Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
23-38
Cisco AsyncOS 8.5 for Email User Guide
Chapter 23 LDAP Queries
Configuring AsyncOS for SMTP Authentication
Authenticating SMTP Sessions Using Client Certificates
The Email Security appliance supports the use of client certificates to authenticate SMTP sessions
between the Email Security appliance and users’ mail clients.
between the Email Security appliance and users’ mail clients.
When creating an SMTP authentication profile, you select the Certificate Authentication LDAP query to
use for verifying the certificate. You can also specify whether the Email Security appliance falls back to
the SMTP AUTH command to authenticate the user if a client certificate isn’t available.
use for verifying the certificate. You can also specify whether the Email Security appliance falls back to
the SMTP AUTH command to authenticate the user if a client certificate isn’t available.
If your organization uses client certificates to authenticate users, you have the option of using the SMTP
Authentication query to check whether a user who doesn’t have a client certficate can send mail as long
as their record specifies that it’s allowed.
Authentication query to check whether a user who doesn’t have a client certficate can send mail as long
as their record specifies that it’s allowed.
See
for more information.
Outgoing SMTP Authentication
SMTP Authentication can also be used to provide validation for an outbound mail relay, using a
username and password. Create an ‘outgoing’ SMTP authentication profile and then attach the profile to
an SMTP route for the ALL domain. On each mail delivery attempt, the appliance will log on to the
upstream mail relay with the necessary credentials. Only a PLAIN SASL formatted login is supported.
username and password. Create an ‘outgoing’ SMTP authentication profile and then attach the profile to
an SMTP route for the ALL domain. On each mail delivery attempt, the appliance will log on to the
upstream mail relay with the necessary credentials. Only a PLAIN SASL formatted login is supported.
Procedure
Step 1
Choose Network > SMTP Authentication.
Step 2
Click Add Profile.
Step 3
Enter a unique name for the SMTP authentication profile.
Step 4
For the Profile Type, select Outgoing.
Step 5
Click Next.
Step 6
Enter an authentication username and password for the authentication profile.
Step 7
Click Finish.
Step 8
Choose Network > SMTP Routes.
Step 9
Click the All Other Domains link in the Receiving Domain column of the table.
Enter the SMTP code to use in the response. 550 is the standard code.
[550]> 551
Enter your custom SMTP response. Press Enter on a blank line to finish.
Sender rejected due to local mail policy.
Contact your mail admin for assistance.