsyncOS . d, h m , , . · Daily Rollover( ). AsyncOS . 24 (HH:MM) AsyncOS . Daily Rollover( ) GUI . CLI logconfig Weekly Rollover( ) (*) AsyncOS . · Weekly Rollover( ). AsyncOS . AsyncOS . 24 (HH:MM) . CLI (-), (*), (,) . CLI (00:00) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1110 144: CLI Do you want to configure time-based log files rollover? [N]> y Configure log rollover settings: 1. Custom time interval. 2. Weekly rollover. [1]> 2 1. Monday 2. Tuesday 3. Wednesday 4. Thursday 5. Friday 6. Saturday 7. Sunday Choose the day of week to roll over the log files. Separate multiple days with comma, or use "*" to specify every day of a week. Also you can use dash to specify a range like "1-5": []> 3, 5 Enter the time of day to rollover log files in 24-hour format (HH:MM). You can specify hour as "*" to match every hour, the same for minutes. Separate multiple times of day with comma: []> 00:00 GUI AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1111 GUI 1 System Administration( ) > Log Subscriptions( ) . 2 , All() . 3 Rollover Now( ) . Rollover Now( ) . GUI GUI Management HTTP HTTPS . 1 System Administration( ) > Log Subscriptions( ) . 2 Log Files( ) . 3 . 4 . CLI (tail ) AsyncOS tail . tail . tail Ctrl-C . tail . ( commit .) tail tail mail_logs . mail3.example.com> tail Currently configured logs: 1. "antispam" Type: "Anti-Spam Logs" Retrieval: Manual Download 2. "antivirus" Type: "Anti-Virus Logs" Retrieval: Manual Download 3. "asarchive" Type: "Anti-Spam Archive" Retrieval: Manual Download 4. "authentication" Type: "Authentication Logs" Retrieval: Manual Download 5. "avarchive" Type: "Anti-Virus Archive" Retrieval: Manual Download AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1112 6. "bounces" Type: "Bounce Logs" Retrieval: Manual Download 7. "cli_logs" Type: "CLI Audit Logs" Retrieval: Manual Download 8. "encryption" Type: "Encryption Logs" Retrieval: Manual Download 9. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: Manual Download 10. "euq_logs" Type: "IronPort Spam Quarantine Logs" Retrieval: Manual Download 11. "euqgui_logs" Type: "IronPort Spam Quarantine GUI Logs" Retrieval: Manual Download 12. "ftpd_logs" Type: "FTP Server Logs" Retrieval: Manual Download 13. "gui_logs" Type: "HTTP Logs" Retrieval: Manual Download 14. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: Manual Download 15. "reportd_logs" Type: "Reporting Logs" Retrieval: Manual Download 16. "reportqueryd_logs" Type: "Reporting Query Logs" Retrieval: Manual Download 17. "scanning" Type: "Scanning Logs" Retrieval: Manual Download 18. "slbld_logs" Type: "Safe/Block Lists Logs" Retrieval: Manual Download 19. "sntpd_logs" Type: "NTP logs" Retrieval: Manual Download 20. "status" Type: "Status Logs" Retrieval: Manual Download 21. "system_logs" Type: "System Logs" Retrieval: Manual Download 22. "trackerd_logs" Type: "Tracking Logs" Retrieval: Manual Download 23. "updater_logs" Type: "Updater Logs" Retrieval: Manual Download Enter the number of the log you wish to tail. []> 19 Press Ctrl-C to stop. Mon Feb 21 12:25:10 2011 Info: PID 274: User system commit changes: Automated Update for Quarantine Delivery Host Mon Feb 21 23:18:10 2011 Info: PID 19626: User admin commit changes: Mon Feb 21 23:18:10 2011 Info: PID 274: User system commit changes: Updated filter logs config Mon Feb 21 23:46:06 2011 Info: PID 25696: User admin commit changes: Receiving suspended. ^Cmail3.example.com> Email Security Appliance SSH logconfig -> hostkeyconfig . SSH ( AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1113 ) . SSH . SSH . SSH(Secure Shell) , 918 . hostkeyconfig . 145: - Command( ) New . Edit . Delete . Scan . Print . Host . `known_hosts' . Fingerprint . User . SCP . `authorized_keys' . AsyncOS . mail3.example.com> logconfig Currently configured logs: [ list of logs ] Choose the operation you want to perform: - NEW - Create a new log. - EDIT - Modify a log subscription. - DELETE - Remove a log subscription. - SETUP - General settings. - LOGHEADERS - Configure headers to log. - HOSTKEYCONFIG - Configure SSH host keys. []> hostkeyconfig AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1114 Currently installed host keys: 1. mail3.example.com ssh-dss [ key displayed ] Choose the operation you want to perform: - NEW - Add a new key. - EDIT - Modify a key. - DELETE - Remove a key. - SCAN - Automatically download a host key. - PRINT - Display a key. - HOST - Display system host keys. - FINGERPRINT - Display system host key fingerprints. - USER - Display system user keys. []> scan Please enter the host or IP address to lookup. []> mail3.example.com Choose the ssh protocol type: 1. SSH1:rsa 2. SSH2:rsa 3. SSH2:dsa 4. All [4]> SSH2:dsa mail3.example.com ssh-dss [ key displayed ] SSH2:rsa mail3.example.com ssh-rsa [ key displayed ] SSH1:rsa mail3.example.com 1024 35 [ key displayed ] Add the preceding host key(s) for mail3.example.com? [Y]> Currently installed host keys: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1115 1. mail3.example.com ssh-dss [ key displayed ] 2. mail3.example.com ssh-rsa [ key displayed ] 3. mail3.example.com 1024 35 [ key displayed ] Choose the operation you want to perform: - NEW - Add a new key. - EDIT - Modify a key. - DELETE - Remove a key. - SCAN - Automatically download a host key. - PRINT - Display a key. - HOST - Display system host keys. - FINGERPRINT - Display system host key fingerprints. - USER - Display system user keys. []> Currently configured logs: [ list of configured logs ] Choose the operation you want to perform: - NEW - Create a new log. - EDIT - Modify a log subscription. - DELETE - Remove a log subscription. - SETUP - General settings. - LOGHEADERS - Configure headers to log. - HOSTKEYCONFIG - Configure SSH host keys. []> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1116 42 . · , 1117 · , 1118 · , 1119 · , 1120 · , 1127 · GUI , 1132 · , 1135 · , 1139 · FAQ, 1141 Cisco . . , , . (machine) . (Cisco ) . . . , , , Cisco . peer-to-peer , / . . ( . , 1131 .) . , ( ) . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1117 20 . · DNS . IP . DNS , 1135 . DNS . · AsyncOS . , 1129 . · SSH( 22) CCS(Cluster Communication Service) . , 1135 . · SSH CCS(Cluster Communication Service) . . SSH 22 CCS 2222, . CCS CCS . , 1135 . · , CLI(Command Line Interface) clusterconfig . GUI CLI . , 1120 GUI , 1132 . · . CLI clusterconfig > prepjoin . Email Security Appliance . , 913 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1118 3 . , , . 78: , . . "usa" . . . 6 . . . . . . . (group-mode) (machine-mode) (cluster-mode) . Good Neighbor Table . . newyork . , newyork . . . . . . LDAP . Cluster (ldap queries: a, b, c) Group AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1119 Machine LDAP . Cluster (ldap queries: a, b, c) Group (ldap queries: None) Machine , . LDAP . LDAP "" . LDAP . Cluster (ldap queries: a, b, c) Group (ldap queries: d) Machine . . GUI(Graphical User Interface) . , CLI(Command Line Interface) . GUI CLI . . CLI clusterconfig > prepjoin . Email Security Appliance . , 913 . clusterconfig clusterconfig . · . "" , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1120 clusterconfig · . , (: IP ) / . "" , . clusterconfig . . SSH CCS . newyork.example.com> clusterconfig Do you want to join or create a cluster? 1. No, configure as standalone. 2. Create a new cluster. 3. Join an existing cluster over SSH. 4. Join an existing cluster over CCS. [1]> 2 Enter the name of the new cluster. []> americas New cluster committed: Wed Jun 22 10:02:04 2005 PDT Creating a cluster takes effect immediately, there is no need to commit. Cluster americas Choose the operation you want to perform: - ADDGROUP - Add a cluster group. - SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. []> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1121 clusterconfig . SSH CCS(cluster communication service) . · SSH . · IP (: SSH CCS ). · admin . SSH SSH losangeles.example.com . losangeles.example.com> clusterconfig Do you want to join or create a cluster? 1. No, configure as standalone. 2. Create a new cluster. 