I have a client with an ESA as the first mail server coming from the Internet and last one on the path out.
This client is a University and the default ESA settings are not stopping much of the spam received.
What I would like to ask is any recommendations or reference to deploying the ESA in a University where the recipients are just too many and too dynamic to maintain in a list (LDAP), and any guidance or best practices.
Verify that inbound messages are being scanned by the antispam engine. Do a message track on a recent message and check that it was scanned.
- Go to MONITOR > MESSAGE TRACKING
- Search for the email in question
- Click the 'Show Details' link next to the email in question
Look for the Antispam engine (CASE) verdict. Example:
Thu Sep 12 13:21:09 2013 Info: MID 2359 interim verdict using engine: CASE spam negative
Thu Sep 12 13:21:09 2013 Debug: MID 2359 using engine: CASE definitely negative
Thu Sep 12 13:21:09 2013 Info: MID 2359 using engine: CASE spam negative
2. Verify that you are receiving anti-spam rule updates
Check to confirm that the most recent time stamps for updates under Security Services > Anti-Spam are from within the last 2 hours
3. Make sure you are taking the desired actions on spam positive messages
Check the Inbound Mail Policies for how IronPort Anti-Spam verdicts are handled. Make sure SPAM positive and suspect messages are dropped or quarantined in the default policy, and that all other policies either use the default behavior or deliberately override the default.
4. Enable LDAP accept and Directory Harvest Attack Protection:
Many spammers send emails to a high number of invalid addresses, so blocking senders who send to invalid recipients can also decrease spam.
If LDAP accept is already on, make sure Directory Harvest Protection (DHAP) is also configured for each inbound listener with maximum invalid attempts between 5 and 10 per IP.
Review the following article on LDAP Accept
How to use LDAP Accept Query to validate the recipients of inbound messages using Microsoft Active Directory (LDAP)?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :