Enabling Logging of URLs and Message Tracking Details for URLs

Logging of URL-related logs, and display of this information in Message Tracking details, is disabled by default. This includes the logs for the following events:

Category of any URL in the message matches the URL category filters

Reputation score of any URL in the message matches URL reputation filters

Outbreak Filter rewrites any URL in the message

To enable logging of these events, use the outbreakconfig command in the command-line interface (CLI).

https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01110.html?bookSearch=true

System: This is the default list of trusted certificate authorities that is provided by Cisco and updated automatically. It contains the certificates of well-known and widely used certificate authorities, such as VeriSign, Thawte, and GoDaddy.

Custom: This is the list of additional certificate authorities that you can add manually or import from a file. It allows you to trust certificates that are issued by your own or third-party certificate authorities that are not included in the system list.

Enabling regional scanning improves security for this organization when most of the received email originates from a specific region. Regional scanning is a feature that allows Cisco ESA to apply different spam thresholds and actions based on the geographic region of the sender’s IP address, using a database of IP addresses and regions.

To enable regional scanning on Cisco ESA, the administrator can follow these steps:

Select Security Services > IronPort Anti-Spam and click Edit Settings.

Under Regional Scanning, select Enable Regional Scanning.

Click Submit.

Select Security Services > IronPort Anti-Spam > Regional Settings and click Add Region.

Choose a region from the drop-down menu, such as Asia Pacific.

Enter a spam threshold and an action for that region, such as 80 and Drop.

Click Submit.

Message-filter order and MIME structure of the message are two factors that must be considered when message filter processing is configured on Cisco ESA. Message-filter order determines the sequence in which message filters are evaluated and applied to incoming messages, which can affect the final outcome of the filtering process. MIME structure of the message determines how message filters match against different parts of the message, such as headers, body, attachments, etc., which can affect the accuracy and performance of the filtering process.

STARTTLS is an SMTP extension that allows email servers to negotiate a secure connection using TLS or SSL encryption. Cisco ESA supports STARTTLS for both inbound and outbound email delivery.