Cisco AsyncOS 9.1 for Email CLI Reference Guide March 27, 2015 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS Preface 1 Before you Read this Book Typographic Conventions 1 2 Additional Resources 2 Documentation 2 Knowledge Base 2 Cisco Support Community 3 Customer Support 3 Registering for a Cisco Account 3 Cisco Welcomes Your Comments 3 CHAPTER 1 CLI Quick Reference Guide 1-1 CLI Commands (No Commit Required) CLI Commands (Commit Required) CHAPTER 2 Command Line Interface: The Basics 1-2 1-5 2-1 Accessing the Command Line Interface (CLI) 2-1 Command Line Interface Conventions 2-2 General
Contents Anti-Virus 3-11 antivirusconfig 3-11 antivirusstatus 3-13 antivirusupdate 3-13 Command Line Management 3-14 commit 3-14 commitdetail 3-14 clearchanges or clear 3-15 help or h or ? 3-15 rollbackconfig 3-16 quit or q or exit 3-16 Configuration File Management loadconfig 3-17 mailconfig 3-18 resetconfig 3-19 saveconfig 3-20 showconfig 3-21 Cluster Management 3-22 clusterconfig 3-22 Data Loss Prevention 3-24 dlprollback 3-24 dlpstatus 3-25 dlpupdate 3-25 emconfig 3-26 emdiagnostic 3-28 S/MIME Security
Contents General Management/Administration/Troubleshooting addressconfig 3-58 adminaccessconfig 3-59 certconfig 3-65 date 3-70 diagnostic 3-70 diskquotaconfig 3-74 ecconfig 3-75 ecstatus 3-76 ecupdate 3-77 encryptionconfig 3-77 encryptionstatus 3-81 encryptionupdate 3-81 featurekey 3-82 featurekeyconfig 3-82 fipsconfig 3-83 generalconfig 3-85 ntpconfig 3-86 reboot 3-87 repengstatus 3-88 resume 3-88 resumedel 3-89 resumelistener 3-89 revert 3-90 settime 3-91 settz 3-91 shutdown 3-92 sshconfig 3-93 status 3-
Contents updatenow 3-111 version 3-112 wipedata 3-112 upgrade 3-113 LDAP 3-114 ldapconfig 3-114 ldapflush 3-119 ldaptest 3-119 sievechar 3-120 Mail Delivery Configuration/Monitoring addresslistconfig 3-122 aliasconfig 3-123 archivemessage 3-126 altsrchost 3-126 bounceconfig 3-128 bouncerecipients 3-132 bvconfig 3-133 deleterecipients 3-135 deliveryconfig 3-136 delivernow 3-137 destconfig 3-137 hostrate 3-145 hoststatus 3-145 imageanalysisconfig 3-147 oldmessage 3-148 rate 3-148 redirectrecipients 3-149 res
Contents nslookup 3-163 netstat 3-164 packetcapture 3-164 ping 3-166 ping6 3-167 routeconfig 3-168 setgateway 3-171 sethostname 3-171 smtproutes 3-172 sslconfig 3-174 sslv3config 3-176 telnet 3-176 traceroute 3-177 traceroute6 3-178 Outbreak Filters 3-180 outbreakconfig 3-180 outbreakflush 3-181 outbreakstatus 3-182 outbreakupdate 3-182 Policy Enforcement 3-183 dictionaryconfig 3-183 exceptionconfig 3-187 filters 3-188 policyconfig 3-190 quarantineconfig 3-210 scanconfig 3-212 stripheaders 3-214 textconfig
Contents Senderbase 3-238 sbstatus 3-238 senderbaseconfig 3-239 SMTP Services Configuration 3-239 callaheadconfig 3-240 listenerconfig 3-242 Example - Configuring SPF and SIDF localeconfig 3-269 smtpauthconfig 3-270 System Setup 3-271 systemsetup 3-271 URL Filtering 3-276 urllistconfig 3-276 webcacheflush 3-277 websecurityadvancedconfig 3-277 websecurityconfig 3-278 websecuritydiagnostics 3-279 User Management 3-280 userconfig 3-280 password or passwd 3-283 last 3-283 who 3-284 whoami 3-284 Virtual Appli
Preface The instructions in this book are designed for an experienced system administrator with knowledge of networking and email administration. Before you Read this Book Note If you have already cabled your appliance to your network, ensure that the default IP address for the appliance does not conflict with other IP addresses on your network. The IP address assigned to the Management port by the factory is 192.168.42.42.
Typographic Conventions Typeface or Symbol Meaning Examples Please choose an IP interface for this Listener. AaBbCc123 The names of commands, files, and directories; on-screen computer output. What you type, when contrasted with on-screen computer output. mail3.example.com> commit Please enter some comments describing your changes: []> Changed the system hostname Book titles, new words or terms, words to be emphasized. Command line variable; replace with a real name or value.
Cisco Support Community Cisco Support Community is an online forum for Cisco customers, partners, and employees. It provides a place to discuss general content security issues, as well as technical information about specific Cisco products. You can post topics to the forum to ask questions and share information with other users. Access the Cisco Support Community for Email Security appliances at: https://supportforums.cisco.
Cisco AsyncOS 9.
CH A P T E R 1 CLI Quick Reference Guide Use the tables to locate the appropriate CLI command, a brief description and its availability on the C-, X, and M-series platforms. • CLI Commands (No Commit Required), page 1-2 • CLI Commands (Commit Required), page 1-5 Cisco AsyncOS 9.
Chapter 1 CLI Quick Reference Guide CLI Commands (No Commit Required) CLI Commands (No Commit Required) CLI Command Description Platform Availability antispamstatus Display Anti-Spam status C- and X- Series antispamupdate Manually update spam definitions C- and X- Series antivirusstatus Display anti-virus status C- and X- Series antivirusupdate Manually update virus definitions C- and X- Series archivemessage Archives older messages in your queue.
Chapter 1 CLI Quick Reference Guide CLI Commands (No Commit Required) ldapflush Flush any cached LDAP results C- and X- Series ldaptest Perform a single LDAP query test C- and X- Series loadlicense Load a virtual appliance license All virtual appliances mailconfig Mail the current configuration to an email address C-, X-, and M-Series nslookup Query a name server C-, X-, and M-Series netstat Display network connections, routing tables, and network interface statistics.
Chapter 1 CLI Quick Reference Guide CLI Commands (No Commit Required) status System status C-, X-, and M-Series supportrequest Send a message to Cisco TAC C-, X-, and M-Series suspend Suspend receiving and deliveries C-, X-, and M-Series suspenddel Suspend deliveries C-, X-, and M-Series suspendlistener Suspend receiving C-, X-, and M-Series systemsetup First time system setup C- and X- Series tail Continuously display the end of a log file C-, X-, and M-Series techsupport Allow Cis
Chapter 1 CLI Quick Reference Guide CLI Commands (Commit Required) CLI Commands (Commit Required) CLI Command Description Platform Availability addressconfig Configure From: addresses for system generated mail C-, X-, and M- Series addresslistconfig Configure address lists C- and X- Series adminaccessconfig Configure network access list and banner login C- and X- Series alertconfig Configure email alerts C-, X-, and M- Series aliasconfig Configure email aliases C- and X- Series altsrchos
Chapter 1 CLI Quick Reference Guide CLI Commands (Commit Required) ldapconfig Configure LDAP servers C- and X- Series listenerconfig Configure mail listeners C- and X- Series loadconfig Load a configuration file C-, X-, and M- Series localeconfig Configure multi-lingual settings C- and X- Series logconfig Configure access to log files C-, X-, and M- Series ntpconfig Configure NTP time server C-, X-, and M- Series outbreakconfig Configure Outbreak Filters C- and X- Series policyconfig
CH A P T E R 2 Command Line Interface: The Basics This chapter contains the following sections: • Accessing the Command Line Interface (CLI), page 2-1 • Batch Commands, page 2-6 Accessing the Command Line Interface (CLI) The Command Line Interface is accessible via SSH or Telnet on IP interfaces that have been configured with these services enabled, or via terminal emulation software on the serial port. By factory default, SSH and Telnet are configured on the Management port.
Chapter 2 Command Line Interface: The Basics Accessing the Command Line Interface (CLI) Command Line Interface Conventions This section describes the rules and conventions of the AsyncOS CLI. Command Prompt The top-level command prompt consists of the fully qualified hostname, followed by the greater than (>) symbol, followed by a space. For example: mail3.example.
Chapter 2 Command Line Interface: The Basics Accessing the Command Line Interface (CLI) Command Syntax When operating in the interactive mode, the CLI command syntax consists of single commands with no white spaces and no arguments or parameters. For example: mail3.example.com> systemsetup Select Lists When you are presented with multiple choices for input, some commands use numbered lists. Enter the number of the selection at the prompt. For example: Log level: 1. Error 2. Warning 3. Information 4.
Chapter 2 Command Line Interface: The Basics Accessing the Command Line Interface (CLI) Escape You can use the Control-C keyboard shortcut at any time within a subcommand to immediately exit return to the top level of the CLI. History The CLI keeps a history of all commands you type during a session. Use the Up and Down arrow keys on your keyboard, or the Control-P and Control-N key combinations, to scroll through a running list of the recently-used commands. mail3.example.
Chapter 2 Command Line Interface: The Basics Accessing the Command Line Interface (CLI) Note Not all commands require the commit command to be run. See Chapter 1, “CLI Quick Reference Guide” for a summary of commands that require commit to be run before their changes take effect. Exiting the CLI session, system shutdown, reboot, failure, or issuing the clear command clears changes that have not yet been committed.
Chapter 2 Command Line Interface: The Basics Batch Commands Quitting the Command Line Interface Session The quit command logs you out of the CLI application. Configuration changes that have not been committed are cleared. The quit command has no effect on email operations. Logout is logged into the log files. (Typing exit is the same as typing quit.) mail3.example.com> quit Configuration changes entered but not committed. Exiting will lose changes. Type 'commit' at the command prompt to commit changes.
Chapter 2 Command Line Interface: The Basics Batch Commands Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> edit Enter the name or number of the listener you wish to edit. []> IncomingMail Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options.
Chapter 2 Command Line Interface: The Basics Batch Commands - MOVE - Move an entry. - DEFAULT - Set the defaults. - PRINT - Display the table. - IMPORT - Import a table from a file. - EXPORT - Export the table to a file. - CLEAR - Remove all entries. []> NEW 1. New Sender Group 2. New Policy [1]> 1 Enter a name for this sender group. (optional) []> REDLIST Enter the hosts to add. CIDR addresses such as 10.1.1.0/24 are allowed. IP address ranges such as 10.1.1.10-20 are allowed. IP subnets such as 10.2.
Chapter 2 Command Line Interface: The Basics Batch Commands 4. TCP Refuse 5. Continue 6. Policy: ACCEPTED 7. Policy: BLOCKED 8. Policy: THROTTLED 9. Policy: TRUSTED [1]> 8 Enter a comment for this sender group. []> There are currently 4 policies defined. There are currently 6 sender groups. To perform the same action using a CLI batch command: example.com> listenerconfig edit IncomingMail hostaccess new sendergroup REDLIST possible_spammer.com Policy: “THROTTLED” Cisco AsyncOS 9.
Chapter 2 Batch Commands Cisco AsyncOS 9.
CH A P T E R 3 The Commands: Reference Examples This chapter contains the following sections: • Advanced Malware Protection, page 3-2 • Anti-Spam, page 3-4 • Anti-Virus, page 3-11 • Command Line Management, page 3-14 • Configuration File Management, page 3-17 • Cluster Management, page 3-22 • Data Loss Prevention, page 3-24 • S/MIME Security Services, page 3-28 • Domain Keys, page 3-30 • DMARC Verification, page 3-42 • DNS, page 3-47 • General Management/Administration/Troubleshooti
Chapter 3 The Commands: Reference Examples Advanced Malware Protection How to Read the Listing For each command, there is a description and at least one example of the command being used. The Usage section specifies the following command attributes: Step 1 Does the command require a commit command to be implemented on the appliance? Step 2 Is the command restricted to a particular mode (cluster, group, or machine).
Chapter 3 The Commands: Reference Examples Advanced Malware Protection To disable only file analysis functionality: ampconfig setup disable file_analysis Example: Enabling File Reputation and File Analysis mail.example.com> ampconfig File Reputation: Disabled Choose the operation you want to perform: - SETUP - Configure Advanced-Malware protection service.
Chapter 3 The Commands: Reference Examples Anti-Spam Example: Clearing Local File Reputation Cache mail.example.com> ampconfig File Reputation: Enabled File Analysis: Enabled File types selected for File Analysis: Microsoft Windows / DOS Executable Choose the operation you want to perform: - SETUP - Configure Advanced-Malware protection service. - ADVANCED - Set values for AMP parameters (Advanced configuration). - CLEARCACHE - Clears the local File Reputation cache.
Chapter 3 The Commands: Reference Examples Anti-Spam Example The following examples demonstrates the configuration for Anti-Spam functionality. mail3.example.com> antispamconfig Choose the operation you want to perform: - IRONPORT - Configure IronPort Anti-Spam. - CLOUDMARK - Configure Cloudmark Service Provider Edition. - MULTISCAN - Configure IronPort Intelligent Multi-Scan.
Chapter 3 The Commands: Reference Examples Anti-Spam Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example mail3.example.com> antispamstatus Choose the operation you want to perform: - IRONPORT - Display IronPort Anti-Spam version and rule information.