3. Join an existing cluster over SSH. 4. Join an existing cluster over CCS. [1]> 3 While joining a cluster, you will need to validate the SSH host key of the remote machine to which you are joining. To get the public host key fingerprint of the remote host, connect to the cluster and run: logconfig -> hostkeyconfig -> fingerprint. WARNING: All non-network settings will be lost. System will inherit the values set at the group or cluster mode for the non-network settings. Ensure that the cluster settings are compatible with your network settings (e.g. dnsconfig settings) Do you want to enable the Cluster Communication Service on losangeles.example.com? [N]> n Enter the IP address of a machine in the cluster. []> IP address is entered Enter the remote port to connect to. The must be the normal admin ssh port, not the CCS port. [22]> 22 Enter the admin passphrase for the cluster. The administrator passphrase for the clustered machine is entered Please verify the SSH host key for IP address: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1122 CCS Public host key fingerprint: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx Is this a valid key for this host? [Y]> y Joining cluster group Main_Group. Joining a cluster takes effect immediately, there is no need to commit. Cluster americas Choose the operation you want to perform: - ADDGROUP - Add a cluster group. - SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. []> (Cluster americas)> CCS SSH SSH CCS . CCS ( , SCP ). CCS clusterconfig prepjoin . newyork prepjoin losangeles . prepjoin CLI clusterconfig prepjoin print . clusterconfig . Choose the operation you want to perform: - ADDGROUP - Add a cluster group. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1123 CCS - SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. []> prepjoin Prepare Cluster Join Over CCS No host entries waiting to be added to the cluster. Choose the operation you want to perform: - NEW - Add a new host that will join the cluster. []> new Enter the hostname of the system you want to add. []> losangeles.example.com Enter the serial number of the host mail3.example.com. []> unique serial number is added Enter the user key of the host losangeles.example.com. This can be obtained by typing "clusterconfig prepjoin print" in the CLI on mail3.example.com. Press enter on a blank line to finish. unique user key from output of prepjoin print is pasted Host losangeles.example.com added. Prepare Cluster Join Over CCS 1. losangeles.example.com (serial-number) Choose the operation you want to perform: - NEW - Add a new host that will join the cluster. - DELETE - Remove a host from the pending join list. []> (Cluster Americas)> clusterconfig Cluster americas AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1124 SSH Choose the operation you want to perform: - ADDGROUP - Add a cluster group. - SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. []> SSH SSH (testmachine.example.com) (test_cluster) . testmachine.example.com> clusterconfig Do you want to join or create a cluster? 1. No, configure as standalone. 2. Create a new cluster. 3. Join an existing cluster over SSH. 4. Join an existing cluster over CCS. [1]> 3 While joining a cluster, you will need to validate the SSH host key of the remote machine to which you are joining. To get the public host key fingerprint of the remote host, connect to the cluster and run: logconfig -> hostkeyconfig -> fingerprint. WARNING: All non-network settings will be lost. System will inherit the values set at the group or cluster mode for the non-network settings. Ensure that the cluster settings are compatible with your network settings (e.g. dnsconfig settings) Do you want to enable the Cluster Communication Service on testmachine.example.com? [N]> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1125 SSH Enter the IP address of a machine in the cluster. []> IP address entered Enter the remote port to connect to. The must be the normal admin ssh port, not the CCS port. [22]> Would you like to join this appliance to a cluster using pre-shared keys? Use this option if you have enabled two-factor authentication on the appliance.) [Y]> yes To join this appliance to a cluster using pre-shared keys, log in to the cluster machine, run the clusterconfig > prepjoin > command, enter the following details, and commit your changes. Host: pod1226-esa07.ibesa Serial Number: 42291A18D741EDB4C601-BC14E5579F34 User Key: ssh-dss AAAAB3NzaC1kc3MAAACBAJ6Xm+ja4aau9n4DOcJs/gGwEDEUWgERYchhgWApKt6IW+s58I7knGM81rQgQbNdNCO58D EqaVGmP0Vyb0TTpgvh6f0mr80OuTgWh9bqg4uiOJvbKvlTvDt0o7//mTklm159zr2KT/qFH+9L5i+8iIMX62R5y+a 6E8JV0BrJCNAAAAFQCmK+WOu9HSribsC0f/5dVoADdxEwAAAIA5p7NR74rlSrs0JWWYItNAtE1SamAN+gqCOdUWGPPHT qdrtBIlPQ9tfFoThZElqY4Tx8lku9laasoRLruQ2Z36R3bQGzIn4jzQqujvvbxTvLK9eLoSr8yFbEE3ZvuUo0+vhDn LIDX2N65AQSQsTaOrKX+yQZ8yAVt48CsctpsDrgAAAIAVROGlWoSl8g3FFm2eRTa+/oZ+cMjv+pSZiZoiUCoaIlouc u1ZDpN413QBnf6p/3D8wVD8m5uo8O4N/HXasAMektZvGoP4Sf+shItPuISRv3lrMTEYsD0sqVcMc7vIXUeD2jpOk7MB ooVkTZB/rdTbNMfXrhDkNJ2IAPQQiUKVnw== Before you proceed to the next step, make sure you add the `Host', Serial Number' and `User Key' details to the cluster machine. Would you like to continue? [Y]> yes Joining cluster group Main_Group. Joining a cluster takes effect immediately, there is no need to commit. Cluster test_cluster Choose the operation you want to perform: - ADDGROUP - Add a cluster group. - SETGROUP - Set the group that machines are a member of. - RENAMEGROUP - Rename a cluster group. - DELETEGROUP - Remove a cluster group. - REMOVEMACHINE - Remove a machine from the cluster. - SETNAME - Set the cluster name. - LIST - List the machines in the cluster. - LISTDETAIL - List the machines in the cluster with detail. - DISCONNECT - Temporarily detach machines from the cluster. - RECONNECT - Restore connections with machines that were previously detached. - PREPJOIN - Prepare the addition of a new machine over CCS. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1126 []> (Cluster test_cluster)> . Main_Group . . . 1 clusterconfig . 2 addgroup . 3 setgroup . CLI CLI . , . CLI . "login host" "machine" . clustermode . 146: clustermode clustermode group northamerica "northamerica" "losangeles" clustermode machine losangeles.example.com CLI . (Cluster Americas)> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1127 (Machine losangeles.example.com)> . ( , 1131 ) CLUSTERSHOW CLUSTERSET . CLUSTERSHOW ( , 1130 ). CLUSTERSET (: ) ( ) . . ( ). , . northamerica Good Neighbor Table (destconfig ) , destconfig clusterset ( ) . ( , 1128 .) . , . . . . . , . . 1 clustermode cluster . clustermode , CLI . 2 listenerconfig . 3 clusterset . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1128 () 4 clustermode . . clustermode machine newyork.example.com 5 listenerconfig . 6 . 7 , . 8 clusterset . 9 . () clusterconfig REMOVEMACHINE . "", . Global Unsubscribe , Global Unsubscribe . AsyncOS . AsyncOS clusterconfig . clusterconfig . . GUI Upgrades() . . , AsyncOS . Cisco Systems . . 1 clusterconfig disconnect . losangeles.example.com clusterconfig disconnectlosangeles.example.com . (commit) . 2 suspendlistener . 3 upgrade AsyncOS . . AsyncOS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1129 CLI 4 AsyncOS . . 5 resume . 6 1~5 . . , . 7 clusterconfig reconnect . losangeles.example.com clusterconfig reconnectlosangeles.example.com . AsyncOS . CLI AsyncOS CLI . . , . commit clearchanges commit commitdetail clearchanges , commit . commitdetail . , clearchanges(clear) . CLUSTERSHOW CLUSTERSHOW , . CLI . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1130 Note: Changes to these settings will not affect the following groups and machines because they are overriding the cluster-wide settings: East_Coast, West_Coast facilities_A, facilities_B, receiving_A . CLI GUI , , . . (GUI CLI) . . · GUI "Change Mode( )" "Settings for this features are currently defined at( ):" . · CLI clustermode . 147: clusterconfig sshconfig clustercheck userconfig passwd . passwd . passwd , . ( ). . antispamstatus etherconfig resume suspenddel antispamupdate featurekey resumedel suspendlistener antivirusstatus hostrate resumelistener techsupport antivirusupdate hoststatus rollovernow tophosts AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1131 GUI bouncerecipients interfaceconfig routeconfig topin deleterecipients ldapflush sbstatus trace delivernow ldaptest setgateway version diagnostic nslookup sethostname vofflush dnsflush quarantineconfig settime vofstatus dnslistflush rate shutdown workqueue dnslisttest reboot status dnsstatus resetcounters suspend . ( ) . . 148: last resetconfig tail upgrade ping supportrequest (telnet) who GUI GUI(clusterconfig ) , , GUI , (clustermode clusterset ) . Mail Flow Monitoring( ) Incoming Mail Overview( ) . Incoming Mail Overview( ) GUI . URL . URL machine, group cluster . Incoming Mail Overview( ) URL . https:// hostnamemachine/serial_number /monitor/incoming_mail_overview AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1132 GUI Monitor() Incoming Mail Overview( ) Incoming Mail Details( ) . Mail Policies( ), Security Services( ), Network() System Administration( ) . Mail Policies( ) GUI . 79: GUI : . ( ) . , . ( ) . . , 1128 . Override Settings( ) . . , . 80: GUI : - GUI : , . , "Settings for this feature are currently defined at( ):" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1133 GUI . . (: - GUI : Cluster: Americas ) . 81: GUI : . "Centralized Management Options( )" . "Manage Settings( )" . Centralized Management Options( ) . 