0% found this document useful (0 votes)

650 views

ESA 9-6 CLI Reference Guide

Reference Guide for Cisco Email Security Appliance

Uploaded by

greatkudo

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

650 views

ESA 9-6 CLI Reference Guide

Reference Guide for Cisco Email Security Appliance

Uploaded by

greatkudo

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 324

CLI Reference Guide for AsyncOS 9.

6 for
Cisco Email Security Appliances
July 6, 2015

Cisco Systems, Inc.

www.cisco.com
Cisco has more than 200 offices worldwide.
Addresses, phone numbers, and fax numbers
are listed on the Cisco website at
www.cisco.com/go/offices.

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR
LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION,
THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE,
OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances
2015 Cisco Systems, Inc. All rights reserved.

CONTENTS

Preface

Before you Read this Book

Typographic Conventions

1
2

Additional Resources 2
Documentation 2
Knowledge Base 2
Cisco Support Community 3
Customer Support 3
Registering for a Cisco Account 3
Cisco Welcomes Your Comments 3

CHAPTER

CLI Quick Reference Guide

1-1

CLI Commands (No Commit Required)

CLI Commands (Commit Required)

CHAPTER

Command Line Interface: The Basics

3-246

SMTP Services Configuration 3-246

callaheadconfig 3-246
listenerconfig 3-248
Example - Configuring SPF and SIDF
localeconfig 3-276
smtpauthconfig 3-277

3-268

System Setup 3-278

systemsetup 3-278
URL Filtering 3-283
aggregatorconfig 3-283
urllistconfig 3-283
webcacheflush 3-285
websecurityadvancedconfig 3-285
websecurityconfig 3-286
websecuritydiagnostics 3-287
User Management 3-288
userconfig 3-288
password or passwd 3-290
last 3-291
who 3-292
whoami 3-292
Virtual Appliance Management
loadlicense 3-293
showlicense 3-294

3-293

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

Preface
The instructions in this book are designed for an experienced system administrator with knowledge of
networking and email administration.

Before you Read this Book

Note

If you have already cabled your appliance to your network, ensure that the default IP address for the
appliance does not conflict with other IP addresses on your network. The IP address assigned to the
Management port by the factory is 192.168.42.42. See the Setup and Installation chapter in the user
guide for your release for more information about assigning IP addresses to the appliance.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

Preface

Typographic Conventions
Typeface or
Symbol

Meaning

Examples
Please choose an IP interface for this Listener.

AaBbCc123

The names of commands, files, and

directories; on-screen computer
output.
What you type, when contrasted with
on-screen computer output.

mail3.example.com> commit
Please enter some comments describing your changes:
[]> Changed the system hostname

Book titles, new words or terms, words

to be emphasized. Command line
variable; replace with a real name or
value.

Read the QuickStart Guide.

AaBbCc123

The sethostname command sets the name of the appliance.

The appliance must be able to uniquely select an interface to

send an outgoing packet.

Before you begin, please reset your password to a

new value.
Old password: ironport
New password: your_new_password

Retype new password: your_new_password

Additional Resources
Documentation
Documentation for your Email Security appliance is available from:
http://www.cisco.com/en/US/products/ps10154/tsd_products_support_series_home.html

Knowledge Base
To access the Knowledge Base for information about Cisco Content Security products, visit:
http://www.cisco.com/web/ironport/knowledgebase.html

Note

You need a Cisco.com User ID to access the site. If you do not have a Cisco.com User ID, see Registering
for a Cisco Account, page 3.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

Preface

Cisco Support Community

Cisco Support Community is an online forum for Cisco customers, partners, and employees. It provides
a place to discuss general content security issues, as well as technical information about specific Cisco
products. You can post topics to the forum to ask questions and share information with other users.
Access the Cisco Support Community for Email Security appliances at:
https://supportforums.cisco.com/community/netpro/security/email

Customer Support
Use the following methods to obtain support:
U.S.: Call 1 (408) 526-7209 or Toll-free 1 (800) 553-2447
International: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
Support Site: http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
If you purchased support through a reseller or another supplier, please contact that supplier directly with
your product support issues.

Registering for a Cisco Account

Access to many resources on Cisco.com requires a Cisco account.
If you do not have a Cisco.com User ID, you can register for one here:
https://tools.cisco.com/RPF/register/register.do

Cisco Welcomes Your Comments

The Technical Publications team is interested in improving the product documentation. Your comments
and suggestions are always welcome. You can send comments to the following email address:
[email protected]
Please include the title of this book and the publication date from the title page in the subject line of your
message.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

III

Preface

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

CH A P T E R

CLI Quick Reference Guide

Use the tables to locate the appropriate CLI command, a brief description and its availability on the C-,
X, and M-series platforms.

CLI Commands (No Commit Required), page 1-2

CLI Commands (Commit Required), page 1-5

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

1-1

Chapter 1

CLI Quick Reference Guide

CLI Commands (No Commit Required)

CLI Command

Description

C-, X-, and M-Series

clearchanges or clear

Clear changes

C-, X-, and M-Series

commit

Commit changes

C-, X-, and M-Series

commitdetail

Display detailed information about the last commit

C- and X- Series

date

Display the current date and time

C-, X-, and M- Series

deleterecipients

Delete messages from the queue

C-, X-, and M-Series

delivernow

Reschedule messages for immediate delivery

C-, X-, and M-Series

diagnostic

C-, X-, and M-Series

ecstatus

Check the version of the enrollment client that is used to obtain

certificates

C-Series

ecupdate

Update the enrollment client that is used to obtain certificates

C-Series

emdiagnostic

Diagnostic tool for RSA EM on ESA.

C-, X-, and M- Series

encryptionstatus

Shows the version of the PXE Engine and Domain Mappings file

C- and X-Series

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

1-2

Chapter 1

CLI Quick Reference Guide

CLI Commands (No Commit Required)

hoststatus

Get the status of the given hostname

C-, X-, and M-Series

last

Display who has recently logged into the system

C-, X-, and M-Series

ldapflush

Flush any cached LDAP results

C- and X- Series

ldaptest

Perform a single LDAP query test

C- and X- Series

loadlicense

Load a virtual appliance license

All virtual appliances

mailconfig

Mail the current configuration to an email address

C-, X-, and M-Series

nslookup

Query a name server

C-, X-, and M-Series

netstat

Display network connections, routing tables, and network

interface statistics.

C-, X-, and M-Series

outbreakflush

Clear the cached Outbreak Rules

C- and X- Series

outbreakstatus

Display current Outbreak Rules

C- and X- Series

outbreakupdate

Update Outbreak Filters rules

C- and X- Series

C-, X-, and M-Series

quit or q or exit

Quit

C-, X-, and M-Series

resumedel

Resume deliveries

C-, X-, and M-Series

resumelistener

Resume receiving

All virtual appliances

showrecipients

Show messages from the queue by recipient host, Envelope From

address, or all messages

C- and X- Series

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

1-3

Chapter 1

CLI Quick Reference Guide

CLI Commands (No Commit Required)

shutdown

Shut down the system to power off

C-, X-, and M-Series

slblconfig

Configure Safelist/Blocklist settings

C- and X-Series

status

System status

C-, X-, and M-Series

supportrequest

Send a message to Cisco TAC

workqueue

Display and/or alter work queue pause status

C- and X- Series

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

1-4

Chapter 1

CLI Quick Reference Guide

CLI Commands (Commit Required)

CLI Command

Description

Platform Availability

addressconfig

Configure From: addresses for system generated mail

C-, X-, and M- Series

addresslistconfig

Configure address lists

C- and X- Series

adminaccessconfig

Configure network access list and banner login

C- and X- Series

aggregatorconfig

Configure address of the Cisco Aggregator Server

C- and X- Series

alertconfig

Configure email alerts

C-, X-, and M- Series

aliasconfig

Configure email aliases

C- and X- Series

altsrchost

Configure Virtual Gateway mappings

C- and X- Series

ampconfig

Configure Advanced Malware Protection (File reputation and

analysis)

C-, X-, and M- Series

antispamconfig

Configure Anti-Spam policy

C- and X- Series

antivirusconfig

Configure anti-virus policy

C- and X- Series

bounceconfig

Configure the behavior of bounces

C-, X-, and M- Series

bvconfig

Configure key settings for outgoing mail, and configure how to

handle invalid bounces.

C- and X- Series

callaheadconfig

Add, edit, and remove SMTP Call-Ahead profiles

C-, X-, and M- Series

generalconfig

Configure browser settings and other general settings

C-, X-, and M- Series

graymailconfig

Configure graymail detection and safe unsubscribe global settings C- and X- Series

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

1-5

Chapter 1

CLI Quick Reference Guide

CLI Commands (Commit Required)

healthconfig

Configure the threshold of various health parameters of your

appliance

C-, X-, and M- Series

imageanalysisconfig

Configure the IronPort Image Analysis settings

C-, X-, and M- Series

incomingrelayconfig

Configure Incoming Relays

C- and X- Series

interfaceconfig

Configure Ethernet IP addresses

C-, X-, and M- Series

ldapconfig

Configure LDAP servers

C- and X- Series

listenerconfig

Configure mail listeners

C- and X- Series

settz

Set the local time zone

C-, X-, and M- Series

sievechar

Configure characters for Sieve Email Filtering, as described in

Configure SSL settings

C-, X-, and M- Series

sslv3config

Enable/Disable SSLv3

C-, X-, and M- Series

stripheaders

Set message headers to remove

C- and X- Series

tcpservices

Display information about files opened by processes

C-, X-, and M- Series

textconfig

Configure text resources

C- and X- Series

trackingconfig

Configure the tracking system

CLI Quick Reference Guide

CLI Commands (Commit Required)

userconfig

Manage user accounts and connections to external authentication C-, X-, and M- Series
sources.

websecurityadvancedconfig

Configure advanced settings for URL filtering

C-, X-, and M- Series

websecurityconfig

Configure global settings for URL filtering

C-, X-, and M- Series

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

1-7

Chapter 1
CLI Commands (Commit Required)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

1-8

CLI Quick Reference Guide

CH A P T E R

Command Line Interface: The Basics

This chapter contains the following sections:

Accessing the Command Line Interface (CLI), page 2-1

Batch Commands, page 2-6

Accessing the Command Line Interface (CLI)

The Command Line Interface is accessible via SSH or Telnet on IP interfaces that have been configured
with these services enabled, or via terminal emulation software on the serial port. By factory default,
SSH and Telnet are configured on the Management port. Use the interfaceconfig command to disable
these services.
Access to the CLI varies depending on the management connection method chosen while setting up the
appliance. The factory default username and password are listed next. Initially, only the admin user
account has access to the CLI. You can add other users with differing levels of permission after you have
accessed the command line interface for the first time via the admin account. The system setup wizard
asks you to change the password for the admin account. The password for the admin account can also
be reset directly at any time using the password command.
To connect via Ethernet: Start an SSH or Telnet session with the factory default IP address
192.168.42.42. SSH is configured to use port 22. Telnet is configured to use port 23. Enter the username
and password below.
To connect via a Serial connection: Start a terminal session with the communication port on your
personal computer that the serial cable is connected to. See the Setup and Installation chapter for more
information. Enter the username and password below.
Log in to the appliance by entering the username and password below.

Factory Default Username and Password

Username: admin

Password: ironport

For example:
login: admin
password: ironport

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

2-1

Chapter 2

Command Line Interface: The Basics

Accessing the Command Line Interface (CLI)

Command Line Interface Conventions

This section describes the rules and conventions of the AsyncOS CLI.

Command Prompt
The top-level command prompt consists of the fully qualified hostname, followed by the greater than (>)
symbol, followed by a space. For example:
mail3.example.com>

If the appliance has been configured as part of a cluster with the Centralized Management feature, the
prompt in the CLI changes to indicate the current mode. For example:
(Cluster Americas) >

or
(Machine los_angeles.example.com) >

See Centralized Management in the user guide for more information.

When running commands, the CLI requires input from you. When the CLI is expecting input from you,
the command prompt shows the default input enclosed in square brackets ([]) followed by the greater
than (>) symbol. When there is no default input, the command prompt brackets are empty.
For example:
Please create a fully-qualified hostname for this Gateway
(Ex: "mail3.example.com"):
[]> mail3.example.com

When there is a default setting, the setting is displayed within the command prompt brackets. For
example:
Ethernet interface:
1. Data 1
2. Data 2
3. Management
[1]> 1

When a default setting is shown, typing Return is equivalent to typing the default:
Ethernet interface:
1. Data 1
2. Data 2
3. Management
[1]> (type Return)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

2-2

Chapter 2

Command Line Interface: The Basics

Accessing the Command Line Interface (CLI)

Command Syntax
When operating in the interactive mode, the CLI command syntax consists of single commands with no
white spaces and no arguments or parameters. For example:
mail3.example.com> systemsetup

Select Lists
When you are presented with multiple choices for input, some commands use numbered lists. Enter the
number of the selection at the prompt.
For example:
Log level:
1. Error
2. Warning
3. Information
4. Debug
5. Trace
[3]> 3

Yes/No Queries
When given a yes or no option, the question is posed with a default in brackets. You may answer Y, N,
Yes, or No. Case is not significant.
For example:
Do you want to enable FTP on this interface?

[Y]> n

Subcommands
Some commands give you the opportunity to use subcommands. Subcommands include directives such
as NEW, EDIT, and DELETE. For the EDIT and DELETE functions, these commands provide a list of the
records previously configured in the system.
For example:
mail3.example.com> interfaceconfig

Currently configured interfaces:

1. Management (192.168.42.42/24: mail3.example.com)
Choose the operation you want to perform:
- NEW - Create a new interface.
- EDIT - Modify an interface.
- GROUPS - Define interface groups.
- DELETE - Remove an interface.
[]>

Within subcommands, typing Enter or Return at an empty prompt returns you to the main command.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

2-3

Chapter 2

Command Line Interface: The Basics

Accessing the Command Line Interface (CLI)

Escape
You can use the Control-C keyboard shortcut at any time within a subcommand to immediately exit
return to the top level of the CLI.

History
The CLI keeps a history of all commands you type during a session. Use the Up and Down arrow keys
on your keyboard, or the Control-P and Control-N key combinations, to scroll through a running list of
the recently-used commands.
mail3.example.com> (type the Up arrow key)

mail3.example.com> interfaceconfig (type the Up arrow key)

mail3.example.com> topin (type the Down arrow key)

Command Completion
The command-line interface supports command completion. You can type the first few letters of some
commands followed by the Tab key, and the CLI completes the string for unique commands. If the letters
you entered are not unique among commands, the CLI narrows the set. For example:
mail3.example.com> set (type the Tab key)
setgateway, sethostname, settime, settz
mail3.example.com> seth (typing the Tab again completes the entry with
sethostname)

For both the history and file completion features of the CLI, you must type Enter or Return to invoke the
command.

Configuration Changes
You can make configuration changes while email operations proceed normally.
Configuration changes will not take effect until you complete the following steps:
Step 1

Issue the commit command at the command prompt.

Step 2

Give the commit command the input required.

Step 3

Receive confirmation of the commit procedure at the CLI.

Changes to configuration that have not been committed will be recorded but not put into effect until the
commit command is run.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

2-4

Chapter 2

Command Line Interface: The Basics

Accessing the Command Line Interface (CLI)

Note

Not all commands require the commit command to be run. See Chapter 1, CLI Quick Reference Guide
for a summary of commands that require commit to be run before their changes take effect.
Exiting the CLI session, system shutdown, reboot, failure, or issuing the clear command clears changes
that have not yet been committed.

General Purpose CLI Commands

This section describes the commands used to commit or clear changes, to get help, and to quit the
command-line interface.

Committing Configuration Changes

The commit command is critical to saving configuration changes to the appliance. Many configuration
changes are not effective until you enter the commit command. (A few commands do not require you to
use the commit command for changes to take effect. The commit command applies configuration changes
made since the last commit command or the last clear command was issued. You may include comments
up to 255 characters. Changes are not verified as committed until you receive confirmation along with a
timestamp.
Entering comments after the commit command is optional.
mail3.example.com> commit

Please enter some comments describing your changes:

[]> Changed "psinet" IP Interface to a different IP address
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

Note

To successfully commit changes, you must be at the top-level command prompt. Type Return at an empty
prompt to move up one level in the command line hierarchy.

Clearing Configuration Changes

The clear command clears any configuration changes made since the last commit or clear command
was issued.
mail3.example.com> clear
Are you sure you want to clear all changes since the last commit?

[Y]> y

Changes cleared: Mon Jan 01 12:00:01 2003

mail3.example.com>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

2-5

Chapter 2

Command Line Interface: The Basics

Batch Commands

Quitting the Command Line Interface Session

The quit command logs you out of the CLI application. Configuration changes that have not been
committed are cleared. The quit command has no effect on email operations. Logout is logged into the
log files. (Typing exit is the same as typing quit.)
mail3.example.com> quit
Configuration changes entered but not committed. Exiting will lose
changes.
Type 'commit' at the command prompt to commit changes.
Are you sure you wish to exit? [N]> Y

Seeking Help on the Command Line Interface

4. TCP Refuse
5. Continue
6. Policy: ACCEPTED
7. Policy: BLOCKED
8. Policy: THROTTLED
9. Policy: TRUSTED
[1]> 8

Enter a comment for this sender group.

[]>

There are currently 4 policies defined.

There are currently 6 sender groups.

To perform the same action using a CLI batch command:

example.com> listenerconfig edit IncomingMail hostaccess new sendergroup
REDLIST possible_spammer.com Policy: THROTTLED

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

2-9

Chapter 2
Batch Commands

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

2-10

Command Line Interface: The Basics

CH A P T E R

The Commands: Reference Examples

This chapter contains the following sections:

Advanced Malware Protection, page 3-2

Anti-Spam, page 3-6

Graymail Detection and Safe Unsubscribing, page 3-13

Anti-Virus, page 3-15

Command Line Management, page 3-18

Configuration File Management, page 3-21

Cluster Management, page 3-26

Data Loss Prevention, page 3-28

S/MIME Security Services, page 3-32

Domain Keys, page 3-35

DMARC Verification, page 3-47

DNS, page 3-52

General Management/Administration/Troubleshooting, page 3-61

LDAP, page 3-118

Mail Delivery Configuration/Monitoring, page 3-126

Networking Configuration / Network Tools, page 3-162

Outbreak Filters, page 3-184

Policy Enforcement, page 3-187

Logging and Alerts, page 3-224

Reporting, page 3-241

Senderbase, page 3-245

SMTP Services Configuration, page 3-246

System Setup, page 3-278

URL Filtering, page 3-283

User Management, page 3-288

Virtual Appliance Management, page 3-293

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-1

Chapter 3

The Commands: Reference Examples

Advanced Malware Protection

How to Read the Listing

For each command, there is a description and at least one example of the command being used. The
Usage section specifies the following command attributes:
Step 1

Does the command require a commit command to be implemented on the appliance?

Step 2

Is the command restricted to a particular mode (cluster, group, or machine).?

Step 3

Does the command permit a batch format?

For more information about Centralized Management, see User Guide for AsyncOS for Cisco Email
Security Appliances.
For more information about batch formats, please see Command Line Interface: The Basics on page 1.

Advanced Malware Protection

ampconfig
Configure file reputation filtering and file analysis. Do not modify advanced options without guidance
from Cisco TAC.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format. For details, see the inline help by typing the
command: help ampconfig.

Examples

Enabling File Reputation and File Analysis, page 3-2

Configure Email Security appliance to Use Public Cloud File Analysis Server, page 3-3

(Public Cloud File Analysis Services Only) Configuring Appliance Groups, page 3-4

Configure Email Security appliance to Use an On-Premises File Analysis Server, page 3-5

Clearing Local File Reputation Cache, page 3-6

Enabling File Reputation and File Analysis

mail.example.com> ampconfig

File Reputation: Disabled

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-2

Chapter 3

The Commands: Reference Examples

Advanced Malware Protection

- SETUP - Configure Advanced-Malware protection service.

[]> setup

File Reputation: Disabled

Would you like to use File Reputation? [Y]>

Would you like to use File Analysis? [Y]>

File types supported for File Analysis:

1. Microsoft Executables

Do you want to modify the file types selected for File Analysis? [N]>

Specify AMP processing timeout (in seconds)

[120]>

Advanced-Malware protection is now enabled on the system.

Please note: you must issue the 'policyconfig' command (CLI) or Mail
Policies (GUI) to configure advanced malware scanning behavior for
default and custom Incoming Mail Policies.
This is recommended for your DEFAULT policy.

File Reputation: Enabled

File Analysis: Enabled
File types selected for File Analysis:

1. Microsoft Executables

Choose the operation you want to perform:

- SETUP - Configure Advanced-Malware protection service.
- ADVANCED - Set values for AMP parameters (Advanced configuration).
- CLEARCACHE - Clears the local File Reputation cache.
[]>

Configure Email Security appliance to Use Public Cloud File Analysis Server
mail.example.com> ampconfig
File Reputation: Enabled
File Analysis: Enabled
File types selected for File Analysis:
Microsoft Windows / DOS Executable
Appliance Group ID/Name: Not part of any group yet
Choose the operation you want to perform:
- SETUP - Configure Advanced-Malware protection service.
- ADVANCED - Set values for AMP parameters (Advanced configuration).
- CLEARCACHE - Clears the local File Reputation cache.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-3

Chapter 3

The Commands: Reference Examples

Advanced Malware Protection

[]> advanced
Enter cloud query timeout?
[15]>
Enter cloud domain?
[cloud-domain.com]>
Enter reputation cloud server pool?
[cloud-server-pool.com]>
Do you want use the recommended reputation threshold from cloud service? [Y]>
Choose a file analysis server:
1. AMERICAS (https://americas-fa.com)
2. Private Cloud
[1]>
...

(Public Cloud File Analysis Services Only) Configuring Appliance Groups

In order to allow all content security appliances in your organization to view file analysis result details
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
For more information, see the File Reputation Filtering and File Analysis chapter in the user guide.
mail.example.com> ampconfig
File Reputation: Enabled
File Analysis: Enabled
File types selected for File Analysis:
Microsoft Windows / DOS Executable
Appliance Group ID/Name: Not part of any group yet
Choose the operation you want to perform:
- SETUP - Configure Advanced-Malware protection service.
- ADVANCED - Set values for AMP parameters (Advanced configuration).
- SETGROUP - Add this appliance to the group of appliances that can share File Analysis
reporting details.
- CLEARCACHE - Clears the local File Reputation cache.
[]> setgroup
Does your organization have multiple Cisco Email, Web, and/or Content Security Management
appliances? [N]> Y
Do you want this appliance to display detailed analysis reports for files uploaded to the
cloud from other appliances in your organization, and vice-versa? [Y]>
Enter an Analysis Group name. This name is case-sensitive and must be configured
identically on each appliance in the Analysis Group.
[]> FA_Reporting
Registration is successful with the group name. This does not require commit
File Reputation: Enabled
File Analysis: Enabled
File types selected for File Analysis:
Microsoft Windows / DOS Executable
Appliance Group ID/Name: FA_Reporting

Choose the operation you want to perform:

- SETUP - Configure Advanced-Malware protection service.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-4

Chapter 3

The Commands: Reference Examples

Advanced Malware Protection

- ADVANCED - Set values for AMP parameters (Advanced configuration).

- VIEWGROUP - view the group members details.
- CLEARCACHE - Clears the local File Reputation cache.
[]>

Note

After you configure an appliance group, you cannot use the setgroup subcommand. If you want to need
to modify the group for any reason, you must open a case with Cisco TAC.
You can view the details of the appliance group using the viewgroup subcommand.

Configure Email Security appliance to Use an On-Premises File Analysis Server

mail.example.com> ampconfig
File Reputation: Enabled
File Analysis: Enabled
File types selected for File Analysis:
Microsoft Windows / DOS Executable
Choose the operation you want to perform:
- SETUP - Configure Advanced-Malware protection service.
- ADVANCED - Set values for AMP parameters (Advanced configuration).
- CLEARCACHE - Clears the local File Reputation cache.
[]> advanced
Enter cloud query timeout?
[15]>
Enter cloud domain?
[a.immunet.com]>
Enter reputation cloud server pool?
[cloud-sa.amp.sourcefire.com]>
Do you want use the recommended reputation threshold from cloud service? [Y]>
Choose a file analysis server:
1. AMERICAS (https://panacea.threatgrid.com)
2. Private Cloud
[1]> 2
Enter file analysis server url?
[]> https://mycloud.example.com
Certificate Authority:
1. Use Cisco Trusted Root Certificate List
2. Paste certificate to CLI
[1]>
Enter heartbeat interval?
[15]>
Do you want to enable SSL communication (port 443) for file reputation? [N]>
File Reputation: Enabled
File Analysis: Enabled
File types selected for File Analysis:
Microsoft Windows / DOS Executable

Choose the operation you want to perform:

- SETUP - Configure Advanced-Malware protection service.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-5

Chapter 3

The Commands: Reference Examples

Anti-Spam

- ADVANCED - Set values for AMP parameters (Advanced configuration).

- CLEARCACHE - Clears the local File Reputation cache.
[]>

Clearing Local File Reputation Cache

mail.example.com> ampconfig
File Reputation: Enabled
File Analysis: Enabled
File types selected for File Analysis:
Microsoft Windows / DOS Executable
Choose the operation you want to perform:
- SETUP - Configure Advanced-Malware protection service.
- ADVANCED - Set values for AMP parameters (Advanced configuration).
- CLEARCACHE - Clears the local File Reputation cache.
[]> clearcache
Do you want to clear File Reputation Cache? [N]> y
Cache cleared successfully.
File Reputation: Enabled
File Analysis: Enabled
File types selected for File Analysis:
Microsoft Windows / DOS Executable
Choose the operation you want to perform:
- SETUP - Configure Advanced-Malware protection service.
- ADVANCED - Set values for AMP parameters (Advanced configuration).
- CLEARCACHE - Clears the local File Reputation cache.
[]>

Anti-Spam
This section contains the following commands:

antispamconfig

antispamstatus

antispamupdate

incomingrelayconfig

antispamconfig
Description
Configure anti-spam policy.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-6

Chapter 3

The Commands: Reference Examples

Anti-Spam

Batch Command: This command does not support a batch format.

Example
The following examples demonstrates the configuration for Anti-Spam functionality.
mail3.example.com> antispamconfig
Choose the operation you want to perform:
- IRONPORT - Configure IronPort Anti-Spam.
- CLOUDMARK - Configure Cloudmark Service Provider Edition.
- MULTISCAN - Configure IronPort Intelligent Multi-Scan.
[]> ironport
IronPort Anti-Spam scanning: Disabled
Choose the operation you want to perform:
- SETUP - Edit IronPort Anti-Spam settings.
[]> setup
IronPort Anti-Spam scanning: Disabled
Would you like to use IronPort Anti-Spam scanning? [Y]> y
The IronPort Anti-Spam License Agreement is displayed (if you have not already accepted
it).
Do you accept the above IronPort Anti-Spam license agreement? []> Y
Increasing the following size settings may result in decreased performance. Please consult
documentation for size recommendations based on your environment.
Never scan message larger than: (Add a trailing K for kilobytes, M for megabytes, or no
letters for bytes.)
[1M]>
Always scan message smaller than: (Add a trailing K for kilobytes, M for megabytes, or no
letters for bytes.)
[512K]>
Please specify the IronPort Anti-Spam scanning timeout (in seconds)
[60]>
Would you like to enable regional scanning? [N]>
IronPort Anti-Spam scanning is now enabled on the system. Please note: you must issue the
'policyconfig' command (CLI) or Mail Policies (GUI) to configure
Cisco IronPort scanning behavior for default and custom Incoming and Outgoing Mail
Policies. This is recommended for your DEFAULT policy.
IronPort Anti-Spam scanning: Enabled

Choose the operation you want to perform:

- SETUP - Edit IronPort Anti-Spam settings.
[]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-7

Chapter 3

The Commands: Reference Examples

Anti-Spam

antispamstatus
Description
Display anti-spam status.

Usage
Commit: This command does not require a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command does not support a batch format.

Example
mail3.example.com> antispamstatus

Choose the operation you want to perform:

- IRONPORT - Display IronPort Anti-Spam version and rule information.
- CLOUDMARK - Display Cloudmark Service Provider Edition version and rule information.
- MULTISCAN - Display Intelligent Multi-Scan version and rule information.
[]> ironport
Component
CASE Core Files
CASE Utilities
Structural Rules
Web Reputation DB
Web Reputation Rules
Content Rules
Content Rules Update

Last
Never
Never
Never
Never
Never
Never
Never

Update
Version
updated
3.4.0-013
updated
3.4.0-013
updated 3.3.1-009-20141210_214201
updated
20141211_111021
updated 20141211_111021-20141211_170330
updated
unavailable
updated
unavailable

Last download attempt made on: Never

antispamupdate
Description
Manually request an immediate update of Anti-Spam rules and related CASE components. This also
includes the Anti-Spam rules and CASE components used by Intelligent Multi-Scan (IMS), but not for
the third-party anti-spam engines used by IMS.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-8

Chapter 3

The Commands: Reference Examples

Anti-Spam

Example
mail3.example.com> antispamupdate
Choose the operation you want to perform:
- MULTISCAN - Request updates for Intelligent Multi-Scan
- IRONPORT - Request updates for IronPort Anti-Spam
- CLOUDMARK - Request updates for Cloudmark Anti-Spam
[]> ironport
Requesting check for new CASE definitions

incomingrelayconfig
Description
Use the incomingrelayconfig command to enable and configure the Incoming Relays feature. In the
following examples, the Incoming Relays feature is first enabled, and then two relays are added, one is
modified, and one is deleted.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command does not support a batch format.

Example: Enabling Incoming RelaysConfiguring an Incoming Relay

mail3.example.com> incomingrelayconfig
Incoming relays: Disabled
Choose the operation you want to perform:
- SETUP - Edit update configuration.
- RELAYLIST - Configure incoming relays.
[]> setup
This command helps your Cisco IronPort appliance determine the sender's
originating IP address.
You should ONLY enable this command if your Cisco IronPort appliance is NOT
directly connected to the Internet as the "first hop" in your email
infrastructure.
You should configure this feature if other MTAs or servers are configured at
your network's perimeter to relay mail to your Cisco IronPort appliance.
Do you want to enable and define incoming relays? [N]> y
Incoming relays: Enabled
Choose the operation you want to perform:
- SETUP - Edit update configuration.
- RELAYLIST - Configure incoming relays.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-9

Chapter 3

The Commands: Reference Examples

Anti-Spam

[]> relaylist
There are no relays defined.
Choose the operation you want to perform:
- NEW - Create a new entry
[]> new
Enter a name for this incoming relay (Ex: "first-hop")
[]> first-hop
Enter the IP address of the incoming relay.

IPv4 and IPv6 addresses are supported.

For IPv4, CIDR format subnets such as 10.1.1.0/24, IP address ranges such as 10.1.1.10-20,
and subnets such as 10.2.3. are allowed.
For IPv6, CIDR format subnets such as 2001:db8::/32 and IP address ranges such as
2001:db8::1-2001:db8::11 are allowed.
Hostnames such as crm.example.com and partial hostnames such as .example.com are allowed.
[]> 192.168.1.1
Do you want to use the "Received:" header or a custom header to determine the originating
IP address?
1. Use "Received:" header
2. Use a custom header
[1]> 1
Within the "Received:" header, enter the special character or string after which to begin
parsing for the originating IP address:
[from]> [
Within the headers, enter the position of the "Received:" header that contains the
originating IP address:
[1]> 1
There is 1 relay defined.
Choose the operation you want to perform:
- NEW - Create a new entry
- EDIT - Modify an entry
- DELETE - Remove an entry
- PRINT - Display the table
[]> print
Incoming
relay name:
----------first-hop

IP address:
----------192.168.1.1

Header
to parse:
--------Received

Match
after:
-----[

Hops:
----1

There is 1 relay defined.

Choose the operation you want to perform:
- NEW - Create a new entry
- EDIT - Modify an entry
- DELETE - Remove an entry
- PRINT - Display the table
[]> new
Enter a name for this incoming relay (Ex: "first-hop")
[]> second-hop
Enter the IP address of the incoming relay.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-10

IPv4 and IPv6 addresses are supported.

Chapter 3

The Commands: Reference Examples

Anti-Spam

For IPv4, CIDR format subnets such as 10.1.1.0/24, IP address ranges such as 10.1.1.10-20,
and subnets such as 10.2.3. are allowed.
For IPv6, CIDR format subnets such as 2001:db8::/32 and IP address ranges such as
2001:db8::1-2001:db8::11 are allowed.
Hostnames such as crm.example.com and partial hostnames such as .example.com are allowed.
[]> 192.168.1.2
Do you want to use the "Received:" header or a custom header to determine the originating
IP address?
1. Use "Received:" header
2. Use a custom header
[1]> 2
Enter the custom header name that contains the originating IP address:
[]> x-Connecting-IP
There are 2 relays defined.
Choose the operation you want to perform:
- NEW - Create a new entry
- EDIT - Modify an entry
- DELETE - Remove an entry
- PRINT - Display the table
[]> print
Incoming
relay name:
----------first-hop
second-hop

Header
to parse:
--------Received
x-Connecting-IP

IP address:
----------192.168.1.1
192.168.1.2

Match
after:
-----[
n/a

Hops:
----1
n/a

There are 2 relays defined.

Choose the operation you want to perform:
- NEW - Create a new entry
- EDIT - Modify an entry
- DELETE - Remove an entry
- PRINT - Display the table
[]> delete
1. first-hop:
192.168.1.1
2. second-hop:
192.168.1.2
Enter the number of the entry you wish to delete:
[1]> 1
Incoming relay "first-hop" deleted.
There is 1 relay defined.
Choose the operation you want to perform:
- NEW - Create a new entry
- EDIT - Modify an entry
- DELETE - Remove an entry
- PRINT - Display the table
[]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-11

Chapter 3

The Commands: Reference Examples

Anti-Spam

slblconfig
Description
Configure End-User Safelist/Blocklist.

Note

Safelists/Blocklists must be enabled on the appliance via the GUI in order to run this command.

Usage
Commit: This command does not require a commit.
Batch Command: This command supports a batch format.

Batch Format - Import

Batch Format
Replaces all entries in the End-User Safelist/Blocklist with entries present in the specified file.
slblconfig import <filename> <ignore invalid entries>

filename - Name of the file that has to be imported. The file must be in the /configuration
directory on the appliance.

ignore invalid entries

- Whether to ignore invalid entries or not. Either 'Yes' or 'No.'

Batch Format - Export

Exports all entries in the End-User Safelist/Blocklist to a file the appliance.
slblconfig export

The appliance saves a .CSV file to the /configuration directory using the following naming
convention:
slbl<timestamp><serial number>.csv.

Example - Importing Safelist/Blocklist Entries

mail.example.com> slblconfig
End-User Safelist/Blocklist: Enabled
Choose the operation you want to perform:
- IMPORT - Replace all entries in the End-User Safelist/Blocklist.
- EXPORT - Export all entries from the End-User Safelist/Blocklist.
[]> import
Currently available End-User Safelist/Blocklist files:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-12

Chapter 3

The Commands: Reference Examples

Graymail Detection and Safe Unsubscribing

1. slbl.csv
Choose the file to import from.
[1]> 1
Do you want to ignore invalid entries? [Y]> Y
End-User Safelist/Blocklist import has been initiated...
Please wait while this operation executes.
End-User Safelist/Blocklist successfully imported.
Choose the operation you want to perform:
- IMPORT - Replace all entries in the End-User Safelist/Blocklist.
- EXPORT - Export all entries from the End-User Safelist/Blocklist.
[]>

Graymail Detection and Safe Unsubscribing

Task

Command

Configure graymail detection and safe

unsubscribing global settings

graymailconfig

Configuring the incoming mail policy for graymail policyconfig

detection and safe unsubscribing
Display the details of the existing graymail rules

graymailstatus

Manually request update of the graymail rules

graymailupdate

graymailconfig
Description
Configure graymail detection and safe unsubscribing global settings.

Note

To enable graymail detection and safe unsubscribing, anti-spam scanning must be enabled
globally.This can be either the IronPort Anti-Spam or the Intelligent Multi-Scan feature.

To configure policy settings for graymail detection and safe unsubscribing, use the policyconfig
command. For more information, see Create an Incoming Policy to Drop the Messages Identified as Bulk
Email or Social Network Email, page 3-215.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-13

Chapter 3

The Commands: Reference Examples

Graymail Detection and Safe Unsubscribing

Example
Graymail Detection: Disabled
Choose the operation you want to perform:
- SETUP - Configure Graymail.
[]> setup
Would you like to use Graymail Detection? [Y]>
Increasing the following size settings may result in decreased performance.
Please consult documentation for size recommendations based on your
environment.
Maximum Message Size to Scan (Add a trailing K for kilobytes, M for megabytes,
or no letters for bytes.):
[1M]>
Timeout for Scanning Single Message(in seconds):
[60]>
Graymail Safe Unsubscribe: Disabled
Would you like to use Graymail Safe Unsubscribe? [Y]>
Graymail Detection and Safe Unsubscribe is now enabled. Please note: The global
settings are recommended only for your DEFAULT mail policy. To configure policy
settings, use the incoming or outgoing policy page on web interface or the
'policyconfig' command in CLI.

graymailstatus
Description
Display the details of the existing graymail rules.

Example
mail.example.com> graymailstatus
Component
Graymail Library
Graymail Tools

Version
01.378.53#15
1.0

Last Updated
Never updated
Never updated

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-14

Chapter 3

The Commands: Reference Examples

Anti-Virus

graymailupdate
Description
Manually request update of the graymail rules.

Example
mail.example.com> graymailupdate

Requesting check for new Graymail updates.

Anti-Virus
This section contains the following CLI commands:

antivirusconfig

antivirusstatus

antivirusupdate

antivirusconfig
Description
Configure anti-virus policy.

Example
In the following example, the antivirusconfig command is used to enable Sophos virus scanning on
the system and set the time-out value to 60 seconds. To configure the update server, update interval, and
optional proxy server, see updateconfig on page 111.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-15

Chapter 3

The Commands: Reference Examples

Anti-Virus

Note

The first time you invoke the antivirusconfig command, you may be presented with a license
agreement, if you did not accept the license during the systemsetup command. If you do not accept the
license agreement, the Sophos virus scanning engine will not be enabled on the appliance.
mail3.example.com> antivirusconfig
Choose the operation you want to perform:
- SOPHOS - Configure Sophos Anti-Virus.
- MCAFEE - Configure McAfee Anti-Virus.
[]> sophos
Sophos Anti-Virus: Disabled
Choose the operation you want to perform:
- SETUP - Configure Sophos Anti-Virus.
[]> setup
Sophos Anti-Virus scanning: Disabled
Would you like to use Sophos Anti-Virus scanning? [Y]> y
(First time users see the license agreement displayed here.)
Please specify the Anti-Virus scanning timeout (in seconds)
[60]> 60
Sophos Anti-Virus scanning is now enabled on the system.
Please note: you must issue the 'policyconfig' command (CLI) or Mail
Policies (GUI) to configure Sophos Anti-Virus scanning behavior for default and custom
Incoming and Outgoing Mail Policies.
This is recommended for your DEFAULT policy.
Sophos Anti-Virus: Enabled
Choose the operation you want to perform:
- SETUP - Configure Sophos Anti-Virus.
[]>

Viewing Anti-Virus IDE Details

AsyncOS provides detailed status on the specific anti-virus signature files (IDE files) that have been
downloaded by the appliance. You can access these details using the antivirusconfig -> detail
subcommand. For example:
mail3.example.com> antivirusconfig
Choose the operation you want to perform:
- SOPHOS - Configure Sophos Anti-Virus.
- MCAFEE - Configure McAfee Anti-Virus.
[]> sophos
Sophos Anti-Virus: Enabled
Choose the operation you want to perform:
- SETUP - Configure Sophos Anti-Virus.
- STATUS - View Sophos Anti-Virus status.
- DETAIL - View Sophos Anti-Virus detail.
[]> detail

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-16

Chapter 3

The Commands: Reference Examples

Anti-Virus

Sophos Anti-Virus:
Product - 3.87
Engine - 2.25.0
Product Date - 01 Nov 2004

Sophos IDEs currently on the system:

'Mkar-E.Ide'
'Rbot-Sd.Ide'
'Santy-A.Ide'
'Bacbanan.Ide'
'Rbot-Sb.Ide'
'Rbotry.Ide'
'Sdbot-Si.Ide'
'Oddbob-A.Ide'
'Rbot-Rw.Ide'
'Wortd.Ide'
'Delf-Jb.Ide'
[...command continues...]

