Email Security Deployment Guide

Email Security Deployment Guide

Revision: H1CY11

Who Should Read This Guide

Who Should Read This Guide

This guide is intended for the reader with any or all of the following:

• Upto2500connectedemployees

• Upto75brancheswithapproximately25employeeseach

• Emailservicesthatarehostedeitherlocallyorco-located

• CCNA®certificationorequivalentexperience

Thereadermaybelookingforanyorallofthefollowing:

• Tounderstandthebenefitsofdeployingemailsecurity

• TounderstandmoreabouttheCisco® Email Security solution

• TolearnthebenefitsofCiscoEmailSecurity

• Todeployemailfiltering

• Tofilteremailforspam

• Tofilteremailforviruses

• Toreducecostbyoptimizingemailbandwidthandimprovingemployeeproductivity

• Togaintheassuranceofatestedsolution

Related Documents

Before reading this guide

Foundation Design Overview

Foundation Deployment Guide

Foundation Configuration Files Guide

Data Center

Design Guides Deployment Guides

Deployment Guides

Supplemental Guides

Email Security

Web Security ConfigurationFIles

You are HereFoundation

Design Guides Supplemental Guides

TableofContents

ALLDESIGNS,SPECIFICATIONS,STATEMENTS,INFORMATION,ANDRECOMMENDATIONS(COLLECTIVELY,"DESIGNS")INTHISMANUALAREPRESENTED"ASIS,"WITHALLFAULTS.CISCOANDITSSUPPLIERSDISCLAIMALLWARRANTIES,INCLUDING,WITHOUTLIMITATION,THEWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITA-TION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHEDESIGNS,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THEDESIGNSARESUBJECTTOCHANGEWITHOUTNOTICE.USERSARESOLELYRESPONSIBLEFORTHEIRAPPLICATIONOFTHEDESIGNS.THEDESIGNSDONOTCONSTITUTETHETECHNICALOROTHERPROFESSIONALADVICEOFCISCO,ITSSUPPLIERSORPARTNERS.USERSSHOULDCONSULTTHEIROWNTECHNICALADVISORSBEFOREIMPLEMENTINGTHEDESIGNS.RESULTSMAYVARYDEPENDINGONFACTORSNOTTESTEDBYCISCO.

AnyInternetProtocol(IP)addressesusedinthisdocumentarenotintendedtobeactualaddresses.Anyexamples,commanddisplayoutput,andfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesinillustrativecontentisunintentionalandcoincidental.CiscoUnifiedCommunicationsSRND(BasedonCiscoUnifiedCommunicationsManager7.x)

©2010CiscoSystems,Inc.Allrightsreserved.

TableofContents

Architectural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1GuidingPrinciples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

ThePurposeofthisGuide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Business Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Technology Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3Filtering Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Deploying the Cisco Email Security Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Appendix A: Product List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Appendix B: SBA for Midsize Organizations Document System . . . . . . . . . .13

1ArchitecturalOverview

ArchitecturalOverview

The Cisco®SmartBusinessArchitecture(SBA)isacomprehensivedesignfornetworkswithupto1000users.Thisout-of-the-boxdesignissimple,fast,affordable,scalable,andflexible.

TheCiscoSBAforMidsizeOrganizationsincorporatesLAN,WAN,wireless,security,WANoptimization,andunifiedcommunicationtechnologiestestedtogetherasasolution.Thissolution-levelapproachsimplifiesthesystemintegrationnormallyassociatedwithmultipletechnologies,allowingyoutoselectthemodulesthatsolveyourorganization’sproblemsratherthanworryingaboutthetechnicaldetails.

WehavedesignedtheCiscoSmartBusinessArchitecturetobeeasytoconfigure,deploy,andmanage.Thisarchitecture:

• Providesasolidnetworkfoundation

• Makesdeploymentfastandeasy

• Acceleratesabilitytoeasilydeployadditionalservices

• Avoidstheneedforre-engineeringofthecorenetwork

BydeployingtheCiscoSmartBusinessArchitecture,yourorganizationcangain:

• Astandardizeddesign,testedandsupportedbyCisco

• Optimizedarchitectureformidsizeorganizationswithupto1000usersandupto20branches

• Flexiblearchitecturetohelpensureeasymigrationastheorganizationgrows

• Seamlesssupportforquickdeploymentofwiredandwirelessnetworkaccessfordata,voice,teleworker,andwirelessguest

• Securityandhighavailabilityforcorporateinformationresources,serv-ers,andInternet-facingapplications

• ImprovedWANperformanceandcostreductionthroughtheuseofWANoptimization

• SimplifieddeploymentandoperationbyITworkerswithCCNA® certifica-tionorequivalentexperience

• Ciscoenterprise-classreliabilityinproductsdesignedformidsizeorganizations

Guiding Principles

We divided the deployment process into modules according to the following principles:

• Ease of use: AtoprequirementofCiscoSBAwastodevelopadesignthatcouldbedeployedwiththeminimalamountofconfigurationandday-twomanagement.

