简介
本文档介绍当启用SenderBase网络参与时,从邮件安全设备(ESA)向SenderBase发送哪些数据。
启用SenderBase网络参与时,会向SenderBase发送什么数据?
ESA可以以多种不同方式参与SenderBase,包括检索SenderBase分数和提供有关附件和电子邮件卷的SenderBase信息。
SenderBase分数检索信息泄漏
SBRS分数由DNS查询检索。在侦听程序级别CLI中启用SBRS的任何SMTP侦听程序:listenerconfig > edit > setup将根据邮件发件人的IP地址查询SenderBase服务器,以获取有关邮件发件人的信息。这些查询向SenderBase披露有关您公司的几件事。由于SenderBase DNS数据仅对思科客户可用,因此SenderBase查询包含系统序列号的一部分。此外,由于SenderBase查询询问特定IP地址,查询本身会揭示某些IP地址正在连接到您的ESA。 与SBRS分数相关的发送到和从SenderBase发送的信息未加密。
您可以通过按侦听程序禁用SenderBase查询来避免向SenderBase透露此信息。这只能在ESA的CLI中完成,如下所示。
注意:默认情况下,即使未在任何发件人组中使用SenderBase查询,也会在每个侦听程序上启用这些查询。
下面显示的CLI对话框提供了如何禁用发送SenderBase查询的示例:
mail.example.com> listenerconfig
Currently configured listeners:
1. InboundMail (on Data 2, 192.168.195.101) SMTP TCP Port 25 Public
2. OutboundMail (on Data 1, 172.20.0.101) SMTP TCP Port 25 Private
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> EDIT
Enter the name or number of the listener you wish to edit.
[]> 1
Name: InboundMail
Type: Public
Interface: Data 2 (192.168.195.101/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Enabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
LDAP: smtpauth (PublicLDAP.smtpauth)
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected
on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
- LDAPACCEPT - Configure an LDAP query to determine whether a recipient
address should be accepted or bounced/dropped.
- SMTPAUTH - Configure an SMTP authentication.
[]> SETUP
Listener InboundMail Options
Default Domain: example.com
Add "Received:" Header: Yes
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Address Parser Type: Loose
Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- ADDRESS - Configure email address restrictions.
[]> SENDERBASE
Would you like to enable SenderBase Reputation Filters and IP Profiling
support? [Y]> N
Listener InboundMail Options
Default Domain: example.com
Add "Received:" Header: Yes
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: No
Footer Attachment: <none configured>
Address Parser Type: Loose
mail.example.com> commit
SenderBase数据泄漏
ESA可以向SenderBase发送其他信息,以便缩短威胁检测和邮件量更改的响应时间。思科认识到隐私对您很重要,因此SenderBase的设计和运行考虑到保护您的隐私。SenderBase不单独收集邮件或收件人的标识信息,并且思科会以保密方式处理有关您的网络的任何信息。您可以在GUI或CLI中启用或禁用向SenderBase发送信息。要控制SenderBase在GUI中的参与,请选择“安全服务”>“SenderBase”。以下CLI示例显示禁用SenderBase信息共享:
mail.example.com> senderbaseconfig
Share statistical data with SenderBase: Enabled
Choose the operation you want to perform:
- SETUP - Configure SenderBase Network Participation settings
[]> setup
Do you want to share statistical data with the SenderBase Information Service
(recommended)? [Y]> n
The system will no longer share data with SenderBase. Are you sure you want to
disable? [N]> y
Share statistics with SenderBase Information Service: Disabled
Choose the operation you want to perform:
- SETUP - Configure SenderBase Network Participation settings
[]>
mail.example.com> commit
相关信息
反馈