82: GUI : "Change Mode( )" . , (, ) . 83: Change Mode( ) "Mode --" . . Incoming Mail Overview( ) . 84: : AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1134 Change Mode( ) . . . . . SSH . , . "ping"(1) . NAT . ( ) . . . DNS DNS . DNS ( ) . . SSH CCS IP DNS . . DNS SSH CCS IP . sethostname " " . IP , IP . IP DNS . , DNS AsyncOS . , sethostname AsyncOS DNS . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1135 CCS(Cluster Communication Security) CCS(Cluster Communication Security) CCS(Cluster Communication Security) SSH . Cisco SSH CCS . SSH (admin ) . . : 22 CCS(Cluster Communication Security) . 22 SSH . CCS Yes . . CCS CLI . . interfaceconfig CSS . . Do you want to enable SSH on this interface? [Y]> Which port do you want to use for SSH? [22]> Do you want to enable Cluster Communication Service on this interface? [N]> y Which port do you want to use for Cluster Communication Service? [2222]> CCS 2222. . . Do you want to enable Cluster Communication Service on this interface? [N]> y Which port do you want to use for Cluster Communication Service? [2222]> " " . "ping" . , . . ping . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1136 / . . / . (: ). (: / ). SSH . . . . . . ( ). . , . . . (Machine mail3.example.com)> clustercheck This command is restricted to "cluster" mode. Would you like to switch to "cluster" mode? [Y]> y Checking Listeners (including HAT, RAT, bounce profiles)... Inconsistency found! Listeners (including HAT, RAT, bounce profiles) at Cluster enterprise: mail3.example.com was updated Mon Sep 12 10:59:17 2005 PDT by 'admin' on mail3.example.com test.example.com was updated Mon Sep 12 10:59:17 2005 PDT by 'admin' on mail3.example.com How do you want to resolve this inconsistency? 1. Force entire cluster to use test.example.com version. 2. Force entire cluster to use mail3.example.com version. 3. Ignore. [1]> . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1137 clustercheck . losangeles> clustercheck Do you want to check the config consistency across all machines in the cluster? [Y]> y Checking losangeles... Checking newyork... No inconsistencies found. Cloud Email Security Appliance . . , . , . . . . · LDAP · · SMTP . ( , 1131 .) . listenerconfig . . . , . . Mail Flow Monitor( ) , System Overview( ) . Scheduled Reports( ) . GUI Scheduled Reports( ) , . System Time( ) settz, ntpconfig settime , . settime ( ), settz ntpconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1138 85: "IncomingMail" "disclaimer" . , "buttercup.run" . . · "disclaimer" · . . AsyncOS . . · , · , · , · . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1139 · XML . , 937 . · . , 936 . · . , 1120 . . XML SSH/CCS . 1 System Administration( ) > Configuration File( ) . 2 Mode() . 3 . · 1. Load Configuration( ) Cluster() . 2. Load() . , 937 . 3. , . Group Configuration( ) Appliance Configuration( ) . Appliance Configuration( ) Don't Copy( ) . 1. . Review() . 2. OK() . 3. Continue() . · 1. Load Configuration( ) Appliance in cluster( ) . 2. Load() . , 937 . . 3. , . . 4. OK() . 5. Continue() . 6. a~e . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1140 FAQ 4 . FAQ , Main_Group . . , . IP , . . . . (: HAT , SMTPROUTES , LDAP ) , . CM . . Settings are defined: To inherit settings from a higher level: Delete Settings for this feature at this mode. You can also Manage Settings. Settings for this feature are also defined at: Cluster: xxx . Delete settings from: Cluster: xxx Machine: yyyy.domain.com : , : , CM CM (LIST) . cluster = CompanyName Group Main_Group: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1141 Machine lab1.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Machine lab2.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Group Paris: Machine lab3.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Machine lab4.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Group Rome: Machine lab5.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) Machine lab6.example.com (Serial #: XXXXXXXXXXXX-XXXXXXX) . Main_Group London (RENAMEGROUP ) . cluster = CompanyName Group London: Machine lab1.cable.nu (Serial #: 000F1FF7B3F0-CF2SX51) ... London . : (: London, London). , . , . Main_Group , . "" . CM / / , (peer) . : , . , CPU . . : clusterconfig GUI . clusterconfig . ( IP ) . clusterconfig . CLI clusterconfig(" ") . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1142 : lab1 clusterconfig CompanyName . , lab2 , saveconfig (lab1 ). lab2 clusterconfig . . CONNSTATUS DNS . , lab1 . , . . . , . . , . , . . , . CLI clusterconfig ADDGROUP . Paris Rome . GUI CLI ( ) . . (: ) (: ) . dnsconfig . Configured at mode: Cluster: Yes Group Main_Group: No Group Paris: No Group Rome: No Machine lab2.cable.nu: No DNS " " . Configured at mode: Cluster: Yes Group Main_Group: No Group Paris: Yes Group Rome: No Machine lab2.cable.nu: No AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1143 CM GUI Paris DNS , Paris . Paris . DNS , SMTPROUTES . CLI CLUSTERSET (GUI ) . , . . . . . , 4 clusterconfig . , . LIST CONNSTATUS . SETGROUP Main_Group Paris Rome . Paris Rome Main_Group . . . . (: ) . CM GUI . SMTPROUTES . , xxx yyy . SMTPROUTES . (SETGROUP) Cisco . . SMTPROUTES , . . Centralized Management Options( ) . . SMTPROUTES , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1144 . SMTPROUTES , SMTPROUTES . SMTPROUTES . . , . Q. ? A. . , . / , . Q. ? A. "", . . Global Unsubscribe , Global Unsubscribe . Q. ? A. . . Security Management Appliance . Q. ? A. Cisco . ( ) . Q. ? A. "" . . Q. ? A. . Q. "peer-to-peer" , "/" ? AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1145 A. ( ), peer-to-peer . Q. ? "" . A. "" . HTTP(GUI) SSH(CLI) . clusterconfig GUI CLI (, ). , . Q. ? A. "" . . Q. IP . reboot GUI/CLI ? A. . 1. IP . 2. . 3. . 4. . 5. clusterconfig . 6. GUI . 7. CCS (interfaceconfig Network() > Listeners() ). 8. . Q. , ? A. , . 50 . Q. ? 1. · . · . · , . · . 2. . 3. . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1146 listenerconfig ( ) . . listenerconfig . 4. . . , . " " . . . . saveconfig . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1147 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1148 43 . · : , 1149 · , 1156 · , 1159 · , 1165 · , 1166 · , 1168 · , 1169 · , 1169 · , 1170 · , 1170 · , 1171 : System Administration( ) > Trace() (CLI trace ) . Trace() ( trace CLI ) , "" ( ). . Cisco Trace() ( trace CLI ) . . Trace() ( trace CLI ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1149 : 149: Trace() Value IP 203.45.98.109 IP . IPv4(Internet 2001:0db8:85a3::8a2e:0370:7334 Protocol version 4) IPv6(version 6) . : trace IP . IP IP trace DNS . Fully Qualified Domain Name of the Source IP( IP ) smtp.example.com . Null IP DNS . Listener to Trace Behavior on( ) InboundMail . SenderBase Network SenderBase ID 34 Owner Organization , IP ID(SenderBase ID ID) . GUI . SenderBase Reputation SBRS -7.5 Score (SBRS , IP scores)(SenderBase SBRS . Reputation (SBRS SBRS )) . SBRS CASE(Context Adaptive Scanning Engine) . , 88 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1150 : Value Envelope Sender( Envelope Sender( [email protected] ) ) . Envelope joe Recipients( . [email protected] ) . To: [email protected] . From: ralph . "" ( ) Subject: Test , this is a test message . . Start Trace( ) . . . (CLI /configuration . Cisco FTP, SSH SCP , 1199 .) . Trace() trace . , trace . . RAT . RAT . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1151 : 150: trace HAT(Host Access Table) Host Access Table . HAT IP . , . Cisco (REJECT TCPREFUSE ), trace . HAT , 103 . Envelope Sender( ) . (, MAIL FROM .) trace "Processing MAIL FROM:" . . , 69 . . listenerconfig -> edit -> masquerade -> config . , 665 . Envelope Recipients( ) . (, RCPT TO .) trace "Processing Recipient List:" . . , 69 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1152 : trace . . , 665 . RAT(Recipient Access Table) RAT . ( , RAT .) , 69 . ( ) . , 665 . , . MTA 250 ok . trace "Message Processing:" . altsrchost , , IP . altsrchost . . , 665 . . . . . , 665 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1153 : trace . , . status status detail "Messages in Work Queue" . To:, From: CC: ( LDAP ) . listenerconfig -> edit -> masquerade -> config . , 665 . LDAP LDAP LDAP , , . LDAP , 735 . . , "true" . , . "false" else . . , 137 . , , Outbreak Filter . Email Security Manager( ) . "Message Going to" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1154 trace Outbreak Filter : . , . Cisco trace . : . . Anti-Spam, 355 . . , . "" Cisco . trace . : . . Anti-Virus, 335 . . , "true" . , . . , 283 . Outbreak Filter . Outbreak Filter , . , . (Outbreak Filter), 399 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1155 trace . . , 613 , 614 . . trace "Message Enqueued for Delivery" . trace , IP . , 665 . . CLI "Would you like to see the resulting message?