35
3-25
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter3 Setup and Installation
Step 3: Network
In Step 3, you define the default router (gateway) and configure the DNS settings,
and then set up the appliance to receive and or relay email by configuring the Data
1, Data 2, and Management interfaces.
Configuring DNS and Default Gateway
Type the IP address of the default router (gateway) on your network.
Next, configure the DNS (Domain Name Service) settings. Cisco IronPort
AsyncOS contains a high-performance internal DNS resolver/cache that can
query the Internet’s root servers directly, or the system can use DNS servers you
specify. If you choose to use your own servers, you will need to supply the IP
address and hostname of each DNS server. You can enter up to four DNS servers
via the System Setup Wizard. Please note that DNS servers you enter will have an
initial priority of 0. For more information, see Configuring Domain Name System
(DNS) Settings, page 15-59.
Note
The appliance requires access to a working DNS server in order to perform DNS
lookups for incoming connections. If you cannot specify a working DNS server
that is reachable by the appliance while you are setting up the appliance, a
workaround is to either select “Use Internet Root DNS Servers” or to specify,
temporarily, the IP address of the Management interface so that you can complete
the System Setup Wizard.
Configuring Network Interfaces
Your Cisco IronPort appliance has network interfaces that are associated with the
physical ports on the machine. For example, on C60/600/650/660/670,
C30/300/350/360/370, and X1000/1050/1060/1070 appliances, three physical
Ethernet interfaces are available. On C10/100/150/160 appliances, two physical
Ethernet interfaces are available.
To use an interface, mark the “Enable” checkbox and then specify an IP address,
network mask, and fully qualified hostname. The IP address you enter should be
the address intended for your inbound mail as reflected in your DNS records.
Typically this address would have an MX record associated with it in DNS.
41
Chapter3 Setup and Installation
3-26
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Each interface can be configured to accept mail (incoming), relay email
(outgoing), or appliance management. During setup, you are limited to one of
each. Typically, you would use one interface for incoming, one for outgoing, and
one for appliance management. On the C150 and C160 appliances, you would
typically use one interface for both incoming and outgoing mail, and the other
interface for management.
You must configure one interface to receive email.
Assign and configure a logical IP address to one of the physical Ethernet
interfaces on the appliance. If you decide to use both the Data 1 Ethernet port and
the Data 2 Ethernet port, you need this information for both connections.
C650/660/670, C350/360/370, and X1050/1060/1070 customers: Cisco
recommends using one of the physical Ethernet ports to connect directly to the
Internet for the purposes of receiving inbound email through public listeners, and
using another physical Ethernet port to connect directly to your internal network
for the purposes of relaying outbound email through private listeners.
C150/160 customers: Typically, the System Setup Wizard will configure only
one physical Ethernet port with one listener for both receiving inbound email and
relaying outbound email.
See Binding Logical IP Addresses to Physical Ethernet Ports, page3-15.
The following information is required:
•
The IP address assigned by your network administrator.
•
The netmask of the interface.
The netmask can be in standard dotted decimal form or hexadecimal form.
•
(optional) A fully-qualified hostname for the IP address
Note
IP addresses within the same subnet cannot be configured on separate physical
Ethernet interfaces. See AppendixB, “Assigning Network and IP Addresses” for
more detailed information on Network and IP Address configuration.
Accepting Mail
When configuring your interfaces to accept mail, you define:
•
the domain for which to accept mail
•
destination (SMTP Route) for each domain, this is optional
47
3-27
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter3 Setup and Installation
Mark the checkbox for Accept Incoming Mail to configure the interface to accept
mail. Enter the name of the domain for which to accept mail.
Enter the Destination. This is the SMTP Route or name of the machine(s) where
you would like to route email for the domains specified.
This is the first SMTP Routes entry. The SMTP Routes table allows you to
redirect all email for each domain (also known as a Recipient Access Table (RAT)
entry) you enter to a specific mail exchange (MX) host. In typical installations,
the SMTP Routes table defines the specific groupware (for example, Microsoft
Exchange) server or the “next hop” in the email delivery for your infrastructure.
For example, you can define a route that specifies that mail accepted for the
domain
example.com
and all of its subdomains
.example.com
is routed the to the
groupware server
exchange.example.com
.
