Hi Khashaaaa,Newer versions

khashaaaa · ‎06-05-2014

i have a question about that how to limit snmp attack from inside network for prevent our ip addresses to go in blacklist
i did explore how to solve this problem
and i have found few solution

1. SMTP requests are send only permitted host(mail server)s others are drop or deny
2. SMTP requests are send through only one smtp server that locating inside network
thats all

and im finding some solution limit the connection is configured in QoS mechanism but QoS have only limit the BW and shaping.

im thinking about that is a spam. is it?

and what device can be filter that spam?
or should i use other spam filter server or something?
i want to use cisco BRAS(my mean is ASR) or Cisco 7600 series router

how to prevent that? pls help me

srussell · ‎06-17-2014

Hi Khashaaaa,

Newer versions of the ESA AsyncOS (8.0.1-023+) have new features to help in this regards. Message Filters can now be created with the following conditions:

Recipient Count : rcpt-count How many recipients is this email going to?

Address Count : addr-count() What is the cumulative number of recipients?
This filter differs from the rcpt-count filter rule in that it operates on the message body headers instead of the envelope recipients.

These can help identify potential compromised workstations or email accounts that are being used to send out a large volume of messages over a short time.

There is much more information on this in the Email User Guide:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-0/user_guide/ESA_8-0-1_User_Guide.pdf

Regards,

Steve

Cisco Content Security - Email Security

nameisludo · ‎06-18-2014

This user guide brings numerous really goods informations to set up mail securities.

Thanks

how to prevent smtp attack form inside network