Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3081
Views
0
Helpful
2
Replies

How does the Feature "TLS is Mandatory for Address List" work?

Go to solution
Default0815
Level 1
Level 1

‎03-06-2018 10:50 PM - edited ‎03-08-2019 07:34 PM

Hi,

under "Mail Flow Policy - Security Feature"you can define a Address List of Domains.

But this does not seem to work. I put in the first Accepted Policy some test domains. Then i send some Test emails from this domains. But they were accepted without tls.

Cisco Email Security Appliance - Mail Policies .jpg

Do i have to define the HAT even if i put the Domain names here in this Adress list?

How does this Feature work?

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎03-06-2018 11:04 PM

If you select Preferred, you can make TLS mandatory for envelope senders from a specific domain or with a specific email address by selecting an Address List that specifies those domains and email addresses. When an envelope sender matching a domain or address in this list tries to send a message over a connection that does not use TLS, the appliance rejects the connection and the sender will have to try again using TLS.

 

You may want to verify the mail flow policy this is configured on matches the policy matched on the test email.

 

Also, entries in address lists are case sensitive for certain mail flow policy configurations such as below:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv64845/?reffering_site=dumpcr

 

So you may want to compare the case displayed for the sending domain in message tracking with the entry in the address list.

 

Regards,

Libin Varghese

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎03-06-2018 11:04 PM

If you select Preferred, you can make TLS mandatory for envelope senders from a specific domain or with a specific email address by selecting an Address List that specifies those domains and email addresses. When an envelope sender matching a domain or address in this list tries to send a message over a connection that does not use TLS, the appliance rejects the connection and the sender will have to try again using TLS.

 

You may want to verify the mail flow policy this is configured on matches the policy matched on the test email.

 

Also, entries in address lists are case sensitive for certain mail flow policy configurations such as below:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv64845/?reffering_site=dumpcr

 

So you may want to compare the case displayed for the sending domain in message tracking with the entry in the address list.

 

Regards,

Libin Varghese

 

0 Helpful

Go to solution
Default0815
Level 1
Level 1
In response to Libin Varghese

‎03-07-2018 01:13 AM

Thank you.

Now it works.

We use Version 11.1. So there the bug seems to be fixed.

0 Helpful
Customers Also Viewed These Support Documents