Chapter 3 The Commands: Reference Examples Anti-Spam []> ironport Requesting check for new CASE definitions incomingrelayconfig Description Use the incomingrelayconfig command to enable and configure the Incoming Relays feature. In the following examples, the Incoming Relays feature is first enabled, and then two relays are added, one is modified, and one is deleted. Usage Commit: This command requires a ‘commit’.
Chapter 3 The Commands: Reference Examples Anti-Spam []> first-hop Enter the IP address of the incoming relay. IPv4 and IPv6 addresses are supported. For IPv4, CIDR format subnets such as 10.1.1.0/24, IP address ranges such as 10.1.1.10-20, and subnets such as 10.2.3. are allowed. For IPv6, CIDR format subnets such as 2001:db8::/32 and IP address ranges such as 2001:db8::1-2001:db8::11 are allowed. Hostnames such as crm.example.com and partial hostnames such as .example.com are allowed. []> 192.168.1.
Chapter 3 The Commands: Reference Examples Anti-Spam Do you want to use the "Received:" header or a custom header to determine the originating IP address? 1. Use "Received:" header 2. Use a custom header [1]> 2 Enter the custom header name that contains the originating IP address: []> x-Connecting-IP There are 2 relays defined.
Chapter 3 The Commands: Reference Examples Anti-Spam Usage Commit: This command does not require a ‘commit’. Batch Command: This command supports a batch format. Batch Format - Import Batch Format Replaces all entries in the End-User Safelist/Blocklist with entries present in the specified file. slblconfig import • filename - Name of the file that has to be imported. The file must be in the /configuration directory on the appliance.
Chapter 3 The Commands: Reference Examples Anti-Virus - EXPORT - Export all entries from the End-User Safelist/Blocklist. []> Anti-Virus This section contains the following CLI commands: • antivirusconfig • antivirusstatus • antivirusupdate antivirusconfig Description Configure anti-virus policy. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Chapter 3 The Commands: Reference Examples Anti-Virus (First time users see the license agreement displayed here.) Please specify the Anti-Virus scanning timeout (in seconds) [60]> 60 Sophos Anti-Virus scanning is now enabled on the system. Please note: you must issue the 'policyconfig' command (CLI) or Mail Policies (GUI) to configure Sophos Anti-Virus scanning behavior for default and custom Incoming and Outgoing Mail Policies. This is recommended for your DEFAULT policy.
Chapter 3 The Commands: Reference Examples Anti-Virus antivirusstatus Description Display Anti-Virus status. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example mail3.example.
Chapter 3 The Commands: Reference Examples Command Line Management Requesting update of virus definitions mail3.example.com> Command Line Management This section contains the following CLI commands: • commit • commitdetail • clearchanges or clear • help or h or ? • rollbackconfig • quit or q or exit commit Description Commit changes. Entering comments after the commit command is optional.
Chapter 3 The Commands: Reference Examples Command Line Management Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example mail3.example.com> commitdetail Commit at Mon Apr 18 13:46:28 2005 PDT with comments: "Enabled loopback". mail3.example.
Chapter 3 The Commands: Reference Examples Command Line Management Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format Example mail3.example.com> help Displays the list of all available commands. rollbackconfig The rollbackconfig command allows you to rollback to one of the previously committed 10 configurations. Usage Commit: This command requires a ‘commit’.
Chapter 3 The Commands: Reference Examples Configuration File Management Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format Example mail3.example.com> quit Configuration changes entered but not committed. Exiting will lose changes. Type 'commit' at the command prompt to commit changes.
Chapter 3 The Commands: Reference Examples Configuration File Management 2. Load from file [1]> 2 Enter the name of the file to import: []> changed.config.xml Values have been loaded. Be sure to run "commit" to make these settings active. mail3.example.
Chapter 3 The Commands: Reference Examples Configuration File Management Batch Command: This command does not support a batch format Example mail.example.com> mailconfig Please enter the email address to which you want to send the configuration file. Separate multiple addresses with commas. []> user@example.com Choose the password option: 1. Mask passwords (Files with masked passwords cannot be loaded using loadconfig command) 2. Encrypt passwords 3.
Chapter 3 The Commands: Reference Examples Configuration File Management Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. It is further restricted to the login host (i.e., the specific machine you are logged onto). This command requires access to the local file system. Batch Command: This command does not support a batch format. Example mail3.example.com> suspend Delay (seconds, minimum 30): [30]> 45 Waiting for listeners to exit...
Chapter 3 The Commands: Reference Examples Configuration File Management 1. Mask passwords (Files with masked passwords cannot be loaded using loadconfig command) 2. Encrypt passwords 3. Plain passwords [1]> 2 File written on machine "mail.example.com" to the location "/configuration/C100V-4232116C4E14C70C4C7F-7898DA3BD955-20140319T050635.xml". Configuration saved.
Chapter 3 The Commands: Reference Examples Cluster Management --> [The remainder of the configuration file is printed to the screen.] Note For enhanced security, if encryption of sensitive data in the appliance is enabled in fipsconfig command, you cannot use Plain passwords option. Cluster Management This section contains the following CLI commands: • clusterconfig clusterconfig Description The clusterconfig command is used to configure cluster-related settings.
Chapter 3 The Commands: Reference Examples Cluster Management • clusterconfig deletegroup [new_groupname] — - Name of the cluster group to remove. • Remove a cluster group. - The cluster group to put machines of the old group into. clusterconfig setgroup — Sets (or changes) which group a machine is a member of. - The name of the machine to set. - The group to set the machine to.
Chapter 3 The Commands: Reference Examples Data Loss Prevention Data Loss Prevention This section contains the following CLI commands: • dlprollback • dlpstatus • dlpupdate • emconfig • emdiagnostic dlprollback Description Rollback DLP engine and config to the previous version. Note DLP must already be configured via the DLP Global Settings page in the GUI before you can use the dlprollback command. Warning This command will revert your appliance to older DLP policies.
Chapter 3 The Commands: Reference Examples Data Loss Prevention dlpstatus Request version information for DLP Engine. Note DLP must already be configured via the DLP Global Settings page in the GUI before you can use the dlpstatus command. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is can be used at cluster, group or machine mode. Batch Command: This command does not support a batch format. Example mail.example.
Chapter 3 The Commands: Reference Examples Data Loss Prevention Example mail.example.com> dlpupdate Checking for available updates. This may take a few seconds.. Could not check for available updates. Please check your Network and Service Updates settings and retry. Choose the operation you want to perform: - SETUP - Enable or disable automatic updates for DLP Engine.
Chapter 3 The Commands: Reference Examples Data Loss Prevention Table 3-1 emconfig Setup Options Option Description --remote_host Hostname or IP address of the RSA Enterprise Manager. --remote_port Port to connect to on RSA Enterprise Manager. --local_port Port on the ESA for Enterprise Manager to connect. --enable_ssl Enable SSL communication to the RSA Enterprise Manager. Use 1 to enable, 0 to disable. Example of Connecting to RSA Enterprise Manager vm10esa0031.
Chapter 3 The Commands: Reference Examples S/MIME Security Services []> emdiagnostic Description Diagnostic tool for RSA EM on ESA. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. S/MIME Security Services smimeconfig Description Configure S/MIME settings such as sending profiles, managing public keys, and so on.
Chapter 3 The Commands: Reference Examples S/MIME Security Services - VERIFICATION - Manage S/MIME Public Keys. - SENDING - Manage S/MIME gateway sending profiles. []> sending Choose the operation you want to perform: - NEW - Create a new S/MIME sending profile. - EDIT - Edit a S/MIME sending profile. - RENAME - Rename a S/MIME sending profile. - DELETE - Delete a S/MIME sending profile.
Chapter 3 The Commands: Reference Examples Domain Keys Adding a Public Key for Encryption The following example shows how to add the public key of the recipient's S/MIME certificate to the appliance for encrypting messages. mail.example.com> smimeconfig Choose the operation you want to perform: - GATEWAY - Manage S/MIME gateway configuration. []> gateway Choose the operation you want to perform: - VERIFICATION - Manage S/MIME Public Keys. - SENDING - Manage S/MIME gateway sending profiles.
Chapter 3 The Commands: Reference Examples Domain Keys domainkeysconfig Description Configure DomainKeys/DKIM support. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command supports a batch format. Note For enhanced security, if encryption of sensitive data in the appliance is enabled in FIPS mode, you will not be able view the private key.
Chapter 3 The Commands: Reference Examples Domain Keys Table 3-2 Argument Description --canon The canonicalization algorithm to use when signing by DK. Currently supported algorithms are simple and nofws. Default is nofws. --body_canon The body canonicalization algorithm of to use when signing by DKIM. Currently supported algorithms are simple and relaxed. Default is simple. --header_canon The headers canonicalization algorithm of to use when signing by DKIM.
Chapter 3 The Commands: Reference Examples Domain Keys Table 3-2 • domainkeysconfig New Signing Profile Arguments Argument Description --expiration_time Number of seconds before signature is expired. Is used only in DKIM profiles. This value becomes a difference of x and t tags of the signature. This option is only applicable if --x_tag value is set to yes. Default is 31536000 seconds (one year). --z_tag Determines whether to include the z tag into the signature. Possible values are yes or no.
Chapter 3 The Commands: Reference Examples Domain Keys • Show a list of signing profiles: domainkeysconfig profiles signing list • Print the details of a signing profile: domainkeysconfig profiles signing print • Test a signing profile: domainkeysconfig profiles signing test • Import a local copy of your signing profiles: domainkeysconfig profiles signing import • Export a copy of your signing profile from the appliance: domainkeysconfig profiles signing export
Chapter 3 The Commands: Reference Examples Domain Keys Table 3-3 domainkeysconfig Verification Profile Options Argument Description --key_query_timeout A number of seconds before the key query is timed out. Possible value is any positive number. Default is 10. --max_systemtime_diverge nce A number of seconds to tolerate wall clock asynchronization between sender and verifier. Possible value is any positive number. Default is 60. --use_body_length Whether to use a body length parameter.
Chapter 3 The Commands: Reference Examples Domain Keys • Import a file of verification profiles from a local machine: domainkeysconfig profiles verification import • Export the verification profiles from the appliance: domainkeysconfig profiles verification export • Delete all existing verification profiles from the appliance: domainkeysconfig profiles verification clear Batch Format - Signing Keys • Create a new signing key: domainkeysconfig keys new
Chapter 3 The Commands: Reference Examples Domain Keys • Display a list of all signing keys: domainkeysconfig keys list • Display all information about a specify signing key: domainkeysconfig keys print • Import signing keys from a local machine: domainkeysconfig keys import • Export signing keys from the appliance: domainkeysconfig keys export • Delete all signing keys on the appliance: domainkeysconfig keys clear Batch Format - Search for a Key or Profile • Se
Chapter 3 Domain Keys Number of DK/DKIM Signing Profiles: 0 Number of Signing Keys: 0 Number of DKIM Verification Profiles: 1 Sign System-Generated Messages: Yes Choose the operation you want to perform: - PROFILES - Manage domain profiles. - KEYS - Manage signing keys. - SETUP - Change global settings. - SEARCH - Search for domain profile or key. []> keys No signing keys are defined. Choose the operation you want to perform: - NEW - Create a new signing key. - IMPORT - Import signing keys from a file.
Chapter 3 The Commands: Reference Examples Domain Keys Choose the operation you want to perform: - SIGNING - Manage signing profiles. - VERIFICATION - Manage verification profiles. []> signing No domain profiles are defined. Choose the operation you want to perform: - NEW - Create a new domain profile. - IMPORT - Import domain profiles from a file. []> new Enter a name for this domain profile: []> Example Enter type of domain profile: 1. dk 2.
Chapter 3 The Commands: Reference Examples Domain Keys [1]> 1 How would you like to sign headers: 1. Sign all existing, non-repeatable headers (except Return-Path header). 2. Sign "well-known" headers (Date, Subject, From, To, Cc, Reply-To, Message-ID, Sender, MIME headers). 3. Sign "well-known" headers plus a custom list of headers. [2]> Body length is a number of bytes of the message body to sign. This value becomes the "l" tag of the signature. Which body length option would you like to use? 1.
Chapter 3 The Commands: Reference Examples Domain Keys - SEARCH - Search for domain profile or key. []> Creating a Sample Domain Keys DNS TXT Record mail3.example.com> domainkeysconfig Number of DK/DKIM Signing Profiles: 1 Number of Signing Keys: 1 Number of DKIM Verification Profiles: 1 Sign System-Generated Messages: Yes Choose the operation you want to perform: - PROFILES - Manage domain profiles. - KEYS - Manage signing keys. - SETUP - Change global settings.
Chapter 3 The Commands: Reference Examples DMARC Verification Do you wish to disable signing by subdomains of this domain? [N]> The DKIM DNS TXT record is: test._domainkey.example.com. IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDX5dOG9J8rXreA/uPtYr5lrCTCqR+qlS5Gm1f0OplAzSuB2BvO nxZ5Nr+se0T+k7mYDP0FSUHyWaOvO+kCcum7fFRjS3EOF9gLpbIdH5vzOCKp/w7hdjPy3q6PSgJVtqvQ6v9E8k5Ui7 C+DF6KvJUiMJSY5sbu2zmm9rKAH5m7FwIDAQAB;" There are currently 1 domain profiles defined.
Chapter 3 The Commands: Reference Examples DMARC Verification Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command supports a batch format. Batch Format - DMARC Verification Profiles The batch format of the dmarcconfig can be used to create, edit, or delete verification profiles and modify global settings.