Virus
Virus
Virus
Virus
Virus
Virus
Virus
Virus
Virus
Virus
Virus

Sig.
Sig.
Sig.
Sig.
Sig.
Sig.
Sig.
Sig.
Sig.
Sig.
Sig.

23
22
22
21
21
21
20
19
19
18
17

Dec
Dec
Dec
Dec
Dec
Dec
Dec
Dec
Dec
Dec
Dec

2004
2004
2004
2004
2004
2004
2004
2004
2004
2004
2004

01:24:02
19:10:06
06:16:32
18:33:58
14:50:46
06:13:40
20:52:04
23:34:06
00:50:34
07:02:44
22:32:08

antivirusstatus
Description
Display Anti-Virus status.

Example
mail3.example.com> antivirusstatus
Choose the operation you want to perform:
- MCAFEE - Display McAfee Anti-Virus version information
- SOPHOS - Display Sophos Anti-Virus version information
[]> sophos
SAV Engine Version
3.85
IDE Serial
2004101801
Engine Update
Mon Sep 27 14:21:25 2004
Last IDE Update
Mon Oct 18 02:56:48 2004
Last Update Attempt
Mon Oct 18 11:11:44 2004
Last Update Success
Mon Oct 18 02:56:47 2004

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-17

Chapter 3

The Commands: Reference Examples

Command Line Management

antivirusupdate
Description
Manually update virus definitions.

Example
mail3.example.com> antivirusupdate
Choose the operation you want to perform:
- MCAFEE - Request updates for McAfee Anti-Virus
- SOPHOS - Request updates for Sophos Anti-Virus
[]> sophos
Requesting update of virus definitions
mail3.example.com>

Command Line Management

This section contains the following CLI commands:

commit

commitdetail

clearchanges or clear

help or h or ?

rollbackconfig

quit or q or exit

commit
Description
Commit changes. Entering comments after the commit command is optional.

Usage
Commit: N/A

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-18

Chapter 3

The Commands: Reference Examples

Command Line Management

Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command does not support a batch format.

Example
mail3.example.com> commit
Please enter some comments describing your changes:
[]> Changed "psinet" IP Interface to a different IP ad dress
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

commitdetail
Description
Display detailed information about the last commit.

Example
mail3.example.com> commitdetail
Commit at Mon Apr 18 13:46:28 2005 PDT with comments: "Enabled loopback".
mail3.example.com>

clearchanges or clear
Description
The clear command clears any configuration changes made since the last commit or clear command
was issued.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-19

Chapter 3

The Commands: Reference Examples

Command Line Management

Example
mail3.example.com> clear
Are you sure you want to clear all changes since the last commit?

[Y]> y

Changes cleared: Mon Jan 01 12:00:01 2003

mail3.example.com>

help or h or ?
Description
The help command lists all available CLI commands and gives a brief description of each command.
The help command can be invoked by typing either help or a single question mark (?) at the command
prompt.

Example
mail3.example.com> help
Displays the list of all available commands.

rollbackconfig
The rollbackconfig command allows you to rollback to one of the previously committed 10
configurations.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail.example.com> rollbackconfig
Previous Commits:
Committed On
User
Description
--------------------------------------------------------------------------------1. Fri May 23 06:53:43 2014
admin
new user
2. Fri May 23 06:50:57 2014
admin
rollback
3. Fri May 23 05:47:26 2014
admin

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-20

Chapter 3

The Commands: Reference Examples

Configuration File Management

4. Fri May 23 05:45:51 2014

admin

edit user

Enter the number of the config to revert to.

[]> 2
Are you sure you want to roll back the configuration? [N]> y
Reverted to Fri May 23 06:50:57 2014
admin
Do you want to commit this configuration now? [N]> y

rollback

Committed the changes successfully

quit or q or exit
Description
The quit command logs you out of the CLI application. Configuration changes that have not been
committed are cleared. The quit command has no effect on email operations. Logout is logged into the
log files. (Typing exit is the same as typing quit.)

Example
mail3.example.com> quit
Configuration changes entered but not committed. Exiting will lose changes.
Type 'commit' at the command prompt to commit changes.
Are you sure you wish to exit? [N]> Y

Configuration File Management

This section contains the following CLI commands:

loadconfig

Configuration File Management

resetconfig
Description
When physically transferring the appliance, you may want to start with factory defaults. The
resetconfig command resets all configuration values to factory defaults. This command is extremely
destructive, and it should only be used when you are transferring the unit or as a last resort to solving
configuration issues. It is recommended you run the systemsetup command after reconnecting to the
CLI after you have run the resetconfig command.

Note

The resetconfig command only works when the appliance is in the offline state. When the resetconfig
command completes, the appliance is automatically returned to the online state, even before you run the
systemsetup command again. If mail delivery was suspended before you issued the resetconfig
command, the mail will attempt to be delivered again when the resetconfig command completes.

Warning

The resetconfig command will return all network settings to factory defaults, potentially
disconnecting you from the CLI, disabling services that you used to connect to the appliance (FTP,
Telnet, SSH, HTTP, HTTPS), and even removing additional user accounts you created with the
userconfig command. Do not use this command if you are not able to reconnect to the CLI using the
Serial interface or the default settings on the Management port through the default Admin user
account.

Example
mail3.example.com> suspend
Delay (seconds, minimum 30):
[30]> 45
Waiting for listeners to exit...
Receiving suspended.
Waiting for outgoing deliveries to finish...
Mail delivery suspended.
mail3.example.com> resetconfig
Are you sure you want to reset all configuration values? [N]> Y
All settings have been restored to the factory default.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-24

Chapter 3

The Commands: Reference Examples

Configuration File Management

saveconfig
Description
The saveconfig command saves the configuration file with a unique filename to the configuration
directory.

Note

If you are on a clustered environment, this command saves the complete cluster configuration. To run
this command on a clustered machine, change your configuration mode to cluster.

Example
In the following example, the passwords in the configuration file is encrypted and saved in the
configuration directory.
mail.example.com> saveconfig
Choose the password option:
1. Mask passwords (Files with masked passwords cannot be loaded using loadconfig command)
2. Encrypt passwords
3. Plain passwords
[1]> 2
File written on machine "mail.example.com" to the location
"/configuration/C100V-4232116C4E14C70C4C7F-7898DA3BD955-20140319T050635.xml".
Configuration saved.

showconfig
Description
The showconfig command prints the current configuration to the screen.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-25

Chapter 3

The Commands: Reference Examples

Cluster Management

Example
In the following example, the configuration is displayed on CLI and the passwords in the configuration
are encrypted.
mail.example.com> showconfig
Choose the password display option:
1. Mask passwords (Files with masked passwords cannot be loaded using loadconfig command)
2. Encrypt passwords
3. Plain passwords
[1]> 2
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE config SYSTEM "config.dtd">
<!-Product: Cisco C100V Email Security Virtual Appliance
Model Number: C100V
Version: 9.0.0-038
Serial Number: 4232116C4E14C70C4C7F-7898DA3BD955
Number of CPUs: 2
Memory (MB): 6144
Current Time: Wed Mar 19 05:30:05 2014
-->
<config>
<!-******************************************************************************
*
Network Configuration
*
******************************************************************************
-->
[The remainder of the configuration file is printed to the screen.]

Cluster Management
This section contains the following CLI commands:

clusterconfig

clusterconfig
Description
The clusterconfig command is used to configure cluster-related settings. If this machine is not part of
a cluster, running clusterconfig will give you the option of joining a cluster or creating a new cluster.
The clusterconfig command provides additional subcommands:
Non-Cluster Commands
The following commands are available when you are not in a cluster.

clusterconfig new <name> This will create a new cluster with the given name. This machine
will be a member of this cluster and a member of a default cluster group called "Main Group".
<name>

- The name of the new cluster.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-26

Chapter 3

The Commands: Reference Examples

Cluster Management

clusterconfig join [--port=xx] <ip_of_remote_cluster> [<admin_password>]<groupname>

This will add this machine to a cluster.

<ip_of_remote_cluster>
<admin_password >-

- The IP address of another machine in the cluster.

The admin password of the cluster. This should not be

specified if joining over CCS.

- The name of the group to join.

- The port of the remote machine to connect to (defaults to 22).

clusterconfig prepjoin print

This will display the information needed to prepare the joining of this machine to a cluster over a CCS
port.

Cluster Commands
The following commands are available when you are in a cluster.

clusterconfig addgroup <groupname>

Creates a new cluster group. The group starts off with

no members.

clusterconfig renamegroup <old_groupname> <new_groupname>

Change the name of a cluster

group.

clusterconfig deletegroup <groupname> [new_groupname]

- Name of the cluster group to remove.

<new_groupname>

Remove a cluster group.

- The cluster group to put machines of the old group into.

clusterconfig setgroup <machinename> <groupname>

Sets (or changes) which group a

machine is a member of.

- The name of the machine to set.

- The group to set the machine to.

Remove a machine from the cluster.

clusterconfig removemachine <machinename>

clusterconfig setname <name>

clusterconfig list

clusterconfig connstatus Display all the machines currently in the cluster and add routing
details for disconnected machines.

clusterconfig disconnect <machinename>

Changes the name of the cluster to the given name.

Display all the machines currently in the cluster.

This will temporarily detach a machine from the

cluster.
<machinename>

- The name of the machine to disconnect.

This will restore connections with machines that

were detached with the disconnect command.

clusterconfig reconnect <machinename> -

clusterconfig prepjoin new <serial_number> <hostname> <user_key>

This will add a new

host that is to join the cluster over the CCSport.

<serial_number>
<hostname>

- The serial number of the machine being added.

- The host name of the machine being added.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-27

Chapter 3

The Commands: Reference Examples

Data Loss Prevention

<user_key>

- The SSH user key from the "prepjoin print" command from

the joining machine.

clusterconfig prepjoin delete <serial_number|hostname> This will remove a host that was
previously indicated to be added from the "prepjoin new" command. This is only necessary to be
used if you later decide not to add the host. When a host is successfully added to the cluster, its
prepjoin information is automatically removed.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to cluster mode.
Batch Command: This command does not support a batch format.

Example
For an explanation of the clusterconfig command and its uses, see User Guide for AsyncOS for Cisco
Email Security Appliances.

Data Loss Prevention

This section contains the following CLI commands:

dlprollback

dlpstatus

dlpupdate

emconfig

emdiagnostic

dlprollback
Description
Rollback DLP engine and config to the previous version.

Note

DLP must already be configured via the DLP Global Settings page in the GUI before you can use the
dlprollback command.

Warning

This command will revert your appliance to older DLP policies. You must re-enable DLP policies in
Outbound Mail Policies so that DLP scanning can be resumed.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-28

Chapter 3

The Commands: Reference Examples

Data Loss Prevention

Usage
Commit: This command does not require a commit.
Cluster Management: This command is can be used at cluster, group or machine mode.
Batch Command: This command does not support a batch format.

Example
mail.example.com> dlprollback

This will revert to older DLP policies.

IMPORTANT: After rollback, you must re-enable DLP policies in Outbound Mail Policies so
that DLP scanning can be resumed successfully.
Do you wish to rollback? [N]> Y

Requesting rollback for DLP engine.

Re-enable DLP policies in Outbound Mail Policies when rollback is completed (Please check
rollback status in mail logs)

dlpstatus
Request version information for DLP Engine.

Note

DLP must already be configured via the DLP Global Settings page in the GUI before you can use the
dlpstatus command.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is can be used at cluster, group or machine mode.
Batch Command: This command does not support a batch format.

Example
mail.example.com> dlpstatus

Component

Version

Last Updated

RSA DLP Engine

3.0.2.31

Never updated

dlpupdate
Description
Update RSA DLP Engine.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-29

Chapter 3

The Commands: Reference Examples

Data Loss Prevention

Note

DLP must already be configured via the DLP Global Settings page in the GUI before you can use the
dlpupdate command.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is can be used at cluster, group or machine mode.
Batch Command: This command supports a batch format.

Batch Format
The batch format of the dlpupdate command forces an update of the DLP engine even if no changes are
detected.
dlpupdate [force]

Example
mail.example.com> dlpupdate
Checking for available updates. This may take a few seconds..
Could not check for available updates. Please check your Network and Service Updates
settings and retry.

Choose the operation you want to perform:

- SETUP - Enable or disable automatic updates for DLP Engine.
[]> setup

Automatic updates for DLP are disabled

Do you wish to enable automatic updates for DLP Engine? [N]> y

Choose the operation you want to perform:

- SETUP - Enable or disable automatic updates for DLP Engine.
[]>

emconfig
Description
Configure the interoperability settings for RSA Enterprise Manager.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-30

Chapter 3

The Commands: Reference Examples

Data Loss Prevention

Note

RSA Enterprise Manager must already be configured via the DLP Global Settings page in the GUI before
you can use the emconfig command. You cannot enable this functionality using the CLI, only edit the
existing settings.

Usage
Commit: This command requires a commit.
Cluster Management: This command is can be used at cluster, group or machine mode.
Batch Command: This command does not support a batch format.

Batch Format
To set up a connection between the Email Security appliance and RSA Enterprise Manager:
emconfig setup [options]

Table 3-1

emconfig Setup Options

Option

Description

--remote_host

Hostname or IP address of the RSA Enterprise

Manager.

--remote_port

Port to connect to on RSA Enterprise Manager.

--local_port

Port on the ESA for Enterprise Manager to connect.

--enable_ssl

Enable SSL communication to the RSA Enterprise

Manager.
Use 1 to enable, 0 to disable.

Example of Connecting to RSA Enterprise Manager

vm10esa0031.qa> emconfig
RSA Enterprise Manager connection status is: "UNKNOWN"
Choose the operation you want to perform:
- SETUP - Edit RSA Enterprise Manager interop config.
[]> setup
RSA Enterprise Manager: test.example.com:20000
Local port for EM to connect to: 20002
SSL Communication to RSA EM: disabled
Enter hostname of RSA Enterprise Manager:
[test.example.com]> em.example.com
Enter port number of RSA Enterprise Manager:
[20000]>
Enter local port for EM to connect:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-31

Chapter 3

The Commands: Reference Examples

S/MIME Security Services

[20002]>
Enable SSL communication to EM [N]>
Advanced Settings:
RSA Enterprise Manager GUID: emlocalsite
Device Vendor name: Cisco Systems
Device Status Interval: 5 seconds
Polling Cycle Interval: 30 seconds
Connection Throttle Interval: 0 milliseconds
Max event archive size: 31457280 bytes
Max files in event archive: 50
Max file size in event archive: 10485760 MB
Max size of event.xml file: 1048576 MB
Interoperability subsystem heartbeat interval: 500 milliseconds
Heartbeat service attempts before failing: 3
Connection timeout duration: 30 seconds
Command status timeout duration: 30 seconds
Max chunk size: 1000
Msg exchange cycle: 1
Do you want to change advanced settings? [N]>

Choose the operation you want to perform:

- SETUP - Edit RSA Enterprise Manager interop config.
[]>

emdiagnostic
Description
Diagnostic tool for RSA EM on ESA.

S/MIME Security Services

smimeconfig
Description
Configure S/MIME settings such as sending profiles, managing public keys, and so on.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-32

Chapter 3

The Commands: Reference Examples

S/MIME Security Services

Examples

Creating a Sending Profile for Signing and Encryption, page 3-33

Adding a Public Key for Encryption, page 3-34

Creating a Sending Profile for Signing and Encryption

The following example shows how to create a sending profile for signing and encrypting messages using
S/MIME.
mail.example.com> smimeconfig
Choose the operation you want to perform:
- GATEWAY - Manage S/MIME gateway configuration.
[]> gateway
Choose the operation you want to perform:
- VERIFICATION - Manage S/MIME Public Keys.
- SENDING - Manage S/MIME gateway sending profiles.
[]> sending
Choose the operation you want to perform:
- NEW - Create a new S/MIME sending profile.
- EDIT - Edit a S/MIME sending profile.
- RENAME - Rename a S/MIME sending profile.
- DELETE - Delete a S/MIME sending profile.
- IMPORT - Import a S/MIME sending profile from a file
- EXPORT - Export a S/MIME sending profile to a file
- PRINT - Display S/MIME sending profiles.
[]> new
Enter a name for this profile:
> hr_sign_and_encrypt
1. Encrypt
2. Sign
3. Sign/Encrypt
4. Triple
Enter S/MIME mode:
[2]> 3
1. smime_signing
Select S/MIME certificate to sign:
[1]>
1. Detached
2. Opaque
Enter S/MIME sign mode:
[1]>
1. Bounce
2. Drop

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-33

Chapter 3

The Commands: Reference Examples

S/MIME Security Services

3. Split
Enter S/MIME action:
[1]> 3
Choose the operation you want to perform:
- NEW - Create a new S/MIME sending profile.
- EDIT - Edit a S/MIME sending profile.
- RENAME - Rename a S/MIME sending profile.
- DELETE - Delete a S/MIME sending profile.
- IMPORT - Import a S/MIME sending profile from a file
- EXPORT - Export a S/MIME sending profile to a file
- PRINT - Display S/MIME sending profiles.
[]> print
S/MIME Sending Profiles
Name
Certificate
S/MIME Mode
--------- --------------- -----------hr_sign_a smime_signing
Sign/Encrypt

Sign Mode Action

--------- -------Detached
Split

Choose the operation you want to perform:

- NEW - Create a new S/MIME sending profile.
- EDIT - Edit a S/MIME sending profile.
- RENAME - Rename a S/MIME sending profile.
- DELETE - Delete a S/MIME sending profile.
- IMPORT - Import a S/MIME sending profile from a file
- EXPORT - Export a S/MIME sending profile to a file
- PRINT - Display S/MIME sending profiles.
[]>

Adding a Public Key for Encryption

The following example shows how to add the public key of the recipient's S/MIME certificate to the
appliance for encrypting messages.
mail.example.com> smimeconfig
Choose the operation you want to perform:
- GATEWAY - Manage S/MIME gateway configuration.
[]> gateway
Choose the operation you want to perform:
- VERIFICATION - Manage S/MIME Public Keys.
- SENDING - Manage S/MIME gateway sending profiles.
[]> verification
Choose the operation you want to perform:
- NEW - Create a new S/MIME Public Key.
- IMPORT - Import the list of S/MIME Public Keys from a file.
[]> new
Enter a name for this profile:
> hr_signing
1. Import
2. Paste
Choose one of the options for the certificate introducing:
[2]>
Paste public certificate in PEM format (end with '.'):
-----BEGIN CERTIFICATE----MIIDdDCCAlygAwIBAgIBDTANBgkqhkiG9w0BAQUFADCBljELMAkGA1UEBhMCSU4x
CzAJBgNVBAg...
-----END CERTIFICATE-----

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-34

Chapter 3

The Commands: Reference Examples

Domain Keys

.
C=IN,ST=KA,L=BN,O=Cisco,OU=stg,CN=cert_for_enc,[email protected]
Choose the operation you want to perform:
- NEW - Create a new S/MIME Public Key.
- EDIT - Edit a S/MIME Public Key.
- RENAME - Rename a S/MIME Public Key.
- DELETE - Delete a S/MIME Public Key.
- IMPORT - Import the list of S/MIME Public Keys from a file.
- EXPORT - Export the list of S/MIME Public Keys to a file.
- PRINT - Display S/MIME Public Keys.
[]> print
S/MIME Public Keys
Name
Emails
--------- ------------------------hr_signin [email protected]

Domains
------------------------dns.vm30bsd0008.ibqa

Remaining
--------145 days

Domain Keys
This section contains the following CLI commands:

domainkeysconfig

domainkeysconfig
Description
Configure DomainKeys/DKIM support.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

Batch Format - Signing Profiles

The batch format of the domainkeysconfig command can be used to create, edit, or delete signing
profiles

Adding a DomainKeys/DKIM signing profile:

domainkeysconfig profiles signing new <name> <type> <domain>
<selector> <user-list> [options]

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-35

Chapter 3

The Commands: Reference Examples

Domain Keys

Table 3-2

domainkeysconfig New Signing Profile Arguments

Argument

Description

<name>

Name of domain profile.

