Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
1-39
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Chapter 1 Customizing Listeners
Figure 1-17
The Export Certificate Authority List Page
To export a list via the GUI, click Export List on the Edit Certificate Authorities
page. AsyncOS displays the Export Certificate Authority List page. Select the list
you want to export and enter a filename for the list. Click Export. AsyncOS
displays a dialog box asking if want to open or save the list as a .txt file.
page. AsyncOS displays the Export Certificate Authority List page. Select the list
you want to export and enter a filename for the list. Click Export. AsyncOS
displays a dialog box asking if want to open or save the list as a .txt file.
Enabling TLS on a Listener’s HAT
You must enable TLS for any listeners where you require encryption. You may
want to enable TLS on listeners facing the Internet (that is, public listeners), but
not for listeners for internal systems (that is, private listeners). Or, you may want
to enable encryption for all listeners.
want to enable TLS on listeners facing the Internet (that is, public listeners), but
not for listeners for internal systems (that is, private listeners). Or, you may want
to enable encryption for all listeners.
You can specify 3 different settings for TLS on a listener. See Table 3-19.
Table 1-6
TLS Settings for a Listener
TLS Setting
Meaning
1. No
TLS is not allowed for incoming connections. No connections
to the listener will require encrypted SMTP conversations.
This is the default setting for all listeners you configure on the
appliance.
to the listener will require encrypted SMTP conversations.
This is the default setting for all listeners you configure on the
appliance.
2. Preferred
TLS is allowed for incoming connections to the listener from
MTAs.
MTAs.
3. Required
TLS is allowed for incoming connections to the listener from
MTAs, and until a
MTAs, and until a
STARTTLS
command is received, the
IronPort appliance responds with an error message to every
command other than
command other than
NOOP
,
EHLO
, or
QUIT
. This behavior is
specified by RFC 3207, which defines the SMTP Service
Extension for Secure SMTP over Transport Layer Security.
“Requiring” TLS means that email which the sender is not
willing to encrypt with TLS will be refused by the IronPort
appliance before it is sent, thereby preventing it from be
transmitted in the clear.
Extension for Secure SMTP over Transport Layer Security.
“Requiring” TLS means that email which the sender is not
willing to encrypt with TLS will be refused by the IronPort
appliance before it is sent, thereby preventing it from be
transmitted in the clear.