Document ID: 113502
Updated: Apr 27, 2012
Contents
Introduction
This document provides a sample configuration on how to configure the email reputation on the Cisco Content Security and Control (CSC) Security Services Module (SSM).
Prerequisites
Requirements
You need to have a Security Plus license to use this feature.
Components Used
The information in this document is based on the Cisco Content Security and Control SSM with Software release version 6.3.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Background Information
Email Reputation is a technology that reduces the spam mails. By enabling this feature, CSC SSM verifies if the originator of the mail is a black-listed address or not. It maintains a list of databases that contains all the IP addresses that source the spam messages. If a mail is found to have an originator from this list, that mail is considered spam and is dropped.
The service levels offered by this Email Reputation Technology (ERS) are basically two types. These services are based mainly on the level of authenticity of the source IP addresses.
-
ERS Standard - Contains the known sources of spam
-
ERS Advanced - Contains the known sources and the suspected sources
When an IP address is added to ERS Standard database, it is termed a spam source and is rare that you observe an IP address removed from this list. ERS Standard contains the list of IP addresses that consistently originate spam.
ERS Advanced contains a list of IP addresses which are meant to be removed if found to not produce the spam any further. For example, a hacked Mail server can be listed in this database at the time when it is compromised. When it is restored to normalcy, it is removed from this database.
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.
-
Choose Mail (SMTP) > Anti-spam > Email Reputation. A new window opens.
-
From the Target tab, click Enable in order to enable this Email Reputation feature.
-
Choose Advanced for the Service Level.
-
From the Approved IP Addresses field, specify the range of IP addresses that you want to exempt from scanning.
-
From the Action tab, specify the type of action based on your enterprise security policy. These three actions are available:
-
Close connection with an error message
-
Close connection without error message
-
Bypass the connection
-
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
This section provides information you can use to troubleshoot your configuration.
Unable to receive emails from some domains
Problem:
The problem is the inability to receive the emails from specific domains. It appears that the CSC module is blocking the emails. When bypassing the module, everything works fine. This error message is received: 2012/02/06 14:33:00 GMT+00:00 NRS 174.37.94.181 RBL-Fail QIL-NA RejectWithErrorCode-550 NA 0 0 NA NA NA 0 NA
Solution:
In order to resolve this issue, configure the email reputation feature properly.
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.