Руководство Пользователя для Cisco Cisco Email Security Appliance C160
25-12
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 25 Encrypting Communication with Other MTAs
Enabling TLS and Certificate Verification on Delivery
If there is no specific entry for a given recipient domain in the good neighbor table, or if there is a
specific entry but there is no specific TLS setting for the entry, then the behavior is whatever is set using
the Destination Controls page or the
specific entry but there is no specific TLS setting for the entry, then the behavior is whatever is set using
the Destination Controls page or the
destconfig -> default
subcommand (“No,” “Preferred,”
“Required,” “Preferred (Verify),” or “Required (Verify)”).
Related Topics
•
•
•
Sending Alerts When a Required TLS Connection Fails
You can specify whether the Email Security appliance sends an alert if the TLS negotiation fails when
delivering messages to a domain that requires a TLS connection. The alert message contains name of the
destination domain for the failed TLS negotiation. The Email Security appliance sends the alert message
to all recipients set to receive Warning severity level alerts for System alert types. You can manage alert
recipients via the System Administration > Alerts page in the GUI (or via the
delivering messages to a domain that requires a TLS connection. The alert message contains name of the
destination domain for the failed TLS negotiation. The Email Security appliance sends the alert message
to all recipients set to receive Warning severity level alerts for System alert types. You can manage alert
recipients via the System Administration > Alerts page in the GUI (or via the
alertconfig
command in
the CLI).
Related Topics
•
4. Preferred (Verify)
TLS is negotiated from the Email Security appliance to the MTA(s) for the
domain. The appliance attempts to verify the domain’s certificate.
domain. The appliance attempts to verify the domain’s certificate.
Three outcomes are possible:
•
TLS is negotiated and the certificate is verified. The mail is delivered via an
encrypted session.
encrypted session.
•
TLS is negotiated, but the certificate is not verified. The mail is delivered
via an encrypted session.
via an encrypted session.
•
No TLS connection is made and, subsequently the certificate is not verified.
The email message is delivered in plain text.
The email message is delivered in plain text.
5. Required (Verify)
TLS is negotiated from the Email Security appliance to the MTA(s) for the
domain. Verification of the domain’s certificate is required.
domain. Verification of the domain’s certificate is required.
Three outcomes are possible:
•
A TLS connection is negotiated and the certificate is verified. The email
message is delivered via an encrypted session.
message is delivered via an encrypted session.
•
A TLS connection is negotiated but the certificate is not verified by a trusted
CA. The mail is not delivered.
CA. The mail is not delivered.
•
A TLS connection is not negotiated. The mail is not delivered.
Table 25-3
TLS Settings for Delivery
TLS Setting
Meaning