Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Issue the 

commit

 command to enable the change. 

You can require that TLS is enabled for email delivery to specific domains using 
the Destination Controls page or the 

destconfig

 command. 

In addition to TLS, you can require that the domain’s server certificate is verified. 
This domain verification is based on a digital certificate used to establish the 
domain’s credentials. The validation process involves two validation 
requirements:

The chain of issuer certificates for the SMTP session ends in a certificate 
issued by a trusted certificate authority (CA).

The Common Name (CN) listed on the certificate matches either the 
receiving machine's DNS name or the message's destination domain.

- or -

The message's destination domain matches one of the DNS names in the 
certificate's Subject Alternative Name (subjectAltName) extension, as 
described in RFC 2459. The matching supports wildcards as described in 
section 3.1 of RFC 2818.

A trusted CA is a third-party organization or company that issues digital 
certificates used to verify identity and distributes public keys. This provides an 
additional level of assurance that the certificate is issued by a valid and trusted 
identity. 

You can configure your IronPort appliance to send messages to a domain over a 
TLS connection as an alternative to envelope encryption. See the “IronPort Email 
Encryption” chapter in the Cisco IronPort AsyncOS for Email Configuration 
Guide for more information. 

Domain map: disabled