Cisco Cisco Email Security Appliance C370D Weißbuch
© 2016 Cisco and/or its affiliates. All rights reserved.
7
Go Back to your Mail Flow Policies Page under Mail Policies Tab: Edit
your desired Policy (Accepted, Trusted or Default Policy Parameters)
Scroll Down to Security Features -> Encryption and Authentication ->
TLS:
Select your Address List “Test” as created above
Enable TLS on a HAT Mail Flow Policy for a Listener via the
Command-Line Interface (CLI)
1. Use the
listenerconfig -> edit command in order to choose a listener
you want to configure.
2. Use the
hostaccess -> default command in order to edit the
listener’s default HAT settings.
3. Enter one of these choices in order to change the TLS setting when
you are prompted:
Do you want to allow encrypted TLS connections?
1. No
2. Preferred
3. Required
[1]>3
2. Preferred
3. Required
[1]>3
You have chosen to enable TLS. Please use the ‘certconfig’ command
to ensure that there is a valid certificate configured.
Note that this example asks you to use the
certconfig command in
order to ensure that there is a valid certificate that can be used with
the listener. If you have not created any certificates, the listener uses
the demonstration certificate that is pre-installed on the appliance. You
can enable TLS with the demonstration certificate for testing purposes,
but it is not secure and is not recommended for general use. Use the
listenerconfig -> edit -> certificate command in order to assign a
certificate to the listener.
Once you have configured TLS, the setting is reflected in the summary
of the listener in the CLI:
Name: Inboundmail
Type: Public
Interface: PublicNet (192.168.2.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 1000 (TCP Queue: 50)
Domain map: disabled
TLS: Required
Type: Public
Interface: PublicNet (192.168.2.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 1000 (TCP Queue: 50)
Domain map: disabled
TLS: Required
4. Enter the
commit command in order to enable the change.
How to Enable TLS for Outbound Emails
GUI: How to Enable TLS for Outbound Emails for Specific Partner
Domains.
The following steps are necessary to enable TLS for delivery to hosts in
remote domains.
1. Go to GUI:
Mail Policies -> Destination Controls.
2. Click
Add Destination.
3. Add a new destination for the domain to which you will be using TLS
in the Destination Field.
4. Select the TLS support method from the TLS Support drop-down
list.
5. Set the Limits for concurrent connections (between 1 and 1000),
Maximum messages per connection (between 1 and 1000)
and number of recipients (Number of recipients between 1 and
1,000,000,000) from 1 to 60 minutes, bounce verification and
bounce profile, or accept the default values.
6. Apply a TLS setting for the domain (Default, None, Preferred,
Required, Preferred – Verify, Required – verify and Required – Verify
(Hosted Domains)).
How-To Secure Communications -
Setting Up Transport Layer Security (TLS)
Cisco Public