Chapter 3 The Commands: Reference Examples DMARC Verification Edit a DMARC Verification Profile dmarcconfig profiles edit [options] Delete a DMARC Verification Profile dmarcconfig profiles delete Delete all the DMARC Verification Profiles dmarcconfig profiles clear View the Details of a DMARC Verification Profile dmarcconfig profiles print Export DMARC Verification Profiles dmarcconfig profiles export Import DMARC Verification Profiles dmarcconfig profiles import
Chapter 3 The Commands: Reference Examples DMARC Verification Example The following example shows how to setup a DMARC verification profile and edit the global settings of DMARC verification profiles. mail.example.
Chapter 3 The Commands: Reference Examples DMARC Verification [#4.7.1 Unable to perform DMARC verification.]> What SMTP action should be taken in case of permanent failure? 1. Accept 2. Reject [1]> 2 Enter the SMTP response code for rejected messages in case of permanent failure. [550]> Enter the SMTP response text for rejected messages in case of permanent failure. Type DEFAULT to use the default response text '#4.7.1 Unable to perform DMARC verification.' [#5.7.1 DMARC verification failed.
Chapter 3 The Commands: Reference Examples DNS Choose the operation you want to perform: - ADD - Add a header field to the verification-bypass list. []> add Enter the header field name []> List-Unsubscribe DMARC verification is configured to bypass DMARC verification for messages containing the following header fields. 1. List-Unsubscribe Choose the operation you want to perform: - ADD - Add a header field to the verification-bypass list. - REMOVE - Remove a header field from the list.
Chapter 3 The Commands: Reference Examples DNS dig Description Look up a record on a DNS server Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command supports a batch format. Batch Format The batch format of the dig command can be used to perform all the functions of the traditional CLI command.
Chapter 3 The Commands: Reference Examples DNS ; <<>> DiG 9.4.3-P2 <<>> @111.111.111.111 example.com MX ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18540 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3 ;; QUESTION SECTION: ;example.com. ;; ANSWER SECTION: mexample.com. IN 10800 ;; AUTHORITY SECTION: example.com. ;; ADDITIONAL SECTION: example.com. 10800 IN example.com. 10800 IN example.com.
Chapter 3 The Commands: Reference Examples DNS – - The IP address of the nameserver. Separate multiple IP addresses with commas. – - The priority for this entry. • Deleting the local nameserver cache: dnsconfig parent delete • Configuring alternate DNS caches to use for specific domains: dnsconfig alt new Note Cannot be used when using Internet root nameservers. Command arguments: – - The IP address of the nameserver.
Chapter 3 The Commands: Reference Examples DNS Displaying the current DNS settings. dnsconfig print Example Each user-specified DNS server requires the following information: • Hostname • IP address • Domain authoritative for (alternate servers only) Four subcommands are available within the dnsconfig command: Table 3-5 Subcommands for dnsconfig Command Syntax Description new Add a new alternate DNS server to use for specific domains or local DNS server.
Chapter 3 The Commands: Reference Examples DNS Alternate authoritative DNS servers: 1. com: dns.example.com (10.1.10.9) Choose the operation you want to perform: - NEW - Add a new server. - EDIT - Edit a server. - DELETE - Remove a server. - SETUP - Configure general settings. []> Adding an Alternate DNS Server for Specific Domains You can configure the appliance to use the Internet root servers for all DNS queries except specific local domains. mail3.example.
Chapter 3 The Commands: Reference Examples DNS - NEW - Add a new server. - EDIT - Edit a server. - DELETE - Remove a server. - SETUP - Configure general settings. []> setup Do you want the Gateway to use the Internet's root DNS servers or would you like it to use your own DNS servers? 1. Use Internet root DNS servers 2. Use own DNS cache servers [1]> 2 Please enter the IP address of your DNS server. Separate multiple IPs with commas. []> 10.10.200.03 Please enter the priority for 10.10.200.3.
Chapter 3 DNS Example mail3.example.com> dnsflush Are you sure you want to clear out the DNS cache? [N]> Y dnshostprefs Description Configure IPv4/IPv6 DNS preferences Usage Commit: This command requires a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format Example mail3.example.com> dnshostprefs Choose the operation you want to perform: - NEW - Add new domain override. - SETDEFAULT - Set the default behavior.
Chapter 3 The Commands: Reference Examples DNS - SETDEFAULT - Set the default behavior. []> dnslistconfig Description Configure DNS List services support Usage Commit: This command requires a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format Example mail3.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format Example mail3.example.com> dnslisttest Enter the query server name: []> mail4.example.com Enter the test IP address to query for: [127.0.0.2]> 10.10.1.11 Querying: 10.10.1.11.mail4.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting • adminaccessconfig • certconfig • date • diagnostic • diskquotaconfig • ecconfig • ecstatus • ecupdate • encryptionconfig • encryptionstatus • encryptionupdate • featurekey • featurekeyconfig • fipsconfig • generalconfig • ntpconfig • reboot • repengstatus • repengstatus • resume • resumedel • resumelistener • revert • settime • settz • shutdown • sshconfig •
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting • updatenow • upgrade • version • wipedata See also Virtual Appliance Management, page 3-285. addressconfig Description The addressconfig command is used to configure the From: Address header. You can specify the display, user, and domain names of the From: address. You can also choose to use the Virtual Gateway domain for the domain name.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting - OTHERFROM - Edit the all other messages from address. []> notifyfrom Please enter the display name portion of the "notify from" address ["Mail Delivery System"]> Notifications Please enter the user name portion of the "notify from" address [MAILER-DAEMON]> Notification Do you want the virtual gateway domain used for the domain? [Y]> n Please enter the domain name portion of the "notify from" address []> example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting • Select whether to allow access for all IP addresses or limit access to specific IP address/subnet/range adminaccessconfig ipaccess • Adding a new IP address/subnet/range adminaccessconfig ipaccess new • Editing an existing IP address/subnet/range adminaccessconfig ipaccess edit • Deleting an existing IP address/subnet/range adminaccesscon
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting • Deleting an existing welcome banner adminaccessconfig welcome clear • Exporting a welcome banner adminaccessconfig welcome export • Add an allowed proxy IP address adminaccessconfig ipaccess proxylist new • Edit an allowed proxy IP address adminaccessconfig ipaccess proxylist edit • Delete an allowed proxy IP address adminaccessconfig ipaccess proxylist del
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Example - Configuring Network Access List You can control from which IP addresses users access the Email Security appliance. Users can access the appliance from any machine with an IP address from the access list you define. When creating the network access list, you can specify IP addresses, subnets, or CIDR addresses.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting 2. 192.168.255.12 Choose the operation you want to perform: - NEW - Add a new IP address/subnet/range. - EDIT - Modify an existing entry. - DELETE - Remove an existing entry. - CLEAR - Remove all the entries. []> Warning: The host you are currently using [72.163.202.175] is not included in the User Access list. Excluding it will prevent your host from connecting to the administrative interface.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting ^D Choose the operation you want to perform: - BANNER - Configure login message (banner) for appliance administrator login. - WELCOME - Configure welcome message (post login message) for appliance administrator login. - IPACCESS - Configure IP-based access for appliance administrative interface. - CSRF - Configure web UI Cross-Site Request Forgeries protection.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting []> Changed WebUI and CLI session timeout values Do you want to save the current configuration for rollback? [Y]> Changes committed: Wed Mar 12 08:03:21 2014 GMT Note After committing the changes, the new CLI session timeout takes affect only during the subsequent login. certconfig Description Configure security certificates and keys. Usage Commit: This command requires a ‘commit’.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN BgkqhkiG9w0BAQQFAANBAFqPEK
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting mail3.example.com> certconfig Choose the operation you want to perform: - CERTIFICATE - Import, Create a request, Edit or Remove Certificate Profiles - CERTAUTHORITY - Manage System and Customized Authorities - CRL - Manage Certificate Revocation Lists []> certificate List of Certificates Name Common Name --------- -------------------partner.c brutus.neuronio.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting MRYwFAYDVQQHEw1TYW4gRnJhbmNpc29jMRAwDgYDVQQKEwdleGFtcGxlMQswCQYD VQQIEwJDQTEMMAoGA1UECxMDb3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA+NwamZyX7VgTZka/x1I5HHrN9V2MPKXoLq7FjzUtiIDwznElrKIuJovw Svonle6GvFlUHfjv8B3WobOzk5Ny6btKjwPrBfaY+qr7rzM4lAQKHM+P6l+lZnPU P05N9RCkLP4XsUuyY6Ca1WLTiPIgaq2fR8Y0JX/kesZcGOqlde66pN+xJIHHYadD oopOgqi6SLNfAzJu/HEu/fnSujG4nhF0ZGlOpVUx4fg33NwZ4wVl0XBk3GrOjbbA ih9ozAwfNzxb57amtxEJk+pW+c
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting > smime_signing Enter Common Name: > CN Enter Organization: > ORG Enter Organizational Unit: > OU Enter Locality or City: > BN Enter State or Province: > KA Enter Country (2 letter code): > IN Duration before expiration (in days): [3650]> 1. 1024 2. 2048 Enter size of private key: [2]> Enter email address for 'subjectAltName' extension: []> admin@example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting date Description Displays the current date and time Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example mail.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Table 3-6 diagnostic Subcommands (Continued) Option Sub Commands Availability NETWORK FLUSH C-, X-, and M-Series ARPSHOW SMTPPING TCPDUMP REPORTING DELETEDB C-, X-, and M-Series DISABLE TRACKING DELETEDB C-, X-, and M-Series DEBUG RELOAD No Sub Commands C-, X-, and M-Series Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting • Reset and delete the reporting database diagnostic reporting deletedb • Enable reporting daemons diagnostic reporting enable • Disable reporting daemons diagnostic reporting disable • Reset and delete the tracking database diagnostic tracking deletedb • Reset configuration to the initial manufacturer values diagnostic reload Example: Displaying and Clearing Caches The following example shows the
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting - ARPSHOW - Show system ARP cache. - NDPSHOW - Show system NDP cache. - SMTPPING - Test a remote SMTP server. - TCPDUMP - Dump ethernet packets. []> flush Flushing LDAP cache. Flushing DNS cache. Flushing system ARP cache. 10.76.69.3 (10.76.69.3) deleted 10.76.69.2 (10.76.69.2) deleted 10.76.69.1 (10.76.69.1) deleted 10.76.69.149 (10.76.69.149) deleted Flushing system NDP cache.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Starting SMTP test of host mx00.gmx.com. Resolved 'mx00.gmx.com' to 74.208.5.4. Unable to connect to 74.208.5.4. Example: Reset Appliance Configuration to the Initial Manufacturer Values The following example shows how to reset your appliance configuration to the initial manufacturer values. mail.example.com> diagnostic Choose the operation you want to perform: - RAID - Disk Verify Utility.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Service Disk Usage(GB) Quota(GB) --------------------------------------------------------------------------Spam Quarantine (EUQ) 1 1 Policy, Virus & Outbreak Quarantines 1 3 Reporting 5 10 Tracking 1 10 Miscellaneous Files 5 30 System Files Usage : 5 GB User Files Usage : 0 GB Total 13 54 of 143 Choose the operation you want to perform: - EDIT - Edit disk quotas []> edit Enter the number of the service for which y
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Batch Format • To specify a non-default enrollment client server: > ecconfig server To use the default enrollment client server: > ecconfig server default Example mail.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting ecupdate Manually update the enrollment client that is used to automatically obtain certificates for use with the URL Filtering feature. Normally, these updates occur automatically. Do not use this command without guidance from Cisco support. If you use the force parameter (ecupdate [force]) the client is updated even if no changes are detected. Usage Commit: This command does not require a ‘commit’.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting WARNING: Increasing the default maximum message size(10MB) may result in decreased performance. Please consult documentation for size recommendations based on your environment. Maximum message size for encryption: (Add a trailing K for kilobytes, M for megabytes, or no letters for bytes.) [10M]> Enter the email address of the encryption account administrator [administrator@example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting - SECURITY - Change envelope security - RECEIPT - Change return receipt handling - FORWARD - Change "Secure Forward" setting - REPLYALL - Change "Secure Reply All" setting - LOCALIZED_ENVELOPE - Enable or disable display of envelopes in languages other than English - APPLET - Change applet suppression setting - URL - Change URL associated with logo image - TIMEOUT - Change maximum time message waits in encryption
