41
Chapter16 Enabling Your C350D Appliance
16-2
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Additional features:
•
256 Virtual Gateway Addresses - The Cisco IronPort Virtual Gateway
technology allows you to configure enterprise mail gateways for all domains
you host — with distinct IP addresses, hostname and domains — and create
separate corporate email policy enforcement and anti-spam strategies for
those domains, while hosted within the same physical appliance. For more
information, see “Customizing Listeners” in the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
•
IronPort Mail Merge (IPMM) - IronPort Mail Merge (IPMM) removes the
burden of generating individual personalized messages from customer
systems. By removing the need to generate thousands of individual messages
and transmit them between message generating systems and the email
gateway, users benefit from the decreased load on their systems and increased
throughput of email delivery. For more information, see IronPort Mail Merge
(IPMM), page16-6.
•
Resource-conserving bounce setting - The C350D appliance allows you to
configure the system to detect potential blocked destinations and bounce all
messages bound for that destination. For more information, see Configuring
Resource-Conserving Bounce Settings, page16-5.
•
Software based performance enhancement - The C350D appliance includes a
software module that dramatically enhances the outbound delivery
performance.
Features Disabled in the C350D
Your C350D appliance contains several modifications to the AsyncOS operating
system. Some features of the standard C- and X-Series appliances are not
applicable to outbound email delivery and to improve system performance have
been disabled. These modifications and differences are discussed below.
Non-Applicable Features:
•
IronPort anti-spam scanning and on or off box spam quarantining — Because
anti-spam scanning pertains mostly to incoming mail, the IronPort
Anti-Spam scanning engine is disabled. Chapter 9 is, therefore, not
applicable.
41
16-3
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter16 Enabling Your C350D Appliance
•
Outbreak Filters — Because Cisco IronPort’s Outbreak Filters feature is used
to quarantine incoming mail, this feature has been disabled on the C350D.
Chapter 11 is, therefore, not applicable.
•
SenderBase Network Participation capabilities — Because SenderBase
Network Participation reports information about incoming mail, this feature
has been disabled on the C350D appliance. Chapters 8 and 12 are, therefore,
not applicable.
•
Reporting — Reporting is limited. Some reports are not available, and the
reporting that does occur is set to run at a very limited level due to the
performance issues.
•
RSA Data Loss Prevention — RSA DLP scanning for outgoing messages has
been disabled on C350D appliances.
•
The totals shown in the Email Security Monitor Overview report for 350D
appliances may erroneously include spam and suspect spam counts although
these features are disabled for the C350D appliances.
AsyncOS Features Applicable to the C350D
The C350D appliance incorporates most of the latest AsyncOS features, many of
which are of interest to C350D users. Table16-1 lists some of these features:
Table16-1
AsyncOS Features Included in the C350D Appliance
Feature
More Information
Domain Key signing
DKIM/Domain Keys is a method for verifying
authenticity of email based on a signing key used by
the sender. See the “Email Authentication” chapter in
the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
Centralized management
See the “Centralized Management” chapter in the
Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
41
Chapter16 Enabling Your C350D Appliance
16-4
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Configuring the C350D Appliance
To enable your C350D:
Delivery throttling
For each domain, you can assign a maximum number
of connections and recipients that will never be
exceeded by the system in a given time period. This
“good neighbor” table is defined through the
destconfig
command.
For more information, see the section on Controlling
Email Delivery in “Configuring Routing and Delivery
Features” the Cisco IronPort AsyncOS for Email
Advanced Configuration Guide.
Bounce Verification
Verify the authenticity of bounce messages. See the
section on Cisco IronPort Bounce Verification in the
“Configuring Routing and Delivery Features” chapter
of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
Delegated administration
See information on adding users in the “Common
Administrative Tasks” chapter of the Cisco IronPort
AsyncOS for Email Daily Management Guide.
Trace (debug)
See Debugging Mail Flow Using Test Messages:
Trace, page-446.
VLAN, NIC-pairing
See the “Advanced Network Configuration” chapter
in the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
Optional Anti-virus engine e You can add optional anti-virus scanning to ensure the
integrity of your outbound messages. See Anti-Virus
Scanning, page9-2.