• Cost-effective: Anothercriticalrequirementasweselectedproductswastomeetthebudgetguidelinesformidsizeorganizations.

• Flexibility and scalability: Astheorganizationgrows,sotoomustitsinfrastructure.Productsselectedmusthavetheabilitytogroworberepurposedwithinthearchitecture.

• Reuse: Westrived,whenpossible,toreusethesameproductsthroughoutthevariousmodulestominimizethenumberofproductsrequiredforspares.

UserServices

NetworkServices

NetworkFoundation

Voice,Video,

Web Meetings

Security, WAN Optimization,

Guest Access

Routing, Switching,Wireless, and Internet

TheCiscoSmartBusinessArchitecturecanbebrokendownintothefollow-ingthreeprimary,modularyetinterdependentcomponentsforthemidsizeorganization.

• Network Foundation: Anetworkthatsupportsthearchitecture

• Network Services: Featuresthatoperateinthebackgroundtoimproveandenabletheuserexperiencewithoutdirectuserawareness

• User Services: Applicationswithwhichauserinteractsdirectly

The Purpose of this Guide

ThisdeploymentguideintroducestheEmailSecuritysolution.

ItexplainstherequirementsthatwereconsideredwhenbuildingtheCiscoSmartBusinessArchitecturedesignandintroduceseachoftheproductsthatwereselected.

2BusinessOverview

BusinessOverview

Duetoabusinessneedforafunctionalandreliableemailsolution,anemailsecuritysolutionbecomesarequirement.Thissolutionmusthandlethecom-monthreatswithoutintroducingnewissueslikeblockinglegitimateemails.

The two major threats to the email system are:

• Floodsofunsolicitedandunwantedemails,calledspam,thatwasteemployeetimethroughtheirsheervolume,andusevaluableresourceslikebandwidthandstorage.

• Maliciousemailthatcomesintwobasicforms:embeddedattacks,whichinclude viruses and malware that perform actions on the end device whenclicked,andphishingattacks,whichtrytotrickemployeesintoreleasingsensitiveinformationlikecreditcardnumbers,socialsecuritynumbers,orintellectualproperty.Phishingattacksmightalsotrytotrickemployeesintobrowsingtomaliciouswebsites.

3Technology Overview

Technology Overview

Anemailsolutionwillbecomeunusableifspam—unsolicitedandunwantedemails—isnotfilteredproperly.Thesheervolumeofspammessagescancrowdoutlegitimatemail.Asideeffectofsomeanti-spamsolutionsisfalsepositivesoremailthatisincorrectlyidentifiedasspam.Whenthisoccurs,theorganizationmustexpendresourcestosiftthroughthejunkemaillookingforlegitimatemessagesorreducetheleveloffiltering,whichallowsmoremessagestogotousers,makingtheuserresponsiblefordeterminingwhetheremailsarespam.

Spamisalsolikelytoincludeembeddedattacks.Criminalorganizationshavefoundthatusingattacksinemailisaneffectiveandcheapwaytoattackauser’smachine.Theseattacksmaytaketheformofvirusesthatattempttoinfecttheuser’shost,orcounterfeitURLsthattrickusersintogoingtoawebsitewherecriminalscanstealbanklogincredentialsorinfecttheuser’shost.Thesetypesofattacks,knownasphishing,areusedtogathersocialsecuritynumbers,creditcardnumbers,orcompromisethehosttouseitasalaunchpointtosendspamandotherattacks.

Filtering Spam

Therearetwowaystofilterspam:reputation-basedfilteringandcontext-basedfiltering.

Onetechniqueusedtocombatspamandphishingattacksisreputation-basedfilteringchecks.Ifaserverisaknownspamsender,thenitismorelikelythatemailcomingfromthatserverisspamcomparedtoahostthatdoesnothaveareputationfordistributingspam.Similarprocessescanbeappliedtoemailscarryingvirusesandotherthreats.

