Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
1-4
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 1 Getting Started with the Cisco Email Security Appliance
What’s New in This Release
From version 8.0 onwards, AsyncOS for Email is a 64-bit software. As a result of this changed memory
model, the threshold values are revised in this release. Appliance enters resource conservation mode
when the RAM utilization exceeds 45% and the allowed injection rate is gradually decreased as RAM
utilization approaches 60%. This change does not affect the memory utilization on the appliance and all
the components in the appliance continue to use the memory as earlier.
model, the threshold values are revised in this release. Appliance enters resource conservation mode
when the RAM utilization exceeds 45% and the allowed injection rate is gradually decreased as RAM
utilization approaches 60%. This change does not affect the memory utilization on the appliance and all
the components in the appliance continue to use the memory as earlier.
Caution
Appliances with large memory utilization, especially with large system quarantine, can enter resource
conservation immediately after upgrading to AsyncOS 8.0.2 for Email. To avoid this scenario, make sure
that you reduce the system quarantine to a few thousand messages before upgrading.
conservation immediately after upgrading to AsyncOS 8.0.2 for Email. To avoid this scenario, make sure
that you reduce the system quarantine to a few thousand messages before upgrading.
Additional TLS Support Option
Prior to this release, TLS verification against hosted cloud email services fails when:
•
Cloud provider presents a common certificate for all hosted domains.
•
The destination controls for these domains have TLS Support set to Required-Verify.
AsyncOS for Email now supports a new TLS Support option - Required - Verify Hosted Domains. This
option allows you to perform TLS verification against hosted cloud email services where the cloud
provider presents a common certificate for all hosted domains. Using this option, you can now send
emails over TLS for such domains, as well as domains that are not hosted on cloud.
option allows you to perform TLS verification against hosted cloud email services where the cloud
provider presents a common certificate for all hosted domains. Using this option, you can now send
emails over TLS for such domains, as well as domains that are not hosted on cloud.
The new TLS support option is available on Add or Edit Destination Controls page (Mail Policies >
Destination Controls).
Destination Controls).
The presented identity of a cloud email server or a destination is either a SubjectAltName (SAN) of type
DNSName or a Common Name (CN) of a X.509 public key certificate. Note that CN is checked only if
SAN is empty, as SAN has higher priority than CN. AsyncOS performs an exact or wildcard matching
in the following order:
DNSName or a Common Name (CN) of a X.509 public key certificate. Note that CN is checked only if
SAN is empty, as SAN has higher priority than CN. AsyncOS performs an exact or wildcard matching
in the following order:
1.
Presented identity with recipient email domain.
2.
Presented identity with email server hostname configured in AsyncOS for Email (under Network >
SMTP Routes).
SMTP Routes).
3.
Presented identity with email server hostname derived from a DNS or MX query against the
recipient's email domain name.
recipient's email domain name.
To verify the server identity, one of the above parameters must match.
Note
If you have existing destination controls for hosted cloud email services (where the cloud provider
presents a common certificate for all hosted domains), make sure that you set TLS Support to Required
- Verify Hosted Domains.
presents a common certificate for all hosted domains), make sure that you set TLS Support to Required
- Verify Hosted Domains.