Table16-1
AsyncOS Features Included in the C350D Appliance
Feature
More Information
32
16-5
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter16 Enabling Your C350D Appliance
Step1
Apply the provided feature key. You will need to apply the key to your C350D
Cisco IronPort Email Security appliance prior to running the system setup wizard
(prior to configuring the appliance). Apply the key via the System Administration
> Feature Key page or by issuing the
featurekey
command in the CLI.
Note
The preceding feature keys include a sample 30 day Sophos or McAfee
Anti-Virus license you can use to test anti-virus scanning on outbound
mail.
Step2
Reboot the appliance.
Step3
Run the system setup wizard (GUI or CLI) and configure your appliance.
Please keep in mind that the Cisco IronPort C350D appliance does not include
anti-spam scanning or the Outbreak Filters feature. (Please ignore these chapters
in the Configuration Guide.)
Note
In a clustered environment, you cannot combine C350D appliances with AsyncOS
appliances that are not configured with the delivery performance package.
Configuring Resource-Conserving Bounce Settings
Once the C350D appliance is configured, you can configure the system to detect
potential delivery problems and bounce all messages for a destination.
Note
Using this setting will bounce all messages in the queue for a destination domain
that is deemed undeliverable. You will need to re-send the message once the
delivery issues have been resolved.
How to C#: Basic SDK Concept of XDoc.PDF for .NET And PDF file text processing like text writing, extracting, searching, etc., are to load a PDF document from file or query data and save the PDF document.
extract data from pdf file; extract data from pdf table VB.NET PDF: Basic SDK Concept of XDoc.PDF And PDF file text processing like text writing, extracting, searching, etc., are to load a PDF document from file or query data and save the PDF document.
extract table data from pdf to excel; online form pdf output
20
Chapter16 Enabling Your C350D Appliance
16-6
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Example of Enabling Resource-Conserving Bounce Settings
When using this feature, a host is considered “down” after at least 10 consecutive
connection attempts fail. AsyncOS scans for down hosts every 15 minutes, so it
is possible that more than 10 attempts will be made before the queue is cleared.
IronPort Mail Merge (IPMM)
Note
IronPort Mail Merge is only available on the IronPort C350D appliance.
mail3.example.com> bounceconfig
Choose the operation you want to perform:
- NEW - Create a new profile.
- EDIT - Modify a profile.
- DELETE - Remove a profile.
- SETUP - Configure global bounce settings.
[]> setup
Do you want to bounce all enqueued messages bound for a domain if the
host is down? [N]> y
38
16-7
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter16 Enabling Your C350D Appliance
Overview
IronPort Mail Merge removes the burden of generating individual personalized
messages from customer systems. By removing the need to generate thousands of
individual messages and transmit them between message generating systems and
the email gateway, users benefit from the decreased load on their systems and
increased throughput of email delivery.
With IPMM, a single message body is created with variables representing
locations in the message to be replaced for personalization. For each individual
message recipient, only the recipient email address and the variable substitutions
need to be transmitted to the email gateway. In addition, IPMM can be used to
send certain recipients specific “parts” of the message body, while excluding
certain parts from others recipients. (For example, suppose you needed to include
a different copyright statements at the end of your messages to recipients in two
different countries.)
Benefits
Using the Mail Merge function of the Cisco IronPort C350D appliance has many
benefits:
•
Ease of use for the mail administrator. The complexities of creating
personalized messages for each recipient are removed, as IPMM provides
variable substitution and an abstracted interface in many common languages.
•
Reduced load on message generation systems. By requiring one copy of the
message body and a table of required substitutions, most of the message
generation “work” is off-loaded from message generation systems and moved
to the Cisco IronPort C350D appliance.
•
Increased delivery throughput. By reducing the resources necessary to accept
and queue thousands of incoming messages, the Cisco IronPort appliance can
significantly increase out-bound delivery performance.
•
Queue storage efficiency. By storing less information for each message
recipient, users can achieve orders-of- magnitude, better use of queue storage
on the C350D appliance.