The goal of the solution is to filter out positively identified spam and quar-antineordiscardemailssentfromuntrustedorpotentiallyhostilelocations.Anti-virus(AV)scanningisappliedtoemailsandattachmentsfromallserverstoremoveknownmalware.

ReputationfiltersprovidethefirstlayerofdefensebylookingatthesourceIPaddressoftheemailserverandcomparingthistothereputationdatadownloadedfromCiscoSenderBase®.SenderBaseistheworld’slargestrepositoryforsecuritydataincludingspamsources,botnets,andothermalicioushosts.WhenhostsontheInternetengageinmaliciousactivity,SenderBaselowersthereputationofthathost.Devicesthatusereputation

filtering,liketheCiscoIronPort®EmailSecurityAppliance(ESA),receiveupdatesfromSenderBaseseveraltimesaday.WhentheESAreceivesanemail,itcomparesthesourceIPtotheSenderBasedatabase(seeFigure1).Ifthereputationofthesenderis:

• positive,theemailgetsforwardedontothenextlayerofdefense.

• negative,theemailisdiscarded.

• inbetween,theemailisconsideredsuspicious,isquarantined,andmustwaitforinspectionbeforebeingdelivered.

Context-basedanti-spamfiltersintheESAinspecttheentiremailmessage,includingattachments,lookingfordetailslikesenderidentity,messagecontents,embeddedURLs,andemailformatting.Usingthesealgorithms,theESAcanidentifyspammessageswithoutblockinglegitimateemail.

Figure1.Email Filtering Overview

Anti-SpamEngine

Incoming MailGood, Bad, and

“Gray” or Unknown Email

• Known good is delivered

•Known bad is deleted/tagged

•Suspicious is throttled & spam filtered

Cisco Email Security

Fighting Viruses and Malware

TheCiscoESAusesamultilayerapproachtofightvirusesandmalware.

ThefirstlayeristheVirusOutbreakFilterswhicharedownloadedfromSenderBasebytheappliance.Theycontainalistofknownbadmailserv-ers.Thesefiltersaregeneratedbywatchingglobalemailtrafficpatternsandlookingforanomaliesassociatedwithanoutbreak.Whenanemailisreceivedfromaserveronthislist,itiskeptinquarantineuntiltheanti-virussignaturesareupdatedtocounterthecurrentthreat.

TheESA’ssecondlayerofdefenseinvolvesusingAVsignaturestoscanquarantinedemailstoensurethattheydonotcarryvirusesintothenetwork.

4Technology Overview

Cisco IronPort Email Security Appliance

TheCiscoIronPortESAprotectstheemailinfrastructureandtheemployeeswhouseemailatwork.ESAintegratesintoexistingemailinfrastructureseasilywithahighdegreeofflexibility.Itdoesthisbyactingasamailtransferagent(MTA),ormailrelay,alongtheemaildeliverychain.

Anormalemailexchange,whenanorganizationisusinganMTA,mightlookliketheemailmessageflowdepictedinFigure2.

AnESAcanbedeployed:

• Withasinglephysicalinterfacetofilteremailtoandfromtheorganiza-tion’smailservers.

• Usingatwo-interfaceconfiguration,oneforemailtransferstoandfromtheInternetandtheotherforemailtransferstoandfromtheinternalservers.

AnESAusesavarietyofmechanismsforspamandantivirusfiltering.

Figure2.EmailMessageFlow

5DeployingtheCiscoIronPortESA

DeployingtheCiscoIronPortEmailSecurityAppliance

FordeploymentintheSBA,theCiscoESAisconfiguredforbasicnetworkaccessandananti-spamandanti-viruspolicyisbuiltandapplied.TheDomainNameSystem(DNS)wasmodifiedtosupporttheESA,theappli-ancesoftwarewasupdated,andthefeaturekeysfortheappliancewereinstalled.

Someslightpolicychangeshavebeenmade,butadetailedpolicyconfigura-tiondiscussion,troubleshooting,andongoingmonitoringarebeyondthescopeofthisdocument.Policymigrationandadvancedpolicycreationfor theCiscoESAdeviceshouldbedirectedtoyourCiscoIronPortpartner orCiscoaccountteam.