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Encryption algorithm: ARC4 Payload Transport URL: http://res.cisco.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting encryptionstatus Description The encryptionstatus command shows the version of the PXE Engine and Domain Mappings file on the Email Security appliance, as well as the date and time the components were last updated. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format. Example mail3.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting featurekey Description The featurekey command lists all functionality enabled by keys on the system and information related to the keys. It also allows you to activate features using a key or check for new feature keys. For virtual appliances, see also loadlicense and showlicense. Usage Commit: This command requires a ‘commit’. Cluster Management: This command is restricted to machine mode.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine. Batch Command: This command does not support a batch format. Example In this example, the featurekeyconfig command is used to enable the autoactivate and autocheck features. mail3.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Note All users, including the administrators, cannot view the sensitive information in the configuration files. – Swap space in your appliance is encrypted to prevent any unauthorized access or forensic attacks, if the physical security of the appliance is compromised. • Check if your appliance contains any non-FIPS-compliant objects Usage Commit: This command does not require a ‘commit’.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting - SETUP - Configure FIPS mode. - FIPSCHECK - Check for FIPS mode compliance. []> setup To finalize FIPS mode, the appliance will reboot immediately. No commit will be required.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Usage Commit: This command requires ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command supports a batch format. For details, see the inline help by typing the command: help generalconfig. Example - Configure Internet Explorer Compatibility Mode Override The following example shows how to override IE Compatibility Mode. mail.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting []> new Please enter the fully qualified hostname or IP address of your NTP server. []> ntp.example.com Currently configured NTP servers: 1. time.ironport.com 2. bitsy.mit.edi Choose the operation you want to perform: - NEW - Add a server. - DELETE - Remove a server. - SOURCEINT - Set the interface from whose IP address NTP queries should originate.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Example mail3.example.com> reboot Enter the number of seconds to wait before abruptly closing connections. [30]> Waiting for listeners to exit... Receiving suspended. Waiting for outgoing deliveries to finish... Mail delivery suspended. repengstatus Description Request version information of Reputation Engine. Usage Commit: This command does not require a ‘commit’.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Receiving resumed for Listener 1. Mail delivery resumed. Mail delivery for individually suspended domains must be resumed individually. resumedel Description Resume deliveries. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format. Example mail.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting 1. All 2. InboundMail 3. OutboundMail [1]> 1 Receiving resumed. mail3.example.com> revert Description Revert to a previous release. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example mail.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting settime Description The settime command allows you to manually set the time if you are not using an NTP server. The command asks you if you want to stop NTP and manually set the system clock. Enter the time is using this format: MM/DD/YYYY HH:MM:SS. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Choose the operation you want to perform: - SETUP - Set the local time zone. []> setup Please choose your continent: 1. Africa 2. America [ ... ] 11. GMT Offset [2]> 2 Please choose your country: 1. Anguilla [ ... ] 45. United States 46. Uruguay 47. Venezuela 48. Virgin Islands (British) 49. Virgin Islands (U.S.) [45]> 45 Please choose your timezone: 1. Alaska Time (Anchorage) 2.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Use the power button (in 30 seconds) to turn off the machine. sshconfig Description Configure SSH server and user key settings. Usage Commit: This command requires a ‘commit’. Cluster Management: This command is restricted to cluster mode. Batch Command: This command does not support a batch format. Reboot. Reboot is required for changes to take effect.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Cipher Algorithms: aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour rijndael-cbc@lysator.liu.se MAC Methods: hmac-md5 hmac-sha1 umac-64@openssh.com hmac-ripemd160 hmac-ripemd160@openssh.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour rijndael-cbc@lysator.liu.se MAC Methods: hmac-md5 hmac-sha1 umac-64@openssh.com hmac-ripemd160 hmac-ripemd160@openssh.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting [....] Feature - Outbreak Filters: 161 days Counters: Receiving Messages Received Recipients Received Rejection Rejected Recipients Dropped Messages Queue Soft Bounced Events Completion Completed Recipients Current IDs Message ID (MID) Injection Conn. ID (ICID) Delivery Conn. ID (DCID) Gauges: Connections Current Inbound Conn. Current Outbound Conn.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Example The following example shows a support request that is not related to an existing support ticket. mail.example.com> supportrequest Please Note: If you have an urgent issue, please call one of our worldwide Support Centers (www.cisco.com/support). Use this command to open a technical support request for issues that are not urgent, such as: - Request for information.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting It is important to associate all your service contracts with your Cisco.com profile (CCO ID) in order for you to receive complete access to support and services from Cisco. Please follow the URLs below to associate your contract coverage on your Cisco.com profile. If you do not have a CCO ID, please follow the URL below to create a CCO ID. How to create a CCO ID: https://tools.cisco.com/RPF/register/register.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Example mail3.example.com> suspend Enter the number of seconds to wait before abruptly closing connections. [30]> 45 Waiting for listeners to exit... Receiving suspended for Listener 1. Waiting for outgoing deliveries to finish... Mail delivery suspended. mail3.example.com> suspenddel Description Suspend deliveries Usage Commit: This command does not require a ‘commit’.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Batch Command: This command does not support a batch format. Example mail3.example.com> suspendlistener Choose the listener(s) you wish to suspend. Separate multiple entries with commas. 1. All 2. InboundMail 3. OutboundMail [1]> 1 Enter the number of seconds to wait before abruptly closing connections. [30]> Waiting for listeners to exit... Receiving suspended. mail3.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting interface postgres qabackdoo ftpd.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting 2. Enter a random string [1]> 1 Are you sure you want to enable service access? [N]> y Service access has been ENABLED. Please provide the string: QT22-JQZF-YAQL-TL8L-8@2L-95 to your Cisco IronPort Customer Support representative. Service Access currently ENABLED (0 current service logins). Tunnel option is not active.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Connecting to 1.1.1.1 on port 25. Connected to 1.1.1.1 from interface 10.10.10.10. Checking TLS connection. TLS connection established: protocol TLSv1, cipher RC4-SHA. Verifying peer certificate. Verifying certificate common name mxe.example.com. TLS certificate match mxe.example.com TLS certificate verified. TLS connection to 1.1.1.1 succeeded. TLS successfully connected to mxe.example.com.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Enter or paste the message body here. Enter '.' on a blank line to end. Subject: Hello This is a test message. . HAT matched on unnamed sender group, host ALL - Applying $ACCEPTED policy (ACCEPT behavior).
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Final Envelope Sender: Final Recipients: - admin@ironport.com pretend.sender@example.doma Final Message Content: Received: from remotehost.example.com (HELO TEST) (1.2.3.4) by stacy.qa with TEST; 19 Oct 2004 00:54:48 -0700 Message-Id: <3i93q9$@Management> X-IronPort-AV: i="3.86,81,1096873200"; d="scan'208"; a="0:sNHT0" Subject: hello This is a test message.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting tzupdate Description Update timezone rules Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. It is further restricted to the login host (i.e., the specific machine you are logged onto). Batch Command: This command supports a batch format.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Configure the Appliance to Download Updates from Updater Servers In the following example, the updateconfig command is used to configure the appliance to download update images from Cisco servers and download the list of available AsyncOS upgrades from a local server. mail.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting [1]> For the following services, please select where the system will download updates from (images): Service (images): Update URL: -----------------------------------------------------------------------------------------Cisco IronPort AsyncOS upgrades Cisco IronPort Servers 1. Use Cisco IronPort update servers 2.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Do you want to set up an HTTPS proxy server for HTTPS updates for ALL of the following services: - Feature Key updates Timezone rules Enrollment Client Updates (used to fetch certificates for URL Filtering) Support Request updates Cisco IronPort AsyncOS upgrades SenderBase Network Participation sharing [N]> Service (images): Update URL: --------------------------------------------------------------------------
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting -----------------------------------------------------------------------------------------Timezone rules Cisco IronPort Servers Enrollment Client Updates Cisco IronPort Servers Support Request updates Cisco IronPort Servers Service (list): Update URL: -----------------------------------------------------------------------------------------Cisco IronPort AsyncOS upgrades Cisco IronPort Servers Update interval: 5m
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Configure the Appliance to Trust Proxy Server Communication If you are using a non-transparent proxy server, you can add the CA certificate used to sign the proxy certificate to the appliance. By doing so, the appliance trusts the proxy server communication. The following example shows how to configure this option: ... Choose the operation you want to perform: - SETUP - Edit update configuration.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Example mail3.example.com> updatenow Success - All component updates requested version Description View system version information Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format. Example mail3.example.
Chapter 3 The Commands: Reference Examples General Management/Administration/Troubleshooting Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format. Example mail.example.com> wipedata Wiping data may take a while and can affect system performance till it completes.
Chapter 3 The Commands: Reference Examples LDAP Performing an upgrade will require a reboot of the system after the upgrade is applied. Do you wish to proceed with the upgrade? [Y]> Y LDAP This section contains the following CLI commands: • ldapconfig • ldapflush • ldaptest • sievechar ldapconfig Description Configure LDAP servers Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Chapter 3 The Commands: Reference Examples LDAP []> new Please create a name for this server configuration (Ex: "PublicLDAP"): []> PublicLDAP Please enter the hostname: []> myldapserver.example.com Use SSL to connect to the LDAP server? [N]> n Select the authentication method to use for this server configuration: 1. Anonymous 2.
Chapter 3 The Commands: Reference Examples LDAP Name: PublicLDAP Hostname: myldapserver.example.com Port 3268 Server Type: Active Directory Authentication Type: password Base: dc=example,dc=com LDAPACCEPT: PublicLDAP.ldapaccept Choose the operation you want to perform: - SERVER - Change the server for the query. - LDAPACCEPT - Configure whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure message routing. - MASQUERADE - Configure domain masquerading.
Chapter 3 The Commands: Reference Examples LDAP Enter the LDAP query string: [(mailRoutingAddress={a})]> (mailRoutingAddress={a}) Enter the attribute which contains the externally visible full rfc822 email address. []> mailLocalAddress Do you want the results of the returned attribute to replace the entire friendly portion of the original recipient? [N]> n Do you want to test this query? [Y]> n Name: PublicLDAP Hostname: myldapserver.example.
Chapter 3 The Commands: Reference Examples LDAP Base: dc=example,dc=com LDAPACCEPT: PublicLDAP.ldapaccept LDAPROUTING: PublicLDAP.routing MASQUERADE: PublicLDAP.masquerade ISQAUTH: PublicLDAP.isqauth [active] Choose the operation you want to perform: - SERVER - Change the server for the query. - LDAPACCEPT - Configure whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure message routing. - MASQUERADE - Configure domain masquerading.
Chapter 3 The Commands: Reference Examples LDAP No LDAP server configurations. Choose the operation you want to perform: - NEW - Create a new server configuration. - SETUP - Configure LDAP options. []> ldapflush Description Flush any cached LDAP results. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format Example mail3.example.
Chapter 3 The Commands: Reference Examples LDAP mail3.example.com> ldaptest Select which LDAP query to test: 1. PublicLDAP.ldapaccep [1]> 1 Address to use in query: []> admin@example.com LDAP query test results: Query: PublicLDAP.ldapaccept Argument: admin@example.com Action: pass LDAP query test finished. mail3.example.com> ldaptest Select which LDAP query to test: 1. PublicLDAP.ldapaccep [1]> 1 Address to use in query: []> bogus@example.com LDAP query test results: Query: PublicLDAP.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Choose the operation you want to perform: - SETUP - Set the separator character. []> setup Enter the Sieve Filter Character, or a space to disable Sieve Filtering. []> + Sieve Email Filter is enabled, using the '+' character as separator. This applies only to LDAP Accept and LDAP Reroute Queries. Choose the operation you want to perform: - SETUP - Set the separator character.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring • workqueue addresslistconfig Description Configure address lists. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command supports a batch format.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Choose the operation you want to perform: - NEW - Create a new address list. []> new Enter a name for the address list: > add-list1 Enter a description for the address list: > This is a sample address list. Do you want to enter only full Email Addresses? [N]> Y Enter a comma separated list of addresses: (e.g.: user@example.com) > user1@example.com, user2@example.com Address list "add-list1" added.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring • Editing an existing email alias aliasconfig edit • Exporting an alias listing on the appliance: aliasconfig export Example mail3.example.com> aliasconfig Enter address(es) for "customercare". Separate multiple addresses with commas.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Separate multiple addresses with commas. []> administrator@example.com Adding alias admin: administrator@example.com Do you want to add another alias? [N]> n There are currently 2 mappings defined. Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - PRINT - Display the table. - IMPORT - Import aliases from a file. - EXPORT - Export table to a file.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Table 3-7 Arguments for Configuring Aliases The email address that an alias mapps to. A single alias can map to multiple email addresses. The filename to use with importing/exporting the alias table. archivemessage Description Archive older messages in your queue. Usage Commit: This command does not require a commit. Cluster Management: This command is restricted to machine mode..
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring • Mail from the groupware server host named @exchange.example.com is mapped to the PublicNet interface. • Mail from the sender IP address of 192.168.35.35 (for example, the marketing campaign messaging system) is mapped to the AnotherPublicNet interface. Finally, the altsrchost mappings are printed to confirm and the changes are committed. Table 3-8 altsrchost (Continued) mail3.example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring []> print 1. 192.168.35.35 -> AnotherPublicNet 2. @exchange.example.com -> PublicNet Choose the operation you want to perform: - NEW - Create a new mapping. - EDIT - Modify a mapping. - DELETE - Remove a mapping. - IMPORT - Load new mappings from a file. - EXPORT - Export all mappings to a file. - PRINT - Display all mappings. - CLEAR - Remove all mappings. []> mail3.example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Please enter the maximum number of retries. [100]> 100 Please enter the maximum number of seconds a message may stay in the queue before being hard bounced. [259200]> 259200 Please enter the initial number of seconds to wait before retrying a message. [60]> 60 Please enter the maximum number of seconds to wait before retrying a message.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring []> edit Please enter the number of the profile to edit: []> 2 Please enter the maximum number of retries. [100]> Please enter the maximum number of seconds a message may stay in the queue before being hard bounced. [259200]> Please enter the initial number of seconds to wait before retrying a message. [60]> Please enter the maximum number of seconds to wait before retrying a message.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring - SETUP - Change global settings. []> edit Enter the name or number of the listener you wish to edit. []> 2 Name: OutboundMail Type: Private Interface: PrivateNet (192.168.1.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> mail3.example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Please select how you would like to bounce messages: 1. By recipient host. 2. By Envelope From address. 3. All. [1]> 2 Please enter the Envelope From address for the messages you wish to bounce. []> mailadmin@example.com Are you sure you want to bounce all messages with the Envelope From address of "mailadmin@example.com"? [N]> Y Bouncing messages, please wait. 100 messages bounced. Bounce All mail3.example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Previously-used keys for verifying incoming mail: 1. key (current outgoing key) 2. goodneighbor (last in use Wed May 31 23:21:01 2006 GMT) Choose the operation you want to perform: - KEY - Assign a new key for tagging outgoing mail. - PURGE - Purge keys no longer needed for verifying incoming mail. - CLEAR - Clear all keys including current key. - SETUP - Set how invalid bounces will be handled.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring deleterecipients Description Delete messages from the queue Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format Example The appliance gives you various options to delete recipients depending upon the need.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Delete All mail3.example.com> deleterecipients Please select how you would like to delete messages: 1. By recipient host. 2. By Envelope From address. 3. All. [1]> 1 Are you sure you want to delete all messages in the queue? [N]> Y Deleting messages, please wait. 1000 messages deleted. deliveryconfig Description Configure mail delivery Usage Commit: This command requires a ‘commit’.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring delivernow Description Reschedule messages for immediate delivery. Users have the option of selecting a single recipient host, or all messages currently scheduled for delivery. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format Example mail3.example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Table 3-9 destconfig Subcommands (Continued) Syntax Description IMPORT Imports a table of destination control entries from a .INI configuration file. EXPORT Exports a table of destination control entries to a .INI configuration file. The destconfig command requires the following information for each row in the Destination Controls table.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring • Editing an existing destination control table destconfig edit [options] • Deleting an existing destination control table destconfig delete • Displaying a summary of all destination control entries destconfig list • Displaying details for one destination or all entries destconfig detail • Deleting all existing destination control table entries destconfig clear
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring use_tls= - Whether TLS should be on, off, or required for a given host. bounce_profile= - The bounce profile name to use. bounce_verification= - Bounce Verification option. Example: Creating a new destconfig Entry In the following example, the current destconfig entries are printed to the screen. Then, a new entry for the domain partner.com is created.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring [500]> 100 Do you wish to apply a messages-per-connection limit to this domain? [N]> n Do you wish to apply a recipient limit to this domain? [N]> y Enter the number of minutes used to measure the recipient limit. [60]> 60 Enter the max number of recipients per 60 minutes for "partner.com". []> 50 Select how you want to apply the limits for partner.com: 1. One limit applies to the entire domain for partner.com 2.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring []> new Enter the domain you wish to configure. []> newpartner.com Do you wish to configure a concurrency limit for newpartner.com? [Y]> n Do you wish to apply a messages-per-connection limit to this domain? [N]> n Do you wish to apply a recipient limit to this domain? [N]> n Do you wish to apply a specific TLS setting for this domain? [N]> y Do you want to use TLS support? 1. No 2. Preferred 3. Required 4.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring TLS: Required Bounce Verification Tagging: On Bounce Profile: Default Default Rate Limiting: 500 concurrent connections No recipient limit Limits applied to entire domain, across all virtual gateways TLS: Off Bounce Verification Tagging: Off There are currently 2 entries configured. []> mail3.example.com> commit Please enter some comments describing your changes: []> enabled TLS for delivery to newpartner.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Enter the max number of recipients per 1 minutes for "exchange.example.com". []> 1000 Select how you want to apply the limits for exchange.example.com: 1. One limit applies to the entire domain for exchange.example.com 2. Separate limit for each mail exchanger IP address [1]> 1 Select how the limits will be enforced: 1. System Wide 2.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring 1. partner.com 2. Demo Please choose the certificate to apply: [1]> 1 Do you want to send an alert when a required TLS connection fails? [N]> n hostrate Description Monitor activity for a particular host Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format Example mail3.example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Batch Command: This command does not support a batch format Example mail3.example.com> hoststatus Recipient host: []> aol.com Host mail status for: 'aol.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring ============================================================ example.com (PublicNet_017): Host up/down:up Last ActivityWed Nov 13 13:47:02 2003 Recipients0 ============================================================ example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Would you like to skip scanning of images smaller than a specific size? [Y]> Please enter minimum image size to scan in pixels, representing either height or width of a given image.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format. Example mail3.example.com> rate Enter the number of seconds between displays. [10]> 1 Hit Ctrl-C to return to the main prompt.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Batch Format The batch format of the redirectrecipients command can be used to perform all the fuctions of the traditional CLI command. • Redirects all mail to another host name or IP address redirectrecipients host Example The following example redirects all mail to the example2.com host. mail3.example.com> redirectrecipients Please enter the hostname or IP address of the machine you want to send all mail to.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring The removemessage command can only remove messages that are in the work queue, retry queue, or a destination queue. Note that depending on the state of the system, valid and active messages may not be in any of those queues. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format. Example example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Message-Id: <20070215061136.68297.16346@test02.com> This is the message body. showrecipients Description Show messages from the queue by recipient host, Envelope From address, or all messages. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does support a batch format.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring MID/ [RID] 1527 [0] Bytes/ [Atmps] 1230 [0] Sender/ Subject Recipient user123456@ironport.com Testing 9554@example.com 1522 [0] 1230 [0] user123456@ironport.com Testing 3059@example.com 1529 [0] 1230 [0] user123456@ironport.com Testing 7284@example.com 1530 [0] 1230 [0] user123456@ironport.com Testing 8243@example.com 1532 [0] 1230 [0] user123456@ironport.com Testing 1820@example.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Counters: Receiving Messages Received Recipients Received Rejection Rejected Recipients Dropped Messages Queue Soft Bounced Events Completion Completed Recipients Current IDs Message ID (MID) Injection Conn. ID (ICID) Delivery Conn. ID (DCID) Gauges: Connections Current Inbound Conn. Current Outbound Conn.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring 2. Connections Out 3. Delivered Recipients 4. Hard Bounced Recipients 5. Soft Bounced Events [1]> 1 Status as of: Fri Mar 13 06:09:18 2015 GMT Hosts marked with '*' were down as of the last delivery attempt. # Recipient Host 1* 2 3 4 example.com the.encryption.queue the.euq.queue the.euq.release.queue Active Recip. Conn. Out Deliv. Recip.
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring 18 19 20 mail.remotedomain18.com mail.remotedomain19.com mail.remotedomain20.com 172.16.0.19 172.16.0.20 172.16.0.21 Incoming02 Incoming01 Incoming01 1 1 1 unsubscribe Description Update the global unsubscribe list Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Chapter 3 The Commands: Reference Examples Mail Delivery Configuration/Monitoring Global Unsubscribe is enabled. Action: bounce. Choose the operation you want to perform: - NEW - Create a new entry. - DELETE - Remove an entry. - PRINT - Display all entries. - IMPORT - Import entries from a file. - EXPORT - Export all entries to a file. - SETUP - Configure general settings. - CLEAR - Remove all entries. []> mail3.example.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Status: Paused by admin: checking LDAP server Messages: 1243 Resume the work queue? [Y]> y Status: Operational Messages: 1243 Networking Configuration / Network Tools This section contains the following CLI commands: • etherconfig • interfaceconfig • netstat • nslookup • packetcapture • ping • ping6 • routeconfig • setgateway • sethostname • smtproutes • sslconfig • sslv3config • telnet • t
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Example mail3.example.com> etherconfig Choose the operation you want to perform: - MEDIA - View and edit ethernet media settings. - VLAN - View and configure VLANs. - LOOPBACK - View and configure Loopback. - MTU - View and configure MTU. []> vlan VLAN interfaces: Choose the operation you want to perform: - NEW - Create a new VLAN.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Choose the operation you want to perform: - EDIT - Edit an ethernet interface. []> edit Enter the name or number of the ethernet interface you wish to edit. []> pair1 That value is not valid. Enter the name or number of the ethernet interface you wish to edit. []> 12 That value is not valid. Enter the name or number of the ethernet interface you wish to edit.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools --ip=IPv4 Address/Netmask --ip6=IPv6 Address/Prefix Lenght [--ftp[=]] [--telnet[=]] [--ssh[=]] [--http][=] [--https[=]] [--euq_http[=]] [--euq_https][=] [--ccs[=]]. FTP is available only on IPv4. • Deleting an interface interfaceconfig delete Example: Configuring an Interface mail.example.com> interfaceconfig Currently configured interfaces: 1.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Ethernet interface: 1. Data 1 2. Data 2 3. Management [3]> Hostname: [mail.example.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools nslookup Description Use the nslookup command to check the DNS functionality. The nslookup command can confirm that the appliance is able to reach and resolve hostnames and IP addresses from a working DNS (domain name service) server.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools netstat Description Use the netstat command to displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. Note that this version will not support all arguments. Specifically, you cannot use -a, -A, -g, -m, -M, -N, -s. The command was designed to be run in interactive mode, so that you may enter netstat, then choose from five options to report on.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Usage Commit: This command does not require a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format Example mail.example.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools [N]> The following interfaces are configured: 1. Management 2. ALL Enter the name or number of one or more interfaces to capture packets from, separated by commas (enter ALL to use all interfaces): [2]> Select an operation. Press enter to continue with the existing filter. - PREDEFINED - PREDEFINED filter. - CUSTOM - CUSTOM filter. - CLEAR - CLEAR filter. []> Capture settings successfully saved.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Press Ctrl-C to stop. PING anotherhost.example.com (x.x.x.x): 56 data bytes 64 bytes from 10.19.0.31: icmp_seq=0 ttl=64 time=1.421 ms 64 bytes from 10.19.0.31: icmp_seq=1 ttl=64 time=0.126 ms 64 bytes from 10.19.0.31: icmp_seq=2 ttl=64 time=0.118 ms 64 bytes from 10.19.0.31: icmp_seq=3 ttl=64 time=0.115 ms 64 bytes from 10.19.0.31: icmp_seq=4 ttl=64 time=0.139 ms 64 bytes from 10.19.0.31: icmp_seq=5 ttl=64 time=0.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Note You must use Control-C to end the ping6 command. routeconfig Description The routeconfig command allows you to create, edit, and delete static routes for TCP/IP traffic. By default, traffic is routed through the default gateway set with the setgateway command. However, AsyncOS allows specific routing based on destination. Routes consist of a nickname (for future reference), a destination, and a gateway.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Table 3-12 routeconfig Arguments Argument Description 4|6 The IP version (IPv4 or IPv6) to apply this command to. For clear and print this option can be omitted and the command applies to both versions. name The name of the route. destination_address The IP or CIDR address to match on for outgoing IP traffic. gateway_ip • The IP address to send this traffic to.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Please enter the gateway IP address for traffic to 192.168.12.0/24: []> 192.168.14.4 Currently configured routes: 1. EuropeNet Destination: 192.168.12.0/24 Gateway: 192.168.14.4 Choose the operation you want to perform: - NEW - Create a new route. - EDIT - Modify a route. - DELETE - Remove a route. - CLEAR - Clear all entries. []> mail3.example.com> routeconfig Configure routes for: 1. IPv4 2.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools setgateway Description The setgateway command configures the default next-hop intermediary through which packets should be routed. Alternate (non-default) gateways are configured using the routeconfig command. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools oldname.example.com> For the hostname change to take effect, you must enter the commit command. After you have successfully committed the hostname change, the new name appears in the CLI prompt: oldname.example.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools • Print a listing of SMTP routes smtproutes print • Import a listing of SMTP routes smtproutes import • Export a listing of SMTP routes smtproutes export Example In the following example, the smptroutes command is used to construct a route (mapping) for the domain example.com to relay1.example.com, relay2.example.com, and backup-relay.example.com. Use /pri=# to specify a destination priority.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools sslconfig Description Configure SSL settings for the appliance. Note You cannot change server and client methods in the FIPS 140-2 compliance mode. Usage Commit: This command requires a ‘commit’. Cluster Management:This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example mail.example.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools GUI HTTPS method: sslv2sslv3tlsv1 GUI HTTPS ciphers: RC4-SHA RC4-MD5 ALL Inbound SMTP method: sslv3tlsv1 Inbound SMTP ciphers: RC4-SHA RC4-MD5 ALL Outbound SMTP method: sslv3tlsv1 Outbound SMTP ciphers: RC4-SHA RC4-MD5 ALL Choose the operation you want to perform: - GUI - Edit GUI HTTPS ssl settings. - INBOUND - Edit Inbound SMTP ssl settings. - OUTBOUND - Edit Outbound SMTP ssl settings.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools sslv3config Description Enable or disable SSLv3 settings for the appliance. Usage Commit: This command requires a ‘commit’. Cluster Management:This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example The following example shows how to disable SSLv3 for End User Quarantine. mail.example.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. It is further restricted to the login host (i.e., the specific machine you are logged onto). This command requires access to the local file system. Batch Command: This command does not support a batch format. Example mail3.example.com> telnet Please select which interface you want to telnet from. 1.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools 4. PublicNet (192.168.2.1/24: mail3.example.com) [1]> 1 Please enter the host to which you want to trace the route. []> 10.1.1.1 Press Ctrl-C to stop. traceroute to 10.1.1.1 (10.1.1.1), 64 hops max, 44 byte packets 1 gateway (192.168.0.1) 0.202 ms 0.173 ms 0.161 ms 2 hostname (10.1.1.1) 0.298 ms 0.302 ms 0.291 ms mail3.example.
Chapter 3 The Commands: Reference Examples Networking Configuration / Network Tools 1 traceroute6: wrote example.com 12 chars, ret=-1 *sendto: No route to host traceroute6: wrote example.com 12 chars, ret=-1 *sendto: No route to host traceroute6: wrote example.com 12 chars, ret=-1 Cisco AsyncOS 9.
Chapter 3 The Commands: Reference Examples Outbreak Filters Outbreak Filters This section contains the following CLI commands: • outbreakconfig • outbreakflush • outbreakstatus • outbreakupdate outbreakconfig Description Use the outbreakconfig command to configure the Outbreak Filter feature.
