Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

By default, neither private nor public listeners allow TLS connections. You must enable TLS in a 
listener’s HAT to enable TLS for either inbound (receiving) or outbound (sending) email. In addition, all 
default mail flow policy settings for private and public listeners have the 

tls

 setting set to “off.” 

You can assign a specific certificate for TLS connections to individual public listeners when creating a 
listener. For more information, see 

Navigate to the Network > Listeners page.

Click the name of the Listener to edit.

In the Certificate field, choose a certificate.

Submit and commit your changes.

TLS is allowed for incoming connections to the listener from MTAs. 

TLS is allowed for incoming connections to the listener from MTAs, and until 
a 

STARTTLS

 command is received, the appliance responds with an error message 

to every command other than 

NOOP

, 

EHLO

, or 

QUIT

. This behavior is specified by 

RFC 3207, which defines the SMTP Service Extension for Secure SMTP over 
Transport Layer Security. “Requiring” TLS means that email which the sender 
is not willing to encrypt with TLS will be refused by the appliance before it is 
sent, thereby preventing it from be transmitted in the clear.