TheCiscoESAdeploymentisdesignedtobeaseasyaspossible.ItisdeployedintoyourexistingmaildeliverychainasanMTA.TheESAisthedestinationoftheorganization’semail;assuch,thepublicmailtransfer(MX)records(theDNSrecordthatdefineswheretosendmail)musteventuallypointtotheESA’spublicIPaddress.

Inthisdeploymentguide,theESAisphysicallydeployedontheDMZoftheInternetEdgefirewallusingasingleinterfaceforsimplicity(seeFigure3).This interface handles all incoming and outgoing email and carries manage-menttraffic.TheportontheESAistheM1managementinterface.

Figure3.Deployment Overview

ItisimportantthattheESAbeaccessibleviathepublicInternetandthattheESAisthe“firsthop”inyouremailinfrastructure.Thesender’sIPaddressisusedbyseveraloftheESA’sprocessesandisoneoftheprimaryidentifiersSenderBaseusestodeterminethesender’sreputation.IfanotherdevicereceivesmailbeforeforwardingittotheESA,theESAwillnotbeabletodeterminethesender’sIPaddressandfilteringcannotbeappliedproperly.

ThissectionexplainshowtodeploytheESA,includingthefollowingprocesses:

• PreparingforESADeployment

• CompletingtheBasicDeployment

• EnablingMailPolicies

• ConfiguringtheFirewall

• MaintainingtheESA

Process

Preparing for ESA Deployment

1. ConfiguretheDNS

BeforeyoubegintheESAdeployment,youneedtoconfiguretheDNS.

Procedure 1 Configure the DNS

TheESA’shostnameisthenamecarriedintheDNS’sMXrecord,anditindicatesthattheESAistheprimaryMTA;theDNSArecordcorrespondstotheIPaddressthattheCiscoASA5500AdaptiveSecurityAppliancehasstaticallytranslatedfortheESA’saddressintheDMZ.


Process

Completing the Basic Deployment

1. CompleteBasicESASetup

2. Complete the System Setup

3. ConfigureSystemUpdatesandFeatureKeys

AfterphysicallyinstallingandconnectingtheESAtothenetwork,thenextstepisbasicsetup.

Procedure 1 Complete Basic ESA Setup

TheESAsupportstwoconfigurationinterfaces:WebbrowserorCLI.

CompletethefollowingstepstoconnecttoanunconfiguredESAusingaWebbrowser:

Step 1: ConfigureaPCwithanIPaddressinthe192.168.42.xnetwork.

Step 2: ConnectbothdevicestothesameVLANonaswitch(ordirectlyconnectacrossoverEthernetcablebetweenthedevices).

Step 3: BrowsetothedefaultIPaddressof192.168.42.42.

Toconnectusingtheconsoleport,completethefollowingstepstosetupbasicnetworkingtoconfigureconnectivity.YouwillthenfinishconfiguringtheESAwiththebuilt-inWebGUIdevicemanagementtool.

Step4:IssuethefollowingtwocommandsinthedeviceCLI: interfaceconfig setgateway

Step5:Commityourchangesaftermakingthemasfollows:ironport.example.com> interfaceconfig

Currently configured interfaces: 1. Management (192.168.42.42/24 on Data 1: ironport.example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []> edit

Enter the number of the interface you wish to edit. []> 1

IP interface name (Ex: “InternalNet”): [Management]> DMZ_Interface

IP Address (Ex: 192.168.1.2): [192.168.42.42]> 10.10.24.50

Ethernet interface: 1. Data 1 2. Data 2 [1]> 1

Netmask (Ex: “255.255.255.0” or “0xffffff00”): [255.255.255.0]> 255.255.255.0

Hostname: [ironport.example.com]> email1.cisco.local

Do you want to enable FTP on this interface? [N]> n

Do you want to enable Telnet on this interface? [Y]> n

Do you want to enable SSH on this interface? [Y]> y

Reader Tip

Userdocumentationcanbefoundhere: http://www.ironport.com/support/login.html

WorkwithyourCiscoIronPortChannelPartnertoobtainalogin.

