cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1523
Views
0
Helpful
1
Replies

smtp authentication - listener

ivana.bagaric1
Level 1
Level 1

I would like to set up  SMTP authentication with the LDAP server on ESA-C370 for our users , who are connected remotely. Currently, we allow  SMTP relay (anonymous)  for all users who are connected to our network.

We have defined  two interfaces (on the same ethernet port Data 1 with the  IP addresses on the same vlan) and two listeners - Incoming (Public – port 25)  for incomming messages and outgoing (Private – port 25) for Outgoing messages. We need to set up SMTP authentication on the listener on the different port (probably 26). Could we configure SMTP authentication on existing listeners (which, incomming or outgoing?) or we need to define a separate interface and a separate listener?

 

Thanks

1 Reply 1

Hrvoje (Harry) Dogan
Cisco Employee
Cisco Employee

Hi Ivana,

 

You can define SMTP authentication on your existing Public listener (on port 25). Just edit the Default Policy Parameters of your Mail Flow Policies and enable it there. I would recommend to also configure TLS as preferred, and check the box "require TLS to offer authentication" (or something like that :)), since basic SMTP authentication is plain text.

Also, unless you have a valid reason, you may consider consolidating your setup to a single listener for both Incoming and Outgoing mail. The two-listener setup is typical for long-running ESA deployments (i.e. that's how we did it in the past :)), but for a while now we can use the same listener for both directions. 

If you want to be fully RFC compliant, run a separate listener *only* for authenticated connections - have a simple HAT, accept all connections, but *require* TLS and authentication on it, and run it on port 587.

 

Hope that helps!