User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

651

652

653

654

655

656

657

658

659

660

24-46

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 24 Configuring Routing and Delivery Features

Controlling Email Delivery Using Destination Controls

Note If limits are applied per each Virtual Gateway address, you can still effectively implement system-wide

limits by setting the Virtual Gateway limit to the system-wide limit you want divided by the number of

possible virtual gateways. For example, if you have four Virtual Gateway addresses configured, and you

do not want to open more than 100 simultaneous connections to the domain

yahoo.com, set the Virtual

Gateway limit to 25 simultaneous connections.

Note The delivernow command, when acting on all domains, resets all counters tracked in the destconfig

command.

Controlling TLS

You can also configure the TLS (Transport Layer Security) on a per-domain basis. If the “Required”

setting is specified, a TLS connection will be negotiated from the appliance listener to MTA(s) for the

domain. If the negotiation fails, no email will be sent through the connection. For more information, see

Enabling TLS and Certificate Verification on Delivery, page 23-10.

You can specify whether the appliance sends an alert if the TLS negotiation fails when delivering

messages to a domain that requires a TLS connection. The alert message contains name of the destination

domain for the failed TLS negotiation. The appliance sends the alert message to all recipients set to

receive Warning severity level alerts for System alert types. You can manage alert recipients via the

System Administration > Alerts page in the GUI (or via the

alertconfig command in the CLI).

To enable TLS connection alerts, click Edit Global Settings on the Destination Controls page or

destconfig -> setup subcommand. This is a global setting, not a per-domain setting. For information

on the messages that the appliance attempted to deliver, use the Monitor > Message Tracking page or the

mail logs.

You must specify a certificate to use for all outgoing TLS connections. Use the Edit Global Settings on

the Destination Controls page or

destconfig -> setup subcommand to specify the certificate. For

information on obtaining a certificate, see Obtaining Certificates, page 23-2.

For more information on alerts, see the “System Administration” chapter.

Apply Limits

Specifies whether the limit will be applied (enforces) to the entire domain or to each

mail exchange IP address specified for that domain. (Many domains have multiple MX

records.)

This setting applies to connection, message, and recipient limits.

Specifies whether the limit will be applied system-wide or for each Virtual Gateway

address.

Note If you have configured groups of IP addresses, but you have not configured

virtual gateways, do not configure apply limits per each virtual gateway. This

setting is intended only for systems configured to use virtual gateways. For

information on configuring virtual gateways, see Configuring Mail Gateways

for all Hosted Domains Using Virtual Gateway™ Technology, page 24-59.

Table 24-8 Values in the Destination Controls Table (continued)

Field Description