cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.2.0-616
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.2.0-203
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

9055
Views
45
Helpful
38
Replies
ciscomoderator
Community Manager

New Capabilities to Protect Your Users with Cisco Secure Email - AMA

banner_en_lp_ATE_1800x300_mccabe_feb_2021.png

Ask Me Anything Forum

This event is a chance to review how customers of all sizes face the same daunting challenge: email is simultaneously the most important business communication tool and the leading attack vector for security breaches. Cisco Secure Email enables users to communicate securely and helps organizations combat Business Email Compromise (BEC), ransomware, advanced malware, phishing, spam, and data loss with a multilayered approach to security.

To participate in this event, please use the reply-button.png button below to ask your questions

Ask questions from Monday, February 1 to Friday, February 12, 2021

Featured Experts

Photo_dmccabej_100x140.png Dennis McCabe Jr is a Technical Consulting Engineer at the Cisco Global Technical Assistance Center (TAC) for Content Security Email. With more than five years of experience and a broad scope of knowledge relating to Cloud Email Security (CES) and the Email Security Appliance (ESA), Dennis holds certifications including Cisco’s Certified Specialist with Email Security and an MCITP concentrating on Microsoft Exchange. He holds a CCNA Security certification.

Photo_ericpark_100x140.png Erica Parker is an experienced Technical Consulting Engineer with a demonstrated history of working in the computer networking and cybersecurity industry. With a Bachelor's degree focused in Computer Systems Networking and Telecommunications from Rochester Institute of Technology, she is skilled in Email Security, Software Deployment, and Security Penetration testing with a passion in biomedical sciences. She holds two certifications on CCNA R&S and Security.

 
**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to your Questions



Do you know you can get answers before opening a TAC case by visiting the Cisco Community?
For more information, visit the Email Security category. To find further Cisco Community events: Click here.

38 REPLIES 38
Jessica Deaken
Beginner

Hi,

How do I install a license file onto my virtual ESA?

Hi Jessica,

Thanks for reaching out. You can install a license file to your virtual ESA by running the ‘loadlicense’ command and choosing which way you’d like to load the license. I would recommend the option for pasting into the CLI. To do this, open up the .xml file received into a program like notepad++ and copy the contents of the license file in its entirety. From there, paste the contents into the CLI and follow the prompts to apply the license.

I hope that helps! Please let us know if you have any further questions.

Best,

Erica
Jessica Deaken
Beginner

Hi Erica,

Sounds correct to me. I will check it out, thank you!

Didier M
Beginner

Hi everybody!

I have a question, how do I prevent a malicious actor from spoofing my domain?
Can the ESA catch these types of attacks?

Didier

Hello,

 

This really depends on what type of spoofing is being referred to, with the most common being ‘From’ header spoofing. We have a great article that goes over different types of spoofing, along with some of the many different methods for mitigation, and can be found here. Another great way to combat From header spoofing specifically is to utilize a Content and/or Message Filter, similar to this.

 

If you have any additional questions please let me know. 

 

Thank you!

-Dennis M.

ciscomoderator
Community Manager

Hi Dennis & Erica!

Find below the new question posted by @MB6568 :

C100 Cloud Email Security Appliance

Today I'm tyring to set up a printer to use HPEprint services.  When sending an email from inside our domain we get a bounce back for HPEprint.com

We are not having any other issues.  We just can't send an email HPEprint.com.  Here is what the logs from the C100

04 Feb 2021 02:33:24 (GMT +05:00)

SMTP delivery connection (DCID 926569) opened from Cisco IronPort interface 139.138.47.215 to IP address 15.72.48.225 on port 25.

04 Feb 2021 02:33:25 (GMT +05:00)

Delivery connection (DCID 926569) successfully accepted TLS protocol TLSv1.2 cipher XXXX-RSA-AES256-XXX-SHA384 None.

04 Feb 2021 02:33:25 (GMT +05:00)

(DCID 926569) Delivery started for message 1417055 to xxxx@hpeprint.com.

04 Feb 2021 02:33:25 (GMT +05:00)

(DCID 517346) Message 1417055 to xxxx@hpeprint.com bounced by destination server. Reason: 5.3.0 - Other mail system problem ('550', ['5.7.0 bad DKIM signature data'])

 

Anyone have any idea how to get around this issue?

Hello,

 

Thanks for your question. I've actually seen issues with this in the past for this domain and DKIM. Although not 100% sure without seeing the headers, I assume that this could be related to the slight modification of headers during the transit of these emails to the destination, causing a DKIM failure. One safe way to remediate this would be to place canonization (body and headers) of your DKIM profile to relaxed and test sending email again to the hpeprint.com domain. A relaxed profile takes care of the extra white spaces (in headers or body) which might lead to DKIM failing at the destination.

 

I hope this helps!

 

Erica

ciscomoderator
Community Manager

Hi Dennis & Erica!

Find a new question from @Abbas Ravat :

ESA Graymail, Sophos update fail

I have CISCO ESA Appliance, and it does not update Graymail, sophos antivirus. Give message "Attention - updates completed with Error". I can telnet the update URL and its standalone appliance.

 

Please advice what can be the issue.