Chapter 3 The Commands: Reference Examples Outbreak Filters [524288]> Do you want to use adaptive rules to compute the threat level of messages? [Y]> Logging of URLs is currently disabled. Do you wish to enable logging of URL's? [N]> Y Logging of URLs has been enabled. The Outbreak Filters feature is now globally enabled on the system. You must use the 'policyconfig' command in the CLI or the Email Security Manager in the GUI to enable Outbreak Filters for the desired Incoming and Outgoing Mail Policies.
Chapter 3 The Commands: Reference Examples Outbreak Filters outbreakstatus Description The outbreakstatus command shows the current Outbreak Filters feature settings, including whether the Outbreak Filters feature is enabled, any Outbreak Rules, and the current threshold. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format. Example mail3.example.
Chapter 3 The Commands: Reference Examples Policy Enforcement Batch Command: This command does not support a batch format. Example elroy.run> outbreakupdate Requesting updates for Outbreak Filter Rules.
Chapter 3 The Commands: Reference Examples Policy Enforcement Choose the operation you want to perform: - NEW - Create a new content dictionary. []> new Enter a name for this content dictionary. []> HRWords Do you wish to specify a file for import? [N]> Enter new words or regular expressions, enter a blank line to finish. Currently configured content dictionaries: 1. HRWords Choose the operation you want to perform: - NEW - Create a new content dictionary.
Chapter 3 The Commands: Reference Examples Policy Enforcement []> edit Enter the number of the dictionary you want to edit: 1. secret_words []> 1 Choose the operation you want to perform on dictionary 'secret_words': - NEW - Create new entries in this dictionary. - IMPORT - Replace all of the words in this dictionary. - EXPORT - Export the words in this dictionary. - DELETE - Remove an entry in this dictionary. - PRINT - List the entries in this dictionary.
Chapter 3 The Commands: Reference Examples Policy Enforcement Importing Dictionaries In the example below, using the dictionaryconfig command, 84 terms in the profanity.txt text file are imported as Unicode (UTF-8) into a dictionary named profanity. mail3.example.com> dictionaryconfig No content dictionaries have been defined. Choose the operation you want to perform: - NEW - Create a new content dictionary. []> new Enter a name for this content dictionary.
Chapter 3 The Commands: Reference Examples Policy Enforcement []> edit Enter the number of the dictionary you want to edit: 1. secret_words []> 1 Choose the operation you want to perform on dictionary 'secret_words': - NEW - Create new entries in this dictionary. - IMPORT - Replace all of the words in this dictionary. - EXPORT - Export the words in this dictionary. - DELETE - Remove an entry in this dictionary. - PRINT - List the entries in this dictionary.
Chapter 3 The Commands: Reference Examples Policy Enforcement Cluster Management: This command can be used in all three machine modes (cluster, group, machine).. Batch Command: This command does not support a batch format. Example mail3.example.com> exceptionconfig Choose the operation you want to perform: - NEW - Create a new domain exception table entry []> new Enter a domain, sub-domain, user, or email address for which you wish to provide an exception: []> mail.partner.
Chapter 3 The Commands: Reference Examples Policy Enforcement Batch Command: This command does not support a batch format Example In this example, the filter command is used to create three new filters: • The first filter is named big_messages. It uses the body-size rule to drop messages larger than 10 megabytes. • The second filter is named no_mp3s. It uses the attachment-filename rule to drop messages that contain attachments with the filename extension of .mp3.
Chapter 3 The Commands: Reference Examples Policy Enforcement - LOGCONFIG - Configure log subscriptions used by filters. - ROLLOVERNOW - Roll over a filter log file. []> new Enter filter script. Enter '.' on its own line to end. mailfrompm: if (mail-from == "^postmaster$") { bcc ("administrator@example.com");} . 1 filters added. Choose the operation you want to perform: - NEW - Create a new filter. - DELETE - Remove a filter. - IMPORT - Import a filter script from a file.
Chapter 3 The Commands: Reference Examples Policy Enforcement Finally, the changes are committed. mail3.example.com> policyconfig Would you like to configure Incoming or Outgoing Mail Policies? 1. Incoming 2.
Chapter 3 The Commands: Reference Examples Policy Enforcement [1]> 2 Do you want to archive messages identified as spam? [N]> Do you want to enable special treatment of suspected spam? [Y]> y What score would you like to set for the IronPort Anti-Spam suspect spam threshold? [50]> 50 The following configuration options apply to messages identified as SUSPECTED spam: 1. DELIVER 2. DROP 3. BOUNCE 4.
Chapter 3 The Commands: Reference Examples Policy Enforcement Do you want marketing messages sent to an alternate envelope recipient? [N]> n Anti-Spam configuration complete Policy Summaries: Anti-Spam: IronPort - Drop Suspect-Spam: IronPort - Quarantine - Archiving copies of the original message. Marketing-Messages: IronPort - Deliver, Prepend "[MARKETING]" to Subject Anti-Virus: McAfee - Scan and Clean Content Filters: Off (No content filters have been created) Outbreak Filters: Enabled.
Chapter 3 The Commands: Reference Examples Policy Enforcement Enter a member for this policy: []> ldap(sales) Please select an LDAP group query: 1. PublicLDAP.ldapgroup [1]> 1 Is this entry a recipient or a sender? 1. Recipient 2. Sender [1]> 1 Add another member? [Y]> n Would you like to enable Anti-Spam support? [Y]> y Use the policy table default? [Y]> n Begin Anti-Spam configuration Some messages will be positively identified as spam. Some messages will be identified as suspected spam.
Chapter 3 The Commands: Reference Examples Policy Enforcement Anti-Spam configuration complete Would you like to enable Anti-Virus support? [Y]> y Use the policy table default? [Y]> y Would you like to enable Outbreak Filters for this policy? [Y]> y Use the policy table default? [Y]> y Incoming Mail Policy Configuration Name: Anti-Spam: Anti-Virus: ----------------- ----------sales_team IronPort Default DEFAULT IronPort McAfee Content Filter: --------------Default Off Outbreak Filters: ---------------De
Chapter 3 The Commands: Reference Examples Policy Enforcement 2. Sender [1]> 1 Add another member? [Y]> y Enter a member for this policy: []> fred@example.com Is this entry a recipient or a sender? 1. Recipient 2. Sender [1]> 1 Add another member? [Y]> y Enter a member for this policy: []> joe@example.com Is this entry a recipient or a sender? 1. Recipient 2.
Chapter 3 The Commands: Reference Examples Policy Enforcement - CLEAR - Clear all file extensions []> Incoming Mail Policy Configuration Name: Anti-Spam: Anti-Virus: ----------------- ----------sales_team IronPort Default engineering Default Default DEFAULT IronPort McAfee Content Filter: --------------Default Default Off Outbreak Filters: ---------------Default Enabled Enabled Choose the operation you want to perform: - NEW - Create a new policy - EDIT - Edit an existing policy - DELETE - Remove a pol
Chapter 3 The Commands: Reference Examples Policy Enforcement Filter Name: scan_for_confidential Conditions: Always Run Actions: No actions defined yet. Description: scan all incoming mail for the string 'confidential' Choose the operation you want to perform: - RENAME - Rename this filter - DESC - Edit filter description - ADD - Add condition or action []> add 1. Condition 2. Action [1]> 1 1. Message Body Contains 2. Only Body Contains (Attachments are not scanned) 3. Message Body Size 4.
Chapter 3 The Commands: Reference Examples Policy Enforcement - ADD - Add condition or action - DELETE - Delete condition or action []> add 1. Condition 2. Action [1]> 2 1. Bcc 2. Notify 3. Redirect To Alternate Email Address 4. Redirect To Alternate Host 5. Insert A Custom Header 6. Insert A Message Tag 7. Strip A Header 8. Send From Specific IP Interface 9. Drop Attachments By Content 10. Drop Attachments By Name 11. Drop Attachments By MIME Type 12. Drop Attachments By File Type 13.
Chapter 3 The Commands: Reference Examples Policy Enforcement 1. Bcc 2. Notify 3. Redirect To Alternate Email Address 4. Redirect To Alternate Host 5. Insert A Custom Header 6. Insert A Message Tag 7. Strip A Header 8. Send From Specific IP Interface 9. Drop Attachments By Content 10. Drop Attachments By Name 11. Drop Attachments By MIME Type 12. Drop Attachments By File Type 13. Drop Attachments By Size 14. Send To System Quarantine 15. Duplicate And Send To System Quarantine 16. Add Log Entry 17.
Chapter 3 The Commands: Reference Examples Policy Enforcement - NEW - Create a new filter - EDIT - Edit an existing filter - DELETE - Delete a filter - PRINT - Print all filters - RENAME - Rename a filter []> new Enter a name for this filter: []> no_mp3s Enter a description or comment for this filter (optional): []> strip all MP3 attachments Filter Name: no_mp3s Conditions: Always Run Actions: No actions defined yet.
Chapter 3 The Commands: Reference Examples Policy Enforcement Conditions: Always Run Actions: drop-attachments-by-filetype("mp3") Description: strip all MP3 attachments Choose the operation you want to perform: - RENAME - Rename this filter - DESC - Edit filter description - ADD - Add condition or action - SAVE - Save filter []> save Defined filters: 1. scan_for_confidential: scan all incoming mail for the string 'confidential' 2.
Chapter 3 The Commands: Reference Examples Policy Enforcement 8. Attachment Name 9. Attachment MIME Type 10. Attachment Protected 11. Attachment Unprotected 12. Attachment Corrupt 13. Envelope Recipient Address 14. Envelope Recipient in LDAP Group 15. Envelope Sender Address 16. Envelope Sender in LDAP Group 17. Reputation Score 18. Remote IP 19. DKIM authentication result 20.
Chapter 3 The Commands: Reference Examples Policy Enforcement Enter the email address(es) to send the notification to: []> joe@example.com Do you want to edit the subject line used on the notification? [N]> y Enter the subject to use: []> message bounced for ex-employee of example.
Chapter 3 The Commands: Reference Examples Policy Enforcement rcpt-to == "doug" Actions: notify-copy ("joe@example.com", "message bounced for ex-employee of example.com") bounce() Description: bounce messages intended for Doug Choose the operation you want to perform: - RENAME - Rename this filter - DESC - Edit filter description - ADD - Add condition or action - DELETE - Delete condition or action - SAVE - Save filter []> save Defined filters: 1.
Chapter 3 The Commands: Reference Examples Policy Enforcement Choose the operation you want to perform: - NEW - Create a new policy - EDIT - Edit an existing policy - DELETE - Remove a policy - PRINT - Print all policies - SEARCH - Search for a policy by member - MOVE - Move the position of a policy - FILTERS - Edit content filters - CLEAR - Clear all policies []> edit Name: ----1. sales_team 2. engineering 3.
Chapter 3 The Commands: Reference Examples Policy Enforcement 3. Active ex_employee Enter the filter to toggle on/off, or press enter to finish: []> Policy Summaries: Anti-Spam: IronPort - Drop Suspect-Spam: IronPort - Quarantine - Archiving copies of the original message. Marketing-Messages: IronPort - Deliver, Prepend "[MARKETING]" to Subject Anti-Virus: McAfee - Scan and Clean Content Filters: Enabled. Filters: scan_for_confidential, no_mp3s, ex_employee Outbreak Filters: Enabled. No bypass extensions.
Chapter 3 The Commands: Reference Examples Policy Enforcement - FILTERS - Modify filters []> filters Choose the operation you want to perform: - DISABLE - Disable Content Filters policy (Disables all policy-related actions) - ENABLE - Enable Content Filters policy []> enable 1. 2. 3. Enter the []> 1 scan_for_confidential no_mp3s ex_employee filter to toggle on/off, or press enter to finish: 1. Active 2. 3.
Chapter 3 The Commands: Reference Examples Policy Enforcement Note The CLI does not contain the notion of adding a new content filter within an individual policy. Rather, the filters subcommand forces you to manage all content filters from within one subsection of the policyconfig command. For that reason, adding the drop_large_attachments has been omitted from this example. DLP Policies for Default Outgoing Policy This illustrates how to enable DLP policies on the default outgoing policy. mail3.
Chapter 3 The Commands: Reference Examples Policy Enforcement Enter the policy to toggle on/off, or press enter to finish: []> 1 1. Active California AB-1298 2. Suspicious Transmission - Zip Files 3. Restricted Files Enter the policy to toggle on/off, or press enter to finish: []> 2 1. Active 2. Active 3. Enter the []> 3 California AB-1298 Suspicious Transmission - Zip Files Restricted Files policy to toggle on/off, or press enter to finish: 1. Active 2. Active 3.
Chapter 3 The Commands: Reference Examples Policy Enforcement # 1 2 3 Quarantine Name Outbreak Policy Virus Size (MB) 3,072 1,024 2,048 % full 0.0 0.1 empty Messages 1 497 0 Retention 12h 10d 30d Policy Release Delete Delete 2,048 MB available for quarantine allocation. Choose the operation you want to perform: - NEW - Create a new quarantine. - EDIT - Modify a quarantine. - DELETE - Remove a quarantine. - OUTBREAKMANAGE - Manage the Outbreak Filters quarantine.
Chapter 3 The Commands: Reference Examples Policy Enforcement Note You will only be prompted to give users access to the quarantine if guest or operator users have already been created on the system. A quarantine's user list only contains users belonging to the Operators or Guests groups. Users in the Administrators group always have full access to the quarantine. When managing the user list, the NEW command is suppressed if all the Operator/Guest users are already on the quarantine's user list.
