Cisco Cisco Email Security Appliance C190 User Guide
3-2
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 3 Setup and Installation
Installation Planning
Ensure that the Cisco appliance is both accessible via the public Internet and is the “first hop” in your
email infrastructure. If you allow another MTA to sit at your network’s perimeter and handle all external
connections, then the Email Security appliance will not be able to determine the sender’s IP address. The
sender’s IP address is needed to identify and distinguish senders in the Mail Flow Monitor, to query the
SenderBase Reputation Service for the sender’s SenderBase Reputation Score (SBRS), and to improve
the efficacy of the Cisco Anti-Spam and Outbreak Filters features.
email infrastructure. If you allow another MTA to sit at your network’s perimeter and handle all external
connections, then the Email Security appliance will not be able to determine the sender’s IP address. The
sender’s IP address is needed to identify and distinguish senders in the Mail Flow Monitor, to query the
SenderBase Reputation Service for the sender’s SenderBase Reputation Score (SBRS), and to improve
the efficacy of the Cisco Anti-Spam and Outbreak Filters features.
Note
If you cannot configure the appliance as the first machine receiving email from the Internet, you can still
exercise some of the security services available on the appliance. For more information, see
exercise some of the security services available on the appliance. For more information, see
.
When you use the Cisco appliance as your SMTP gateway:
•
The Mail Flow Monitor feature (see
) offers complete
visibility into all email traffic for your enterprise from both internal and external senders.
•
LDAP queries (see
) for routing, aliasing, and masquerading can
consolidate your directory infrastructure and provide for simpler updates.
•
Familiar tools like alias tables (see
), domain-based routing (
), and masquerading (
make the transition from Open-Source MTAs easier.
Register the Cisco Appliance in DNS
Malicious email senders actively search public DNS records to hunt for new victims. In order to utilize
the full capabilities of Cisco Anti-Spam, Outbreak Filters, McAfee Antivirus and Sophos Anti-Virus,
ensure that the Cisco appliance is registered in DNS.
the full capabilities of Cisco Anti-Spam, Outbreak Filters, McAfee Antivirus and Sophos Anti-Virus,
ensure that the Cisco appliance is registered in DNS.
To register the Cisco appliance in DNS, create an A record that maps the appliance’s hostname to its IP
address, and an MX record that maps your public domain to the appliance’s hostname. You must specify
a priority for the MX record to advertise the Cisco appliance as either a primary or backup MTA for your
domain.
address, and an MX record that maps your public domain to the appliance’s hostname. You must specify
a priority for the MX record to advertise the Cisco appliance as either a primary or backup MTA for your
domain.
In the following example, the Cisco appliance (ironport.example.com) is a backup MTA for the domain
example.com, since its MX record has a higher priority value (20). In other words, the higher the numeric
value, the lower the priority of the MTA.
example.com, since its MX record has a higher priority value (20). In other words, the higher the numeric
value, the lower the priority of the MTA.
By registering the Cisco appliance in DNS, you will attract spam attacks regardless of how you set the
MX record priority. However, virus attacks rarely target backup MTAs. Given this, if you want to
evaluate an anti-virus engine to its fullest potential, configure the Cisco appliance to have an MX record
priority of equal or higher value than the rest of your MTAs.
MX record priority. However, virus attacks rarely target backup MTAs. Given this, if you want to
evaluate an anti-virus engine to its fullest potential, configure the Cisco appliance to have an MX record
priority of equal or higher value than the rest of your MTAs.
Installation Scenarios
You can install your Cisco appliance into your existing network infrastructure in several ways.
$ host -t mx example.com
example.com mail is handled (pri=10) by mail.example.com
example.com mail is handled (pri=20) by ironport.example.com