Tech Ti

Thedefaultusernameandpasswordisadmin/ironport.

p

http://www.ironport.com/support/login.html


Which port do you want to use for SSH? [22]> 22

Do you want to enable Cluster Communication Service on this interface? [N]> n

Do you want to enable HTTP on this interface? [Y]> y

Which port do you want to use for HTTP? [80]> 80

Do you want to enable HTTPS on this interface? [Y]> y

Which port do you want to use for HTTPS? [443]> 443

Do you want to enable IronPort Spam Quarantine HTTP on this interface? [N]> y

Which port do you want to use for IronPort Spam Quarantine HTTP? [82]> 82

Do you want to enable IronPort Spam Quarantine HTTPS on this interface? [N]> y

Which port do you want to use for IronPort Spam Quarantine HTTPS? [83]> 83

You have not entered an HTTPS certificate. To assure privacy, run “certconfig” first. You may use the demo, but this will not be secure. Do you really wish to use a demo certificate? [Y]> y

Both HTTP and HTTPS are enabled for this interface, should HTTP requests redirect to the secure service? [Y]> y

Both IronPort Spam Quarantine HTTP and IronPort Spam Quarantine HTTPS are enabled for this interface, should IronPort Spam Quarantine HTTP requests redirect to the secure service? [Y]> y

Do you want DMZ_Interface as the default interface for IronPort Spam Quarantine? [N]> y

Do you want to use a custom base URL in your IronPort Spam Quarantine email notifications? [N]> n

The interface you edited might be the one you are currently logged into. Are you sure you want to change it? [Y]> y

Currently configured interfaces: 1. DMZ_Interface (10.10.24.50/24 on Data 1: email1.cisco.local)

Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []>

Note: You must press Enter to return to the main prompt .

Please run “systemsetup” or “sethostname” then “commit” before sending mail. ironport.example.com> setgateway

Warning: setting an incorrect default gateway may cause the current connection to be interrupted when the changes are committed. Enter new default gateway: []> 10.10.24.1

ironport.example.com> commit

Please enter some comments describing your changes: []> initial setup

Changes committed: Mon Dec 14 17:04:49 2009 UTC

Step 6:Assumingthecorrectfirewallruleshavebeenapplied,pingtheappliancefromthenetworktoverifytheconfigurationiscomplete.

Step 7: ToconnecttotheGUIdevicemanagement,openabrowserandbrowseviahttps(https://10.10.24.50/)totheaddressoftheemailappliance.


Procedure 2 Complete the System Setup

Step 1: Afterinitialconfigurationiscomplete,connecttotheapplianceusingabrowsertoaccessthedevicemanagementapplicationGUI(graphicaluserinterface).

RuntheSystemSetupWizardfromtheGUI(seeFigure4).

Figure4.SystemSetupWizard

Step 2: Readthelicenseandaccept,thenselecttheBegin Setupbutton.

Step 3: AnswertheSystemConfigurationquestionstodefinethebasicsettingssuchastimesettings,defaulthostname,andthedefaultpassword.

The last two questions ascertain your interest in participating in the SenderBasenetworkbyallowingyourESAtosendanonymizedreputationdetailsaboutemailtrafficbacktoCiscotoimproveSenderBaseandtheproductingeneral(seeFigure5).

Figure5.System Configuration

Step 4: NetworkintegrationallowsyoutodefineyourDNSserver(ortelltheappliancetousetheInternet’srootDNSservers).Thispanelisalsowheretheusersetsupthenetworkinterface(s)usedformailprocessing(seeFigure6).

Figure6.NetworkIntegration


Step 5:MessageSecurityselectswhetheranti-spamandanti-virusfilteringareenabledandwhichengineisusedforeachfunction(seeFigure7).

Figure7.MessageSecurity

Step 6:Reviewallowsyoutoreviewtheconfigurationthatyouhavedefined,andtoacceptormodifytheconfiguration.Ifyouaccept,theESAwillinstalltheconfigurationontoyourESA(seeFigure8).

Figure8.Review

Tech Ti p

IfyourenvironmentrequiresproxiesforHTTPorHTTPScommunications,definethemontheSecurityscreenofthewizard.SelecttheEdit Update SettingsbuttonandthenentertheproxysettingsforHTTPandHTTPSatthebottomofthispageandclicktheSubmitbuttonandthentheCommit button.


Procedure 3 Configure System Updates & Feature Keys

Itisimportanttolookattwootherareasontheboxbeforeyoubegintouseit:featurekeysandsystemupgrades.

Step 1:IntheWebconfigurationtool,browsetoSystem Administration > Feature Keys.

Thisiswherethelicensekeysforthedifferentfeaturesontheboxaredisplayed.