( ?)" y . "" . queueing non-queueing. · (queueing) , . . · (non-queueing) . . "B" "C" . . SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1156 86: Enterprise Gateway listenerconfig Management BlackHole_1 . HAT(Host Access Table) . · yoursystem.example.com · 10.1.2.29 · badmail.tst · .tst .tst .tst BlackHole_1 . mail3.example.com> listenerconfig Currently configured listeners: 1. InboundMail (on PublicNet, 192.168.2.1) SMTP Port 25 Public 2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> new Please select the type of listener you want to create. 1. Private 2. Public AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1157 3. Blackhole [2]> 3 Do you want messages to be queued onto disk? [N]> y Please create a name for this listener (Ex: "OutboundMail"): []> BlackHole_1 Please choose an IP interface for this Listener. 1. Management (192.168.42.42/24: mail3.example.com) 2. PrivateNet (192.168.1.1/24: mail3.example.com) 3. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Choose a protocol. 1. SMTP 2. QMQP [1]> 1 Please enter the IP port for this listener. [25]> 25 Please specify the systems allowed to relay email through the IronPort C60. Hostnames such as "example.com" are allowed. Partial hostnames such as ".example.com" are allowed. IP addresses, IP address ranges, and partial IP addressed are allowed. Separate multiple entries with commas. []> yoursystem.example.com, 10.1.2.29, badmail.tst, .tst Do you want to enable rate limiting per host? (Rate limiting defines the maximum number of recipients per hour you are willing to receive from a remote domain.) [N]> n Default Policy Parameters ========================== Maximum Message Size: 100M Maximum Number Of Connections From A Single IP: 600 Maximum Number Of Messages Per Connection: 10,000 Maximum Number Of Recipients Per Message: 100,000 Maximum Number Of Recipients Per Hour: Disabled Use SenderBase for Flow Control: No AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1158 Spam Detection Enabled: No Virus Detection Enabled: Yes Allow TLS Connections: No Allow SMTP Authentication: No Require TLS To Offer SMTP authentication: No Would you like to change the default host access policy? [N]> n Listener BlackHole_1 created. Defaults have been set for a Black Hole Queuing listener. Use the listenerconfig->EDIT command to customize the listener. Currently configured listeners: 1. BlackHole_1 (on Management, 192.168.42.42) SMTP Port 25 Black Hole Queuing 2. InboundMail (on PublicNet, 192.1681.1) SMTP Port 25 Public 3. OutboundMail (on PrivateNet, 192.168.1.1) SMTP Port 25 Private Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> commit . HAT , . status, status detail rate . GUI(Graphical User Interface) . . · CLI , 1003 · GUI , 1035 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1159 1 . . Last login: day month date hh:mm:ss from IP address Copyright (c) 2001-2003, IronPort Systems, Inc. AsyncOS x.x for Cisco Welcome to the Cisco Messaging Gateway Appliance(tm) 2 status status detail . mail3.example.com> status mail3.example.com> status detail status . . status detail . . , , . ( CLI , 1003 .) 3 mailconfig . mailconfig , . . mail3.example.com> mailconfig Please enter the email address to which you want to send the configuration file. Separate multiple addresses with commas. []> [email protected] Do you want to include passphrases? Please be aware that a configuration without passphrases will fail when reloaded with loadconfig. [N]> y The configuration file has been sent to [email protected]. mail3.example.com> AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1160 . · netstat ( ), , . · · · · · · diagnostic -> network -> flush . · diagnostic -> network -> arpshow ARP . · packetcapture TCP/IP . packetcapture . UNIX tcpdump . start, stop . SCP FTP /pub/captures . , 1174 . · ping . ping . mail3.example.com> ping Which interface do you want to send the pings from? 1. Auto 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Please enter the host you wish to ping. []> anotherhost.example.com Press Ctrl-C to stop. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1161 PING anotherhost.example.com (x.x.x.x): 56 data bytes 64 bytes from 10.19.0.31: icmp_seq=9 ttl=64 time=0.133 ms 64 bytes from 10.19.0.31: icmp_seq=10 ttl=64 time=0.115 ms ^C --- anotherhost.example.com ping statistics --11 packets transmitted, 11 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.115/0.242/1.421/0.373 ms ping Ctrl-C . · traceroute . mail3.example.com> traceroute Which interface do you want to trace from? 1. Auto 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Please enter the host to which you want to trace the route. []> 10.1.1.1 Press Ctrl-C to stop. traceroute to 10.1.1.1 (10.1.1.1), 64 hops max, 44 byte packets 1 gateway (192.168.0.1) 0.202 ms 0.173 ms 0.161 ms 2 hostname (10.1.1.1) 0.298 ms 0.302 ms 0.291 ms mail3.example.com> · diagnostic -> network -> smtpping SMTP . · nslookup DNS . nslookup DNS(Domain Name Service) IP . mail3.example.com> nslookup Please enter the host or IP to resolve. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1162 []> example.com Choose the query type: 1. A 2. CNAME 3. MX 4. NS 5. PTR 6. SOA 7. TXT [1]> A=192.0.34.166 TTL=2d 151: DNS : A CNAME MX NS PTR SOA TXT (alias) (canonical name) , " " · CLI GUI tophosts Active Recipients( ) . tophosts 20 . . ( " " .) mail3.example.com> tophosts Sort results by: 1. Active Recipients 2. Connections Out 3. Delivered Recipients AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1163 4. Soft Bounced Events 5. Hard Bounced Recipients [1]> 1 Status as of: Mon Nov 18 22:22:23 2003 ActiveConn.Deliv.SoftHard # Recipient HostRecipOutRecip.BouncedBounced 1 aol.com36510255218 2 hotmail.com29071982813 3 yahoo.com13461231119 4 excite.com9838494 5 msn.com8427633 29 ^C · tophosts hoststatus "" . hoststatus . AsyncOS DNS . resetcounters . ( , 1006 .) hoststatus DNS . hoststatus . · . 20, 21, 22, 23, 25, 53, 80, 123, 443 628 . ( , 1227 .) · [email protected] . DNS [email protected] . . DNS PTR - IP PTR ? DNS A - PTR Envelope From IP ? HELO - SMTP HELO Envelope From DNS ? - SMTP HELO IP MX ? AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1164 . · IP listenerconfig . IP ? HAT(Host Access Table) listenerconfig . HAT . listenerconfig -> edit -> listener_number -> hostaccess -> print IP , IP , HAT . " " . limits . listenerconfig -> edit -> listener_number -> limits · FTP . . injection_machine% telnet appliance_name telnet . mail3.example.com> telnet Please select which interface you want to telnet from. 1. Auto 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 3 Enter the remote hostname or IP. []> 193.168.1.1 Enter the remote port. [25]> 25 Trying 193.168.1.1... Connected to 193.168.1.1. Escape character is '^]'. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1165 Management, Data1 Data2 . FTP, SSH SCP , 1199 . 25 SMTP ( ). · IronPort . SMTP . . , ("Sent to") ("Received from") . , 1062 , 1083 . . · . tophosts , . "Active Recipients( )" ? Connections Out ( ) ? 600. 10,000(deliveryconfig ). . listenerconfig -> edit -> listener_number -> limits destconfig ( Virtual Gateway )? destconfig . destconfig -> list · hoststatus . tophosts hoststatus "" . ? MX ? 5XX (Permanent Negative Completion ) hoststatus "5XX" . TLS hoststatus . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1166 · , / . SMTP . . , 1082 . . , 1077 . , . . , 1062 . · telnet . mail3.example.com> telnet Please select which interface you want to telnet from. 1. Auto 2. Management (192.168.42.42/24: mail3.example.com) 3. PrivateNet (192.168.1.1/24: mail3.example.com) 4. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Enter the remote hostname or IP. []> problemdomain.net Enter the remote port. [25]> 25 · TLS TLS tlsverify . . AsyncOS Required (Verify) TLS TLS . mail3.example.com> tlsverify Enter the TLS domain to verify against: []> example.com Enter the destination host to connect to. Append the port (example.com:26) if you are not connecting on port 25: AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1167 [example.com]> mxe.example.com:25 Connecting to 1.1.1.1 on port 25. Connected to 1.1.1.1 from interface 10.10.10.10. Checking TLS connection. TLS connection established: protocol TLSv1, cipher RC4-SHA. Verifying peer certificate. Verifying certificate common name mxe.example.com. TLS certificate match mxe.example.com TLS certificate verified. TLS connection to 1.1.1.1 succeeded. TLS successfully connected to mxe.example.com. TLS verification completed. . · rate hostrate . rate . , 1010 . hostrate . · status . · status detail RAM . RAM, CPU I/O status detail . RAM 45% . RAM 45% " " , "back-off" . This system (hostname: hostname) has entered a 'resource conservation' mode in order to prevent the rapid depletion of critical system resources. RAM utilization for this system has exceeded the resource conservation threshold of 45%. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1168 The allowed injection rate for this system will be gradually decreased as RAM utilization approaches 60%. . RAM 45% (hoststatus hostrate ). . RAM Cisco . · ? tophosts , . . , , , . , 1014 . . · deleterecipients · bouncerecipients · redirectrecipients · suspenddel / resumedel · suspendlistener / resumelistener tophosts . "Soft Bounced Events"( 4) "Hard Bounced Recipients"( 5) . . Internet Explorer , 994 . · : C380 C680 (RAID ) , 1169 · , 1170 : C380 C680 (RAID ) C380 C680 "Battery Relearn Timed Out" (RAID event)( (RAID )) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1169 . RAID . . 48 RAID . RAID . . . , 942 . / . Cisco x90 Series Content Security Appliances (http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html) . (: ) . IPMI(Intelligent Platform Management Interface) . · . , 958 . · . , 958 . · IPMI . · status, on, off, cycle, reset, diag, soft · "insufficient privileges( )" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1170 · IPMI 2.0 . · IPMI . IPMI . 1 IPMI IP power-cycling . IPMI UNIX . ipmitool -I lan -H 192.0.2.1 -U remoteresetuser -P password chassis power reset 192.0.2.1 IP remoteresetuser password . 2 11 . · , 1171 · , 1171 · Cisco , 1172 · , 1174 Cisco Content Security Virtual Appliance (http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html) . · . Cisco , 7 . . · . · , 7 · Cisco Support Community, 7 · Cisco , Cisco.com ID . Cisco.com AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1171 Cisco Cisco.com (https://sso.cisco.com/autho/forms/CDClogin.html) . Cisco.com ID , . Cisco , 8 . Cisco.com ID ID . · Cisco . . · . · . · . 1 . 2 Help and Support( ) > Contact Technical Support( ) . 3 . 4 Send() . CCO User ID Contract ID . Cisco Cisco . · , 1172 · , 1173 · , 1174 · , 1174 · , 1174 upgrades.ironport.com SSH . . 25. . . 1 . 2 GUI Help and Support( ) > Remote Access( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1172 3 Enable() . 4 . Seed String( ) Cisco . Secure Tunnel( ) . . 25, . 5 Submit() . , 1174 . . · 22 . · , 1172 . 1 CLI techsupport . 2 sshaccess . 3 . . · , 1174 · , 1174 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1173 techsupport 7 upgrades.ironport.com . , . 1 . 2 GUI Help and Support( ) > Remote Access( ) . 3 Disable() . techsupport . 1 CLI techsupport . 2 sshaccess . 3 disable . 1 CLI techsupport . 2 status . TCP/IP . . 1 Help and Support( ) > Packet Capture( ) . 2 . a) Packet Capture Settings( ) Edit Settings( ) . b) ( ) , . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1174 Filters() · UNIX tcpdump (: host 10.10.10.10 && port 80) . · IP (: Email Security Appliance ) IP . · IP (: Exchange Server) IP . · Email Security Appliance IP . c) Submit() . 3 Start Capture( ) . · . · (: ) Packet Capture( ) . · GUI CLI GUI . CLI CLI . · 10 . ( ) . 1/10 . · GUI . (CLI .) 4 . Stop Capture( ) . 5 . · Manage Packet Capture Files( ) Download File( ) . · captures FTP SCP . . · FTP SCP . Cisco , 1172 . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1175 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1176 44 D-Mode . · : D-Mode , 1177 · , 1179 · IPMM(IronPort Mail Merge) , 1180 : D-Mode D-Mode Email Security Appliance , . D-Mode . · D-Mode , 1177 · D-Mode , 1178 · D-Mode , 1178 D-Mode · 256 (Virtual Gateway Address) - Cisco Virtual Gateway ( IP , ), ( ). , 69 "Customizing Listeners( )" . · IPMM(IronPort Mail Merge) - IPMM(IronPort Mail Merge) . , . IPMM(IronPort Mail Merge) , 1180 . · - D-Mode . , 1179 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1177 D-Mode D-Mode · D-Mode · IronPort Anti-Spam Scanning On/Off - IronPort Anti-Spam Scanning . . · Outbreak Filter - Outbreak Filter D-Mode . Outbreak Filter . · SenderBase Network Participation - SenderBase Network Participation D-Mode . SenderBase Network Participation . · - . , . D-Mode Email Security Monitor Overview( ) ( D-Mode ). · Data Loss Prevention - DLP D-Mode . D-Mode 152: D-Mode AsyncOS Anti-Virus, 335 . DKIM/ . , 571 . , 1117 . . destconfig "Good Neighbor" Table . , 703 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1178 D-Mode . , 703 . , 893 . () : , 1149 . VLAN, NIC , 1039 . . , 335 . 1 . ( ) Cisco Email Security Appliance . System Administration( ) > Feature Key( ) CLI featurekey . 30 Sophos McAfee Anti-Virus . 2 . 3 (GUI CLI) . . ( .) D-Mode AsyncOS . , . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1179 D-Mode mail3.example.com> bounceconfig Choose the operation you want to perform: - NEW - Create a new profile. - EDIT - Modify a profile. - DELETE - Remove a profile. - SETUP - Configure global bounce settings. []> setup Do you want to bounce all enqueued messages bound for a domain if the host is down? [N]> y 10 "" . AsyncOS 15 , 10 . IPMM(IronPort Mail Merge) IronPort Mail Merge D-Mode . IronPort Mail Merge IronPort Mail Merge . , . IPMM . . IPMM "" . ( .) · . IPMM . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1180 D-Mode · . , "" . · . . · . D-Mode . SMTP IPMM SMTP . . (D-Mode IPMM .) SMTP , D-Mode SMTP . IPMM listenerconfig setipmm . , 69 . IPMM (MAIL FROM DATA) (XDFN) SMTP . MAIL FROM XMRG FROM DATA XPRT . . 1. EHLO . 2. XMRG FROM: . 3. . 4. (XDFN *PART=1,2,3...) XDFN . 5. RCPT TO: . RCPT TO: XMRG FROM RCPT TO . 6. XPRT n , DATA (.) . XPRT n LAST . . HTML . , (&) (;) . (*) . IPMM "" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1181 1 D-Mode 1 153: IPMM: *FROM *TO *PARTS *DATE *DK *FROM "Envelope From" . "Envelope From" "XMRG FROM:" . *TO "RCPT TO:" . *PARTS . RCPT TO:" , "XPRT n" . *DATE . *DK DomainKeys Signing ( AsyncOS ). DomainKeys Signing , 571 . ( ) 4 5 . . &*TO; . . . From: Mr.Spacely <[email protected]> To: &first_name;&last_name;&*TO; Subject: Thanks for Being an Example.Com Customer Dear &first_name;, Thank you for purchasing a &color; sprocket. . . · · - SMTP DATA , IPMM XPRT . . . . *PARTS . 2 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1182 D-Mode 2, 1 . . 2, 1 From: Mr. Spacely <[email protected]> To: &first_name; &last_name; &*TO; Subject: Thanks for Being an Example.Com Customer Dear &first_name;, Thank you for purchasing a &color; sprocket. 2, 2 Please accept our offer for 10% off your next sprocket purchase. . . · · · - IPMM DomainKeys Signing IPMM DomainKeys Signing . DomainKeys *DK . . XDFN first_name="Jane" last_name="User" color="red" *PARTS=1,2 *DK=mass_mailing_1 "mail_mailing_1" DomainKeys . XMRG FROM XDFN IPMM SMTP . : XMRG FROM: <sender email address> SMTP MAIL FROM: , IPMM . IPMM XMRG FROM: . : AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1183 XPRT D-Mode XPRT XDFN <KEY=VALUE> [KEY=VALUE] XDFN . - . *PARTS XPRT ( ). *PARTS . (XPRT ) . *FROM, *TO *DATE. : XPRT index_number LAST Message . XPRT SMTP DATA . . (SMTP DATA ). LAST , . LAST . · XDFN , . D-Mode 4. . . · - ("/") . HTML . ™ HTML . XDFN trade=foo HTML " TM " IPMM , ("foo") . GET URL "&" . IPMM #2() IPMM . , "Jane User" "Joe User" . bold D-Mode SMTP , monospaced type SMTP , italic type . . 220 ESMTP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1184 D-Mode IPMM EHLO foo 250 - ehlo responses from the listener enabled for IPMM . XMRG FROM:<[email protected]> [Note: This replaces the MAIL FROM: SMTP command.] 250 OK . XDFN first_name="Jane" last_name="User" color="red" *PARTS=1,2 [Note: This line defines three variables (first_name, last_name, and color) and then uses the *PARTS reserved variable to define that the next recipient defined will receive message parts numbers 1 and 2.] 250 OK RCPT TO:<[email protected]> 250 recipient <[email protected]> ok XDFN first_name="Joe" last_name="User" color="black" *PARTS=1 [Note: This line defines three variables (first_name, last_name, and color) and then uses the *PARTS reserved variable to define that the next recipient defined will receive message parts numbers 1 only.] RCPT TO:<[email protected]> 250 recipient <[email protected]> ok 1 . XPRT 1 [Note: This replaces the DATA SMTP command.] 354 OK, send part From: Mr. Spacely <[email protected]> To: &first_name; &last_name; &*TO; Subject: Thanks for Being an Example.Com Customer &*DATE; Dear &first_name;, Thank you for purchasing a &color; sprocket. . 2 . LAST 2 . XPRT 2 LAST AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1185 D-Mode Please accept our offer for 10% off your next sprocket purchase. . 250 Ok, mailmerge message enqueued "250 Ok, mailmerge message queued" . Jane User . From: Mr. Spacely <[email protected]> To: Jane User <[email protected]> Subject: Thanks for Being an Example.Com Customer message date Dear Jane, Thank you for purchasing a red sprocket. Please accept our offer for 10% off your next sprocket purchase. Joe User . From: Mr. Spacely <[email protected]> To: Joe User <[email protected]> Subject: Thanks for Being an Example.Com Customer message date Dear Joe, Thank you for purchasing a black sprocket. Cisco IPMM IPMM . IPMM Cisco . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1186 45 Cisco Content(M-Series) Security Management Appliance . · Cisco Content Security Management Appliance Services , 1187 · , 1188 · , 1188 · , Outbreak , 1191 · , 1196 · , 1197 · , 1198 Cisco Content Security Management Appliance Services Cisco Content Security Management Appliance(M-Series ) Email Security Appliance " " . Security Management Appliance . · . , . · , Outbreak . , Outbreak . · . Email Security Appliance . · . Email Security Appliance . Cisco Content Security Management Appliance Cisco Content Security Management Appliance . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1187 Cisco Content(M-Series) Security Management Appliance Email Security Appliance Security Management Appliance . CLI smaconfig > add . OR Email Security Appliance Security Management Appliance . , 913 . Cisco Content Security Management Appliance (: ) DMZ . 2- DMZ . Security Management Appliance DMZ . 87: Cisco Content Security Management Appliance Email Security Appliance Security Management Appliance . , Email Security Appliance . · , 1189 · , 1189 · / , 1190 · , 1191 · , 1191 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1188 Cisco Content(M-Series) Security Management Appliance , 1188 DMZ . DMZ MTA(mail transfer agent)() . ( ) Security Management Appliance . , . . Security Management Appliance Email Security Appliance . HAT , RAT, , , , , , . Security Management Appliance Email Security Appliance Security Management Appliance , . Security Management Appliance IP . Security Management Appliance IP Email Security Appliance . Security Management Appliance IP . Security Management Appliance IP . Security Management Appliance Cisco Content Security Management Appliance . Security Management Appliance (Content Security Appliance ) (Cisco Content Security Management Appliance ). Security Management Appliance Email Security Appliance , , ( Content Security Appliance) . Security Management Appliance . Email Security Appliance Security Management Appliance . . · - Security Management Appliance . . · - Schedule Delete After( ) . · - "Delete All( )" ( , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1189 / Cisco Content(M-Series) Security Management Appliance 891 ). . . . / Email Security Appliance . · , 1189 . · , 1189 . · / Security Management Appliance . Security Management Appliance . · Email Security Appliance . Email Security Appliance . 1 Security Services( ) > Centralized Services( ) > Spam Quarantine( ) . 2 Configure() . 3 Enable External Spam Quarantine( ) . 4 Name() Security Management Appliance . . Security Management Appliance . 5 IP . Spam Quarantines Settings( ) (Management Appliance( ) > Centralized Services( ) > Spam Quarantine( )) Security Management Appliance IP . 6 ( ) External Safelist/Blocklist( / ) . 7 . 8 Email Security Appliance . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1190 Cisco Content(M-Series) Security Management Appliance , 1191 . · , 868 · , 867 · Anti-Spam, 355 · , 356 . / , 1190 . 1 Monitor() > Spam Quarantine( ) . 2 Spam Quarantine( ) Spam Quarantine( ) . 3 Enable Spam Quarantine( ) . . . 4 . Email Security Appliance : Security Management Appliance Email Security Appliance . : Security Management Appliance IP . , 1189 . , Outbreak · , , , 1192 · , Outbreak , 1193 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1191 , , Cisco Content(M-Series) Security Management Appliance · , Outbreak , 1193 · , Outbreak , 1195 · , Outbreak , 1196 , , Security Management Appliance , . Email Security Appliance Security Management Appliance . , Outbreak . · Email Security Appliance . · DMZ . · Security Management Appliance . Security Management Appliance . , Outbreak · Email Security Appliance , Outbreak , . · Security Management Appliance , Outbreak . , Outbreak , Outbreak . : · (, ) EmailSecurity appliance , Outbreak , Security Management Appliance . · DLP . · , Outbreak . · Security Management Appliance . . , Outbreak Email Security Appliance , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1192 Cisco Content(M-Series) Security Management Appliance , Outbreak . , Outbreak , Outbreak mail Security appliance , Outbreak SecurityManagement appliance . SecurityManagement appliance , Email Security Appliance , Outbreak . . · Email Security Appliance , Outbreak . Security Management Appliance . · Security Management Appliance . · , Outbreak . . , 854 . · . · . . Email Security Appliance . · . . . , Outbreak . · , Security Management Appliance . Security Management Appliance " , Outbreak " ", Outbreak " . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1193 , Outbreak Cisco Content(M-Series) Security Management Appliance · Security Management Appliance Security Management Appliance . . , 851 . · Email Security Appliance . · Email Security Appliance , Outbreak , 1192 . · . , Outbreak , 1193 . 1 2 3 Security Services( ) > Centralized Services( ) > Policy, Virus, and Outbreak Quarantines(, Outbreak ) . Enable() . SecurityManagement appliance . SecurityManagement appliance . Email Security Appliance . 4 5 6 7 . . . DLP . . . 8 a) Security Management Appliance . b) . Remove from Centralized Quarantine( ) . . c) Security Management Appliance . d) . ! Security Services( ) > Centralized Services( ) > Policy, Virus, and Outbreak Quarantines(, Outbreak ) . 9 Submit() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1194 Cisco Content(M-Series) Security Management Appliance , Outbreak 10 8 . 11 . Email Security Appliance Security Management Appliance . 12 . . Security Management Appliance ", Outbreak " . · , , 857 , Outbreak Email Security Appliance , : · Email Security Appliance . · , , DLP Email Security Appliance . ( ) Virus(), Outbreak( ) Unclassified() . . · . · . · . · true . * Security Management Appliance . Security Management Appliance . * Email Security Appliance . , Outbreak · , Outbreak . · . · , Outbreak . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1195 , Outbreak Cisco Content(M-Series) Security Management Appliance · . Security Management Appliance . 1 Email Security Appliance Security Services( ) > Centralized Services( ) > Policy, Virus, and Outbreak Quarantines(, Outbreak ) . 2 , Outbreak . 3 . 4 . , Outbreak Cisco Content Security Management Appliance , Outbreak Security Management Appliance Email Security Appliance . Security Management Appliance Email Security Appliance . Security Management Appliance " , Outbreak " ", Outbreak " . · Security Management Appliance . Cisco Content Security Management Appliance . · Security Management Appliance . 1 Security Services( ) > Reporting() . 2 Reporting Service( ) Centralized Reporting( ) . 3 . Advanced Malware Protection Security Management Appliance Advanced Malware Protection( ) Security Management Appliance AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1196 Cisco Content(M-Series) Security Management Appliance Advanced Malware Protection . Email Security Appliance : · Email Security Appliance Security Management Appliance . · Email Security Appliance . · Email Security Appliance . · Security Management Appliance . · Email Security Appliance . · Email Security Appliance . Email Security Appliance Email Security Appliance , , . . . . Email Security Appliance . Email Security Appliance . 1 Security Services( ) > Message Tracking( ) . 2 Message Tracking Service( ) Edit Settings( ) . 3 Enable Message Tracking Service( ) . 4 Centralized Tracking( ) . 5 ( ) . Security Management Appliance . 6 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1197 Cisco Content(M-Series) Security Management Appliance Email Security Appliance Security Management Appliance . Security Management Appliance Cisco Content Security Management Appliance . Cisco Content Security Management Appliance . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1198 A FTP, SSH SCP . · IP , 1199 · Email Security Appliance FTP , 1200 · scp(Secure Copy) , 1202 · , 1203 IP IP . IP . IP IPv4(Internet Protocol version 4), IPv6(version 6) . 154: Management interface2 FTP 21 SSH 22 HTTP 80 HTTPS 443 2 "Management Interface" C170 Data 1 Interface . · GUI(graphical user interface) HTTP / HTTPS . · FTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1199 AsyncOS IP FTP, SSH SCP · scp(secure copy) . IP HTTP HTTPS . Virtual Gateway IP IP Virtual Gateway . "" (CLI ), . Virtual Gateway . VLAN (CLI ). , 1039 . · AsyncOS IP , 1200 AsyncOS IP AsyncOS Network() > IP Interfaces(IP ) ifconfig CLI IP IP IP . IP . IP IP . IP · 10.10.10.2/24 · 10.10.10.30/24 · 10.10.10.100/24 · 10.10.10.105/24 AsyncOS IP 10.10.10.2/24 . Email Security Appliance FTP 1 Network() > IP Interfaces(IP ) interfaceconfig FTP . interfaceconfig , CLI . , Serial Management . 