Cisco Cisco Email Security Appliance C170 Guía Del Usuario
25-8
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 25 Encrypting Communication with Other MTAs
Enabling TLS on a Listener’s HAT
By default, neither private nor public listeners allow TLS connections. You must enable TLS in a
listener’s HAT to enable TLS for either inbound (receiving) or outbound (sending) email. In addition, all
default mail flow policy settings for private and public listeners have the
listener’s HAT to enable TLS for either inbound (receiving) or outbound (sending) email. In addition, all
default mail flow policy settings for private and public listeners have the
tls
setting set to “off.”
You can assign a specific certificate for TLS connections to individual public listeners when creating a
listener. For more information, see
listener. For more information, see
Related Topics
•
Assigning a Certificate to a Public or Private Listener for TLS Connections Using the GUI,
page 25-8
page 25-8
•
Assigning a Certificate to a Public or Private Listener for TLS Connections Using the CLI,
page 25-9
page 25-9
•
•
•
Assigning a Certificate to a Public or Private Listener for TLS Connections
Using the GUI
Using the GUI
Procedure
Step 1
Navigate to the Network > Listeners page.
Step 2
Click the name of the Listener to edit.
Step 3
In the Certificate field, choose a certificate.
Step 4
Submit and commit your changes.
2. Preferred
TLS is allowed for incoming connections to the listener from MTAs.
3. Required
TLS is allowed for incoming connections to the listener from MTAs, and until
a
a
STARTTLS
command is received, the appliance responds with an error message
to every command other than
NOOP
,
EHLO
, or
QUIT
. This behavior is specified by
RFC 3207, which defines the SMTP Service Extension for Secure SMTP over
Transport Layer Security. “Requiring” TLS means that email which the sender
is not willing to encrypt with TLS will be refused by the appliance before it is
sent, thereby preventing it from be transmitted in the clear.
Transport Layer Security. “Requiring” TLS means that email which the sender
is not willing to encrypt with TLS will be refused by the appliance before it is
sent, thereby preventing it from be transmitted in the clear.
Table 25-2
TLS Settings for a Listener
TLS Setting
Meaning