<type>

Type of domain. Can be dk or dkim.

Domain field of domain profile. This forms the d tag

of the Domain-Keys signature.

Selector field of domain profile. This forms the s tag

of the Domain-Keys signature.

<user-list>

Comma separated list of domain profile users. Users

are used to match against email addresses to
determine if a specific domain profile should be used
to sign an email. Use the special keyword all to
match all domain users.

[options]
--key_name

The name of the private key that will be used for

signing.

--canon

The canonicalization algorithm to use when signing

by DK. Currently supported algorithms are simple
and nofws. Default is nofws.

--body_canon

The body canonicalization algorithm of to use when

signing by DKIM. Currently supported algorithms
are simple and relaxed. Default is simple.

--header_canon

The headers canonicalization algorithm of to use

when signing by DKIM. Currently supported
algorithms are simple and relaxed. Default is
simple.

--body_length

Number of bytes of canonicalized body that are used

to calculate the signature. Is used only in DKIM
profiles. If used this value becomes l tag of the
signature. By default it is not used.

--headers_select

Detrmines how to select headers for signing. Is used

only in DKIM profiles. Can be one of all,
standard, standard_and_custom. all means to sign
all non-repetitive headers. "standard" means to sign
pedefined set of well known headers such as Subject,
From, To, Sender, MIME heades etc.
standard_and_custom means to sign well known
headers and user-defined set of headers. Default is
standard.

--custom_headers

User-defined set of headers to sign. Is used only in

DKIM profiles if headers_select is
standard_and_custom. Default is empty set.

--i_tag

Determines whether to include the i tag into the

signature. Possible values are yes or no. Default is
yes.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-36

Chapter 3

The Commands: Reference Examples

Domain Keys

Table 3-2

domainkeysconfig New Signing Profile Arguments

Argument

Description

--agent_identity

The identity of the user or agent on behalf of which

this message is signed. The syntax is a standard
email address where the local-part may be omitted.
Domain part of this address should be a sub-domain
of or equal to the <domain>. This option is only
applicable if --i_tag value is set to yes. Default is
an empty local-part followed by an @ and by the
<domain>.

--q_tag

Determines whether to include the q tag into the

signature. Possible values are yes or no. Default is
yes.

--t_tag

Determines whether to include the t tag into the

signature. Possible values are yes or no. Default is
yes.

--x_tag

Determines whether to include the x tag into the

signature. Possible values are yes or no. Default is
yes.

--expiration_time

Number of seconds before signature is expired. Is

used only in DKIM profiles. This value becomes a
difference of x and t tags of the signature. This
option is only applicable if --x_tag value is set to
yes. Default is 31536000 seconds (one year).

--z_tag

Determines whether to include the z tag into the

signature. Possible values are yes or no. Default is
no.

Editing a signing profile:

domainkeysconfig profiles signing edit <name>
[signing-profile-options]

Signing profile options:

rename <name>
domain <domain>
selector <selector>
canonicalization <canon>
canonicalization <header_canon> <body_canon>
key <key_name>
bodylength <body_length>
headerselect <header_select>
customheaders <custom_headers>
itag <i_tag> [<agent_identity>]

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-37

Chapter 3

The Commands: Reference Examples

Domain Keys

qtag <q_tag>
ttag <t_tag>
xtag <x_tag> [<expiration_time>]
ztag <z_tag>
new <user-list>
delete <user-list>
print
clear

Delete a signing profile:

domainkeysconfig profiles signing delete <name>

Show a list of signing profiles:

domainkeysconfig profiles signing list

Print the details of a signing profile:

domainkeysconfig profiles signing print <name>

Test a signing profile:

domainkeysconfig profiles signing test <name>

Import a local copy of your signing profiles:

domainkeysconfig profiles signing import <filename>

Export a copy of your signing profile from the appliance:

domainkeysconfig profiles signing export <filename>

Delete all the signing profiles from the appliance:

domainkeysconfig profiles signing clear

Batch Format - Verification Profiles

Create a new DKIM verification profile:

domainkeysconfig profiles verification new <name>
<verification-profile-options>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-38

Chapter 3

The Commands: Reference Examples

Domain Keys

Table 3-3

domainkeysconfig Verification Profile Options

Argument

Description

--name

The name of DKIM verification profile.

--min_key_size

The smallest key to be accepted. Possible key-length

values (in bits) are 512, 768, 1024, 1536 and 2048.
Default is 512.

--max_key_size

The largest key to be accepted. Possible key-length

values (in bits) are 512, 768, 1024, 1536 and 2048.
Default is 2048.

--max_signatures_num

A maximum number of signatures in the message to

verify. Possible value is any positive number.
Default is 5.

--key_query_timeout

A number of seconds before the key query is timed

out. Possible value is any positive number. Default is
10.

--max_systemtime_diverge
nce

A number of seconds to tolerate wall clock

asynchronization between sender and verifier.
Possible value is any positive number. Default is 60.

--use_body_length

Whether to use a body length parameter. Possible

values are yes or no. Default is yes.

--tempfail_action

The SMTP action should be taken in case of

temporary failure. Possible values are accept or
reject. Default is accept.

--tempfail_response_code

The SMTP response code for rejected message in

case of temporary failure. Possible value is number
in 4XX format. Default is 451.

--tempfail_response_text

The SMTP response text for rejected message in

case of temporary failure. Default is #4.7.5 Unable
to verify signature - key server unavailable.

--permfail_action

The SMTP action should be taken in case of

permanent failure. Possible values are accept or
reject. Default is accept.

--permfail_response_code

The SMTP response code for rejected message in

case of permanent failure. Possible value is number
in 5XX format. Default is 550.

--permfail_response_text

The SMTP response text for rejected message in

case of permanent failure. Default is #5.7.5 DKIM
unauthenticated mail is prohibited.

Edit a verification profile:

domainkeysconfig profiles verification edit <name>
<verification-profile-options>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-39

Chapter 3

The Commands: Reference Examples

Domain Keys

Delete a verification profile:

domainkeysconfig profiles verification delete <name>

Print details of an existing verification profile:

domainkeysconfig profiles verification print <name>

Display a list of existing verification profiles:

domainkeysconfig profiles verification list

Import a file of verification profiles from a local machine:

domainkeysconfig profiles verification import <filename>

Export the verification profiles from the appliance:

domainkeysconfig profiles verification export <filename>

Delete all existing verification profiles from the appliance:

domainkeysconfig profiles verification clear

Batch Format - Signing Keys

Create a new signing key:

domainkeysconfig keys new <key_name> <key-options>

Table 3-4

domainkeysconfig Signing Keys Options

Argument

Description

--generate_key

Generate a private key. Possible key-length values

(in bits) are 512, 768, 1024, 1536, and 2048.

--use_key

Use supplied private key.

--public_key

Flag to derive and print to the screen a matching

public key for the specified private key. If
--generate_key is specified first, a new private key
is generated first, followed by the display of a
matching public key.

Edit a signing key:

domainkeysconfig keys edit <key_name> key <key-options>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-40

Chapter 3

The Commands: Reference Examples

Domain Keys

Rename an existing signing key:

domainkeysconfig keys edit <key_name> rename <key_name>

To specify a public key:

domainkeysconfig keys publickey <key_name>

Delete a key:
domainkeysconfig keys delete <key_name>

Display a list of all signing keys:

domainkeysconfig keys list

Display all information about a specify signing key:

domainkeysconfig keys print <key_name>

Import signing keys from a local machine:

domainkeysconfig keys import <filename>

Export signing keys from the appliance:

domainkeysconfig keys export <filename>

Delete all signing keys on the appliance:

domainkeysconfig keys clear

Batch Format - Search for a Key or Profile

Search for a profile signing key:

domainkeysconfig search <search_text>

Batch Format - Global Settings

Modify global settings for Domain Keys/DKIM on your appliance:

domainkeysconfig setup <setup_options>

The option available is:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-41

Chapter 3

The Commands: Reference Examples

Domain Keys

--sign_generated_msgs - Specify whether to sign system-generated messages. Possible values

are yes or no.

Example: Configuring Domain Keys via the CLI

Use the domainkeysconfig command in the CLI to configure Domain Keys on your appliance.
The domainkeysconfig command has all of the features of the Mail Policies -> Domain Keys page. It
also provides the ability to generate a sample Domain Keys DNS TXT record. For more information
about generating sample Domain Keys DNS TXT records, see Creating a Sample Domain Keys DNS
TXT Record, page 3-45.
In this example, a key is generated, and a domain profile is created:
mail3.example.com> domainkeysconfig
Number of DK/DKIM Signing Profiles: 0
Number of Signing Keys: 0
Number of DKIM Verification Profiles: 1
Sign System-Generated Messages: Yes
Choose the operation you want to perform:
- PROFILES - Manage domain profiles.
- KEYS - Manage signing keys.
- SETUP - Change global settings.
- SEARCH - Search for domain profile or key.
[]> keys

No signing keys are defined.

Choose the operation you want to perform:
- NEW - Create a new signing key.
- IMPORT - Import signing keys from a file.
[]> new
Enter a name for this signing key:
[]> testkey
1. Generate a private key
2. Enter an existing key
[1]>
Enter the size (in bits) of this signing key:
1. 512
2. 768
3. 1024
4. 1536
5. 2048
[3]>
New key "testkey" created.
There are currently 1 signing keys defined.
Choose the operation you want to perform:
- NEW - Create a new signing key.
- EDIT - Modify a signing key.
- PUBLICKEY - Create a publickey from a signing key.
- DELETE - Delete a signing key.
- PRINT - Display signing keys.
- LIST - List signing keys.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-42

Chapter 3

The Commands: Reference Examples

Domain Keys

- IMPORT - Import signing keys from a file.

- EXPORT - Export signing keys to a file.
- CLEAR - Clear all signing keys.
[]>
Number of DK/DKIM Signing Profiles: 0
Number of Signing Keys: 1
Number of DKIM Verification Profiles: 1
Sign System-Generated Messages: Yes
Choose the operation you want to perform:
- PROFILES - Manage domain profiles.
- KEYS - Manage signing keys.
- SETUP - Change global settings.
- SEARCH - Search for domain profile or key.
[]> profiles

Choose the operation you want to perform:

- SIGNING - Manage signing profiles.
- VERIFICATION - Manage verification profiles.
[]> signing

No domain profiles are defined.

Choose the operation you want to perform:
- NEW - Create a new domain profile.
- IMPORT - Import domain profiles from a file.
[]> new
Enter a name for this domain profile:
[]> Example
Enter type of domain profile:
1. dk
2. dkim
[2]>

The domain field forms the basis of the public-key query. The value in
this field MUST match the domain of the sending email address or MUST
be one of the parent domains of the sending email address. This value
becomes the "d" tag of the Domain-Keys signature.
Enter the domain name of the signing domain:
[]> example.com

Selectors are arbitrary names below the "_domainkey." namespace. A

selector value and length MUST be legal in the DNS namespace and in
email headers with the additional provision that they cannot contain a
semicolon. This value becomes the "s" tag of the DomainKeys
Signature.
Enter selector:
[]> test

The private key which is to be used to sign messages must be entered.

A corresponding public key must be published in the DNS following the
form described in the DomainKeys documentation. If a key is not
immediately available, a key can be entered at a later time.
Select the key-association method:
1. Create new key
2. Paste in key

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-43

Chapter 3

The Commands: Reference Examples

Domain Keys

3. Enter key at later time

4. Select existing key
[1]> 4
Enter the name or number of a signing key.
1. testkey
[1]>

The canonicalization algorithm is the method by which the headers and

content are prepared for presentation to the signing algorithm.
Possible choices are "simple" and "relaxed".
Select canonicalization algorithm for body:
1. simple
2. relaxed
[1]> 1
How would you like to sign headers:
1. Sign all existing, non-repeatable headers (except Return-Path header).
2. Sign "well-known" headers (Date, Subject, From, To, Cc, Reply-To, Message-ID, Sender,
MIME headers).
3. Sign "well-known" headers plus a custom list of headers.
[2]>
Body length is a number of bytes of the message body to sign.
This value becomes the "l" tag of the signature.
Which body length option would you like to use?
1. Whole body implied. No further message modification is possible.
2. Whole body auto-determined. Appending content is possible.
3. Specify a body length.
[1]>
Would you like to fine-tune which tags should be used in the
DKIM Signature? (yes/no) [N]>
Finish by entering profile users. The following types of entries are
allowed:
- Email address entries such as "[email protected]".
- Domain entries such as "example.com".
- Partial domain entries such as ".example.com". For example, a partial
domain of ".example.com" will match "sales.example.com".
This
sort of entry will not match the root domain ("example.com").
- Leave blank to match all domain users.
Enter user for this signing profile:
[]> sales.example.com
Do you want to add another user? [N]>

There are currently 1 domain profiles defined.

Choose the operation you want to perform:
- NEW - Create a new domain profile.
- EDIT - Modify a domain profile.
- DELETE - Delete a domain profile.
- PRINT - Display domain profiles.
- LIST - List domain profiles.
- TEST - Test if a domain profile is ready to sign.
- DNSTXT - Generate a matching DNS TXT record.
- IMPORT - Import domain profiles from a file.
- EXPORT - Export domain profiles to a file.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-44

Chapter 3

The Commands: Reference Examples

Domain Keys

- CLEAR - Clear all domain profiles.

[]>

Choose the operation you want to perform:

- SIGNING - Manage signing profiles.
- VERIFICATION - Manage verification profiles.
[]>
Number of DK/DKIM Signing Profiles: 1
Number of Signing Keys: 1
Number of DKIM Verification Profiles: 1
Sign System-Generated Messages: Yes
Choose the operation you want to perform:
- PROFILES - Manage domain profiles.
- KEYS - Manage signing keys.
- SETUP - Change global settings.
- SEARCH - Search for domain profile or key.
[]>

Creating a Sample Domain Keys DNS TXT Record

mail3.example.com> domainkeysconfig
Number of DK/DKIM Signing Profiles: 1
Number of Signing Keys: 1
Number of DKIM Verification Profiles: 1
Sign System-Generated Messages: Yes
Choose the operation you want to perform:
- PROFILES - Manage domain profiles.
- KEYS - Manage signing keys.
- SETUP - Change global settings.
- SEARCH - Search for domain profile or key.
[]> profiles

Choose the operation you want to perform:

- SIGNING - Manage signing profiles.
- VERIFICATION - Manage verification profiles.
[]> signing

There are currently 1 domain profiles defined.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-45

Chapter 3

The Commands: Reference Examples

Domain Keys

[1]>
The answers to the following questions will be used to construct DKIM text
record for DNS. It can be used to publish information about this profile.

Do you wish to constrain the local part of the signing identities

("i=" tag of "DKIM-Signature" header field) associated with this
domain profile? [N]>
Do you wish to include notes that may be of interest to a human (no
interpretation is made by any program)? [N]>
The "testing mode" can be set to specify that this domain is testing DKIM and
that unverified email must not be treated differently from verified email.
Do you want to indicate the "testing mode"? [N]>
Do you wish to disable signing by subdomains of this domain? [N]>

The DKIM DNS TXT record is:

test._domainkey.example.com. IN TXT "v=DKIM1;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDX5dOG9J8rXreA/uPtYr5lrCTCqR+qlS5Gm1f0OplAzSuB2BvO
nxZ5Nr+se0T+k7mYDP0FSUHyWaOvO+kCcum7fFRjS3EOF9gLpbIdH5vzOCKp/w7hdjPy3q6PSgJVtqvQ6v9E8k5Ui7
C+DF6KvJUiMJSY5sbu2zmm9rKAH5m7FwIDAQAB;"

There are currently 1 domain profiles defined.

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-46

Chapter 3

The Commands: Reference Examples

DMARC Verification

DMARC Verification
This section contains the following CLI commands:

dmarcconfig

dmarcconfig
Description
Configure DMARC settings.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

Batch Format - DMARC Verification Profiles

The batch format of the dmarcconfig can be used to create, edit, or delete verification profiles and
modify global settings.

Add a DMARC Verification Profile

dmarcconfig profiles new <name> [options]

Argument

Description

<name>

Name of the DMARC profile.

[options]
--rejectpolicy_action

The message action that AsyncOS must take when the policy in
DMARC record is reject. Possible values are reject,
quarantine, or none.

--rejectpolicy_response_code

The SMTP response code for rejected messages. The default

value is 550.

--rejectpolicy_response_text

The SMTP response text for rejected messages. The default

value is #5.7.1 DMARC unauthenticated mail is prohibited.

--rejectpolicy_quarantine

The quarantine for messages that fail DMARC verification.

--quarantinepolicy_action

The message action that AsyncOS must take when the policy in
DMARC record is quarantine. Possible values are quarantine
or none.

--quarantinepolicy_quarantine

The quarantine for messages that fail DMARC verification.

--tempfail_action

The message action that AsyncOS must take on the messages

that result in temporary failure during DMARC verification.
Possible values are accept or reject.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-47

Chapter 3

The Commands: Reference Examples

DMARC Verification

Argument

Description

--tempfail_response_code

The SMTP response code for rejected messages in case of

temporary failure. The default value is 451.

--tempfail_response_text

The SMTP response text for rejected messages in case of

temporary failure. The default value is #4.7.1 Unable to
perform DMARC verification.

--permfail_action

The message action that AsyncOS must take on the messages

that result in permanent failure during DMARC verification.
Possible values are accept or reject.

--permfail_response_code

The SMTP response code for rejected messages in case of

permanent failure. The default value is 550.

--permfail_response_text

The SMTP response text for rejected messages in case of

permanent failure. The default value is #5.7.1 DMARC
verification failed.

Edit a DMARC Verification Profile

dmarcconfig profiles edit <name> [options]

Delete a DMARC Verification Profile

dmarcconfig profiles delete <name>

Delete all the DMARC Verification Profiles

dmarcconfig profiles clear

View the Details of a DMARC Verification Profile

dmarcconfig profiles print <name>

Export DMARC Verification Profiles

dmarcconfig profiles export <filename>

Import DMARC Verification Profiles

dmarcconfig profiles import <filename>

Change Global Settings

dmarcconfig setup [options]

Options

Description

--report_schedule

The time when you want AsyncOS to generate DMARC aggregate

reports.

--error_reports

Send delivery error reports to the domain owners if the DMARC

aggregate report size exceeds 10 MB or the size specified in the RUA
tag of DMARC record.