2 . 3 FTP . IP . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1200 FTP, SSH SCP FTP, SSH SCP $ ftp 192.168.42.42 FTP . 4 . FTP ("GET" PUT") . . /configuration : · (altsrchost) · XML (Saveconfig, loadconfig) · HAT(Host Access Table)(hostaccess) · RAT(Recipient Access Table)(rcptaccess) · SMTP (smtproutes) · (aliasconfig) · (masquerade) · (filters) · (unsubscribe) · trace · slbl<timestamp><serial number>.csv / /antivirus (scan.dat) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1201 scp(Secure Copy) FTP, SSH SCP /configuration /system_logs /cli_logs /status /reportd_logs reportqueryd_logs /ftpd_logs /mail_logs /asarchive /bounces /error_logs /avarchive /gui_logs /sntpd_logs /RAID.output /euq_logs /scanning /antispam /antivirus /euqgui_logs /ipmitool.output logconfig rollovernow . , 1053 . " " . 5 FTP . scp(Secure Copy) scp(secure copy) / . /tmp/test.txt mail3.example.com . (admin) . . scp(secure copy) . % scp /tmp/test.txt [email protected]:configuration The authenticity of host 'mail3.example.com (192.168.42.42)' can't be established. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1202 FTP, SSH SCP DSA key fingerprint is 69:02:01:1d:9b:eb:eb:80:0c:a1:f5:a6:61:da:c8:db. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'mail3.example.com ' (DSA) to the list of known hosts. [email protected]'s passphrase: (type the passphrase) test.txt 100% |****************************| 1007 00:00 % . % scp [email protected]:configuration/text.txt . [email protected]'s passphrase: (type the passphrase) test.txt 100% |****************************| 1007 00:00 % Cisco FTP scp(secure copy) . Operators Administrators secure copy(scp) . , 897 . . . 80-Series 90-Series AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1203 70-Series FTP, SSH SCP 70-Series , . 88: 155: PIN I/O 1 DCD Data carrier detect 2 SIN Serial input 3 SOUT Serial output 4 DTR 5 GND Signal ground 6 DSR 7 RTS 8 CTS 9 RI Ring indicator Shell AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1204 B IP . · , 1205 · IP , 1205 · CSA , 1207 Cisco CSA(Content Security Appliance) ( ) 4 . . · Management · Data1 · Data2 · Data3 · Data4 IP CSA . IP . ( IP ) . IP . IP . IP IP . . IP . IP ( ) . IP AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1205 IP . CIDR(Classless Inter-Domain Routing) . (1-32) . . 255.255.255.0 "/24" 255.255.240.0 "/20" . " . Int1 Int2 . CSA 3 (Management, Data1, Data2) 2 . Network 1: . IP Netmask Int1 192.168.1.10 255.255.255.0 192.168.1.0/24 Int2 192.168.0.10 255.255.255.0 192.168.0.0/24 192.168.1.X( X 1-255 , , 10) Int1 . 192.168.0.X Int2 . ( WAN ) . . Network 2: (IP ) . IP Netmask Int1 192.168.1.10 255.255.0.0 192.168.0.0/16 Int2 192.168.0.10 255.255.0.0 192.168.0.0/16 . CSA 192.168.1.11 . . CSA . , CSA IP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1206 IP IP , IP , GUI CLI (: AsyncOS DNS ) ( ) . 3 CSA ( /24 ). IP Management 192.19.0.100 Data1 192.19.1.100 Data2 192.19.2.100 192.19.0.1. AsyncOS ( ) Data1(192.19.1.100) IP , TCP Data1 . ( Management) , Data1 IP . CSA . CSA IP , IP . . CSA . · (CLI, , ) . · . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1207 IP IP · 1000Base-T SMTP 100Base-T , . · . , . . . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1208 C . · , 1209 . 1. , , . 2. ( ) 2 , . 3. 3 . 4. . , , . "Policy Administrator( )" . , , . · Anti-Spam, 355 · Anti-Virus, 335 · (Outbreak Filter), 399 · , 893 Mail Policies( ) . Anti-Spam, Sophos McAfee Anti-Virus, Outbreak Filters( ) Incoming Mail Policies( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1209 Enabled(), Disabled() "Not Available( )" . · ( ): · : , · : , · : · ( ): · : , · : , · : · : , , X-header · : , · : , · : , · : · : · · 1 · · : 89: Incoming Mail Policies( ) : Incoming Mail Policy( ) . Enabled(), Disabled() "Not Available( )" ( ) . "Enabled" . , "Disabled" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1210 "Not Available" . "Not Available" Security Services( ) . . . 90: Security Services Not Available( ) . . · . . . . . , . [MARKETING] . 1 . , . "Disable()" . 2 "Positively Identified Spam Settings( )" "Action to apply to this message( )" Drop() . 3 "Marketing Email Settings( )" Yes() . [MARKETING] . "Add text to message( )" US-ASCII . 4 Submit() . Incoming Mail Policies( ) . , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1211 91: Anti-Spam Settings( ) 2 . (LDAP ) . Policy Administrator( ) . . 1 Add Policy() . 2 ( ). ( ) . ( ) . 3 Editable by (Roles)( ()) , . AsyncOS . , , . , , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1212 . . , 893 . 4 . . ( , 272 .) , . . · : [email protected] · : user@ · : @example.com · : @.example.com · LDAP AsyncOS GUI CLI / . Joe@ [email protected] . LDAP (: Microsoft Active Directory, SunONE Directory Server( "iPlanet Directory Server") OpenLDAP ) , / , , . . LDAP , 735 . 92: 5 Add() Current Users( ) . , LDAP . Remove() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1213 6 Submit() . . 93: - 7 Add Policy( ) . . 94: 8 Submit() . 9 . 95: - . . . "Sales_Group" "Engineering" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1214 , , . · . · () . · . . · . ( , 1211 .) . . . Anti-Spam, 355 . · , URL (example.com ) . "dwg" . (Outbreak Filter), 399 . 1 (Anti-Spam) . (use default). 2 "Enable Anti-Spam Scanning for this Policy( )" "Use Default Settings( )" "Use Anti-Spam service( )" . "Use Anti-Spam service( )" . 3 "Positively-Identified Spam Settings( )" "Apply This Action to Message( )" Drop() . 4 "Suspected Spam Settings( )" Yes() . 5 "Suspected Spam Settings( )" "Apply This Action to Message( )" "Spam Quarantine( )" . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1215 . 6 "Add text to subject( )" None() . . 7 "Marketing Email Settings( )" Yes() . 8 "Apply This Action to Message( )" "Spam Quarantine( )" . 9 . . LDAP . Outbreak Filter( ) 1 (Outbreak Filters ) . (use default). 2 "Enable Outbreak Filtering (Customize settings)( ( ))" . "(Customize settings)" . . 3 "Bypass Attachment Scanning( )" dwg . "dwg" . (.) . 4 Add Extension( ) .dwg . 5 Enable Message Modification( ) . (: , , URL) . Cisco Security . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1216 6 Enable for Unsigned Messages( ) . URL . URL . 4 . 7 Bypass Domain Scanning( ) example.com . example.com . 8 Threat Disclaimer( ) System Generated( ) . . . 96: 9 . . dwg ( ) . example.com Cisco Security . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1217 Incoming() Outgoing Mail Policies( ) "Find Policies( )" . [email protected] Find Policies( ) . Edit Policy( ) . . . , . "" , . , . , . . "" . "" . 156: / Anti-Spam Anti-Virus : : : : "[Suspected : "[Marketing]" Spam]" : : : : : : : : : , , AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1218 3 . Policy Administration( ) . . 1. "scan_for_confidential" "confidential" . [email protected] . 2. "no_mp3s" MP3 , MP3 . 3. "ex_employee" (ex-employee) . . , ( ) . "Confidential" . 1 2 3 4 Mail Policies( ) . Incoming Content Filters( ) . Add Filter( ) . Name() scan_for_confidential . ASCII , , . . 5 Editable By (Roles)( ()) Policy Administrator( ) OK() . Policy Administrator( ) . 6 7 8 9 Description() . : scan all incoming mail for the string `confidential'. Add Condition( ) . Message Body( ) . Contains text( ): confidential OK() . Add Content Filter( ) . 10 Add Action( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1219 MP3 11 Send Copy To (Bcc:)( (Bcc:)) . 12 Email Addresses( ) [email protected] . 13 Subject() [message matched confidential filter] . 14 OK() . Add Content Filter( ) . 15 Add Action( ) . 16 Quarantine() . 17 Policy() . 18 OK() . Add Content Filter( ) . 19 . . . . MP3 . 1 Add Filter( ) . 2 Name() no_mp3s . 3 Editable By (Roles)( ()) Policy Administrator( ) OK() . 4 Description() . : strip all MP3 attachments. 5 Add Action( ) . 6 Strip Attachment by File Info( ) . 7 File type is( ) . 8 -- mp3 . 9 . 10 OK() . 11 . . . ( true() . .) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1220 . 1 2 3 4 5 6 7 8 Add Filter( ) . Name(): ex_employee . Editable By (Roles)( ()) Policy Administrator( ) OK() . Description(): . : bounce messages intended for Doug. Add Condition( ) . Envelope Recipient( ) . Begins with doug@ . OK() . Content Filters( ) . LDAP . . 9 Add Action( ) . 10 Notify() . 11 Sender() , Subject() message bounced for ex-employee of example.com . 12 Use template( ) . . , Mail Policies( ) > Dictionaries() CLI dictionaryconfig , . , 613 . 13 OK() . Add Content Filters( ) . 14 Add Action( ) . 15 Bounce (Final Action)(( )) OK() . . GUI . . . 16 . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1221 Incoming Content Filters( ) . Incoming Content Filters( ) Outgoing Content filters( ) " " . 97: Incoming Content Filters( ): 3 3 . · 3 . · no_mp3s . · . . 