How work connection counters flow control in the Senderbase mode for ESA

Computacenter NS Tech. Support · ‎09-04-2019

Hello

On Ironport ESA using SenderBase, how is working the Flow Control ? Is there any documentation explaining how connections counters are grouped in that mode ?

The documentation below doesn't give any ...

thanks you for your advises

NOTE :

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-1/user_guide/b_ESA_Admin_Guide_12_1/b_ESA_Admin_Guide_12_1_chapter_0110.html#con_1107913

Flow Control
Use SenderBase for Flow Control	Enable “look ups” to the SenderBase Reputation Service for this listener.

Group by Similarity of IP Addresses: (significant bits 0-32)

Requires “Use SenderBase” to be disabled.
Used to track and rate limit incoming mail on a per-IP address basis while managing entries in a listener’s Host Access Table (HAT) in large CIDR blocks.
You define a range of significant bits (from 0 to 32) by which to group similar IP addresses for the purposes of rate limiting,
while still maintaining an individual counter for each IP address within that range.
Requires “Use SenderBase” to be disabled.
For more information about HAT significant bits, see Configuring Routing and Delivery Features.

Libin Varghese · ‎09-24-2019

The "Use SenderBase for Flow Control" is an option in all Mail Flow Policies, where it is used for SenderBase profiling and mainly for throttling purposes. The AsyncOS maintains counters of connections, messages, recipients, etc, for each connecting IP address. If the IronPort looks up an IP address in SenderBase, one of the attributes it fetches is the size of the block of addresses this address is part of.

For example, if SenderBase states that the CIDR range is 204.15.80.0/22 so by default we will maintain one set of counters for any IP in that range, 204.15.80.1 -204.15.83.254. If SenderBase doesn't return a range, it will default to a /24 mask.

Regards,

Libin