Cisco Cisco Email Security Appliance C650 Guía Del Usuario
22-38
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 22 LDAP Queries
Configuring AsyncOS for SMTP Authentication
Authenticating SMTP Sessions Using Client Certificates
The Email Security appliance supports the use of client certificates to authenticate SMTP sessions
between the Email Security appliance and users’ mail clients.
between the Email Security appliance and users’ mail clients.
When creating an SMTP authentication profile, you select the Certificate Authentication LDAP query to
use for verifying the certificate. You can also specify whether the Email Security appliance falls back to
the SMTP AUTH command to authenticate the user if a client certificate isn’t available.
use for verifying the certificate. You can also specify whether the Email Security appliance falls back to
the SMTP AUTH command to authenticate the user if a client certificate isn’t available.
If your organization uses client certificates to authenticate users, you have the option of using the SMTP
Authentication query to check whether a user who doesn’t have a client certficate can send mail as long
as their record specifies that it’s allowed.
Authentication query to check whether a user who doesn’t have a client certficate can send mail as long
as their record specifies that it’s allowed.
See
for more information.
Outgoing SMTP Authentication
SMTP Authentication can also be used to provide validation for an outbound mail relay, using a
username and password. Create an ‘outgoing’ SMTP authentication profile and then attach the profile to
an SMTP route for the ALL domain. On each mail delivery attempt, the Cisco appliance will log on to
the upstream mail relay with the necessary credentials. Only a PLAIN SASL formatted login is
supported.
username and password. Create an ‘outgoing’ SMTP authentication profile and then attach the profile to
an SMTP route for the ALL domain. On each mail delivery attempt, the Cisco appliance will log on to
the upstream mail relay with the necessary credentials. Only a PLAIN SASL formatted login is
supported.
Procedure
Step 1
Choose Network > SMTP Authentication.
Step 2
Click Add Profile.
Step 3
Enter a unique name for the SMTP authentication profile.
Step 4
For the Profile Type, select Outgoing.
Step 5
Click Next.
Step 6
Enter an authentication username and password for the authentication profile.
Step 7
Click Finish.
Step 8
Choose Network > SMTP Routes.
Step 9
Click the All Other Domains link in the Receiving Domain column of the table.
Enter the SMTP code to use in the response. 550 is the standard code.
[550]> 551
Enter your custom SMTP response. Press Enter on a blank line to finish.
Sender rejected due to local mail policy.
Contact your mail admin for assistance.