You can enter multiple domains and destinations. Click Add Row to add another
domain. Click the trash can icon to remove a row.
Note
Configuring SMTP Routes in this step is optional. If no SMTP routes are defined,
the system will use DNS to lookup and determine the delivery host for the
incoming mail received by the listener. (See “Routing Email for Local Domains”
in the Cisco IronPort AsyncOS for Email Advanced Configuration Guide for more
information.)
You must add at least one domain to the Recipient Access Table. Enter a domain
—
example.com
, for example. To ensure that mail destined for any subdomain of
example.net
will match in the Recipient Access Table, enter
.example.net
as
well as the domain name. For more information, see Defining Recipients,
page 5-73.
Relaying Mail (Optional)
When configuring your interfaces to relay mail, you define the systems allowed
to relay email through the appliance.
These are entries in the RELAYLIST of the Host Access Table for a listener. See
Sender Group Syntax, page 5-27 for more information.
Mark the check box for Relay Outgoing Mail to configure the interface to relay
mail. Enter the hosts that may relay mail through the appliance.
23
Chapter3 Setup and Installation
3-28
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
When you configure an interface to relay outbound mail, the System Setup Wizard
turns on SSH for the interface as long as no public listeners are configured to use
the interface.
In the following example, two interfaces are created:
•
192.168.42.42 remains configured on the Management interface.
•
192.168.1.1 is enabled on the Data 1 Ethernet interface. It is configured to
accept mail for domains ending in .example.com and an SMTP route is
defined for exchange.example.com.
•
192.168.2.1 is enabled on the Data 2 Ethernet interface. It is configured to
relay mail from exchange.example.com.
Note
The following example pertains to X1000/1050/1060/1070,
C60/600/650/660/670, and C30/300/350/360/370 appliances. For
C10/100/150/160 appliances, the Data 2 interface is typically configured for both
incoming and outgoing mail while the Data 1 interface is used for appliance
management (see C10/100 Installations, page3-29).
C# HTML5 Viewer: Load, View, Convert, Annotate and Edit Word users can convert Convert Microsoft Office Word to searchable PDF online, create To view, convert, edit, process, built, sign Word documents, please refer to
extract table data from pdf; extract data from pdf form fields
12
3-29
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter3 Setup and Installation
Figure 3-7
Network Interfaces: 2 IP Addresses in Addition to Management
(Segregated Traffic)
Use this configuration if you want your network to look like Figure3-2 on
page 3-11.
C10/100 Installations
When configuring a single IP address for all email traffic (nonsegregated traffic),
step 3 of the System Setup Wizard will look like this:
How to C#: Set Image Thumbnail in C#.NET VB.NET How-to, VB.NET PDF, VB.NET Word, VB.NET Excel, VB.NET PowerPoint, VB.NET Tiff Add a new Form Item to the project, and choose to design mode sign.
java read pdf form fields; pdf data extractor
19
Chapter3 Setup and Installation
3-30
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Figure 3-8
Network Interfaces: 1 IP Address for Incoming and Outgoing
(Nonsegregated) Traffic
Use this configuration if you want your network to look like Figure3-3 on
page 3-12.
Click Next to continue.
Step 4: Security
In step 4, you configure anti-spam and anti-virus settings. The anti-spam options
include SenderBase Reputation Filtering and selecting an anti-spam scanning
engine. For anti-virus, you can enable Outbreak Filters and Sophos or McAfee
anti-virus scanning.
Enabling SenderBase Reputation Filtering
The SenderBase Reputation Service can be used as a stand-alone anti-spam
solution, but it is primarily designed to improve the effectiveness of a
content-based anti-spam system such as IronPort Anti-Spam.
How to C#: Create a Winforms Control VB.NET How-to, VB.NET PDF, VB.NET Word, VB.NET Excel, VB.NET PowerPoint, VB.NET Tiff Add a new Form Item to the project, and choose to design mode sign.
extracting data from pdf forms; c# read pdf form fields
38
3-31
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter3 Setup and Installation
The SenderBase Reputation Service (http://www.senderbase.org) provides an
accurate, flexible way for users to reject or throttle suspected spam based on the
connecting IP address of the remote host. The SenderBase Reputation Service
returns a score based on the probability that a message from a given source is
spam. The SenderBase Reputation Service is unique in that it provides a global
view of email message volume and organizes the data in a way that makes it easy
to identify and group related sources of email. Cisco strongly suggests that you
enable SenderBase Reputation Filtering.
