Cisco Cisco Email Security Appliance C170 사용자 가이드

The Cisco IronPort appliance will note in the mail logs instances when TLS is required but could not be 
used by the listener. The mail logs will be updated when the following condition is met:

TLS is set to “required” for a listener, 

the Cisco IronPort appliance has sent a "Must issue a STARTTLS command first" command, and

the connection is closed without having received any successful recipients. 

Information on why the TLS connection failed will be included in the mail logs.

To change the TLS setting for a HAT mail flow policy for a listener via the GUI, follow these steps:

From the Mail Flow Policies page, choose a listener whose policies you want to modify, and then click 
the link for the name of policy to edit. (You can also edit the Default Policy Parameters.) 

The Edit Mail Flow Policies page is displayed. 

In the “Encryption and Authentication” section, for the “TLS:” field, choose the level of TLS you want 
for the listener. 

Submit and commit your changes. 

The mail flow policy for the listener is updated with the TLS setting you chose. 

To change the default TLS setting for a listener via the CLI, follow these steps:

Use the 

listenerconfig -> edit 

command to choose a listener you want to configure. 

Use the

 hostaccess -> default

 command to edit the listener’s default HAT settings. 

Change the TLS setting by entering one of the following choices when you are prompted with the 
following questions: 

Do you want to allow encrypted TLS connections?

1. No

2. Preferred

3. Required

[1]> 3