1 Incoming Mail Policies( ) Incoming Mail Policy( ) . , 1212 . . 2 (Content Filters ) . 3 Content Filtering for Default Policy( ) "Disable Content Filters( )" "Enable Content Filters (Customize settings)( ( ))" . ( , 283 Incoming Content Filters( ) ) . "Enable Content Filters (Customize settings)( ( ))" () . 4 Enable() . 5 Submit() . Incoming Mail Policies( ) . MP3 "engineering" "no_mp3s" AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1222 GUI 1 (Content Filters ) . 2 Content Filtering for Policy: Engineering( : ) "Enable Content Filtering (Inherit default policy settings)( ( ))" "Enable Content Filtering (Customize settings)( ( ))" . "Use Default Settings( )" "Yes()" () . 3 "no_mp3s" . 4 Submit() . Incoming Mail Policies( ) . 5 . , MP3 . MP3 . GUI · . . ( true() . .) · , . , 893 . · . · . . ^ $ * + ? { [ ] \ | ( ) '\'() . : "\*Warning\*" · ( AND) , ( OR) . · "benign()" . "deliver()" . . (: ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1223 · , " " . . · Incoming or Outgoing Content Filters( ) 1 . · Incoming or Outgoing Mail Policies( ) . · . · Bcc: . ( , , , 847 .) (, ) . · "Entire Message( )" Scan Behavior( ) scanconfig . "Entire Message( )" . "Subject()" "Header()" . · LDAP (, ldapconfig LDAP ) LDAP GUI . · GUI . , Text Resources( ) CLI textconfig . · , , . · (UTF-8) · (UTF-16) · /-1(ISO 8859-1) · /-1(Windows CP1252) · (Big 5) · (GB 2312) · (HZ GB 2312) · (ISO 2022-KR) · (KS-C-5601/EUC-KR) · (Shift-JIS (X0123)) · (ISO-2022-JP) · (EUC) . . . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1224 98: · Incoming or Outgoing Content Filters( ) "Description()", "Rules()" "Policies()" . · Description() . ( .) · Rules() . · Policies() . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1225 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1226 D . · , 1227 Cisco Content Security Appliance . 157: Protocol( In/Out ) 20/21 TCP In/Out Hostname AsyncOS IP, FTP 22 TCP 22 TCP 22 TCP 25 TCP In AsyncOS IP Out SSH Out SCP Out FTP. TCP 1024 . FTP . , 7 . CLI SSH , . SSH . SCP . SMTP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1227 25 TCP In AsyncOS IP SMTP. 53 UDP/TCP Out DNS DNS DNS. SenderBase . 80 HTTP In AsyncOS IP GUI HTTP . 80 HTTP Out downloads.ironport.com McAfee 80 HTTP Out updates.ironport.com AsyncOS McAfee Anti-Virus . 80 HTTP Out cdn-microupdates.cloudmark.com Intelligent MultiScan . phone home CIDR 208.83.136.0/22 . 80 HTTP Out TAXII . 82 HTTP In AsyncOS IP . 83 HTTPS In AsyncOS IP . 110 TCP Out POP POP . 123 UDP In Out NTP NTP. 143 TCP Out IMAP IMAP . 161 UDP In AsyncOS IP SNMP . 162 UDP Out SNMP . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1228 389 LDAP 3268 636 LDAPS 3269 443 TCP 443 TCP 443 TCP 443 TCP 443 TCP 443 TCP 443 TCP 443 TCP Out LDAP LDAP LDAP. Cisco Spam Quarantine LDAP . Out LDAPS LDAPS - ActiveDirectory Global Catalog Server(SSL ). In AsyncOS IP GUI HTTP(https) . Out res.cisco.com . Out update-manifests.ironport.com ( ). Out update-manifests.sco.cisco.com ( ). Out phonehome.senderbase.org Outbreak Filter /. Out CLI(command-line interface) URL URL websecurityadvancedconfig . . . Out Security Services( , ) > File Reputation and Analysis( ), . Advanced Settings for File 32137. Reputation( 443 ) , Cloud Server . Pool( ) . Out Security Services( ) > File Reputation and . Analysis( ), 443 32137 Advanced Settings for File . Reputation( ) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1229 443 TCP 443 TCP 443 TCP 443 HTTPS 443 HTTPS 514 UDP/TCP 628 TCP 990 TCP/FTP 1024 -- 2222 CCS TCP In Out Security Services( AMP for Endpoints Console ) > File Reputation and . Analysis( ), Advanced Settings for File Reputation( ) , AMP for Endpoints Console . api.amp.sourcefire.com api.eu.amp.sourcefire.com api.apjc.amp.sourcefire.com api.amp.cisco.com api.eu.amp.cisco.com api.apjc.amp.cisco.com In Out outlook.office365.com Office 365 login.microsoftonline.com. . Out aggregator.cisco.com Cisco Aggregator Server . Out logapi.ces.cisco.com Cisco TAC . Out TAXII . Out Syslog Syslog . In & In AsyncOS IP QMQP. Out support-ftp.cisco.com Cisco TAC . -- -- 21(FTP) . In & In AsyncOS IP ( ). Out AsyncOS IP Cisco Spam Quarantine. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1230 7025 TCP In/Out AsyncOS IP Email Security Appliance Security Management Appliance , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1231 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1232 E . · Cisco Systems , 1233 · Cisco Systems Content Security , 1239 Cisco Systems : . CISCO , ("" ) CISCO . . CISCO CISCO , . Cisco Systems, Inc. CISCO SYSTEMS, INC. ("CISCO") ("" ) . . , . CISCO , (A) , (B) ( CD ) , . 30 , . " " (A) CISCO (B) CISCO , CISCO (C) CISCO CISCO , / . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1233 ( ) , (A) CISCO (B) "-" . (1) , (2) - , (3) . "" ( CISCO ), , , (" " ), CISCO (CISCO ) . . Cisco . "" (CD-ROM ) ( , , ) . Cisco . , (" ") . , ( Cisco ) Cisco . , . Cisco . . Cisco . ( ) Cisco . Cisco , . (i) (Cisco / ), Cisco Cisco . , . (ii) . (iii) , , . , Cisco . (iv) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1234 (v) Cisco . (vi) Cisco , . . Cisco Cisco . , Cisco . , . : (1) , . (2) , CISCO . (3) . . , , , . , Cisco . . . . Cisco . . , " " . " " " " . . , Cisco . Cisco . , , . Cisco , ( " ") . Cisco , , , , . Cisco , . , , URL . http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_ compliance.html. AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1235 . Federal Acquisition Regulation("FAR")(48 C.F.R.) 2.101 " ", FAR 12.212 " " " " . FAR 12.212 DoD FAR Supp. 227.7202-1~227.7202-4 FAR , , . " " " " , . : . , Cisco , readme.txt , - (: http://www.cisco.com/) (" ") , , , (" " ) . . Cisco (a) , (b) , (Cisco Cisco 90 ) (a) 90 (b) ("") ( ) . Cisco . " " . . Cisco (i) / (ii) Cisco , , . Cisco / . Cisco . Cisco , . . , (a) (Cisco ), (b) Cisco , , , (c) , , , , (d) , , . (e) , (f) Cisco , (g) Cisco Cisco " " , (h) , (i) . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1236 , , , , , , ( ) , , , CISCO, . , , / " " . . , . . - . , , , , Cisco, , , , , , , ( ), , . (, ). , , , , CISCO, , , , , , , ( ), CISCO , . (, ). (I) CISCO, , , , , , , (II) CISCO , (III) CISCO . - . , , , CISCO CISCO , , , , , , , . . , , CISCO, , , , , , CISCO, , , , , , , , , . , , , CISCO, , , , , , , ( ) AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1237 CISCO, , , , , , , , , , , , , . . . (I) , (II) , (III) CISCO . Cisco , ( ), . , . , (""), , . . , . . , , , ( ) , , . . Contracts(Rights of Third Parties) Act 1999 . , , . . , , . . , , . . (UN Convention on Contracts for the International Sale of Goods) . , . . , , , . , . Cisco URL . http://www.cisco.com/go/warranty AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1238 Cisco Systems Content Security Cisco Systems Content Security : . ("SEULA") ( "" "" ) Cisco ("EULA")("" ) . SEULA EULA . EULA SEULA SEULA . EULA SEULA . , , . CISCO , (A) , (B) ( CD ) , . CISCO CISCO 30 , . SEULA, Cisco Systems Email Security Appliance("ESA"), Cisco Systems Web Security Appliance("WSA") Cisco Systems Security Management Application("SMA")("Content Security" ) ("") . Cisco AsyncOS for Email Cisco AsyncOS for Web Cisco AsyncOS for Management Cisco Email Anti-Spam, Sophos Anti-Virus Cisco Email Outbreak Filters Cloudmark Anti-Spam Cisco Image Analyzer McAfee Anti-Virus Cisco Intelligent Multi-Scan Cisco Data Loss Prevention Cisco Email Encryption Cisco Email Delivery Mode Cisco Web Usage Controls AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1239 Cisco Web Reputation Sophos Anti-Malware Webroot Anti-Malware McAfee Anti-Malware Cisco Email Reporting Cisco Email Message Tracking Cisco Email Centralized Quarantine Cisco Web Reporting Cisco Web Policy and Configuration Management Cisco Advanced Web Security Management with Splunk Email Encryption for Encryption Appliances Email Encryption for System Generated Bulk Email Email Encryption and Public Key Encryption for Encryption Appliances Large Attachment Handling for Encryption Appliances Secure Mailbox License for Encryption Appliances SEULA . " " , , . " " (1) WSA SMA , SMA , , (2) ESA , , . Cisco Cisco , , , , Cisco . " " , , ( ) . "" . "" Cisco . " " . http://www.cisco.com/web/about/doing_business/legal/service_descriptions/index.html " " . , Cisco . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1240 . "" . " " Cisco Email Security Appliance, Web Security Appliance Security Management Appliance . " " . , Cisco Cisco , , . . . . EULA . Cisco, Cisco , . . . Cisco (http://www.cisco.com/web/siteassets/legal/privacy.html) Cisco . Cisco . , Cisco Cisco . SenderBase Cisco . SenderBase . Cisco Systems, Inc. , . AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1241 AsyncOS 12.0 for Cisco Email Security Appliances - GD( ) 1242DITA Open Toolkit XEP 4.9 build 20070312; modified using iText 2.1.7 by 1T3XT