Once enabled, SenderBase Reputation Filtering is applied on the incoming
(accepting) listener.
Enabling Anti-Spam Scanning
Your Cisco IronPort appliance may ship with a 30-day evaluation key for IronPort
Anti-Spam software. During this portion of the System Setup Wizard, you can
choose to enable IronPort Anti-Spam globally on the appliance. You can also elect
to not enable the service.
If you choose to enable the anti-spam service, you can configure AsyncOS to send
spam and suspected spam messages to the local IronPort Spam Quarantine. The
IronPort Spam Quarantine serves as the end-user quarantine for the appliance.
Only administrators can access the quarantine until end-user access is configured.
See Chapter8, “Anti-Spam” for all of the IronPort Anti-Spam configuration
options available on the appliance. See “Quarantines” in the Cisco IronPort
AsyncOS for Email Daily Management Guide for information about the IronPort
Spam Quarantine.
Enabling Anti-Virus Scanning
Your Cisco IronPort appliance may ship with a 30-day evaluation key for the
Sophos Anti-Virus or McAfee Anti-Virus scanning engines. During this portion
of the System Setup Wizard, you can choose to enable an anti-virus scanning
engine globally on the appliance.
If you choose to enable an anti-virus scanning engine, it is enabled for both the
default incoming and default outgoing mail policies. The Cisco IronPort
appliance scans mail for viruses, but it does not repair infected attachments. The
appliance drops infected messages.
See Chapter9, “Anti-Virus” for all of the anti-virus configuration options
available on the appliance.
20
Chapter3 Setup and Installation
3-32
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Enabling Outbreak Filters
Your Cisco IronPort appliance may ship with a 30-day evaluation key for
Outbreak Filters. Outbreak Filters provide a “first line of defense” against new
virus outbreaks by quarantining suspicious messages until traditional anti-virus
security services can be updated with a new virus signature file.
See Chapter10, “Outbreak Filters” for more information.
Figure 3-9
System Setup Wizard: Step 4. Configuring Message Security
Click Next to continue.
Step 5: Review
A summary of the configuration information is displayed. You can edit the System
Settings, Network Integration, and Message Security information by clicking the
Previous button or by clicking the corresponding Edit link in the upper-right of
each section. When you return to a step to make a change, you must proceed
through the remaining steps until you reach this review page again. All settings
you previously entered will be remembered.
9
3-33
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter3 Setup and Installation
Figure 3-10
System Setup Wizard: Step 5. Review
Once you are satisfied with the information displayed click Install This
Configuration. A confirmation dialog is displayed. Click Install to install the
new configuration.
30
Chapter3 Setup and Installation
3-34
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Figure 3-11
System Setup Wizard: Confirm Install
Your Cisco IronPort appliance is now ready to send email.
Note
Clicking Install will cause the connection to the current URL
(http://192.168.42.42) to be lost if you changed the IP address of the interface you
used to connect to the appliance (the Management interface on
X1000/1050/1060/1070, C60/600/650/660/670, and C30/300/350/360/370
systems, or the Data 1 interface on C10/100/150/160 systems) from the default.
However, your browser will be redirected to the new IP address.
Once System Setup is complete, several alert messages are sent. See Immediate
Alerts, page 3-55 for more information.
Configuring Active Directory
If the System Setup Wizard properly installs the configuration on the Email
Security appliance, the Active Directory Wizard appears. If you are running an
Active Directory server on your network, use the Active Directory Wizard to
configure an LDAP server profile for the Active Directory server and assign a
listener for recipient validation. If you are not using Active Directory or want to
configure it later, click Skip this Step. You can run the Active Directory Wizard
on the System Administration > Active Directory Wizard page. You can also
configure Active Directory and other LDAP profiles on the System
Administration > LDAP page.
The Active Directory Wizard retrieves the system information needed to create an
LDAP server profile, such as the authentication method, the port, the base DN,
and whether SSL is supported. The Active Directory Wizard also creates LDAP
accept and group queries for the LDAP server profile.
Documents you may be interested
Documents you may be interested