Chapter 3 The Commands: Reference Examples Policy Enforcement - SETUP - Configure scanning behavior. - IMPORT - Load mappings from a file. - EXPORT - Save mappings to a file. - PRINT - Display the list. - CLEAR - Remove all entries. - SMIME - Configure S/MIME unpacking. []> setup 1. Scan only attachments with MIME types or fingerprints in the list. 2. Skip attachments with MIME types or fingerprints in the list.
Chapter 3 The Commands: Reference Examples Policy Enforcement - SMIME - Configure S/MIME unpacking. []> print 1. Fingerprint 2. Fingerprint 3. MIME Type 4. MIME Type 5. MIME Type Image Media audio/* image/* video/* stripheaders Description Define a list of message headers to remove. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format.
Chapter 3 The Commands: Reference Examples Policy Enforcement Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example Use textconfig -> NEW to create text resources, and textconfig > delete to remove them. mail3.example.com> textconfig Choose the operation you want to perform: - NEW - Create a new text resource.
Chapter 3 The Commands: Reference Examples Policy Enforcement - DELETE - Remove a resource from the system. - LIST - List configured resources. []> delete Please enter the name or number of the resource to delete: []> 1 Message disclaimer "disclaimer 1" has been deleted. Choose the operation you want to perform: - NEW - Create a new text resource. - IMPORT - Import a text resource from a file. []> Use textconfig -> EDIT to modify an existing text resource.
Chapter 3 The Commands: Reference Examples Policy Enforcement Notification template "strip.mp3files" created. Current Text Resources: 1. disclaimer.2.message (Message Disclaimer) 2. strip.mp3files (Notification Template) Choose the operation you want to perform: - NEW - Create a new text resource. - IMPORT - Import a text resource from a file. - EXPORT - Export text resource to a file. - PRINT - Display the content of a resource. - EDIT - Modify a resource. - DELETE - Remove a resource from the system.
Chapter 3 The Commands: Reference Examples Logging and Alerts []> Logging and Alerts This section contains the following CLI commands: • alertconfig • displayalerts • findevent • grep • logconfig • rollovernow • snmpconfig • tail alertconfig Description Configure email alerts. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format.
Chapter 3 The Commands: Reference Examples Logging and Alerts Choose the Alert Classes. Separate multiple choices with commas. 1. All 2. System 3. Hardware 4. Updater 5. Outbreak Filters 6. Anti-Virus 7. Anti-Spam 8. Directory Harvest Attack Prevention 9. Release and Support Notifications [1]> 2,3,8 Select a Severity Level. 1. All 2. Critical 3. Warning 4. Information [1]> 2 Separate multiple choices with commas. Sending alerts to: alertadmin@example.
Chapter 3 The Commands: Reference Examples Logging and Alerts Example > displayalerts Date and Time Stamp Description -------------------------------------------------------------------------------10 Mar 2015 11:33:36 +0000 The updater could not validate the server certificate. Server certificate not validated - unable to get local issuer certificate Last message occurred 28 times between Tue Mar 10 10:34:57 2015 and Tue Mar 10 11:32:24 2015. 10 Mar 2015 11:23:39 +0000 server for at least 1h.
Chapter 3 The Commands: Reference Examples Logging and Alerts 3. Search by Subject 4. Search by envelope TO [1]> 1 Enter the regular expression to search for. []> " Currently configured logs: Log Name Log Type Retrieval Interval --------------------------------------------------------------------------------1. mail_logs IronPort Text Mail Logs Manual Download None Enter the number of the log you wish to use for message tracking. [1]> 1 Please choose which set of logs to search: 1.
Chapter 3 The Commands: Reference Examples Logging and Alerts Enter the regular expression to search for. []> " Currently configured logs: Log Name Log Type Retrieval Interval --------------------------------------------------------------------------------1. mail_logs IronPort Text Mail Logs Manual Download None Enter the number of the log you wish to use for message tracking. [1]> 1 Please choose which set of logs to search: 1. All available log files 2. Select log files by date list 3.
Chapter 3 The Commands: Reference Examples Logging and Alerts Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. It is further restricted to the login host (i.e., the specific machine you are logged onto). This command requires access to the local file system. Batch Command: This command does not support a batch format. The grep command can be used to search for text strings within logs.
Chapter 3 The Commands: Reference Examples Logging and Alerts logconfig Description Configure access to log files. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example of FTP Push Log Subscription In the following example, the logconfig command is used to configure a new delivery log called myDeliveryLogs.
Chapter 3 The Commands: Reference Examples Logging and Alerts 3. Delivery Logs 4. Bounce Logs 5. Status Logs 6. Domain Debug Logs 7. Injection Debug Logs 8. SMTP Conversation Logs 9. System Logs 10. CLI Audit Logs 11. FTP Server Logs 12. HTTP Logs 13. NTP logs 14. LDAP Debug Logs 15. Anti-Spam Logs 16. Anti-Spam Archive 17. Anti-Virus Logs 18. Anti-Virus Archive 19. Scanning Logs 20. IronPort Spam Quarantine Logs 21. IronPort Spam Quarantine GUI Logs 22. Reporting Logs 23. Reporting Query Logs 24.
Chapter 3 The Commands: Reference Examples Logging and Alerts 5. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll 6. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll 7. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll 8. "encryption" Type: "Encryption Logs" Retrieval: FTP Poll 9. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll 10. "euq_logs" Type: "IronPort Spam Quarantine Logs" Retrieval: FTP Poll 11.
Chapter 3 The Commands: Reference Examples Logging and Alerts - NEW - Create a new log. EDIT - Modify a log subscription. DELETE - Remove a log subscription. SETUP - General settings. LOGHEADERS - Configure headers to log. HOSTKEYCONFIG - Configure SSH host keys. []> new Choose the log file type for this subscription: 1. IronPort Text Mail Logs 2. qmail Format Mail Logs 3. Delivery Logs 4. Bounce Logs 5. Status Logs 6. Domain Debug Logs 7. Injection Debug Logs 8. SMTP Conversation Logs 9.
Chapter 3 The Commands: Reference Examples Logging and Alerts [3600]> Maximum filesize before transferring: [10485760]> Protocol: 1. SSH1 2. SSH2 [2]> 2 Do you want to enable host key checking? [N]> y Do you want to automatically scan the host for its SSH key, or enter it manually? 1. Automatically scan. 2. Enter manually. [1]> 1 SSH2:dsa 10.1.1.
Chapter 3 The Commands: Reference Examples Logging and Alerts 2. SSH2:rsa 3. SSH2:dsa 4. All [4]> 4 SSH1:rsa 10.1.1.
Chapter 3 Logging and Alerts 6. Domain Debug Logs 7. Injection Debug Logs 8. SMTP Conversation Logs 9. System Logs 10. CLI Audit Logs 11. FTP Server Logs 12. HTTP Logs 13. NTP logs 14. LDAP Debug Logs 15. Anti-Spam Logs 16. Anti-Spam Archive 17. Anti-Virus Logs 18. Anti-Virus Archive 19. Scanning Logs 20. IronPort Spam Quarantine Logs 21. IronPort Spam Quarantine GUI Logs 22. Reporting Logs 23. Reporting Query Logs 24. Updater Logs 25. Tracking Logs 26. Safe/Block Lists Logs 27.
Chapter 3 The Commands: Reference Examples Logging and Alerts 14. mail 15. ntp 16. security 17. user [14]> 14 Currently configured logs: 1. "MailLogSyslogPush" Type: "IronPort Text Mail Logs" Retrieval: Syslog Push Host 10.1.1.2 rollovernow Description Roll over a log file. Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. Batch Command: This command does not support a batch format. Example mail3.example.
Chapter 3 The Commands: Reference Examples Logging and Alerts Log files successfully rolled over. mail3.example.com> snmpconfig Description Configure SNMP. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example In the following example, the snmpconfig command is used to enable SNMP on the “PublicNet” interface on port 161.
Chapter 3 The Commands: Reference Examples Logging and Alerts Enter the Trap target (IP address). Enter "None" to disable traps. [None]> snmp-monitor.example.com Enterprise Trap Status 1. RAIDStatusChange Enabled 2. fanFailure Enabled 3. highTemperature Enabled 4. keyExpiration Enabled 5. linkDown Enabled 6. linkUp Enabled 7. powerSupplyStatusChange Enabled 8. resourceConservationMode Enabled 9.
Chapter 3 The Commands: Reference Examples Logging and Alerts Usage Commit: This command does not require a ‘commit’. Cluster Management: This command is restricted to machine mode. It is further restricted to the login host (i.e., the specific machine you are logged onto). This command requires access to the local file system. Batch Command: This command does not support a batch format. Example mail3.example.com> tail Currently configured logs: 1.
Chapter 3 The Commands: Reference Examples Reporting Reporting This section contains the following CLI commands: • reportingconfig reportingconfig Using the reportingconfig command The following subcommands are available within the reportingconfig submenu: Table 3-14 reportingconfig Subcommands Syntax Description Availability filters Configure filters for the Security Management appliance.
Chapter 3 The Commands: Reference Examples Reporting Choose which groups to filter, you can specify multiple filters by entering a comma separated list: []> 2, 3 Choose the operation you want to perform: - FILTERS - Configure filtering for the SMA. - ALERT_TIMEOUT - Configure when you will be alerted due to failing to get reporting data - DOMAIN - Configure domain report settings. - MODE - Enable/disable centralized reporting.
Chapter 3 The Commands: Reference Examples Reporting - ALERT_TIMEOUT - Configure when you will be alerted due to failing to get reporting data - DOMAIN - Configure domain report settings. - MODE - Enable/disable centralized reporting. []> Enabling Centralized Reporting for an Email Security Appliance mail3.example.com> reportingconfig Choose the operation you want to perform: - MAILSETUP - Configure reporting for the ESA. - MODE - Enable centralized or local reporting for the ESA.
Chapter 3 The Commands: Reference Examples Senderbase [24]> 48 SenderBase timeout used by the web interface: 5 seconds Sender Reputation Multiplier: 3 The current level of reporting data recording is: unlimited No custom second level domains are defined. Legacy mailflow report: Disabled Choose the operation you want to perform: - SENDERBASE - Configure SenderBase timeout for the web interface. - MULTIPLIER - Configure Sender Reputation Multiplier.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration SenderBase host status Host up/down: Unknown (never contacted) senderbaseconfig Description Configure SenderBase connection settings. Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example mail3.example.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration callaheadconfig Description Add, edit, and remove SMTP Call-Ahead profiles Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example In the following example you can create a new SMTP call-ahead profile for delivery host.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration > callaheadconfig Currently configured SMTP Call-Ahead profiles: 1. delhost01 (Delivery Host) Choose the operation you want to perform: - NEW - Create a new profile. - EDIT - Modify a profile. - DELETE - Delete a profile. - PRINT - Display profile information. - TEST - Test profile. - FLUSHCACHE - Flush SMTP Call-Ahead cache. []> new Select the type of profile you want to create: 1. Delivery Host 2.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration listenerconfig Description The listenerconfig command allows you to create, edit, and delete a listener. AsyncOS requires that you specify criteria that messages must meet in order to be accepted and then relayed to recipient hosts — either internal to your network or to external recipients on the Internet. These qualifying criteria are defined in listeners; collectively, they define and enforce your mail flow policies.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Batch Format - General listenerconfig The batch format of the listenerconfig command can be used to add and delete listeners on a particular interface. The batch format of the listenerconfig command also allows you to configure a listener’s HAT and RAT.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration • Print a sendergroup listing listenerconfig edit hostaccess edit sendergroup print • Rename a sendergroup listenerconfig edit sendergroup hostaccess edit sendergroup rename • Editing a HAT’s policy listenerconfig edit hostaccess edit policy [options] • Deleting a sendergroup from a HAT listenerconfig edit hostaccess delete sendergroup • Deleting a poli
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Table 3-16 listenerconfig Argument Values -HAT Argument Description “Accept”, “Relay”, “Reject”, “TCP Refuse”, or “Continue”. When selecting a behavior for use with a sendergroup, additional behaviors of the form “Policy: FOO” are available (where “FOO” is the name of policy). The filename to use with importing and exporting the hostaccess tables. A sendergroup .
