Cisco ESA Initial Configuration
To perform the initial Cisco ESA configuration, complete the following steps:
Step 1. Log in to the Cisco ESA. The default username is admin, and the default password is ironport.
Step 2. Use the systemsetup command in the command-line interface (CLI) of the Cisco ESA to initiate the System Setup Wizard, as shown in Example 18-1.
Example 18-1 Initial Setup with the systemsetup Command
IronPort> systemsetup
WARNING: The system setup wizard will completely delete any existing
'listeners' and all associated settings including the 'Host Access Table' - mail
operations may be interrupted.
Are you sure you wish to continue? [Y]> Y
You are now going to configure how the IronPort C60 accepts mail by
creating a "Listener".
Please create a name for this listener (Ex: "InboundMail"):
[]> InboundMail
Please choose an IP interface for this Listener.
1. Management (192.168.42.42/24: mail3.example.com)
2. PrivateNet (192.168.1.1/24: mail3.example.com)
3. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 3
Enter the domains or specific addresses you want to accept mail for.
Hostnames such as "example.com" are allowed.
Partial hostnames such as ".example.com" are allowed.
Usernames such as "postmaster@" are allowed.
Full email addresses such as "[email protected]" or "joe@[1.2.3.4]" are allowed.
Separate multiple addresses with commas
[]> securemeinc.org
Would you like to configure SMTP routes for example.com? [Y]> y
Enter the destination mail server which you want mail for example.com to be delivered.
Separate multiple entries with commas.
[]> exchange.securemeinc.org
Do you want to enable rate limiting for this listener? (Rate limiting defines the
maximum
number of recipients per hour you are willing to receive from a remote domain.) [Y]> y
Enter the maximum number of recipients per hour to accept from a remote domain.
[]> 4500
Default Policy Parameters
==========================
Maximum Message Size: 100M
Maximum Number Of Connections From A Single IP: 1,000
Maximum Number Of Messages Per Connection: 1,000
Maximum Number Of Recipients Per Message: 1,000
Maximum Number Of Recipients Per Hour: 4,500
Maximum Recipients Per Hour SMTP Response:
452 Too many recipients received this hour
Use SenderBase for Flow Control: Yes
Virus Detection Enabled: Yes
Allow TLS Connections: No
Would you like to change the default host access policy? [N]> n
Listener InboundMail created.
Defaults have been set for a Public listener.
Use the listenerconfig->EDIT command to customize the listener.
*****
Do you want to configure the C60 to relay mail for internal hosts? [Y]> y
Please create a name for this listener (Ex: "OutboundMail"):
[]> OutboundMail
Please choose an IP interface for this Listener.
1. Management (192.168.42.42/24: mail3.example.com)
2. PrivateNet (192.168.1.1/24: mail3.example.com)
3. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 2
Please specify the systems allowed to relay email through the IronPort C60.
Hostnames such as "example.com" are allowed.
Partial hostnames such as ".example.com" are allowed.
IP addresses, IP address ranges, and partial IP addressed are allowed.
Separate multiple entries with commas.
[]> .securemeinc.org
Do you want to enable rate limiting for this listener? (Rate limiting defines the
maximum number of recipients per hour you are willing to receive from a remote
domain.)
[N]> n
Default Policy Parameters
==========================
Maximum Message Size: 100M
Maximum Number Of Connections From A Single IP: 600
Maximum Number Of Messages Per Connection: 10,000
Maximum Number Of Recipients Per Message: 100,000
Maximum Number Of Recipients Per Hour: Disabled
Use SenderBase for Flow Control: No
Virus Detection Enabled: Yes
Allow TLS Connections: No
Would you like to change the default host access policy? [N]> n
Listener OutboundMAil created.
Defaults have been set for a Private listener.
Use the listenerconfig->EDIT command to customize the listener.
*****
Congratulations! System setup is complete. For advanced configuration, please refer to
the User Guide.
mail3.securemeinc.org >
In Example 18-1, the inside (private) and outside (public) listeners are configured. The domain name of securemeinc.org is used in this example.
To verify the configuration, you can use the mailconfig command to send a test e-mail containing the system configuration data that was entered in the System Setup Wizard, as shown in Example 18-2.
Example 18-2 Verifying the Configuration with the mailconfig Command
mail3.securemeinc.org> mailconfig
Please enter the email address to which you want to send
the configuration file. Separate multiple addresses with commas.
[]> [email protected]
The configuration file has been sent to [email protected].
mail3.securemeinc.org>
In Example 18-2, the e-mail is sent to the administrator ([email protected]).
