Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Ensure that the Email Security appliance is both accessible via the public Internet and is the “first hop” 
in your email infrastructure. If you allow another MTA to sit at your network’s perimeter and handle all 
external connections, then the Email Security appliance will not be able to determine the sender’s IP 
address. The sender’s IP address is needed to identify and distinguish senders in the Mail Flow Monitor, 
to query the SenderBase Reputation Service for the sender’s SenderBase Reputation Score (SBRS), and 
to improve the efficacy of the Anti-Spam and Outbreak Filters features. 

If you cannot configure the appliance as the first machine receiving email from the Internet, you can still 
exercise some of the security services available on the appliance. For more information, see 

. 

When you use the Email Security appliance as your SMTP gateway: 

The Mail Flow Monitor feature (see 

) offers complete 

visibility into all email traffic for your enterprise from both internal and external senders. 

LDAP queries (see 

) for routing, aliasing, and masquerading can 

consolidate your directory infrastructure and provide for simpler updates. 

Familiar tools like alias tables (see 

), domain-based routing (

), and masquerading (

make the transition from Open-Source MTAs easier. 

Malicious email senders actively search public DNS records to hunt for new victims. In order to utilize 
the full capabilities of Anti-Spam, Outbreak Filters, McAfee Antivirus and Sophos Anti-Virus, ensure 
that the Email Security appliance is registered in DNS. 

To register the appliance in DNS, create an A record that maps the appliance’s hostname to its IP address, 
and an MX record that maps your public domain to the appliance’s hostname. You must specify a priority 
for the MX record to advertise the Email Security appliance as either a primary or backup MTA for your 
domain. 

In the following example, the Email Security appliance (ironport.example.com) is a backup MTA for the 
domain example.com, since its MX record has a higher priority value (20). In other words, the higher 
the numeric value, the lower the priority of the MTA.

By registering the Email Security appliance in DNS, you will attract spam attacks regardless of how you 
set the MX record priority. However, virus attacks rarely target backup MTAs. Given this, if you want 
to evaluate an anti-virus engine to its fullest potential, configure the Email Security appliance to have an 
MX record priority of equal or higher value than the rest of your MTAs.

You can install your Email Security appliance into your existing network infrastructure in several ways. 

$ host -t mx example.com

example.com mail is handled (pri=10) by mail.example.com

example.com mail is handled (pri=20) by ironport.example.com