User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

731

732

733

734

735

736

737

738

739

740

26-50

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 26 Authenticating SMTP Sessions Using Client Certificates

Overview of Certificates and SMTP Authentication

How to Authenticate a User with a Client Certificate

How to Authenticate a User with an SMTP Authentication LDAP Query

How to Authenticate a User with an LDAP SMTP Authentication Query if the

Client Certificate is Invalid

Table 26-1 How to Authenticate a User with a Client Certificate

Do This More Info

Step 1 Define a certificate query for your LDAP

server.

Checking the Validity of a Client Certificate, page 26-51

Step 2 Create a certificate-based SMTP authentication

profile.

Authenticating an SMTP Connection Over TLS Using a

Client Certificate, page 26-52

Step 3 Configure a listener to use the certificate SMTP

authentication profile.

Listening for Connection Requests by Creating a Listener

via the GUI, page 5-8

Step 4 Modify the RELAYED mail flow policy to

require TLS, a client certificate, and SMTP

authentication.

Establishing a TLS Connection from the Appliance,

page 26-53

Table 26-2 How to Authenticate a User with an SMTP Authenticate LDAP Query

Do This More Info

Step 1 Define an SMTP authentication query for your

server that uses an allowance query string and

Bind for the authentication method.

Authenticating a User Using an LDAP Directory,

page 26-52

Step 2 Create an LDAP-based SMTP authentication

profile.

Configuring AsyncOS for SMTP Authentication,

page 25-32

Step 3 Configure a listener to use the LDAP SMTP

authentication profile.

If the user is not allowed to use LDAP-based SMTP

authentication for their connection, you can select whether

the appliance rejects the connection or temporarily allows

it while logging all activity.

Step 4 Modify the RELAYED mail flow policy to

require TLS and SMTP authentication.

Establishing a TLS Connection from the Appliance,

page 26-53

Table 26-3 How to Authenticate a User with a Client Certificate or an LDAP SMTP Authentication Query

Do This More Info

Step 1 Define an SMTP authentication query for your

server that uses an allowance query string and

Bind for the authentication method.

Authenticating a User Using an LDAP Directory,

page 26-52

Step 2 Define a certificate-based query for your LDAP

server.

Checking the Validity of a Client Certificate, page 26-51