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Table 3-16 listenerconfig Argument Values -HAT --max_size Maximum message size. Add a trailing k for kilobytes, M for megabytes, or no letters for bytes. --max_conn Maximum number of connections allowed from a single host. --max_msgs Maximum number of messages per connection. --max_rcpt Maximum number of recipients per message. --override Override the hostname in the SMTP banner. “No” or SMTP banner string.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Table 3-16 listenerconfig Argument Values -HAT --spf Enable SPF verification. “Yes”, “No”, “Default.” --spf_conf_level SPF conformance level. Used with “--spf Yes” only. “spf_only”, “sidf_compatible”, “sidf_strict.” --spf_downgrade_pra Downgrade SPF PRA verification result. Used with “--spf Yes” and “--spf_conf_level sidf_compatible” only. “Yes”, “No.” --spf_helo_test SPF HELO test.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration • Exporting a RAT listenerconfig edit rcptacess export • Clearing the default access listenerconfig edit rcptacess clear Table 3-17 listenerconfig Argument Values - RAT Argument Description Enter the hosts to add. Hosts can be formatted as follows: CIDR addresses (10.1.1.0/24) Hostname (crm.example.com) Partial Hostname (.example.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings. []> new Please select the type of listener you want to create. 1. Private 2. Public 3. Blackhole [2]> 1 Please create a name for this listener (Ex: "OutboundMail"): []> OutboundMail Please choose an IP interface for this Listener. 1. Management (192.168.42.42/24: mail3.example.com) 2. PrivateNet (192.168.1.1/24: mail3.example.com) 3.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration - DELETE - Remove a listener. - SETUP - Change global settings. []> Example - Customizing the Host Acess Table (HAT ) for a listener via Export and Import Many of the subcommands within the listenerconfig command allow you to import and export data in order to make large configuration changes without having to enter data piecemeal in the CLI.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration - DOMAINMAP - Configure domain mappings.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration max_msgs_per_session = 10 spam_check = "on" use_sb = "on" max_message_size = 1048576 max_rcpts_per_msg = 25 max_concurrency = 10 } WHITELIST: $TRUSTED (My trusted senders have no anti-spam or rate limiting) BLACKLIST: $BLOCKED (Spammers are rejected) SUSPECTLIST: $THROTTLED (Suspicious senders are throttled) UNKNOWNLIST: $ACCEPTED (Reviewed but undecided, continue normal acceptance) ALL $ACCEPTED (Everyone else) Default Policy Paramet
Chapter 3 The Commands: Reference Examples SMTP Services Configuration In this example, the following entries are added to the HAT above the ALL entry: spamdomain.com .spamdomain.com 251.192.1. 169.254.10.10 REJECT REJECT TCPREFUSE RELAY – The first two entries reject all connections from the remote hosts in the domain spamdomain.com and any subdomain of spamdomain.com. – The third line refuses connections from any host with an IP address of 251.192.1.x.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Use SenderBase For Reputation Filters and IP Profiling: Yes Footer: None LDAP: Off Choose the operation you want to perform: - NAME - Change the name of the listener. - INTERFACE - Change the interface. - LIMITS - Change the injection limits. - SETUP - Configure general options. - HOSTACCESS - Modify the Host Access Table. - RCPTACCESS - Modify the Recipient Access Table.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration There are currently 4 policies defined. There are currently 5 sender groups. Choose the operation you want to perform: - NEW - Create a new entry. - EDIT - Modify an entry. - DELETE - Remove an entry. - MOVE - Move an entry. - DEFAULT - Set the defaults. - PRINT - Display the table. - IMPORT - Import a table from a file. - EXPORT - Export the table to a file. - CLEAR - Remove all entries.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration 251.192.1. TCPREFUSE (TCPREFUSE the IP addresses in "251.192.1") 169.254.10.10 RELAY (RELAY the address 169.254.10.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Enter the name or number of the listener you wish to edit. []> 1 Name: MyListener Type: Public Interface: Management (172.29.181.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration - DELETE - Remove an entry. - MOVE - Move an entry. - DEFAULT - Set the defaults. - PRINT - Display the table. - IMPORT - Import a table from a file. - EXPORT - Export the table to a file. - RESET - Remove senders and set policies to system default. []> default Enter the default maximum message size.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Would you like to enable DKIM/DomainKeys signing? Would you like to enable DKIM verification? [N]> [N]> Would you like to enable S/MIME Public Key Harvesting? [N]> y Would you like to harvest certificate on verification failure? Would you like to harvest updated certificate? [N]> [Y]> Would you like to enable S/MIME gateway decryption/verification? [N]> y Select the appropriate operation for the S/MIME signature processing: 1
Chapter 3 The Commands: Reference Examples SMTP Services Configuration - EXPORT - Export the table to a file. - RESET - Remove senders and set policies to system default. []> Example - Advanced HAT Parameters Table 3-18 defines the syntax of advanced HAT parameters. Note that for the values below which are numbers, you can add a trailing k to denote kilobytes or a trailing M to denote megabytes. Values with no letters are considered bytes.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Table 3-18 Advanced HAT Parameter Syntax Parameter Syntax Values Example Values Define SenderBase Reputation Score sbrs[value1:value2] -10.0- 10.0 sbrs[-10:-7.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Optionally, you can configure the appliance to return a third-party response from the SPF publisher domain if the REJECT action is taken for Neutral, SoftFail, or Fail verification result. By default, the appliance returns the following response: 550-#5.7.1 SPF unauthorized mail is prohibited. 550-The domain example.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Table 3-19 SPF Control Settings Conformance Level SIDF Compatible SIDF Strict Available SPF Control Settings • whether to perform a HELO identity check • whether the verification downgrades a Pass result of the PRA identity to None if the Resent-Sender: or Resent-From: headers are present in the message • SMTP actions taken based on the results of the following identity checks: • HELO identity (if enabled) • MAIL FROM Iden
Chapter 3 The Commands: Reference Examples SMTP Services Configuration What SMTP action should be taken if HELO check returns None? 1. Accept 2. Reject [1]> 1 What SMTP action should be taken if HELO check returns Neutral? 1. Accept 2. Reject [1]> 1 What SMTP action should be taken if HELO check returns SoftFail? 1. Accept 2. Reject [1]> 2 What SMTP action should be taken if HELO check returns Fail? 1. Accept 2. Reject [1]> 2 What SMTP action should be taken if HELO check returns TempError? 1. Accept 2.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Example - Enable DMARC Verification The following example shows how to enable DMARC verification. mail.example.com> listenerconfig Currently configured listeners: 1. Listener 1 (on Management, 172.29.181.70) SMTP TCP Port 25 Public Choose the operation you want to perform: - NEW - Create a new listener. - EDIT - Modify a listener. - DELETE - Remove a listener. - SETUP - Change global settings.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Allow TLS Connections: No Allow SMTP Authentication: No Require TLS To Offer SMTP authentication: No DKIM/DomainKeys Signing Enabled: No DKIM Verification Enabled: No SPF/SIDF Verification Enabled: No DMARC Verification Enabled: No Envelope Sender DNS Verification Enabled: No Domain Exception Table Enabled: No Accept untagged bounces: No There are currently 4 policies defined. There are currently 5 sender groups.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration Enter your custom SMTP response. Press Enter on a blank line to finish. Would you like to use SenderBase for flow control by default? Would you like to enable anti-spam scanning? [Y]> [Y]> Would you like to enable anti-virus scanning? [Y]> Do you want to allow encrypted TLS connections? 1. No 2. Preferred 3. Required 4. Preferred - Verify 5.
Chapter 3 SMTP Services Configuration ========================== Maximum Message Size: 20M Maximum Number Of Concurrent Connections From A Single IP: 10 Maximum Number Of Messages Per Connection: 10 Maximum Number Of Recipients Per Message: 50 Directory Harvest Attack Prevention: Enabled Maximum Number Of Invalid Recipients Per Hour: 25 Maximum Number Of Recipients Per Hour: Disabled Maximum Number of Recipients per Envelope Sender: Disabled Use SenderBase for Flow Control: Yes Spam Detection Enabled: Yes
Chapter 3 The Commands: Reference Examples SMTP Services Configuration - RCPTACCESS - Modify the Recipient Access Table. - BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener. - MASQUERADE - Configure the Domain Masquerading Table. - DOMAINMAP - Configure domain mappings. []> Currently configured listeners: 1. Listener 1 (on Management, 172.29.181.70) SMTP TCP Port 25 Public Choose the operation you want to perform: - NEW - Create a new listener.
Chapter 3 The Commands: Reference Examples SMTP Services Configuration want the system to failover and attempt to encode the entire message using the encoding of the message footer? (When this feature is enabled, the system will attempt to display the footer "in-line" rather than defaulting to adding it as an attachment.
Chapter 3 The Commands: Reference Examples System Setup 3. Data 2 (192.168.2.1/24: mail3.example.com) 4. Management (192.168.42.42/24: mail3.example.
Chapter 3 The Commands: Reference Examples System Setup Example mail3.example.com> systemsetup WARNING: The system setup wizard will completely delete any existing 'listeners' and all associated settings including the 'Host Access Table' mail operations may be interrupted. Are you sure you wish to continue? [Y]> y Before you begin, please reset the administrator password to a new value.
Chapter 3 The Commands: Reference Examples System Setup Please enter the IP address of your DNS server. []> 192.168.0.3 Do you want to enter another DNS server? [N]> You have successfully configured the DNS settings. ***** You are now going to configure how the IronPort C100 accepts mail by creating a "Listener". Please create a name for this listener (Ex: "MailInterface"): []> InboundMail Please choose an IP interface for this Listener. 1. Data 1 (192.168.1.1/24: ironport-C100.example.
Chapter 3 The Commands: Reference Examples System Setup Require TLS To Offer SMTP authentication: No DKIM/DomainKeys Signing Enabled: No DKIM Verification Enabled: No SPF/SIDF Verification Enabled: No DMARC Verification Enabled: No Envelope Sender DNS Verification Enabled: No Domain Exception Table Enabled: No Accept untagged bounces: No Would you like to change the default host access policy? [N]> n Listener InboundMail created. Defaults have been set for a Public listener.
Chapter 3 The Commands: Reference Examples System Setup (Recommended) [Y]> y ***** You will now configure scheduled reporting. Please enter the email address(es) to deliver scheduled reports to. (Leave blank to only archive reports on-box.) Separate multiple addresses with commas. []> administrator@example.com ***** You will now configure system time settings. Please choose your continent: 1. Africa 2. America ... 11. GMT Offset [11]> 2 Please choose your country: 1. Anguilla ... 47. United States 48.
Chapter 3 The Commands: Reference Examples URL Filtering URL Filtering This section contains the following CLI commands: • urllistconfig • webcacheflush • websecurityadvancedconfig • websecurityconfig • websecuritydiagnostics urllistconfig Configure or import whitelists of URLs that will not be evaluated by URL filtering features. These lists are not used by the Outbreak Filters feature. Usage Commit: This command requires a ‘commit’.
Chapter 3 The Commands: Reference Examples URL Filtering Assign new name to the imported list? (By default, name stored in the file will be applied to the list) [N] > Y Enter name of the list > new_list Enter filename to import from > URLfile NOTE: These files will be stored in /pub/configuration URL list “new_list” added. webcacheflush Flush the cache used by URL filtering features. Use this command if you change the certificate that is used for communication with Cisco Web Security Services.
Chapter 3 The Commands: Reference Examples URL Filtering Batch Format For the batch format, see the CLI inline help. Example > websecurityadvancedconfig Enter URL lookup timeout (includes any DNS lookup time) in seconds: [15]> Enter the URL cache size (no. of URLs): [1215000]> Do you want to disable DNS lookups? [N]> Enter the maximum number of URLs that should be scanned: [100]> Enter the Web security service hostname: [example.
Chapter 3 The Commands: Reference Examples URL Filtering Batch Format • Enable URL filtering features > websecurityconfig urlscanning enable • Disable URL filtering features > websecurityconfig urlscanning disable • Set the client certificate for communication with cloud services. Use this command only under the guidance of Cisco TAC. > websecurityconfig urlscanning certificate sds_cert Example > websecurityconfig URL Filtering is currently disabled.
Chapter 3 The Commands: Reference Examples User Management Cache Size: 254 Cache Hits: 551 Response Time Minimum: None Average: 0.0 Maximum: None DNS Lookup Time Minimum: 9.4198775 Average: 10.1786801765 Maximum: 10.544356 User Management This section contains the following CLI commands: • userconfig • password or passwd • last • who • whoami userconfig Description Manage user accounts and connections to external authentication sources. Usage Commit: This command requires a ‘commit’.
Chapter 3 The Commands: Reference Examples User Management Choose the operation you want to perform: - NEW - Create a new account. - EDIT - Modify an account. - DELETE - Remove an account. - POLICY - Change password and account policy settings. - PASSWORD - Change the password for a user. - ROLE - Create/modify user roles. - STATUS - Change the account status. - EXTERNAL - Configure external authentication. - DLPTRACKING - Configure DLP tracking privileges. []> new Enter the new username.
Chapter 3 The Commands: Reference Examples User Management 2. hdesk_user - "Helpdesk User" (helpdesk) External authentication: Disabled Choose the operation you want to perform: - NEW - Create a new account. - EDIT - Modify an account. - DELETE - Remove an account. - POLICY - Change password and account policy settings. - PASSWORD - Change the password for a user. - ROLE - Create/modify user roles. - STATUS - Change the account status. - EXTERNAL - Configure external authentication.
Chapter 3 The Commands: Reference Examples User Management - NEW - Add a RADIUS server configuration. - EDIT - Modify a RADIUS server configuration. - DELETE - Remove a RADIUS server configuration. - CLEAR - Remove all RADIUS server configurations. []> password or passwd Description Change your password. Usage Commit: This command requires a ‘commit’. Cluster Management: This command is restricted to cluster mode.
Chapter 3 The Commands: Reference Examples User Management Batch Command: This command does not support a batch format. Example elroy.run> last Username ======== admin admin admin admin admin admin admin admin admin shutdown Remote Host ============= 10.251.23.186 10.251.23.186 10.251.16.231 10.251.23.186 10.251.23.142 10.251.23.142 10.251.23.142 10.251.60.37 10.251.16.
Chapter 3 The Commands: Reference Examples Virtual Appliance Management Usage Commit: This command requires a ‘commit’. Cluster Management: This command can be used in all three machine modes (cluster, group, machine). Batch Command: This command does not support a batch format. Example mail3.example.
Chapter 3 The Commands: Reference Examples Virtual Appliance Management []> TERMS AND CONDITIONS OF USE Do you accept the above license agreement? []> y The license agreement was accepted. The following feature key have been added: Errors and hardware misconfigurations may also be shown. showlicense Description Displays information about the current virtual appliance license. Additional details are available using the featurekey command.