Step 2:TocheckwhetheryourESAhasanylicensesthatarenotcurrentlyenabled,selecttheCheck for New Keysbutton.ThiswillenabletheESAtoconnecttoCisco.comanddetermineifallpurchasedlicensesareinstalledandenabled.

Step 3:Toupgradethecodeontheappliance,selecttheSystem Administration->System Upgradebutton.Thiswilldisplaythecurrentsoft-wareversion.Selectthe Available Updatesbuttontodetermineifupdatesareavailable.

Ifnewerversionsareavailable,theycanbeselectedandinstalled.Whileitisnotnecessarytoloadallupdatesinorder,itispossiblethatthelat-estupdatewillrequireinterimupdatesbeforeitcanbeloaded.Ifinterimupdatesarerequired,themanagerwillnotifyyou.

Process

Enabling Mail Policies

1. SetupBounceVerification

2. ReviewIncomingMailPolicies

Nowthatthesystemsetupiscomplete,youarereadytoenablesecurityservices.

Procedure 1 Set Up Bounce Verification

BounceverificationisaprocessthatallowstheESAtoapplyaspecifictagtooutgoingmessagessothatwhenbouncedemailscomebacktotheESA,itcanverifythattheemailswereactuallyoriginallysentoutbytheESA.Spammersandhackersusefakebouncedmessagesformanymaliciouspurposes.

Step 1: AccessMail Policies > Bounce Verifications and select the New Keybutton.

Step 2:EnteranarbitrarytextstringthattheESAwillapplyintheBounceverificationprocess.Committhechanges.

Step 3:AccessMail Policies > Destination ControlsandclickontheDefaultinthefirsttable.

Step 4: ChangeBounceVerificationtoOn.

Step 5:Submitandcommitchanges.

Tech Ti p

Itisnotpossibletodowngradesoftwareversionsatthistime,sobecertainthatyouwanttoupgradebeforeproceeding.


Procedure 2 Review Incoming Mail Policies

TocompletetheESAsetup,reviewtheincoming-mailpolicies.

Step 1: AccessMail Policies > Incoming Mail Policies.Currentlythereisonedefaultmailpolicy.ItchangesapositiveantispamresultfromaQuarantineactiontoaDropaction.

Step 2: SelectthepolicydefinitionundertheAntispamcolumnheader.

Step 3: ChangethePositivelyIdentifiedSpamSettingsfromQuarantine to Drop.

Step 4: Submitandcommit.

Process

Maintaining the ESA

1. MonitortheESA

2. TroubleshoottheESA

Withyoursystemfullydeployed,youarereadytomonitorandmaintaintheESA.

Procedure 1 Monitor the ESA

ThereareavarietyofreportsavailableundertheMonitormenutohelpyoumonitortheESA’sbehavior.Thesereportsmakeitpossibletotrackactiv-ityandstatisticsforspam,virustypes,incomingmaildomains,outbounddestinations,systemcapacity,andsystemstatus.

Procedure 2 Troubleshoot the ESA

Step 1: TodeterminewhytheESAappliedspecificactionstoagivenemail,you can run the Trace tool under System Administration.

Bydefiningasearchusingdetailsofagivenemailinquestion,youcantestaspecificemailtodeterminehowandwhytheESAhandledthemessageandwhy.ThisisespeciallyusefulifsomeofthemoreadvancedfeaturesoftheESAareused(likedata-lossprevention).

Reader Tip

Userdocumentationcanbefoundhere: http://www.ironport.com/support/login.html

WorkwithyourCiscoIronPortChannelPartnertoobtainalogin.

http://www.ironport.com/support/login.html

12Appendix

AppendixA:ProductList

ThefollowingproductsandsoftwareversionhavebeenvalidatedfortheCiscoSBA:

Functional Area Product Part Numbers Software Version

InternetEdge CiscoIronportC160EmailSecurityAppliance C160-BUN-R-NA 7.1.2-020

13

AppendixB:SBAforMidsizeOrganizationsDocumentSystem

Panduit

Wireless CleanAir

Web Security

Email Security

Ipswitch

ScienceLogic

SolarWinds

Network Management

Configuration Files

Foundation

Business Continuance

IPv6 Addressing

IPv4 Addressing

FoundationDesign Overview

3G Wireless Remote Site

Design Guides Deployment Guides

You are Here

Supplemental Guides

C07-575280-0101/11

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Americas HeadquartersCisco Systems, Inc.San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore

Europe HeadquartersCisco Systems International BVAmsterdam, The Netherlands