CSC 6.X: Email Reputation Configuration Example

Available Languages

Download Options

  • PDF     (89.2 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (75.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (67.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 27, 2012
Document ID:113502

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document provides a sample configuration on how to configure the email reputation on the Cisco Content Security and Control (CSC) Security Services Module (SSM).

Prerequisites

Requirements

You need to have a Security Plus license to use this feature.

Components Used

The information in this document is based on the Cisco Content Security and Control SSM with Software release version 6.3.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information

Email Reputation is a technology that reduces the spam mails. By enabling this feature, CSC SSM verifies if the originator of the mail is a black-listed address or not. It maintains a list of databases that contains all the IP addresses that source the spam messages. If a mail is found to have an originator from this list, that mail is considered spam and is dropped.

The service levels offered by this Email Reputation Technology (ERS) are basically two types. These services are based mainly on the level of authenticity of the source IP addresses.

  • ERS Standard - Contains the known sources of spam

  • ERS Advanced - Contains the known sources and the suspected sources

When an IP address is added to ERS Standard database, it is termed a spam source and is rare that you observe an IP address removed from this list. ERS Standard contains the list of IP addresses that consistently originate spam.

ERS Advanced contains a list of IP addresses which are meant to be removed if found to not produce the spam any further. For example, a hacked Mail server can be listed in this database at the time when it is compromised. When it is restored to normalcy, it is removed from this database.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

  1. Choose Mail (SMTP) > Anti-spam > Email Reputation. A new window opens.

  2. From the Target tab, click Enable in order to enable this Email Reputation feature.

  3. Choose Advanced for the Service Level.

  4. From the Approved IP Addresses field, specify the range of IP addresses that you want to exempt from scanning.

    csc6x-email-config-01.gif

  5. From the Action tab, specify the type of action based on your enterprise security policy. These three actions are available:

    • Close connection with an error message

    • Close connection without error message

    • Bypass the connection

    csc6x-email-config-02.gif

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Unable to receive emails from some domains

Problem:

The problem is the inability to receive the emails from specific domains. It appears that the CSC module is blocking the emails. When bypassing the module, everything works fine. This error message is received: 2012/02/06 14:33:00 GMT+00:00 NRS 174.37.94.181 RBL-Fail QIL-NA RejectWithErrorCode-550 NA 0 0 NA NA NA 0 NA

Solution:

In order to resolve this issue, configure the email reputation feature properly.

Related Information

Revision History

Revision Publish Date Comments
1.0
27-Apr-2012
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products