Cisco Cisco Email Security Appliance C190 Guia Do Utilizador
7-18
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 7 Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT)
Handling Messages from a Group of Senders in the Same Manner
TLS
Deny, Prefer, or Require Transport Layer Security (TLS) in SMTP
conversations for this listener.
conversations for this listener.
If you select Preferred, you can make TLS mandatory for envelope
senders from a specific domain or with a specific email address by
selecting an Address List that specifies those domains and email
addresses. When an envelope sender matching a domain or address in
this list tries to send a message over a connection that does not use TLS,
the appliance rejects the connection and the sender will have to try
again using TLS.
senders from a specific domain or with a specific email address by
selecting an Address List that specifies those domains and email
addresses. When an envelope sender matching a domain or address in
this list tries to send a message over a connection that does not use TLS,
the appliance rejects the connection and the sender will have to try
again using TLS.
The Verify Client Certificate option directs the Email Security
appliance to establish a TLS connection to the user’s mail application
if the client certificate is valid. If you select this option for the TLS
Preferred setting, the appliance still allows a non-TLS connection if the
user doesn’t have a certificate, but rejects a connection if the user has
an invalid certificate. For the TLS Required setting, selecting this
option requires the user to have a valid certificate in order for the
appliance to allow the connection.
appliance to establish a TLS connection to the user’s mail application
if the client certificate is valid. If you select this option for the TLS
Preferred setting, the appliance still allows a non-TLS connection if the
user doesn’t have a certificate, but rejects a connection if the user has
an invalid certificate. For the TLS Required setting, selecting this
option requires the user to have a valid certificate in order for the
appliance to allow the connection.
For information on creating an address list, see
.
For information on using client certificates for TLS connections, see
SMTP Authentication
Allows, disallow, or requires SMTP Authentication from remote hosts
connecting to the listener. SMTP Authentication is described in detail
in the “LDAP Queries” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
connecting to the listener. SMTP Authentication is described in detail
in the “LDAP Queries” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
If Both TLS and SMTP
Authentication are enabled:
Authentication are enabled:
Require TLS to offer SMTP Authentication.
Domain Key Signing
Domain Key/ DKIM Signing Enable Domain Keys or DKIM signing on this listener (ACCEPT and
RELAY only).
DKIM Verification
Enable DKIM verification.
SPF/SIDF Verification
Enable SPF/SIDF
Verification
Verification
Enable SPF/SIDF signing on this listener. For more information, see the
“Email Authentication” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
“Email Authentication” chapter of the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
Conformance Level
Set the SPF/SIDF conformance level. You can choose from SPF, SIDF
or SIDF Compatible. For details, see the “Email Authentication”
chapter of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
or SIDF Compatible. For details, see the “Email Authentication”
chapter of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
Downgrade PRA
verification result if
'Resent-Sender:' or
'Resent-From:' were used:
verification result if
'Resent-Sender:' or
'Resent-From:' were used:
If you choose a conformance level of SIDF compatible, configure
whether you want to downgrade Pass result of the PRA Identity
verification to None if there are Resent-Sender: or Resent-From:
headers present in the message. You may choose this option for security
purposes.
whether you want to downgrade Pass result of the PRA Identity
verification to None if there are Resent-Sender: or Resent-From:
headers present in the message. You may choose this option for security
purposes.
Table 7-8
Mail Flow Policy Parameters (continued)
Parameter
Description