Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Navigate to the Mail Policies Destination Controls page.

Click Edit Global Settings. 

Click Enable for “Send an alert when a required TLS connection fails.”

This is a global setting, not a per-domain setting. For information on the messages that the appliance 
attempted to deliver, use the Monitor > Message Tracking page or the mail logs.

Submit and commit your changes.

To enable TLS connection alerts using the CLI, use the 

destconfig -> setup

 command.

The Email Security appliance will note in the mail logs instances when TLS is required for a domain but 
could not be used. Information on why the TLS connection could not be used will be included. The mail 
logs will be updated when any of the following conditions are met:

The remote MTA does not support ESMTP (for example, it did not understand the EHLO command 
from the Email Security appliance). 

The remote MTA supports ESMTP but “STARTTLS” was not in the list of extensions it advertised 
in its EHLO response. 

The remote MTA advertised the “STARTTLS” extension but responded with an error when the 
Email Security appliance sent the STARTTLS command. 

In this example, the 

destconfig

 command is used to require TLS connections and encrypted 

conversations for the domain “partner.com.” The list is then printed.

A certificate for example.com is used for outgoing TLS connections instead of the demonstration 
certificate that is pre-installed. You may enable TLS with the demonstration certificate for testing 
purposes, but it is not secure and is not recommended for general use.

mail3.example.com> destconfig

There is currently 1 entry configured.

Choose the operation you want to perform: