Solved: Re: Cisco ESA - Authentification of internal and external mail-servers

ccsmuell · ‎02-01-2023

Hi,

our customers asks for a way to establish a authentication mechanism for internal and external systems, which sends mails through the Cisco ESA.

There fore I think we need to setup to ways for authentication:

Internal mailservers (Exchange/Notes) are required to authenticate on Cisco ESA to be able to send mail to external recipients.
There is an external provider which hosts an app, which sends mails through the Cisco ESA to internal recipients. Based on the feedback of the external provider, they don't want to rely only on IP-based identification.

Is there any way to set such things up on the Cisco ESA? I just read about the SMTP authentication profiles for users, but can I also covers complete sending hosts with this mechanism? Or are there other possibilities I don't know about?

Thank you.

KR

Steffen

Ken Stieers · ‎02-01-2023

We had a similar requirement as number 2, and solved it by creating another listener on the public interface using the same ip but another different port and then enabling the authentication on that listener. We set up user authentication using LDAP to our AD. To make that more secure we created a group that has no access to anything, set it as the users primary group and removed it from Domain Users.

View solution in original post

Ken Stieers · ‎02-01-2023

We had a similar requirement as number 2, and solved it by creating another listener on the public interface using the same ip but another different port and then enabling the authentication on that listener. We set up user authentication using LDAP to our AD. To make that more secure we created a group that has no access to anything, set it as the users primary group and removed it from Domain Users.