--org_name

The entity generating DMARC aggregate reports. This must be a

domain name.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-48

Chapter 3

The Commands: Reference Examples

DMARC Verification

Options

Description

--contact_info

Additional contact information, for example, details of your

organization's customer support, if the domain owners who receive
DMARC aggregate reports want to contact the entity that generated the
report.

--copy_reports

Send copy of all the DMARC aggregate reports to specific users, for
example, internal users who perform analysis on the aggregate reports.
Enter an email address or multiple addresses separated by commas.

--bypass_addresslist

Skip DMARC verification of messages from specific senders (address

list).
Note

--bypass_headers

You can choose only address lists created with full email
addresses.

Skip DMARC verification of messages that contain specific header field

names. For example, use this option to skip DMARC verification of
messages from mailing lists and trusted forwarders. Enter a header or
multiple headers separated by commas.

Example
The following example shows how to setup a DMARC verification profile and edit the global settings of
DMARC verification profiles.
mail.example.com> dmarcconfig
Number of DMARC Verification Profiles: 1
Daily report generation time is: 00:00
Error reports enabled: No
Reports sent on behalf of:
Contact details for reports:
Send a copy of aggregate reports to: None Specified
Bypass DMARC verification for senders from addresslist: None Specified
Bypass DMARC verification for messages with header fields: None Specified
Choose the operation you want to perform:
- PROFILES - Manage DMARC verification profiles.
- SETUP - Change global settings.
[]> profiles
There are currently 1 DMARC verification profiles defined.
Choose the operation you want to perform:
- NEW - Create a new DMARC verification profile.
- EDIT - Modify a DMARC verification profile.
- DELETE - Delete a DMARC verification profile.
- PRINT - Display DMARC verification profiles.
- IMPORT - Import DMARC verification profiles from a file.
- EXPORT - Export DMARC verification profiles to a file.
- CLEAR - Clear all DMARC verification profiles.
[]> new
Enter the name of the new DMARC verification profile:
[]> dmarc_ver_profile_1
Select the message action when the policy in DMARC record is reject:
1. No Action
2. Quarantine the message

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-49

Chapter 3

The Commands: Reference Examples

DMARC Verification

3. Reject the message

[3]> 1
Select the message action when the policy in DMARC record is quarantine:
1. No Action
2. Quarantine the message
[2]> 2
Select the quarantine for messages that fail DMARC verification (when the DMARC policy is
quarantine).
1. Policy
[1]> 1
What SMTP action should be taken in case of temporary failure?
1. Accept
2. Reject
[1]> 2
Enter the SMTP response code for rejected messages in case of temporary failure.
[451]>
Enter the SMTP response text for rejected messages in case of temporary failure. Type
DEFAULT to use the default response text '#4.7.1 Unable to perform
DMARC verification.'
[#4.7.1 Unable to perform DMARC verification.]>
What SMTP action should be taken in case of permanent failure?
1. Accept
2. Reject
[1]> 2
Enter the SMTP response code for rejected messages in case of permanent failure.
[550]>
Enter the SMTP response text for rejected messages in case of permanent failure. Type
DEFAULT to use the default response text '#4.7.1 Unable to perform
DMARC verification.'
[#5.7.1 DMARC verification failed.]>
There are currently 2 DMARC verification profiles defined.
Choose the operation you want to perform:
- NEW - Create a new DMARC verification profile.
- EDIT - Modify a DMARC verification profile.
- DELETE - Delete a DMARC verification profile.
- PRINT - Display DMARC verification profiles.
- IMPORT - Import DMARC verification profiles from a file.
- EXPORT - Export DMARC verification profiles to a file.
- CLEAR - Clear all DMARC verification profiles.
[]>
Number of DMARC Verification Profiles: 2
Daily report generation time is: 00:00
Error reports enabled: No
Reports sent on behalf of:
Contact details for reports:
Send a copy of aggregate reports to: None Specified
Bypass DMARC verification for senders from addresslist: None Specified
Bypass DMARC verification for messages with header fields: None Specified
Choose the operation you want to perform:
- PROFILES - Manage DMARC verification profiles.
- SETUP - Change global settings.
[]> setup

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-50

Chapter 3

The Commands: Reference Examples

DMARC Verification

Would you like to modify DMARC report settings? (Yes/No) [N]> y

Enter the time of day to generate aggregate feedback reports. Use 24-hour format (HH:MM).
[00:00]>
Would you like to send DMARC error reports? (Yes/No) [N]> y
Enter the entity name responsible for report generation. This is added to the DMARC
aggregate reports.
[]> example.com
Enter additional contact information to be added to DMARC aggregate reports. This could be
an email address, URL of a website with additional help, a phone
number etc.
[]> http://dmarc.example.com
Would you like to send a copy of all aggregate reports?

(Yes/No) [N]>

Would you like to bypass DMARC verification for an addresslist? (Yes/No) [N]>
Would you like to bypass DMARC verification for specific header fields? (Yes/No) [N]> y

Choose the operation you want to perform:

- ADD - Add a header field to the verification-bypass list.
[]> add
Enter the header field name
[]> List-Unsubscribe
DMARC verification is configured to bypass DMARC verification for messages containing the
following header fields.
1. List-Unsubscribe
Choose the operation you want to perform:
- ADD - Add a header field to the verification-bypass list.
- REMOVE - Remove a header field from the list.
[]> add
Enter the header field name
[]> List-ID
DMARC verification is configured to bypass DMARC verification for messages containing the
following header fields.
1. List-Unsubscribe
2. List-ID
Choose the operation you want to perform:
- ADD - Add a header field to the verification-bypass list.
- REMOVE - Remove a header field from the list.
[]>
Number of DMARC Verification Profiles: 2
Daily report generation time is: 00:00
Error reports enabled: Yes
Reports sent on behalf of: example.com
Contact details for reports: http://dmarc.example.com
Send a copy of aggregate reports to: None Specified
Bypass DMARC verification for senders from addresslist: None Specified
Bypass DMARC verification for messages with header fields: List-Unsubscribe, List-ID
Choose the operation you want to perform:
- PROFILES - Manage DMARC verification profiles.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-51

Chapter 3

The Commands: Reference Examples

DNS

- SETUP - Change global settings.

[]>

DNS
This section contains the following CLI commands:

dig

dnsconfig

dnsflush

dnshostprefs

dnslistconfig

dnslisttest

dnsstatus

dig
Description
Look up a record on a DNS server

Batch Format
The batch format of the dig command can be used to perform all the functions of the traditional CLI
command.

Look up a record on a DNS server

dig [options] [@<dns_ip>] [qtype] <hostname>

Do a reverse lookup for given IP address on a DNS server

dig -x <reverse_ip> [options] [@<dns_ip>]

These are the options available for the dig commands batch format
-s <source_ip>

Specify the source IP address.

-t

Make query over TCP.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-52

Chapter 3

The Commands: Reference Examples

DNS

-u

Make query over UDP (default).

dns_ip - Query the DNS server at this IP address.

qtype - Query type: A, PTR, CNAME, MX, SOA, NS, TXT.
hostname - Record that user want to look up.
reverse_ip - Reverse lookup IP address.
dns_ip - Query the DNS server at this IP address.

Example
The following example explicitly specifies a DNS server for the lookup.
mail.com> dig @111.111.111.111 example.com MX

; <<>> DiG 9.4.3-P2 <<>> @111.111.111.111 example.com MX

; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18540
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; QUESTION SECTION:
;example.com.
;; ANSWER SECTION:
mexample.com.

10800

;; AUTHORITY SECTION:
example.com.
;; ADDITIONAL SECTION:
example.com. 10800 IN
example.com. 10800 IN
example.com.
300
IN
;;
;;
;;
;;

Note

10800

A
AAAA
A

10 mexample.com.

test.example.com.

111.111.111.111
2620:101:2004:4201::bd
111.111.111.111

Query time: 6 msec

SERVER: 10.92.144.4#53(10.92.144.4)
WHEN: Fri Dec 9 23:37:42 2011
MSG SIZE rcvd: 143

The dig command filters out the information in the Authority and Additional sections if you do not
explicitly specify the DNS server when using the command.

dnsconfig
Description
Configure DNS setup

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-53

Chapter 3

The Commands: Reference Examples

DNS

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

Batch Format
The batch format of the dnsconfig command can be used to perform all the functions of the traditional
CLI command.

Configuring DNS to use a local nameserver cache:

dnsconfig parent new <ns_ip> <priority>

Command arguments:
<ns_ip> - The IP address of the nameserver. Separate multiple IP addresses with commas.
<priority> - The priority for this entry.

Deleting the local nameserver cache:

dnsconfig parent delete <ns_ip>

Configuring alternate DNS caches to use for specific domains:

dnsconfig alt new <domains> <ns_ip>

Note

Cannot be used when using Internet root nameservers.

Command arguments:
<ns_ip> - The IP address of the nameserver. Separate multiple IP addresses with commas.
<domains> - A comma separated list of domains.

Deleting the alternate DNS cache for a specific domain:

dnsconfig alt delete <domain>

Configuring DNS to use the Internet root nameservers:

dnsconfig roots new <ns_domain> <ns_name> <ns_ip>

Nameserver arguments:
<ns_domain> - The domain to override.
<ns_name> - The name of the nameserver.
<ns_ip> - The IP address of the nameserver.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-54

Chapter 3

The Commands: Reference Examples

DNS

Note

You can override certain domains by specifying an alternate name server for that domain.

Deleting nameservers:
dnsconfig roots delete <ns_domain> [ns_name]

Note

When deleting, if you do not specify an ns_name, then all nameservers for that domain will be removed.

Clearing all DNS settings and automatically configuring the system to use the Internet root servers:
dnsconfig roots

Displaying the current DNS settings.

dnsconfig print

Example
Each user-specified DNS server requires the following information:

Hostname

IP address

Domain authoritative for (alternate servers only)

Four subcommands are available within the dnsconfig command:

Table 3-5

Subcommands for dnsconfig Command

Syntax

Description

new

Add a new alternate DNS server to use for specific domains or local
DNS server.

delete

Remove an alternate server or local DNS server.

edit

Modify an alternate server or local DNS server.

setup

Switch between Internet root DNS servers or local DNS servers.

mail3.example.com> dnsconfig

Currently using the Internet root DNS servers.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-55

Chapter 3

The Commands: Reference Examples

DNS

Do you want the Gateway to use the Internet's root DNS servers or would you like
it to use your own DNS servers?
1. Use Internet root DNS servers
2. Use own DNS cache servers
[1]> 1
Choose the IP interface for DNS traffic.
1. Auto
2. Management (10.92.149.70/24: mail3.example.com)
[1]>
Enter the number of seconds to wait before timing out reverse DNS lookups.
[20]>
Enter the minimum TTL in seconds for DNS cache.
[1800]>

Currently using the Internet root DNS servers.

Adding an Alternate DNS Server for Specific Domains

You can configure the appliance to use the Internet root servers for all DNS queries except specific local
domains.
mail3.example.com> dnsconfig
Currently using the Internet root DNS servers.
No alternate authoritative servers configured.
Choose the operation you want to perform:
- NEW - Add a new server.
- SETUP - Configure general settings.
[]> new
Please enter the domain this server is authoritative for. (Ex: "com").
[]> example.com
Please enter the fully qualified hostname of the DNS server for the domain "example.com".
(Ex: "dns.example.com").
[]> dns.example.com
Please enter the IP address of dns.example.com.
[]> 10.1.10.9

Currently using the Internet root DNS servers.

Alternate authoritative DNS servers:
1. com: dns.example.com (10.1.10.9)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-56

Chapter 3

The Commands: Reference Examples

DNS

Choose the operation you want to perform:

- NEW - Add a new server.
- EDIT - Edit a server.
- DELETE - Remove a server.
- SETUP - Configure general settings.
[]>

Using Your Own DNS Cache Servers

You can configure the appliance to use your own DNS cache server.
mail3.example.com> dnsconfig

Currently using the Internet root DNS servers.

Alternate authoritative DNS servers:
1. com: dns.example.com (10.1.10.9)
Choose the operation you want to perform:
- NEW - Add a new server.
- EDIT - Edit a server.
- DELETE - Remove a server.
- SETUP - Configure general settings.
[]> setup
Do you want the Gateway to use the Internet's root DNS servers or would you like
it to use your own DNS servers?
1. Use Internet root DNS servers
2. Use own DNS cache servers
[1]> 2
Please enter the IP address of your DNS server.
Separate multiple IPs with commas.
[]> 10.10.200.03
Please enter the priority for 10.10.200.3.
A value of 0 has the highest priority.
The IP will be chosen at random if they have the same priority.
[0]> 1
Choose the IP interface for DNS traffic.
1. Auto
2. Management (192.168.42.42/24)
3. PrivateNet (192.168.1.1/24: mail3.example.com)
4. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 1
Enter the number of seconds to wait before timing out reverse DNS lookups.
[20]>
Enter the minimum TTL in seconds for DNS cache.
[1800]>

Currently using the local DNS cache servers:

1. Priority: 1 10.10.200.3
Choose the operation you want to perform:
- NEW - Add a new server.
- EDIT - Edit a server.
- DELETE - Remove a server.
- SETUP - Configure general settings.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-57

Chapter 3
DNS

[]>

dnsflush
Description
Clear all entries from the DNS cache.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
mail3.example.com> dnsflush
Are you sure you want to clear out the DNS cache? [N]> Y

dnshostprefs
Description
Configure IPv4/IPv6 DNS preferences

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
mail3.example.com> dnshostprefs

Choose the operation you want to perform:

- NEW - Add new domain override.
- SETDEFAULT - Set the default behavior.
[]> new
Enter the domain you wish to configure.
[]> example.com
How should the appliance sort IP addresses for this domain?
1. Prefer IPv4
2. Prefer IPv6

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-58

The Commands: Reference Examples

Chapter 3

The Commands: Reference Examples

DNS

3. Require IPv4
4. Require IPv6
[2]> 3

Choose the operation you want to perform:

- NEW - Add new domain override.
- SETDEFAULT - Set the default behavior.
[]> setdefault
How should the appliance sort IP addresses?
1. Prefer IPv4
2. Prefer IPv6
3. Require IPv4
4. Require IPv6
[2]> 1

Choose the operation you want to perform:

- NEW - Add new domain override.
- SETDEFAULT - Set the default behavior.
[]>

dnslistconfig
Description
Configure DNS List services support

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
mail3.example.com> dnslistconfig
Current DNS List Settings:
Negative Response TTL: 1800 seconds
DNS List Query Timeout: 3 seconds
Choose the operation you want to perform:
- SETUP - Configure general settings.
[]> setup
Enter the cache TTL for negative responses in seconds:
[1800]> 1200
Enter the query timeout in seconds:
[3]>
Settings updated.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-59

Chapter 3
DNS

Current DNS List Settings:

Negative Response TTL: 1200 seconds
DNS List Query Timeout: 3 seconds
Choose the operation you want to perform:
- SETUP - Configure general settings.
[]>

dnslisttest
Description
Test a DNS lookup for a DNS-based list service.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
mail3.example.com> dnslisttest
Enter the query server name:
[]> mail4.example.com
Enter the test IP address to query for:
[127.0.0.2]> 10.10.1.11
Querying: 10.10.1.11.mail4.example.com
Result: MATCHED

dnsstatus
Description
Display DNS statistics.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-60

The Commands: Reference Examples

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Example
mail3.example.com> dnsstatus
Status as of: Mon Apr 18 10:58:07 2005 PDT
Counters:
DNS Requests
Network Requests
Cache Hits
Cache Misses
Cache Exceptions
Cache Expired

Reset
1,115
186
1,300
1
0
185

Uptime
1,115
186
1,300
1
0
185

Lifetime
1,115
186
1,300
1
0
185

General Management/Administration/Troubleshooting
This section contains the following CLI commands:

addressconfig

adminaccessconfig

certconfig

date

diagnostic

diskquotaconfig

ecconfig

ecstatus

ecupdate

encryptionconfig

encryptionstatus

encryptionupdate

featurekey

featurekeyconfig

generalconfig

healthcheck

healthconfig

ntpconfig

reboot

repengstatus

resume

resumedel

resumelistener

revert

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-61

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

settime

settz

shutdown

sshconfig

status

supportrequest

supportrequeststatus

supportrequestupdate

suspend

suspenddel

suspendlistener

tcpservices

techsupport

tlsverify

trace

trackingconfig

updateconfig

updatenow

upgrade

version

wipedata

DMARC feedback reports

Notifications (notify() and notify-copy() filter actions)

Quarantine Messages (and Send Copy in quarantine management)

Reports

All other messages

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-62

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

In the following example, the From: Address for notifications is changed from: Mail Delivery System
(the default) to Notifications [[email protected]]

[MAILER-DAEMON@domain]

Example
mail3.example.com> addressconfig
Current
Current
Current
Current
Current
Current

anti-virus from: "Mail Delivery System" <MAILER-DAEMON@domain>

bounce from: "Mail Delivery System" <MAILER-DAEMON@domain>
notify from: "Mail Delivery System" <MAILER-DAEMON@domain>
quarantine from: "Mail Delivery System" <MAILER-DAEMON@domain>
DMARC reports from: "DMARC Feedback" <MAILER-DAEMON@domain>
all other messages from: "Mail Delivery System" <MAILER-DAEMON@domain>

Choose the operation you want to perform:

- AVFROM - Edit the anti-virus from address.
- BOUNCEFROM - Edit the bounce from address.
- NOTIFYFROM - Edit the notify from address.
- QUARANTINEFROM - Edit the quarantine bcc from address.
- DMARCFROM - Edit the DMARC reports from address.
- OTHERFROM - Edit the all other messages from address.
[]> notifyfrom
Please enter the display name portion of the "notify from" address
["Mail Delivery System"]> Notifications
Please enter the user name portion of the "notify from" address
[MAILER-DAEMON]> Notification
Do you want the virtual gateway domain used for the domain? [Y]> n
Please enter the domain name portion of the "notify from" address
[]> example.com
Current
Current
Current
Current
Current
Current

anti-virus from: "Mail Delivery System" <MAILER-DAEMON@domain>

bounce from: "Mail Delivery System" <MAILER-DAEMON@domain>
notify from: Notifications <[email protected]>
quarantine from: "Mail Delivery System" <MAILER-DAEMON@domain>
DMARC reports from: "DMARC Feedback" <MAILER-DAEMON@domain>
all other messages from: "Mail Delivery System" <MAILER-DAEMON@domain>

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-63

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

adminaccessconfig
Description
Use the adminaccessconfig command to configure:

Login message (banner) for the administrator.

IP-based access for appliance administrative interface.

Web interface Cross-Site Request Forgeries protection.

Option to use host header in HTTP requests.

Web interface and CLI session inactivity timeout.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

Batch Format
The batch format of the adminaccessconfig command can be used to perform all the functions of the
traditional CLI command.

