キャンセル
次の結果を表示 
次の代わりに検索 
もしかして: 
cancel
1805
閲覧回数
0
いいね!
1
返信

How work connection counters flow control in the Senderbase mode for ESA

Hello

 

On Ironport ESA using SenderBase, how is working the Flow Control ? Is there any documentation explaining how connections counters are grouped in that mode ?

The documentation below doesn't give any  ...

 

thanks you for your advises

NOTE :


https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-1/user_guide/b_ESA_Admin_Guide_12_1/b_ESA_Admin_Guide_12_1_chapter_0110.html#con_1107913

 

Flow Control

Use SenderBase for Flow Control

Enable “look ups” to the SenderBase Reputation Service for this listener.

 

Group by Similarity of IP Addresses: (significant bits 0-32)

Requires “Use SenderBase” to be disabled.
Used to track and rate limit incoming mail on a per-IP address basis while managing entries in a listener’s Host Access Table (HAT) in large CIDR blocks.
You define a range of significant bits (from 0 to 32) by which to group similar IP addresses for the purposes of rate limiting,
while still maintaining an individual counter for each IP address within that range.
Requires “Use SenderBase” to be disabled.
For more information about HAT significant bits, see Configuring Routing and Delivery Features.

1件の返信1

Libin Varghese
Cisco Employee
Cisco Employee

The "Use SenderBase for Flow Control" is an option in all Mail Flow Policies, where it is used for SenderBase profiling and mainly for throttling purposes. The AsyncOS maintains counters of connections, messages, recipients, etc, for each connecting IP address. If the IronPort looks up an IP address in SenderBase, one of the attributes it fetches is the size of the block of addresses this address is part of.

 

For example, if SenderBase states that the CIDR range is 204.15.80.0/22 so by default we will maintain one set of counters for any IP in that range, 204.15.80.1 -204.15.83.254. If SenderBase doesn't return a range, it will default to a /24 mask.

 

Regards,

Libin