簡介
本文檔介紹啟用SenderBase網路參與後,從郵件安全裝置(ESA)向SenderBase傳送哪些資料。
啟用SenderBase網路參與後,向SenderBase傳送什麼資料?
ESA可以通過幾種不同的方式參與SenderBase,包括檢索SenderBase分數和提供SenderBase有關附件和電子郵件卷的資訊。
SenderBase得分檢索資訊洩漏
DNS查詢檢索SBRS得分。在監聽程式級別CLI上啟用SBRS的任何SMTP監聽程式:listenerconfig > edit > setup將根據郵件發件人的IP地址查詢SenderBase伺服器以獲取有關郵件發件人的資訊。這些查詢向SenderBase披露有關貴公司的多個內容。由於SenderBase DNS資料僅對思科客戶可用,因此SenderBase查詢包含部分系統序列號。此外,由於SenderBase查詢會詢問特定IP地址,因此查詢本身會發現某些IP地址正在連線到您的ESA。 傳送到SenderBase和從SenderBase傳送的、有關SBRS得分的資訊不加密。
您可以通過基於每個監聽程式禁用SenderBase查詢來避免向SenderBase披露此資訊。這只能在ESA的CLI中完成,如下所示。
附註:預設情況下,每個偵聽程式上都會啟用SenderBase查詢,即使您未在任何發件人組中使用它們。
下面顯示的CLI對話方塊提供了如何禁用傳送SenderBase查詢的示例:
mail.example.com> listenerconfig
Currently configured listeners:
1. InboundMail (on Data 2, 192.168.195.101) SMTP TCP Port 25 Public
2. OutboundMail (on Data 1, 172.20.0.101) SMTP TCP Port 25 Private
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> EDIT
Enter the name or number of the listener you wish to edit.
[]> 1
Name: InboundMail
Type: Public
Interface: Data 2 (192.168.195.101/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Enabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
LDAP: smtpauth (PublicLDAP.smtpauth)
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected
on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
- LDAPACCEPT - Configure an LDAP query to determine whether a recipient
address should be accepted or bounced/dropped.
- SMTPAUTH - Configure an SMTP authentication.
[]> SETUP
Listener InboundMail Options
Default Domain: example.com
Add "Received:" Header: Yes
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Address Parser Type: Loose
Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- ADDRESS - Configure email address restrictions.
[]> SENDERBASE
Would you like to enable SenderBase Reputation Filters and IP Profiling
support? [Y]> N
Listener InboundMail Options
Default Domain: example.com
Add "Received:" Header: Yes
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: No
Footer Attachment: <none configured>
Address Parser Type: Loose
mail.example.com> commit
SenderBase資料洩漏
ESA可以向SenderBase傳送其他資訊,專門用於縮短威脅檢測和郵件量更改的響應時間。思科認識到隱私對您很重要,因此SenderBase的設計和運行應時刻保護您的隱私。SenderBase不收集郵件或收件人的單獨標識資訊,思科會以機密方式處理有關您的網路的任何資訊。您可以在GUI或CLI中啟用或禁用向SenderBase傳送資訊。要控制GUI中的SenderBase參與,請選擇Security Services > SenderBase。以下CLI示例顯示禁用SenderBase資訊共用:
mail.example.com> senderbaseconfig
Share statistical data with SenderBase: Enabled
Choose the operation you want to perform:
- SETUP - Configure SenderBase Network Participation settings
[]> setup
Do you want to share statistical data with the SenderBase Information Service
(recommended)? [Y]> n
The system will no longer share data with SenderBase. Are you sure you want to
disable? [N]> y
Share statistics with SenderBase Information Service: Disabled
Choose the operation you want to perform:
- SETUP - Configure SenderBase Network Participation settings
[]>
mail.example.com> commit
相關資訊