Select whether to allow access for all IP addresses or limit access to specific IP address/subnet/range
adminaccessconfig ipaccess <all/restrict/proxyonly/proxy>

Adding a new IP address/subnet/range

adminaccessconfig ipaccess new <address>

Editing an existing IP address/subnet/range

adminaccessconfig ipaccess edit <oldaddress> <newaddress>

Deleting an existing IP address/subnet/range

adminaccessconfig ipaccess delete <address>

Printing a list of the IP addresses/subnets/ranges

adminaccessconfig ipaccess print

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-64

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Deleting all existing IP addresses/subnets/ranges

adminaccessconfig ipaccess clear

Printing the login banner

adminaccessconfig banner print

Importing a login banner from a file on the appliance

adminaccessconfig banner import <filename>

Deleting an existing login banner

adminaccessconfig banner clear

Printing the welcome banner

adminaccessconfig welcome print

Importing a welcome banner from a file on the appliance

adminaccessconfig welcome import <filename>

Deleting an existing welcome banner

adminaccessconfig welcome clear

Exporting a welcome banner

adminaccessconfig welcome export <filename>

Add an allowed proxy IP address

adminaccessconfig ipaccess proxylist new <address>

Edit an allowed proxy IP address

adminaccessconfig ipaccess proxylist edit <oldaddress> <newaddress>

Delete an allowed proxy IP address

adminaccessconfig ipaccess proxylist delete <address>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-65

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Delete all existing allowed proxy IP addresses

adminaccessconfig ipaccess proxylist clear

Configure the header name that contains origin IP address

adminaccessconfig ipaccess proxy-header <header name>

Enable or disable web interface Cross-Site Request Forgeries protection

adminaccessconfig csrf <enable|disable>

Check whether web interface Cross-Site Request Forgeries protection is enabled

adminaccessconfig csrf print

Configure web interface session timeout

adminaccessconfig timeout gui <value>

Configure CLI session timeout

adminaccessconfig timeout gui <value>

Example - Configuring Network Access List

You can control from which IP addresses users access the Email Security appliance. Users can access
the appliance from any machine with an IP address from the access list you define. When creating the
network access list, you can specify IP addresses, subnets, or CIDR addresses.
AsyncOS displays a warning if you do not include the IP address of your current machine in the network
access list. If your current machines IP address is not in the list, it will not be able to access the appliance
after you commit your changes.
In the following example, network access to the appliance is restricted to two sets of IP addresses:
mail.example.com> adminaccessconfig
Choose the operation you want to perform:
- BANNER - Configure login message (banner) for appliance administrator login.
- WELCOME - Configure welcome message (post login message) for appliance administrator
login.
- IPACCESS - Configure IP-based access for appliance administrative interface.
- CSRF - Configure web UI Cross-Site Request Forgeries protection.
- HOSTHEADER - Configure option to use host header in HTTP requests.
- TIMEOUT - Configure GUI and CLI session inactivity timeout.
[]> ipaccess
Current mode: Allow All.
Please select the mode:
- ALL - All IP addresses will be allowed to access the administrative interface.
- RESTRICT - Specify IP addresses/Subnets/Ranges to be allowed access.
- PROXYONLY - Specify IP addresses/Subnets/Ranges to be allowed access through proxy.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-66

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

- PROXY - Specify IP addresses/Subnets/Ranges to be allowed access through proxy or

directly.
[]> restrict

List of allowed IP addresses/Subnets/Ranges:

Choose the operation you want to perform:

- NEW - Add a new IP address/subnet/range.
[]> new
Please enter IP address, subnet or range.
[]> 192.168.1.2-100

List of allowed IP addresses/Subnets/Ranges:

192.168.1.2-100

Choose the operation you want to perform:

- NEW - Add a new IP address/subnet/range.
- EDIT - Modify an existing entry.
- DELETE - Remove an existing entry.
- CLEAR - Remove all the entries.
[]> new
Please enter IP address, subnet or range.
[]> 192.168.255.12

List of allowed IP addresses/Subnets/Ranges:

1.
2.

192.168.1.2-100
192.168.255.12

Choose the operation you want to perform:

- NEW - Add a new IP address/subnet/range.
- EDIT - Modify an existing entry.
- DELETE - Remove an existing entry.
- CLEAR - Remove all the entries.
[]>
Warning: The host you are currently using [72.163.202.175] is not included in the User
Access list. Excluding it will prevent your
host from connecting to the administrative interface. Are you sure you want to continue?
[N]> Y
Current mode: Restrict.
Please select the mode:
- ALL - All IP addresses will be allowed to access the administrative interface.
- RESTRICT - Specify IP addresses/Subnets/Ranges to be allowed access.
- PROXYONLY - Specify IP addresses/Subnets/Ranges to be allowed access through proxy.
- PROXY - Specify IP addresses/Subnets/Ranges to be allowed access through proxy or
directly.
[]>

Example - Configuring Login Banner

You can configure the Email Security appliance to display a message called a login banner when a user
attempts to log into the appliance through SSH, Telnet, FTP, or Web UI. The login banner is
customizable text that appears above the login prompt in the CLI and to the right of the login prompt in

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-67

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

the GUI. You can use the login banner to display internal security information or best practice
instructions for the appliance. For example, you can create a simple note that saying that unauthorized
use of the appliance is prohibited or a detailed warning concerning the organizations right to review
changes made by the user to the appliance.
The maximum length of the login banner is 2000 characters to fit 80x25 consoles. A login banner can
be imported from a file in the /data/pub/configuration directory on the appliance. After creating the
banner, commit your changes.
In the following example, the login banner Use of this system in an unauthorized manner is prohibited
is added to the appliance:
mail.example.com> adminaccessconfig
Choose the operation you want to perform:
- BANNER - Configure login message (banner) for appliance administrator login.
- WELCOME - Configure welcome message (post login message) for appliance administrator
login.
- IPACCESS - Configure IP-based access for appliance administrative interface.
- CSRF - Configure web UI Cross-Site Request Forgeries protection.
- HOSTHEADER - Configure option to use host header in HTTP requests.
- TIMEOUT - Configure GUI and CLI session inactivity timeout.
[]> banner
A banner has not been defined.
Choose the operation you want to perform:
- NEW - Create a banner to display at login.
- IMPORT - Import banner text from a file.
[]> new
Enter or paste the banner text here. Enter CTRL-D on a blank line to end.
Use of this system in an unauthorized manner is prohibited.
^D
Choose the operation you want to perform:
- BANNER - Configure login message (banner) for appliance administrator login.
- WELCOME - Configure welcome message (post login message) for appliance administrator
login.
- IPACCESS - Configure IP-based access for appliance administrative interface.
- CSRF - Configure web UI Cross-Site Request Forgeries protection.
- HOSTHEADER - Configure option to use host header in HTTP requests.
- TIMEOUT - Configure GUI and CLI session inactivity timeout.
[]> banner
Banner: Use of this system in an unauthorized manner is prohibited.
Choose the operation you want to perform:
- NEW - Create a banner to display at login.
- IMPORT - Import banner text from a file.
- DELETE - Remove the banner.
[]>

Example - Configuring Web Interface and CLI Session Timeout

The following example sets the web interface and CLI session timeout to 32 minutes.

Note

The CLI session timeout applies only to the connections using Secure Shell (SSH), SCP, and direct serial
connection. Any uncommitted configuration changes at the time of CLI session timeout will be lost.
Make sure that you commit the configuration changes as soon as they are made.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-68

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

mail.example.com> adminaccessconfig
Choose the operation you want to perform:
- BANNER - Configure login message (banner) for appliance administrator login.
- WELCOME - Configure welcome message (post login message) for appliance administrator
login.
- IPACCESS - Configure IP-based access for appliance administrative interface.
- CSRF - Configure web UI Cross-Site Request Forgeries protection.
- HOSTHEADER - Configure option to use host header in HTTP requests.
- TIMEOUT - Configure GUI and CLI session inactivity timeout.
[]> timeout
Enter WebUI inactivity timeout(in minutes):
[30]> 32
Enter CLI inactivity timeout(in minutes):
[30]> 32

Choose the operation you want to perform:

- BANNER - Configure login message (banner) for appliance administrator login.
- WELCOME - Configure welcome message (post login message) for appliance administrator
login.
- IPACCESS - Configure IP-based access for appliance administrative interface.
- CSRF - Configure web UI Cross-Site Request Forgeries protection.
- HOSTHEADER - Configure option to use host header in HTTP requests.
- TIMEOUT - Configure GUI and CLI session inactivity timeout.
[]>
mail.example.com> commit
Please enter some comments describing your changes:
[]> Changed WebUI and CLI session timeout values
Do you want to save the current configuration for rollback? [Y]>
Changes committed: Wed Mar 12 08:03:21 2014 GMT

Note

After committing the changes, the new CLI session timeout takes affect only during the subsequent
login.

certconfig
Description
Configure security certificates and keys.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-69

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Example - Pasting in a certificate

In the following example, a certificate is installed by pasting in the certificate and private key.
mail3.example.com> certconfig
Choose the operation you want to perform:
- CERTIFICATE - Import, Create a request, Edit or Remove Certificate Profiles
- CERTAUTHORITY - Manage System and Customized Authorities
- CRL - Manage Certificate Revocation Lists
[]> certificate
List of Certificates
Name
Common Name
--------- -------------------Demo
Cisco Appliance Demo

Issued By
-------------------Cisco Appliance Demo

Status
------------Active

Remaining
--------3467 days

Choose the operation you want to perform:

- IMPORT - Import a certificate from a local PKCS#12 file
- PASTE - Paste a certificate into the CLI
- NEW - Create a self-signed certificate and CSR
- PRINT - View certificates assigned to services
[]> paste
Enter a name for this certificate profile:
> partner.com
Paste public certificate in PEM format (end with '.'):
-----BEGIN CERTIFICATE----MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE----.
C=PT,ST=Queensland,L=Lisboa,O=Neuronio,
Lda.,OU=Desenvolvimento,CN=brutus.partner.com,[email protected]
Paste private key in PEM format (end with '.'):
-----BEGIN RSA PRIVATE KEY----MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY----.
Do you want to add an intermediate certificate? [N]> n

List of Certificates

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-70

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Name
Common Name
Issued By
Status
Remaining
-------- ------------------- -------------------- ------------- --------partner.c brutus.partner.com
brutus.partner
Active
30 days
Demo
Cisco Appliance Demo Cisco Appliance Demo Active
3467 days
Choose the operation you want to perform:
- IMPORT - Import a certificate from a local PKCS#12 file
- PASTE - Paste a certificate into the CLI
- NEW - Create a self-signed certificate and CSR
- EDIT - Update certificate or view the signing request
- EXPORT - Export a certificate
- DELETE - Remove a certificate
- PRINT - View certificates assigned to services
[]>

Choose the operation you want to perform:

- CERTIFICATE - Import, Create a request, Edit or Remove Certificate Profiles
- CERTAUTHORITY - Manage System and Customized Authorities
- CRL - Manage Certificate Revocation Lists
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> Installed certificate and key for receiving, delivery, and https
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

Example - Creating a Self-signed Certificate

In the following example, a self-signed certificate is created.
mail3.example.com> certconfig

Choose the operation you want to perform:

- CERTIFICATE - Import, Create a request, Edit or Remove Certificate Profiles
- CERTAUTHORITY - Manage System and Customized Authorities
- CRL - Manage Certificate Revocation Lists
[]> certificate
List of Certificates
Name
Common Name
--------- -------------------partner.c brutus.neuronio.pt
days
Demo
Cisco Appliance Demo

Issued By
-------------------brutus.neuronio.pt

Status
------------Expired

Remaining
---------4930

Cisco Appliance Demo

Active

3467 days

Choose the operation you want to perform:

- IMPORT - Import a certificate from a local PKCS#12 file
- PASTE - Paste a certificate into the CLI
- NEW - Create a self-signed certificate and CSR
- EDIT - Update certificate or view the signing request
- EXPORT - Export a certificate
- DELETE - Remove a certificate
- PRINT - View certificates assigned to services
[]> new
1. Create a self-signed certificate and CSR
2. Create a self-signed SMIME certificate and CSR

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-71

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

[1]> 1
Enter a name for this certificate profile:
> example.com
Enter Common Name:
> example.com
Enter Organization:
> Example
Enter Organizational Unit:
> Org
Enter Locality or City:
> San Francisoc
Enter State or Province:
> CA
Enter Country (2 letter code):
> US
Duration before expiration (in days):
[3650]>
1. 1024
2. 2048
Enter size of private key:
[2]>
Do you want to view the CSR? [Y]> y
-----BEGIN CERTIFICATE REQUEST----MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCVVMxFDASBgNVBAMTC2V4YW1wbGUuY29t
MRYwFAYDVQQHEw1TYW4gRnJhbmNpc29jMRAwDgYDVQQKEwdleGFtcGxlMQswCQYD
VQQIEwJDQTEMMAoGA1UECxMDb3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA+NwamZyX7VgTZka/x1I5HHrN9V2MPKXoLq7FjzUtiIDwznElrKIuJovw
Svonle6GvFlUHfjv8B3WobOzk5Ny6btKjwPrBfaY+qr7rzM4lAQKHM+P6l+lZnPU
P05N9RCkLP4XsUuyY6Ca1WLTiPIgaq2fR8Y0JX/kesZcGOqlde66pN+xJIHHYadD
oopOgqi6SLNfAzJu/HEu/fnSujG4nhF0ZGlOpVUx4fg33NwZ4wVl0XBk3GrOjbbA
ih9ozAwfNzxb57amtxEJk+pW+co3uEHLJIOPdih9SHzn/UVU4hiu8rSQR19sDApp
kfdWcfaDLF9tnQJPWSYoCh0USgCc8QIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEB
AGiVhyMAZuHSv9yA08kJCmrgO89yRlnDUXDDo6IrODVKx4hHTiOanOPu1nsThSvH
7xV4xR35T/QV0U3yPrL6bJbbwMySOLIRTjsUcwZNjOE1xMM5EkBM2BOI5rs4l59g
FhHVejhG1LyyUDL0U82wsSLMqLFH1IT63tzwVmRiIXmAu/lHYci3+vctb+sopnN1
lY1OIuj+EgqWNrRBNnKXLTdXkzhELOd8vZEqSAfBWyjZ2mECzC7SG3evqkw/OGLk
AilNXHayiGjeY+UfWzF/HBSekSJtQu6hIv6JpBSY/MnYU4tllExqD+GX3lru4xc4
zDas2rS/Pbpn73Lf503nmsw=
-----END CERTIFICATE REQUEST----List of Certificates
Name
Common Name
Issued By
Status
Remaining
--------- ------------------- -------------------- ------------- --------example.c example.com
example.com
Valid
3649 days
partner.c brutus.partner.com
brutus.partner.com Valid
30 days
Demo
Cisco Appliance Demo Cisco Appliance Demo Active
3467 days
Choose the operation you want to perform:
- IMPORT - Import a certificate from a local PKCS#12 file
- PASTE - Paste a certificate into the CLI
- NEW - Create a self-signed certificate and CSR
- EDIT - Update certificate or view the signing request
- EXPORT - Export a certificate

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-72

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

- DELETE - Remove a certificate

- PRINT - View certificates assigned to services
[]>

Example - Create a Self-signed S/MIME Signing Certificate

The following example shows how to create a self-signed S/MIME certificate for signing messages.
vm10esa0031.qa> certconfig

Choose the operation you want to perform:

Issued By
-------------------Cisco Appliance Demo

Status
------------Active

Remaining
--------3329 days

Choose the operation you want to perform:

- IMPORT - Import a certificate from a local PKCS#12 file
- PASTE - Paste a certificate into the CLI
- NEW - Create a self-signed certificate and CSR
- PRINT - View certificates assigned to services
[]> new
1. Create a self-signed certificate and CSR
2. Create a self-signed SMIME certificate and CSR
[1]> 2
Enter a name for this certificate profile:
> smime_signing
Enter Common Name:
> CN
Enter Organization:
> ORG
Enter Organizational Unit:
> OU
Enter Locality or City:
> BN
Enter State or Province:
> KA
Enter Country (2 letter code):
> IN
Duration before expiration (in days):
[3650]>
1. 1024
2. 2048
Enter size of private key:
[2]>
Enter email address for 'subjectAltName' extension:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-73

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

[]> [email protected]
Add another member? [Y]> n
Begin entering domain entries for 'subjectAltName'.
Enter the DNS you want to add.
[]> domain.com
Add another member? [Y]> n
Do you want to view the CSR? [Y]> n
List of Certificates
Name
Common Name
--------- -------------------smime_sig CN
Demo
Cisco Appliance Demo

Issued By
-------------------CN
Cisco Appliance Demo

Status
------------Valid
Active

Remaining
--------3649 days
3329 days

Choose the operation you want to perform:

date
Description
Displays the current date and time

Example
mail.example.com> date
Tue Mar 10 11:30:21 2015 GMT

diagnostic
Description
Use the diagnostic command to:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-74

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Troubleshoot hardware and network issues using various utilities

Check the RAID status

Display ARP cache

Clear LDAP, DNS, and ARP caches

Send SMTP test messages

Using the diagnostic Command

The following commands are available within the diagnostic submenu:
Table 3-6

diagnostic Subcommands

Option

Sub Commands

Availability

RAID

1. Run disk verify

Available on C30 and C60 only.

2. Monitor tasks in progress

3. Display disk verify verdict
DISK_USAGE

No Sub Commands

This command has been deprecated. Instead,

use the diskquotaconfig command.

FLUSH

C-, X-, and M-Series

(deprecated)
NETWORK

ARPSHOW
SMTPPING
TCPDUMP
REPORTING

DELETEDB

C-, X-, and M-Series

DISABLE
TRACKING

DELETEDB

C-, X-, and M-Series

DEBUG
RELOAD

No Sub Commands

C-, X-, and M-Series

Batch Format
The batch format of the diagnostic command can be used to check RAID status, clear caches and show
the contents of the ARP cache. To invoke as a batch command, use the following formats:
Use the batch format to perform the following operations:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-75

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Check the RAID status

diagnostic raid

Show the contents of the ARP cache

diagnostic network arpshow

Show the contents of the NDP cache

diagnostic network ndpshow

Clear the LDAP, DNS, ARP and NDP caches

diagnostic network flush

Reset and delete the reporting database

diagnostic reporting deletedb

Enable reporting daemons

diagnostic reporting enable

Disable reporting daemons

diagnostic reporting disable

Reset and delete the tracking database

diagnostic tracking deletedb

Reset configuration to the initial manufacturer values

diagnostic reload

Example: Displaying and Clearing Caches

The following example shows the diagnostic command used to display the contents of the ARP cache
and to flush all network related caches.
mail.example.com> diagnostic
Choose the operation you want to perform:
- RAID - Disk Verify Utility.
- DISK_USAGE - Check Disk Usage.
- NETWORK - Network Utilities.
- REPORTING - Reporting Utilities.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-76

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

- TRACKING - Tracking Utilities.

- RELOAD - Reset configuration to the initial manufacturer values.
[]> network

Choose the operation you want to perform:

- FLUSH - Flush all network related caches.
- ARPSHOW - Show system ARP cache.
- NDPSHOW - Show system NDP cache.
- SMTPPING - Test a remote SMTP server.
- TCPDUMP - Dump ethernet packets.
[]> arpshow
System ARP cache contents:
(10.76.69.3) at 00:1e:bd:28:97:00 on em0 expires in 1193 seconds [ethernet]
(10.76.69.2) at 00:1e:79:af:f4:00 on em0 expires in 1192 seconds [ethernet]
(10.76.69.1) at 00:00:0c:9f:f0:01 on em0 expires in 687 seconds [ethernet]
(10.76.69.149) at 00:50:56:b2:0e:2b on em0 permanent [ethernet]

Choose the operation you want to perform:

- FLUSH - Flush all network related caches.
- ARPSHOW - Show system ARP cache.
- NDPSHOW - Show system NDP cache.
- SMTPPING - Test a remote SMTP server.
- TCPDUMP - Dump ethernet packets.
[]> flush
Flushing LDAP cache.
Flushing DNS cache.
Flushing system ARP cache.
10.76.69.3 (10.76.69.3) deleted
10.76.69.2 (10.76.69.2) deleted
10.76.69.1 (10.76.69.1) deleted
10.76.69.149 (10.76.69.149) deleted
Flushing system NDP cache.
fe80::250:56ff:feb2:e2d%em2 (fe80::250:56ff:feb2:e2d%em2) deleted
fe80::250:56ff:feb2:e2c%em1 (fe80::250:56ff:feb2:e2c%em1) deleted
fe80::250:56ff:feb2:e2b%em0 (fe80::250:56ff:feb2:e2b%em0) deleted
Network reset complete.