57
Chapter16 Enabling Your C350D Appliance
16-8
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Using the Mail Merge
SMTP Injection
IPMM extends SMTP as the transport protocol. There is no special configuration
that needs to be made to the Cisco IronPort C350D appliance. (By default, IPMM
can be enabled for private listeners and disabled for public listeners on the Cisco
IronPort C350D Email Security appliance.) However, if you are not currently
using SMTP as your injection protocol, you must create a new private listener that
utilizes SMTP through the Cisco IronPort C350D appliance interface.
Refer to the “Customizing Listeners” chapter in the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide for more information on configuring
listeners. Use the
setipmm
subcommand of
listenerconfig
to enable IPMM on
the injector.
IPMM modifies SMTP by altering two commands —
MAIL FROM
and
DATA
— and
adding another:
XDFN
. The
MAIL FROM
command is replaced with
XMRG FROM
and,
the
DATA
command is replaced with
XPRT
.
To generate a Mail Merge message, the commands used to generate the message
need to be issued in a particular sequence.
Step1
The initial EHLO statement, identifying the sending host.
Step2
Each message starts with an XMRG FROM: statement, indicating the sender
address.
Step3
Each recipient is then defined:
– One or more XDFN variable allocation statements are made, including
defining the parts (XDFN *PART=1,2,3…), and any other recipient
specific variables.
– The recipient email address is defined with the RCPT TO: statement. Any
variable allocations prior to the RCPT TO:, but after the prior XMRG
FROM, or RCPT TO command, will be mapped to this recipient email
address.
Step4
Each part is defined using the XPRT n command, with each part terminated by a
period (.) character similar to the DATA command. The last part is defined by the
XPRT n LAST command.
59
16-9
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter16 Enabling Your C350D Appliance
Variable Substitution
Any part of the message body, including message headers, can contain variables
for substitution. Variables can appear in HTML messages, as well. Variables are
user-defined and must begin with the ampersand (
&
) character and end with the
semi-colon character (
;
). Variable names beginning with an asterisk (
*
) are
reserved and cannot be used.
Reserved Variables
IPMM contains five special “reserved” variables that are predefined.
For example, the following example message body (including headers) contains
four distinct variables and five substitution locations that will be replaced in the
final message. Note that the same variable may be used more than once in the
message body. Also, the reserved variable
&*TO;
is used, which will be replaced
with the recipient email address. This reserved variable does not need to be passed
in as a separate variable. The variables in the example appear in bold.
Table16-2
IPMM: Reserved Variables
*FROM
The reserved variable
*FROM
is derived from the “Envelope From”
parameter. The “Envelope From” parameter is set by the “XMRG
FROM:” command.
*TO
The reserved variable
*TO
is derived from the envelope recipient
value, as set by the “RCPT TO:” command.
*PARTS
The reserved variable
*PARTS
holds a comma separated list of
parts. It is set prior to defining a recipient with the “RCPT TO:” and
determines which of the “XPRT n” message body blocks a given
user will receive.
*DATE
The reserved variable
*DATE
is replaced with the current date
stamp.
*DK
The reserved variable
*DK
is used to specify a DomainKeys Signing
profile (this profile must already exist in AsyncOS). For more
information about creating DomainKeys Signing profiles, see the
“Email Authentication” chapter in Cisco IronPort AsyncOS for
Email Advanced Configuration Guide.
31
Chapter16 Enabling Your C350D Appliance
16-10
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Example Message #1
This message needs only be injected once into the Cisco IronPort C350D
appliance. For each recipient, the following additional information is required:
•
A recipient email address
•
Name-value pairs for the variable substitution
Part Assembly
Where SMTP uses a single
DATA
command for each message body, IPMM uses
one or many
XPRT
commands to comprise a message. Parts are assembled based
upon the order specified per-recipient. Each recipient can receive any or all of the
message parts. Parts can be assembled in any order.
The special variable
*PARTS
holds a comma separated list of parts.
For example, the following example message contains two parts.
The first part contains the message headers and some of the message body. The
second part contains an offer that can be variably included for specific customers.
From: Mr.Spacely <spacely@sprockets.com>
To: &first_name;&last_name;&*TO;
Subject: Thanks for Being a Spacely Sprockets Customer
Dear &first_name;,
Thank you for purchasing a &color; sprocket.
Documents you may be interested
Documents you may be interested