This document explains how to test your Anti-Spam setup by sending a sample spam message through your Cisco Email Security Appliance (ESA). First, you need to make sure that Anti-Spam is enabled on the server. This can be verified by logging on to the web interface and selecting 'Security Services' tab and then 'Anti-Spam', and make sure it is enabled. Also make sure that your Incoming Mail Policies have Anti-Spam settings enabled. You can confirm that by going to 'Mail Policies' then 'Incoming Mail Policies', and modify the policy spam settings by clicking on the hyperlink under Anti-Spam.
After you have configured your Incoming Mail Policies to take appropriate actions on the spam messages, log on to the CLI of your ESA. We are going to generate a sample spam message with "X-Advertisement: spam" header in the mail message. Telnet to your appliance at port 25 and initiate SMTP conversation as showed in the below example.
example.domain.com> telnet mail.example.com 25
Trying 172.19.1.93...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP
ehlo example.com
250-example.com
250-8BITMIME
250 SIZE 104857600
mail from:test@example.com
250 sender <test@example.com> ok
rcpt to:test2@example.com
250 recipient <test2@example.com> ok
data
354 go ahead
X-Advertisement: Spam
Subject: testing spam filter
data
spam test
.
250 ok: Message 44 accepted
quit
Type in 'tail mail_logs' on the CLI of your ESA to watch the message coming in and the output should look something like it is shown below:
Tue Apr 26 16:33:48 2005 Info: Start MID 44 ICID 28
Tue Apr 26 16:33:48 2005 Info: MID 44 ICID 28 From: <test@example.com>
Tue Apr 26 16:33:53 2005 Info: MID 44 ICID 28 RID 0 To: <test2@example.com>
Tue Apr 26 16:34:18 2005 Info: MID 44 Message-ID '<41faeo$1c@example.com>'
Tue Apr 26 16:34:18 2005 Info: MID 44 Subject 'testing spam filter'
Tue Apr 26 16:34:18 2005 Info: MID 44 ready 84 bytes from <test@example.com>
Tue Apr 26 16:34:18 2005 Info: MID 44 matched all recipients for per-recipient
policy DEFAULT in the inbound table
Tue Apr 26 16:34:18 2005 Info: MID 44 Brightmail positive
Tue Apr 26 16:34:18 2005 Info: Message aborted MID 44 Dropped by case
Tue Apr 26 16:34:18 2005 Info: Message finished MID 44 done
Tue Apr 26 16:34:21 2005 Info: ICID 28 close
The result in the mail logs show that the message was identified as Spam positive and was dropped as defined in the Anti-Spam incoming mail policy. Please verify that the ESA is taking the appropriate actions as defined in your Anti-Spam settings.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
20-Aug-2014 |
Initial Release |