Example: Verify Connectivity to Another Mail Server

The following example shows diagnostics used to check connectivity to another mail server. You can test
the mail server by sending a message or pinging the server.
mail.example.com> diagnostic
Choose the operation you want to perform:
- RAID - Disk Verify Utility.
- NETWORK - Network Utilities.
- REPORTING - Reporting Utilities.
- TRACKING - Tracking Utilities.
- RELOAD - Reset configuration to the initial manufacturer values.
[]> network

Choose the operation you want to perform:

- FLUSH - Flush all network related caches.
- ARPSHOW - Show system ARP cache.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-77

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

- NDPSHOW - Show system NDP cache.

- SMTPPING - Test a remote SMTP server.
- TCPDUMP - Dump ethernet packets.
[]> smtpping
Enter the hostname or IP address of the SMTP server:
[mail.example.com]> mail.com
The domain you entered has MX records.
Would you like to select an MX host to test instead? [Y]> y
Select an MX host to test.
1. mx00.gmx.com
2. mx01.gmx.com
[1]>
Select a network interface to use for the test.
1. Management
2. auto
[2]> 1
Do you want to type in a test message to send?
no email will be sent. [N]>

If not, the connection will be tested but

Starting SMTP test of host mx00.gmx.com.

Resolved 'mx00.gmx.com' to 74.208.5.4.
Unable to connect to 74.208.5.4.

Example: Reset Appliance Configuration to the Initial Manufacturer Values

The following example shows how to reset your appliance configuration to the initial manufacturer
values.
mail.example.com> diagnostic

Choose the operation you want to perform:

- RAID - Disk Verify Utility.
- NETWORK - Network Utilities.
- REPORTING - Reporting Utilities.
- TRACKING - Tracking Utilities.
- RELOAD - Reset configuration to the initial manufacturer values.
[]> reload
This command will remove all user settings and reset the entire device.
If this is a Virtual Appliance, all feature keys will be removed,
and the license must be reapplied.
Are you sure you want to continue? [N]> Y
Are you *really* sure you want to continue? [N]> Y
Do you want to wipe also? [N]> Y

diskquotaconfig
View or configure disk space allocation for reporting and tracking, quarantines, log files, packet
captures, and configuration files.
See User Guide for AsyncOS for Cisco Email Security Appliances for complete information about this
feature.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-78

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command supports a batch format.

Batch Format
diskquotaconfig <feature> <quota> [<feature> <quota> [<feature> <quota>[<feature>
<quota>]]]

Valid values for <feature> are euq, pvo, tracking, reporting

Valid values for <quota> are integers.

Example
mail.example.com> diskquotaconfig
Service
Disk Usage(GB)
Quota(GB)
--------------------------------------------------------------------------Spam Quarantine (EUQ)
1
1
Policy, Virus & Outbreak Quarantines
1
3
Reporting
5
10
Tracking
1
10
Miscellaneous Files
5
30
System Files Usage : 5 GB
User Files Usage : 0 GB
Total
13
54 of 143
Choose the operation you want to perform:
- EDIT - Edit disk quotas
[]> edit
Enter the number of the service for which you would like to edit disk quota:
1. Spam Quarantine (EUQ)
2. Policy, Virus & Outbreak Quarantines
3. Reporting
4. Tracking
5. Miscellaneous Files
[1]> 1
Enter the new disk quota [1]> 1
Disk quota for Spam Quarantine (EUQ) changed to 1
Service
Disk Usage(GB)
Quota(GB)
--------------------------------------------------------------------------Spam Quarantine (EUQ)
1
1
Policy, Virus & Outbreak Quarantines
1
3
Reporting
5
10
Tracking
1
10
Miscellaneous Files
5
30
System Files Usage : 5 GB
User Files Usage : 0 GB
Total
13
54 of 143
Choose the operation you want to perform:
- EDIT - Edit disk quotas

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-79

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

[]>

ecconfig
Set or clear the enrollment client that is used to obtain certificates for use with the URL Filtering feature.
Do not use this command without guidance from Cisco support.
Entries must be in the format <hostname:port> or <IPv4 address:port>. Port is optional.
To specify the default server, enter ecconfig server default.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used at all levels in a cluster.
Batch Command: This command supports a batch format.

Batch Format

To specify a non-default enrollment client server:

> ecconfig server <server_name:port>

To use the default enrollment client server:

> ecconfig server default

Example
mail.example.com> ecconfig
Enrollment Server: Not Configured (Use Default)
Choose the operation you want to perform:
- SETUP - Configure the Enrollment Server
[]> setup
Do you want to use non-default Enrollment server?
WARNING: Do not configure this option without the assistance of Cisco Support.
Incorrect configuration can impact the services using certificates from the Enrollment
server. [N]> y

[]> 192.0.2.1

Choose the operation you want to perform:

- SETUP - Configure the Enrollment Server
[]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-80

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

ecstatus
Display the current version of the enrollment client that is used to automatically obtain certificates for
use with the URL Filtering feature.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail.example.com> ecstatus
Component
Version
Enrollment Client
1.0.2-046

Last Updated
Never updated

ecupdate
Manually update the enrollment client that is used to automatically obtain certificates for use with the
URL Filtering feature. Normally, these updates occur automatically. Do not use this command without
guidance from Cisco support.
If you use the force parameter (ecupdate [force]) the client is updated even if no changes are detected.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command supports a batch format.

Batch Format
> ecupdate [force]

Example
mail.example.com> ecupdate
Requesting update of Enrollment Client.

encryptionconfig
Configure email encryption.

Usage
Commit: This command requires a commit.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-81

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Cluster Management: This command is restricted to machine mode.

Batch Command: This command does not support a batch format

Example
The following example shows modifications to an encryption profile:
mail.example.com> encryptionconfig
IronPort Email Encryption: Enabled
Choose the operation you want to perform:
- SETUP - Enable/Disable IronPort Email Encryption
- PROFILES - Configure email encryption profiles
- PROVISION - Provision with the Cisco Registered Envelope Service
[]> setup
PXE Email Encryption: Enabled
Would you like to use PXE Email Encryption? [Y]>

WARNING: Increasing the default maximum message size(10MB) may result in

decreased performance. Please consult documentation for size recommendations
based on your environment.
Maximum message size for encryption: (Add a trailing K for kilobytes, M for
megabytes, or no letters for bytes.)
[10M]>

Enter the email address of the encryption account administrator

[[email protected]]>

IronPort Email Encryption: Enabled

Choose the operation you want to perform:
- SETUP - Enable/Disable IronPort Email Encryption
- PROFILES - Configure email encryption profiles
- PROVISION - Provision with the Cisco Registered Envelope Service
[]> profiles
Proxy: Not Configured
Profile Name
-----------HIPAA

Key Service
----------Hosted Service

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-82

Proxied
------No

Provision Status
---------------Not Provisioned

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Profile name: HIPAA

External URL: https://res.cisco.com
Encryption algorithm: ARC4
Payload Transport URL: http://res.cisco.com
Envelope Security: High Security
Return receipts enabled: Yes
Secure Forward enabled: No
Secure Reply All enabled: No
Suppress Applet: No
URL associated with logo image: <undefined>
Encryption queue timeout: 14400
Failure notification subject: [ENCRYPTION FAILURE]
Failure notification template: System Generated
Filename for the envelope: securedoc_${date}T${time}.html
Use Localized Envelope: No
Text notification template: System Generated
HTML notification template: System Generated
Choose the operation you want to perform:
- NAME - Change profile name
- EXTERNAL - Change external URL
- ALGORITHM - Change encryption algorithm
- PAYLOAD - Change the payload transport URL
- SECURITY - Change envelope security
- RECEIPT - Change return receipt handling
- FORWARD - Change "Secure Forward" setting
- REPLYALL - Change "Secure Reply All" setting
- LOCALIZED_ENVELOPE - Enable or disable display of envelopes in languages
other than English
- APPLET - Change applet suppression setting
- URL - Change URL associated with logo image
- TIMEOUT - Change maximum time message waits in encryption queue
- BOUNCE_SUBJECT - Change failure notification subject
- FILENAME - Change the file name of the envelope attached to the encryption
notification.
[]> security
1. High Security (Recipient must enter a password to open the encrypted
message, even if credentials are cached ("Remember Me" selected).)
2. Medium Security (No password entry required if recipient credentials are
cached ("Remember Me" selected).)
3. No Password Required (The recipient does not need a password to open the
encrypted message.)
Please enter the envelope security level:
[1]> 1
Profile name: HIPAA
External URL: https://res.cisco.com
Encryption algorithm: ARC4
Payload Transport URL: http://res.cisco.com
Envelope Security: High Security
Return receipts enabled: Yes
Secure Forward enabled: No
Secure Reply All enabled: No
Suppress Applet: No
URL associated with logo image: <undefined>
Encryption queue timeout: 14400
Failure notification subject: [ENCRYPTION FAILURE]
Failure notification template: System Generated
Filename for the envelope: securedoc_${date}T${time}.html
Use Localized Envelope: No
Text notification template: System Generated
HTML notification template: System Generated

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-83

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Choose the operation you want to perform:

- NAME - Change profile name
- EXTERNAL - Change external URL
- ALGORITHM - Change encryption algorithm
- PAYLOAD - Change the payload transport URL
- SECURITY - Change envelope security
- RECEIPT - Change return receipt handling
- FORWARD - Change "Secure Forward" setting
- REPLYALL - Change "Secure Reply All" setting
- LOCALIZED_ENVELOPE - Enable or disable display of envelopes in languages
other than English
- APPLET - Change applet suppression setting
- URL - Change URL associated with logo image
- TIMEOUT - Change maximum time message waits in encryption queue
- BOUNCE_SUBJECT - Change failure notification subject
- FILENAME - Change the file name of the envelope attached to the encryption
notification.
[]> forward
Would you like to enable "Secure Forward"? [N]> y
Profile name: HIPAA
External URL: https://res.cisco.com
Encryption algorithm: ARC4
Payload Transport URL: http://res.cisco.com
Envelope Security: High Security
Return receipts enabled: Yes
Secure Forward enabled: Yes
Secure Reply All enabled: No
Suppress Applet: No
URL associated with logo image: <undefined>
Encryption queue timeout: 14400
Failure notification subject: [ENCRYPTION FAILURE]
Failure notification template: System Generated
Filename for the envelope: securedoc_${date}T${time}.html
Use Localized Envelope: No
Text notification template: System Generated
HTML notification template: System Generated
Choose the operation you want to perform:
- NAME - Change profile name
- EXTERNAL - Change external URL
- ALGORITHM - Change encryption algorithm
- PAYLOAD - Change the payload transport URL
- SECURITY - Change envelope security
- RECEIPT - Change return receipt handling
- FORWARD - Change "Secure Forward" setting
- REPLYALL - Change "Secure Reply All" setting
- LOCALIZED_ENVELOPE - Enable or disable display of envelopes in languages
other than English
- APPLET - Change applet suppression setting
- URL - Change URL associated with logo image
- TIMEOUT - Change maximum time message waits in encryption queue
- BOUNCE_SUBJECT - Change failure notification subject
- FILENAME - Change the file name of the envelope attached to the encryption
notification.
[]>
Proxy: Not Configured
Profile Name
-----------HIPAA

Key Service
----------Hosted Service

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-84

Proxied
------No

Provision Status
---------------Not Provisioned

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Choose the operation you want to perform:

- NEW - Create a new encryption profile
- EDIT - Edit an existing encryption profile
- DELETE - Delete an encryption profile
- PRINT - Print all configuration profiles
- CLEAR - Clear all configuration profiles
- PROXY - Configure a key server proxy
[]>
IronPort Email Encryption: Enabled
Choose the operation you want to perform:
- SETUP - Enable/Disable IronPort Email Encryption
- PROFILES - Configure email encryption profiles
- PROVISION - Provision with the Cisco Registered Envelope Service
[]>

encryptionstatus
Description
The encryptionstatus command shows the version of the PXE Engine and Domain Mappings file on
the Email Security appliance, as well as the date and time the components were last updated.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> encryptionstatus
Component
PXE Engine
Domain Mappings File

Version
6.7.1
1.0.0

Last Updated
17 Nov 2009 00:09 (GMT)
Never updated

encryptionupdate
Description
The encryptionupdate command requests an update to the PXE Engine on the Email Security
appliance.

Usage
Commit: This command does not require a commit.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-85

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Cluster Management: This command is restricted to machine mode. It is further restricted to the login
host (i.e., the specific machine you are logged onto).
Batch Command: This command does not support a batch format.

Example
mail3.example.com> encryptionupdate
Requesting update of PXE Engine.

featurekey
Description
The featurekey command lists all functionality enabled by keys on the system and information related
to the keys. It also allows you to activate features using a key or check for new feature keys.
For virtual appliances, see also loadlicense and showlicense.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
In this example, the featurekey command is used to check for new feature keys.
mail3.example.com> featurekey
Module
Quantity
Outbreak Filters
1
2014
IronPort Anti-Spam
1
2014
Sophos Anti-Virus
1
2014
Bounce Verification
1
2014
Incoming Mail Handling
1
2014
IronPort Email Encryption
1
2014
RSA Email Data Loss Prevention
1
2014
McAfee
1
2014
Choose the operation you want to perform:
- ACTIVATE - Activate a (pending) key.
- CHECKNOW - Check now for new feature keys.
[]> checknow
No new feature keys are available.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-86

Status
Active

Remaining
28 days

Expiration Date
Tue Feb 25 06:40:53

Dormant

30 days

Wed Feb 26 07:56:57

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

featurekeyconfig
Description
The featurekeyconfig command allows you to configure the machine to automatically download
available keys and update the keys on the machine.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine.
Batch Command: This command does not support a batch format.

Example
In this example, the featurekeyconfig command is used to enable the autoactivate and autocheck
features.
mail3.example.com> featurekeyconfig
Automatic activation of downloaded keys: Disabled
Automatic periodic checking for new feature keys: Disabled
Choose the operation you want to perform:
- SETUP - Edit feature key configuration.
[]> setup
Automatic activation of downloaded keys: Disabled
Automatic periodic checking for new feature keys: Disabled
Choose the operation you want to perform:
- AUTOACTIVATE - Toggle automatic activation of downloaded keys.
- AUTOCHECK - Toggle automatic checking for new feature keys.
[]> autoactivate
Do you want to automatically apply downloaded feature keys? [N]> y
Automatic activation of downloaded keys: Enabled
Automatic periodic checking for new feature keys: Disabled
Choose the operation you want to perform:
- AUTOACTIVATE - Toggle automatic activation of downloaded keys.
- AUTOCHECK - Toggle automatic checking for new feature keys.
[]> autocheck
Do you want to periodically query for new feature keys? [N]> y
Automatic activation of downloaded keys: Enabled
Automatic periodic checking for new feature keys: Enabled

generalconfig
Description
The generalconfig command allows you to configure browser settings.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-87

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Usage
Commit: This command requires commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format. For details, see the inline help by typing the
command: help generalconfig.

Example - Configure Internet Explorer Compatibility Mode Override

The following example shows how to override IE Compatibility Mode.
mail.example.com> generalconfig
Choose the operation you want to perform:
- IEOVERRIDE - Configure Internet Explorer Compatibility Mode Override
[]> ieoverride
For better web interface rendering, we recommend that you enable Internet
Explorer Compatibility Mode Override. However, if enabling this feature
is against your organizational policy, you may disable this feature.
Internet Explorer Compatibility Mode Override is currently disabled.
Would you like to enable Internet Explorer Compatibility Mode Override? [N]y
Choose the operation you want to perform:
- IEOVERRIDE - Configure Internet Explorer Compatibility Mode Override
[]>

healthcheck
Description
Checks the health of your Email Security appliance. Health check analyzes historical data (up to three
months) in the current Status Logs to determine the health of the appliance.

Example
mail.example.com> healthcheck
Analyzing the system to determine current health of the system.
The analysis may take a while, depending on the size of the historical data.
System analysis is complete.
The analysis indicates that the system has experienced the following issue(s)recently:
Entered Resource conservation mode
Delay in mail processing

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-88

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

High CPU usage

High memory usage
Based on this analysis,
we recommend you to contact Cisco Customer Support before upgrading.

healthconfig
Description
Configure the threshold of various health parameters of your appliance such as CPU usage, maximum
messages in work queue and so on

Usage
Commit: This command requires commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command does not support a batch format.

Example
mail.example.com> healthconfig

Choose the operation you want to perform:

- WORKQUEUE - View and edit workqueue-health configuration.
- CPU - View and edit CPU-health configuration.
- SWAP - View and edit swap-health configuration.
[]> workqueue
Number of messages in the workqueue : 0
Current threshold on the workqueue size : 500
Alert when exceeds threshold : Disabled
Do you want to edit the settings? [N]> y
Please enter the threshold value for number of messages in work queue.
[500]> 550
Do you want to receive alerts if the number of messages in work queue exceeds
threshold value? [N]> n

Choose the operation you want to perform:

- WORKQUEUE - View and edit workqueue-health configuration.
- CPU - View and edit CPU-health configuration.
- SWAP - View and edit swap-health configuration.
[]> cpu
Overall CPU usage : 0 %
Current threshold on the overall CPU usage: 85 %
Alert when exceeds threshold : Disabled
Do you want to edit the settings? [N]> y
Please enter the threshold value for overall CPU usage (in percent)
[85]> 90

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-89

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Do you want to receive alerts if the overall CPU usage exceeds threshold value?[N]> n

Choose the operation you want to perform:

- WORKQUEUE - View and edit workqueue-health configuration.
- CPU - View and edit CPU-health configuration.
- SWAP - View and edit swap-health configuration.
[]> swap
Number of pages swapped from memory in a minute : 0
Current threshold on the number of pages swapped from memory per minute : 5000
Alert when exceeds threshold : Disabled
Do you want to edit the settings? [N]> y
Please enter the threshold value for number of pages swapped from memory in a
minute.
[5000]> 5500
Do you want to receive alerts if number of pages swapped from memory in a
minute exceeds the threshold? [N]> n

Choose the operation you want to perform:

- WORKQUEUE - View and edit workqueue-health configuration.
- CPU - View and edit CPU-health configuration.
- SWAP - View and edit swap-health configuration.
[]>

ntpconfig
Description
The ntpconfig command configures AsyncOS to use Network Time Protocol (NTP) to synchronize the
system clock with other computers. NTP can be turned off using the settime command.

Example
mail3.example.com> ntpconfig
Currently configured NTP servers:
1. time.ironport.com
Choose the operation you want to perform:
- NEW - Add a server.
- DELETE - Remove a server.
- SOURCEINT - Set the interface from whose IP address NTP queries should originate.
[]> new

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-90

Chapter 3

The Commands: Reference Examples

Only the network settings will be preserved.

Before running this command, be sure you have:

- saved the configuration file of this appliance (with passwords unmasked)
- exported the IronPort Spam Quarantine safelist/blocklist database
to another machine (if applicable)
- waited for the mail queue to empty
Reverting the device causes an immediate reboot to take place.
After rebooting, the appliance reinitializes itself and reboots
again to the desired version.

Available versions
=================
1. 9.1.0-019
Please select an AsyncOS version [1]:
Do you want to continue? [N]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-94

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

settime
Description
The settime command allows you to manually set the time if you are not using an NTP server. The
command asks you if you want to stop NTP and manually set the system clock. Enter the time is using
this format: MM/DD/YYYY HH:MM:SS.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> settime
WARNING: Changes to system time will take place immediately
and do not require the user to run the commit command.
Current time 09/23/2001 21:03:53.
This machine is currently running NTP.
In order to manually set the time, NTP must be disabled.
Do you want to stop NTP and manually set the time? [N]> Y
Please enter the time in MM/DD/YYYY HH:MM:SS format.
[]> 09/23/2001 21:03:53
Time set to 09/23/2001 21:03:53.

settz
Description
Set the local time zone.

