Cisco Cisco Email Security Appliance C160 Guía Del Usuario
3-40
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Figure 3-25
Adding an Outgoing SMTP Route
Step 4
Click the All Other Domains link. The Edit SMTP Route page is displayed. Enter the name of the
Destination Host for the SMTP route. This is the hostname of your external mail relay used to deliver
outgoing mail.
Destination Host for the SMTP route. This is the hostname of your external mail relay used to deliver
outgoing mail.
Step 5
Select the outgoing SMTP authentication profile from the drop-down menu. Click the Submit button
Step 6
Commit your changes.
Logging and SMTP Authentication
The following events will be logged in the Cisco IronPort mail logs when the SMTP Authentication
mechanism (either LDAP-based, SMTP forwarding server based, or SMTP outgoing) is configured on
the appliance:
mechanism (either LDAP-based, SMTP forwarding server based, or SMTP outgoing) is configured on
the appliance:
•
[Informational] Successful SMTP Authentication attempts — including the user authenticated and
the mechanism used. (No plaintext passwords will be logged.)
the mechanism used. (No plaintext passwords will be logged.)
•
[Informational] Unsuccessful SMTP Authentication attempts — including the user authenticated
and the mechanism used.
and the mechanism used.
•
[Warning] Inability to connect to the authentication server — including the server name and the
mechanism.
mechanism.
•
[Warning] A time-out event when the forwarding server (talking to an upstream, injecting Cisco
IronPort appliance) times out while waiting for an authentication request.
IronPort appliance) times out while waiting for an authentication request.
Configuring External Authentication for Users
You can configure the Cisco IronPort appliance to use an LDAP directory on your network to
authenticate users by allowing them to log in with their LDAP usernames and passwords. After you
configure the authentication queries for the LDAP server, enable the appliance to use external
authentication on the System Administration > Users page in the GUI (or use the
authenticate users by allowing them to log in with their LDAP usernames and passwords. After you
configure the authentication queries for the LDAP server, enable the appliance to use external
authentication on the System Administration > Users page in the GUI (or use the
userconfig
command
in the CLI).
To configure external authentication for users, complete the following steps:
Step 1
Create a query to find user accounts. In an LDAP server profile, create a query to search for user
accounts in the LDAP directory.
accounts in the LDAP directory.
Step 2
Create group membership queries. Create a query to determine if a user is a member of a directory
group.
group.
Step 3
Set up external authentication to use the LDAP server. Enable the appliance to use the LDAP server
for user authentication and assign user roles to the groups in the LDAP directory. For more information,
see “Adding Users” in the Cisco IronPort AsyncOS for Email Daily Management Guide.
for user authentication and assign user roles to the groups in the LDAP directory. For more information,
see “Adding Users” in the Cisco IronPort AsyncOS for Email Daily Management Guide.