cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1457
Views
15
Helpful
2
Replies

List of best practice posts for 2020

marc.luescherFRE
Spotlight
Spotlight

Happy new year 2020 to the email security forum readers and contributors.

 

Since it has been a while for Cisco to publish a book about Ironport ESA/SMA administration i felt it would be appropriate to publish every month a smaller article about topics that matter to ESA/SMA administrators most.

 

For me to get an idea of topics of interest please reply with suggested topics.

 

Topics which come in my mind are :

 

a) Email authentication - Best Practices to ensure that PTR, SPF, DKIM and DMARC are setup correctly

b) Email data mining - What can you find out when uploading Email data into a SIEM which yu did not know before

c) ESA/SMA message filtering advanced - Filters you did not know where possible

d) ESA/SMA message debugging - Understand why some emails dont want to come in

 

-Marc

2 Replies 2

Those all feel a little advanced.  The only other advanced one that comes to mind that doesn't fall someplace in the 4 you mentioned is

e) Listener/Sender Group/Mail Flow Policy/Destination Controls set up & tuning.

 

A couple of less advanced topics:

Understanding the pipeline and policy engine.

Spoof types and how to address them

 

 

Agree.
I think they are all relevant - easy / advanced is just in relation to prior knowledge and experiences.
Such as, after 15yrs of ESA admin, I just realized that the DNS TTL is ignored and set to 1800, only because I now had a problem of interest in that area.

Possibly to be inclusive, an article should have a section to re-iterate some basic theory, add basic practices, then a deep dive topic. Best practices ( I hate that term ) can only be such, after much consensus and based on a relatively narrow set of requirements.

a) Email Authentication should be broken into numerous smaller subjects guided towards the principle of DMARC Reject being in use.
Incoming detection / outgoing setup for each SPF/DKIM/DMARC
b) Email data mining - not just email, but CISCO ESA logs. e.g. do you measure and detect changes in avg processing time per message
c) Message Filtering - basics to advanced deep dive
d) Debugging - many topics around here - such as AS update delays, SBRS rejection, SMTP logs
e) ...various set & tuning.... leans towards data mining, what can be measured to define how components could be setup and tuned.

Mail Pipeline is key - not too many details at once - re-iterate basics and deep dive a topic.
Spoofing - yes. But should be topics on what (in general) we are trying to defend against and how this could possibly be done. I always tend to find some dodgy bug in bug search when looking at upgrading. Are admins putting in additional rules to cover these gaps.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: