Cisco Cisco Email Security Appliance C170 Betriebsanweisung

Note that this example asks you to use the 

certconfig

 command to ensure that there is a valid 

certificate that can be used with the listener. If you have not created any certificates, the listener uses 
the demonstration certificate that is pre-installed on the appliance. You may enable TLS with the 
demonstration certificate for testing purposes, but it is not secure and is not recommended for 
general use. Use the 

listenerconfig -> edit -> certificate

 command to assign a certificate to 

the listener.

Once you have configured TLS, the setting will be reflected in the summary of the listener in the 
CLI: 

Issue the 

commit

 command to enable the change. 

You can require that TLS is enabled for email delivery to specific domains using the Destination 
Controls page or the 

destconfig

 command. 

In addition to TLS, you can require that the domain’s server certificate is verified. This domain 
verification is based on a digital certificate used to establish the domain’s credentials. The validation 
process involves two validation requirements:

The chain of issuer certificates for the SMTP session ends in a certificate issued by a trusted 
certificate authority (CA).

The Common Name (CN) listed on the certificate matches either the receiving machine's DNS name 
or the message's destination domain.

- or -

The message's destination domain matches one of the DNS names in the certificate's Subject 
Alternative Name (subjectAltName) extension, as described in RFC 2459. The matching supports 
wildcards as described in section 3.1 of RFC 2818.

You have chosen to enable TLS. Please use the 'certconfig' command to 

ensure that there is a valid certificate configured.

Name: Inboundmail

Type: Public

Interface: PublicNet (192.168.2.1/24) TCP Port 25

Protocol: SMTP

Default Domain:

Max Concurrency: 1000 (TCP Queue: 50)

Domain map: disabled