Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
731732733734735736737738739740
26-53
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 26 Authenticating SMTP Sessions Using Client Certificates
Establishing a TLS Connection from the Appliance
Procedure
Step 1 Select Network > SMTP Authentication.
Step 2 Click Add Profile.
Step 3 Enter the name for the SMTP authentication profile.
Step 4 Select Certificate for the Profile Type.
Step 5 Click Next.
Step 6 Enter the profile name.
Step 7 Select the certificate LDAP query you want to use with this SMTP authentication profile.
Note Do not select the option to allow the SMTP AUTH command if a client certificate is not
available.
Step 8 Click Finish.
Step 9 Submit and commit your changes.
Establishing a TLS Connection from the Appliance
The Verify Client Certificate option in the RELAYED mail flow policy directs the Email Security
appliance to establish a TLS connection to the users mail application if the client certificate is valid. If
you select this option for the TLS Preferred setting, the appliance still allows a non-TLS connection if
the user doesn’t have a certificate, but rejects a connection if the user has an invalid certificate. For the
TLS Required setting, selecting this option requires the user to have a valid certificate in order for the
appliance to allow the connection.
To authenticate a user’s SMTP session with a client certificate, select the following settings:
TLS - Required
Verify Client Certificate
Require SMTP Authentication
Note Although SMTP authentication is required, the Email Security appliance will not use the SMTP
authentication LDAP query because it is using certificate authentication.
To authenticate a user’s SMTP session using the SMTP authentication query instead of a client
certificate, select the following settings for the RELAYED mail flow policy:
TLS - Required
Require SMTP Authentication
If you require the Email Security appliance to ask for a client certificate from certain users while
allowing LDAP-based SMTP authentication from others, select the following settings for the RELAYED
mail flow policy:
TLS - Preferred