Cisco Cisco Email Security Appliance X1070 Libro blanco
© 2016 Cisco and/or its affiliates. All rights reserved.
9
Do you wish to apply a specific TLS setting for this domain? [N]>
Y
Do you want to use TLS support?
1. No
2. Preferred
3. Required
4. Preferred - Verify
5. Required - Verify
6. Required - Verify Hosted Domains
2. Preferred
3. Required
4. Preferred - Verify
5. Required - Verify
6. Required - Verify Hosted Domains
[1]>
3
You have chosen to enable TLS. Please use the ‘certconfig’ command
to ensure that there is a valid certificate configured.
Do you wish to apply a specific bounce verification address tagging
setting for this domain? [N]>
N
Do you wish to apply a specific bounce profile to this domain? [N]>
N
Do you wish to apply a specific IP sort preference to this domain? [N]>
N
There are currently 3 entries configured.
Choose the operation you want to perform:
•
SETUP - Change global settings.
•
NEW - Create a new entry.
•
EDIT - Modify an entry.
•
DELETE - Remove an entry.
•
DEFAULT - Change the default.
•
LIST - Display a summary list of all entries.
•
DETAIL - Display details for one destination or all entries.
•
CLEAR - Remove all entries.
•
IMPORT - Import tables from a file.
•
EXPORT - Export tables to a file.
[]>
list
Rate Bounce Bounce IP Version
Domain Limiting TLS Verification Profile Preference
=========== ======== ======= ============ ========= ============
example.com Default On Default Default Default
(Default) On Off Off (Default) Prefer IPv6
Domain Limiting TLS Verification Profile Preference
=========== ======== ======= ============ ========= ============
example.com Default On Default Default Default
(Default) On Off Off (Default) Prefer IPv6
TLS Setting Definitions
TLS Setting
Meaning
Default
The default TLS setting that is set when you use the
Destination Controls page or the destconfig -> default
subcommand used for outgoing connections from the
listener to the Message Transfer Agent (MTA) for the
domain. The value “Default” is set if you answer no
to the question: “Do you wish to apply a specific TLS
setting for this domain?”
1. None
TLS is not negotiated for outgoing connections from
the interface to the MTA for the domain.
2. Preferred
TLS is negotiated from the ESA interface to the
MTA(s) for the domain. However, if the TLS negotiation
fails (prior to receiving a 220 response), the SMTP
transaction continues “in the clear” (not encrypted).
No attempt is made to verify if the certificate originates
from a trusted certificate authority. If an error occurs
after the 220 response is received, the SMTP
transaction does not fall back to clear text.
3. Required
TLS is negotiated from the ESA interface to MTA(s)
for the domain. No attempt is made to verify the
certificate of the domain. If the negotiation fails, no
email is sent through the connection. If the negotiation
succeeds, the mail is delivered via an encrypted
session.
How-To Secure Communications -
Setting Up Transport Layer Security (TLS)
Cisco Public