Cisco Cisco Email Security Appliance C190 사용자 가이드
1-29
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 1 Customizing Listeners
Note that this example asks you to use the
certconfig
command to ensure that there is a valid
certificate that can be used with the listener. If you have not created any certificates, the listener uses
the demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for
general use. Use the
the demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for
general use. Use the
listenerconfig -> edit -> certificate
command to assign a certificate to
the listener.
Once you have configured TLS, the setting will be reflected in the summary of the listener in the
CLI:
CLI:
Step 4
Issue the
commit
command to enable the change.
Enabling TLS and Certificate Verification on Delivery
You can require that TLS is enabled for email delivery to specific domains using the Destination
Controls page or the
Controls page or the
destconfig
command.
In addition to TLS, you can require that the domain’s server certificate is verified. This domain
verification is based on a digital certificate used to establish the domain’s credentials. The validation
process involves two validation requirements:
verification is based on a digital certificate used to establish the domain’s credentials. The validation
process involves two validation requirements:
•
The chain of issuer certificates for the SMTP session ends in a certificate issued by a trusted
certificate authority (CA).
certificate authority (CA).
•
The Common Name (CN) listed on the certificate matches either the receiving machine's DNS name
or the message's destination domain.
or the message's destination domain.
- or -
The message's destination domain matches one of the DNS names in the certificate's Subject
Alternative Name (subjectAltName) extension, as described in RFC 2459. The matching supports
wildcards as described in section 3.1 of RFC 2818.
Alternative Name (subjectAltName) extension, as described in RFC 2459. The matching supports
wildcards as described in section 3.1 of RFC 2818.
You have chosen to enable TLS. Please use the 'certconfig' command to
ensure that there is a valid certificate configured.
Name: Inboundmail
Type: Public
Interface: PublicNet (192.168.2.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 1000 (TCP Queue: 50)
Domain map: disabled
TLS: Required