Example
mail3.example.com> settz
Current time zone: Etc/GMT
Current time zone version: 2010.02.0

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-95

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Choose the operation you want to perform:

- SETUP - Set the local time zone.
[]> setup
Please choose your continent:
1. Africa
2. America
[ ... ]
11. GMT Offset
[2]> 2
Please choose your country:
1. Anguilla
[ ... ]
45. United States
46. Uruguay
47. Venezuela
48. Virgin Islands (British)
49. Virgin Islands (U.S.)
[45]> 45
Please choose your timezone:
1. Alaska Time (Anchorage)
2. Alaska Time - Alaska panhandle (Juneau)
[ ... ]
21. Pacific Time (Los_Angeles)
[21]> 21
Current time zone: America/Los_Angeles
Choose the operation you want to perform:
- SETUP - Set the local time zone.
[]>

shutdown
Description
Shut down the system to power off

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> shutdown
Enter the number of seconds to wait before abruptly closing connections.
[30]>
System shutting down.

Please wait while the queue is being closed.

Closing CLI connection.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-96

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Use the power button (in 30 seconds) to turn off the machine.

sshconfig
Description
Configure SSH server and user key settings.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to cluster mode.
Batch Command: This command does not support a batch format.
Reboot. Reboot is required for changes to take effect.

Example
In the following example, a new public key is installed for the administrator account:
mail.example.com> sshconfig
Choose the operation you want to perform:
- SSHD - Edit SSH server settings.
- USERKEY - Edit SSH User Key settings
[]> userkey
Currently installed keys for admin:
Choose the operation you want to perform:
- NEW - Add a new key.
- USER - Switch to a different user to edit.
[]> new
Please enter the public SSH key for authorization.
Press enter on a blank line to finish.
[-paste public key for user authentication here-]
Choose the operation you want to perform:
- SSHD - Edit SSH server settings.
- USERKEY - Edit SSH User Key settings
[]>

The following example shows how to edit the SSH server configuration.
mail.example.com> sshconfig
Choose the operation you want to perform:
- SSHD - Edit SSH server settings.
- USERKEY - Edit SSH User Key settings
[]> sshd
ssh server config settings:
Public Key Authentication Algorithms:
rsa1
ssh-dss
ssh-rsa

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-97

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Cipher Algorithms:
aes128-ctr
aes192-ctr
aes256-ctr
arcfour256
arcfour128
aes128-cbc
3des-cbc
blowfish-cbc
cast128-cbc
aes192-cbc
aes256-cbc
arcfour
[email protected]
MAC Methods:
hmac-md5
hmac-sha1
[email protected]
hmac-ripemd160
[email protected]
hmac-sha1-96
hmac-md5-96
Minimum Server Key Size:
1024
KEX Algorithms:
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
Choose the operation you want to perform:
- SETUP - Setup SSH server configuration settings
[]> setup
Enter the Public Key Authentication Algorithms do you want to use
[rsa1,ssh-dss,ssh-rsa]>
Enter the Cipher Algorithms do you want to use
[aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,c
ast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]]>
Enter the MAC Methods do you want to use
[hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha
1-96,hmac-md5-96]>
Enter the Minimum Server Key Size do you want to use
[1024]>
Enter the KEX Algorithms do you want to use
[diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-gr
oup14-sha1,diffie-hellman-group1-sha1]>
ssh server config settings:
Public Key Authentication Algorithms:
rsa1
ssh-dss
ssh-rsa
Cipher Algorithms:
aes128-ctr
aes192-ctr
aes256-ctr
arcfour256
arcfour128
aes128-cbc

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-98

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

3des-cbc
blowfish-cbc
cast128-cbc
aes192-cbc
aes256-cbc
arcfour
[email protected]
MAC Methods:
hmac-md5
hmac-sha1
[email protected]
hmac-ripemd160
[email protected]
hmac-sha1-96
hmac-md5-96
Minimum Server Key Size:
1024
KEX Algorithms:
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
Choose the operation you want to perform:
- SETUP - Setup SSH server configuration settings
[]>

Choose the operation you want to perform:

- SSHD - Edit SSH server settings.
- USERKEY - Edit SSH User Key settings
[]>

status
Description
Show system status.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> status
Status as of:
Up since:
Last counter reset:
System status:
Oldest Message:
Feature - McAfee:

Thu Oct 21 14:33:27 2004 PDT

Wed Oct 20 15:47:58 2004 PDT (22h 45m 29s)
Never
Online
4 weeks 46 mins 53 secs
161 days

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-99

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

[....]
Feature - Outbreak Filters:

161 days

Counters:
Receiving
Messages Received
Recipients Received
Rejection
Rejected Recipients
Dropped Messages
Queue
Soft Bounced Events
Completion
Completed Recipients
Current IDs
Message ID (MID)
Injection Conn. ID (ICID)
Delivery Conn. ID (DCID)
Gauges:
Connections
Current Inbound Conn.
Current Outbound Conn.
Queue
Active Recipients
Messages In Work Queue
Kilobytes Used
Kilobytes Free
Quarantine
Messages In Quarantine
Policy, Virus and Outbreak
Kilobytes In Quarantine
Policy, Virus and Outbreak

Reset

Uptime

Lifetime

62,049,822
62,049,823

290,920
290,920

62,049,822
62,049,823

3,949,663
11,606,037

11,921
219

3,949,663
11,606,037

2,334,552

13,598

2,334,552

50,441,741

332,625

50,441,741
99524480
51180368
17550674

Current
0
14
1
0
92
8,388,516

0
0

supportrequest
Description
Send a message to Cisco customer support. This command requires that the appliance is able to send
mail to the Internet. A trouble ticket is automatically created, or you can associate the support request
with an existing trouble ticket.
To access Cisco technical support directly from the appliance, your Cisco.com user ID must be
associated with your service agreement contract for this appliance. To view a list of service contracts
that are currently associated with your Cisco.com profile, visit the Cisco.com Profile Manager at
https://sso.cisco.com/autho/forms/CDClogin.html. If you do not have a Cisco.com user ID, register to
get one. See information about registering for an account in the online help or user guide for your release.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-100

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Example
The following example shows a support request that is not related to an existing support ticket.
mail.example.com> supportrequest
Please Note:
If you have an urgent issue, please call one of our worldwide Support Centers
(www.cisco.com/support). Use this command to open a technical support request
for issues that are not urgent, such as:
- Request for information.
- Problem for which you have a work-around, but would like an alternative
solution.
Do you want to send the support request to [email protected]?
[Y]>
Do you want to send the support request to additional recipient(s)?
[N]>
Is this support request associated with an existing support ticket?
[N]>
Please select a technology related to this support request:
1. Security - Email and Web
2. Security - Management
[1]> 1
Please select a subtechnology related to this
1. Cisco Email Security Appliance (C1x0,C3x0,
Messages
2. Cisco Email Security Appliance (C1x0,C3x0,
3. Cisco Email Security Appliance (C1x0,C3x0,
4. Email Security Appliance - Virtual
[1]> 3

support request:
C6x0, X10x0) - Misclassified
C6x0, X10x0) - SBRS
C6x0, X10x0) - Other

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-101

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

It is important to associate all your service contracts with your Cisco.com profile (CCO
ID) in order for you to receive complete access to support and
services from Cisco. Please follow the URLs below to associate your contract coverage on
your Cisco.com profile. If you do not have a CCO ID, please follow
the URL below to create a CCO ID.
How to create a CCO ID:
https://tools.cisco.com/RPF/register/register.do
How to associate your CCO ID with contract:
https://tools.cisco.com/RPFA/profile/profile_management.do
Frequently Asked Question:
http://www.cisco.com/web/ordering/cs_info/faqs/index.html
Select the CCOID
1. New CCOID
[1]>
Please enter the CCOID of the contact person :
[]> your name
The CCO ID may contain alphabets, numbers and '@', '.', '-' and '_' symbols.
Please enter the CCOID of the contact person :
[]> [email protected]
Please enter the name of the contact person :
[]> yourname
Please enter your email address:
[]> [email protected]
Please enter the contract ID:
[]> 1234
Please enter any additional contact information (e.g. phone number):
[]>
Please wait while configuration information is generated...
Do you want to print the support request to the screen?
[N]>

supportrequeststatus
Description
Display Support Request Keywords version information for requesting support from Cisco TAC.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-102

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Example
mail.example.com> supportrequeststatus
Component
Support Request

Version
1.0

Last Updated
Never updated

supportrequestupdate
Description
Request manual update of Support Request Keywords for requesting support from Cisco TAC.

Example
mail.example.com> supportrequestupdate
Requesting update of Support Request Keywords.

suspend
Description
Suspend receiving and deliveries

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> suspend
Enter the number of seconds to wait before abruptly closing connections.
[30]> 45
Waiting for listeners to exit...
Receiving suspended for Listener 1.
Waiting for outgoing deliveries to finish...
Mail delivery suspended.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-103

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

mail3.example.com>

suspenddel
Description
Suspend deliveries

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail.example.com> suspenddel
Enter the number of seconds to wait before abruptly closing connections.
[30]>
Enter one or more domains [comma-separated] to which you want to suspend delivery.
[ALL]> domain1.com, domain2.com, domain3.com
Waiting for outgoing deliveries to finish...
Mail delivery suspended.

suspendlistener
Description
Suspend receiving.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> suspendlistener
Choose the listener(s) you wish to suspend.
Separate multiple entries with commas.
1. All
2. InboundMail

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-104

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

3. OutboundMail
[1]> 1
Enter the number of seconds to wait before abruptly closing connections.
[30]>
Waiting for listeners to exit...
Receiving suspended.
mail3.example.com>

tcpservices
Description
Display information about files opened by processes.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail.cisco.com> tcpservices
System Processes
ftpd.main
ginetd
interface
ipfw
slapd
sntpd
sshd
syslogd
winbindd
-

(Note: All processes may not always be present)

The FTP daemon
The INET daemon
The interface controller for inter-process communication
The IP firewall
The Standalone LDAP daemon
The SNTP daemon
The SSH daemon
The system logging daemon
The Samba Name Service Switch daemon

Feature Processes
euq_webui
- GUI for ISQ
gui
- GUI process
hermes
- MGA mail server
postgres
- Process for storing and querying quarantine data
splunkd
- Processes for storing and querying Email Tracking data
COMMAND
interface
postgres
qabackdoo
ftpd.main
euq_webui
euq_webui
gui
gui
gui
gui
gui

USER
root
pgsql
root
root
root
root
root
root
root
root
root

TYPE
IPv4
IPv4
IPv4
IPv4
IPv4
IPv6
IPv4
IPv4
IPv6
IPv4
IPv4

NODE
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP

NAME
127.0.0.1:53
127.0.0.1:5432
*:8123
10.1.1.0:21
10.1.1.0:83
[2001:db8::]:83
172.29.181.70:80
10.1.1.0:80
[2001:db8::]:80
172.29.181.70:443
10.1.1.0:443

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-105

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

gui
ginetd
ginetd
ginetd
ginetd
ginetd
hermes
splunkd
splunkd
api_serve
api_serve
api_serve
api_serve
java

root
root
root
root
root
root
root
root
root
root
root
root
root
root

IPv6
IPv4
IPv4
IPv6
IPv4
IPv6
IPv4
IPv4
IPv4
IPv4
IPv6
IPv4
IPv6
IPv6

TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP

[2001:db8::]:443
172.29.181.70:22
10.1.1.0:22
[2001:db8::]:22
10.1.1.0:2222
[2001:db8::]:2222
172.29.181.70:25
127.0.0.1:8089
127.0.0.1:9997
10.1.1.0:6080
[2001:db8::]:6080
10.1.1.0:6443
[2001:db8::]:6443
[::127.0.0.1]:9999

techsupport
Description
Allow Cisco TAC to access your system.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> techsupport
Service Access currently disabled.
Serial Number: XXXXXXXXXXXX-XXXXXXX
Choose the operation you want to perform:
- SSHACCESS - Allow a Cisco IronPort Customer Support representative to remotely access
your system, without establishing a tunnel.
- TUNNEL - Allow a Cisco IronPort Customer Support representative to remotely access your
system, and establish a secure tunnel for communication.
- STATUS - Display the current techsupport status.
[]> sshaccess
A random seed string is required for this operation
1. Generate a random string to initialize secure communication (recommended)
2. Enter a random string
[1]> 1
Are you sure you want to enable service access? [N]> y
Service access has been ENABLED.

Please provide the string:

QT22-JQZF-YAQL-TL8L-8@2L-95
to your Cisco IronPort Customer Support representative.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-106

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Service Access currently ENABLED (0 current service logins).

Tunnel option is not active.
Serial Number: XXXXXXXXXXXX-XXXXXXX
Choose the operation you want to perform:
- DISABLE - Prevent customer service representatives from remotely accessing your system.
- STATUS - Display the current techsupport status.
[]>

tlsverify
Description
Establish an outbound TLS connection on demand and debug any TLS connection issues concerning a
destination domain. To create the connection, specify the domain to verify against and the destination
host. AsyncOS checks the TLS connection based on the Required (Verify) TLS setting

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command supports a batch format.

Batch Format
The batch format of the tlsverify command can be used to perform all the fuctions of the traditional
CLI command to check the TLS connection to the given hostname.
tlsverify <domain> <hostname>[:<port>]

Example
mail3.example.com> tlsverify
Enter the TLS domain to verify against:
[]> example.com
Enter the destination host to connect to.
connecting on port 25:
[example.com]> mxe.example.com:25

Append the port (example.com:26) if you are not

Connecting to 1.1.1.1 on port 25.

Connected to 1.1.1.1 from interface 10.10.10.10.
Checking TLS connection.
TLS connection established: protocol TLSv1, cipher RC4-SHA.
Verifying peer certificate.
Verifying certificate common name mxe.example.com.
TLS certificate match mxe.example.com
TLS certificate verified.
TLS connection to 1.1.1.1 succeeded.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-107

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

TLS successfully connected to mxe.example.com.

TLS verification completed.

trace
Description
Trace the flow of a message through the system

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> trace
Enter the source IP
[]> 192.168.1.1
Enter the fully qualified domain name of the source IP
[]> example.com
Select the listener to trace behavior on:
1. InboundMail
2. OutboundMail
[1]> 1
Fetching default SenderBase values...
Enter the SenderBase Org ID of the source IP.
[N/A]>

The actual ID is N/A.

Enter the SenderBase Reputation Score of the source IP.

[N/A]>

The actual score is N/A.

Enter the Envelope Sender address:

[]> [email protected]
Enter the Envelope Recipient addresses.
[]> [email protected]
Load message from disk?

Separate multiple addresses by commas.

[Y]> n

Enter or paste the message body here. Enter '.' on a blank line to end.
Subject: Hello
This is a test message.
.
HAT matched on unnamed sender group, host ALL
- Applying $ACCEPTED policy (ACCEPT behavior).
- Maximum Message Size: 100M (Default)
- Maximum Number Of Connections From A Single IP: 1000 (Default)
- Maximum Number Of Messages Per Connection: 1,000 (Default)
- Maximum Number Of Recipients Per Message: 1,000 (Default)
- Maximum Recipients Per Hour: 100 (Default)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-108

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Use SenderBase For Flow Control: Yes (Default)

Spam Detection Enabled: Yes (Default)
Virus Detection Enabled: Yes (Default)
Allow TLS Connections: No (Default)

Processing MAIL FROM:

- Default Domain Processing:

No Change

Processing Recipient List:

Processing [email protected]
- Default Domain Processing: No Change
- Domain Map: No Change
- RAT matched on [email protected], behavior = ACCEPT
- Alias expansion: No Change
Message Processing:
- No Virtual Gateway(tm) Assigned
- No Bounce Profile Assigned
Domain Masquerading/LDAP Processing:
- No Changes.
Processing filter 'always_deliver':
Evaluating Rule:
rcpt-to == "@mail.qa"
Result = False
Evaluating Rule:
rcpt-to == "ironport.com"
Result = True
Evaluating Rule:
OR
Result = True
Executing Action: deliver()
Footer Stamping:
- Not Performed
Inbound Recipient Policy Processing: (matched on Management Upgrade policy)
Message going to: [email protected]
AntiSpam Evaluation:
- Not Spam
AntiVirus Evaluation:
- Message Clean.
- Elapsed Time = '0.000 sec'
Outbreak Filter Evaluation:
- No threat detected
Message Enqueued for Delivery
Would you like to see the resulting message? [Y]> y

Final text for messages matched on policy Management Upgrade

Final Envelope Sender: [email protected]
Final Recipients:
- [email protected]
Final Message Content:
Received: from remotehost.example.com (HELO TEST) (1.2.3.4)
by stacy.qa with TEST; 19 Oct 2004 00:54:48 -0700
Message-Id: <3i93q9$@Management>
X-IronPort-AV: i="3.86,81,1096873200";
d="scan'208"; a="0:sNHT0"

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-109

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Subject: hello
This is a test message.
Run through another debug session? [N]>

Note

When using trace, you must include both the header and the body of the message pasted into the CLI.

trackingconfig
Description
Configure the tracking system.

Example
mail.example.com> trackingconfig
Message Tracking service status: Message Tracking is enabled.
Choose the operation you want to perform:
- SETUP - Enable Message Tracking for this appliance.
[]> setup
Would you like to use the Message Tracking Service? [Y]>
Do you want to use Centralized Message Tracking for this appliance? [N]>
Would you like to track rejected connections? [N]>
Message Tracking service status: Local Message Tracking is enabled.
Rejected connections are currently not being tracked.
Choose the operation you want to perform:
- SETUP - Enable Message Tracking for this appliance.
[]>

tzupdate
Description
Update timezone rules

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-110

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Batch Format
The batch format of the tzupdate command forces an update off all time zone rules even if no changes
are detected.
tzupdate [force]

Example
mail.example.com> tzupdate
Requesting update of Timezone Rules

updateconfig
Description
Configure system update parameters.

Examples

Configure the Appliance to Download Updates from Updater Servers, page 3-111

Configure the Appliance to Verify the Validity of Updater Server Certificate, page 3-114

Configure the Appliance to Trust Proxy Server Communication, page 3-115

Configure the Appliance to Download Updates from Updater Servers

In the following example, the updateconfig command is used to configure the appliance to download
update images from Cisco servers and download the list of available AsyncOS upgrades from a local
server.
mail.example.com> updateconfig
Service (images):

Timezone rules
Enrollment Client Updates (used to fetch certificates for URL Filtering)
Support Request updates
Cisco IronPort AsyncOS upgrades

[N]>
Do you want to set up an HTTPS proxy server for HTTPS updates for ALL of the following
services:
-

Feature Key updates

Timezone rules
Enrollment Client Updates (used to fetch certificates for URL Filtering)
Support Request updates
Cisco IronPort AsyncOS upgrades
SenderBase Network Participation sharing

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-113

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

[N]>
Service (images):

Update URL:

-----------------------------------------------------------------------------------------Feature Key updates

Update URL:

-----------------------------------------------------------------------------------------Timezone rules
Cisco IronPort Servers
Enrollment Client Updates Cisco IronPort Servers
Support Request updates
Cisco IronPort Servers
Service (list):

Update URL:

-----------------------------------------------------------------------------------------Cisco IronPort AsyncOS upgrades

Configure the Appliance to Verify the Validity of Updater Server Certificate

If you configure this option, every time the appliance communicates the Cisco updater server, the
validity of the updater server certificate is verified. If the verification fails, updates are not downloaded
and the details are logged in Updater Logs. The following example shows how to configure this option:
mail.example.com> updateconfig
Service (images):

Update URL:

-----------------------------------------------------------------------------------------Feature Key updates

Update URL:

-----------------------------------------------------------------------------------------Cisco IronPort AsyncOS upgrades

Cisco IronPort Servers

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-114

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Update interval: 5m
Proxy server: not enabled
HTTPS Proxy server: not enabled
Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> validate_certificates
Should server certificates from Cisco update servers be validated?
[Yes]>
Service (images):
Update URL:
-----------------------------------------------------------------------------------------Feature Key updates
http://downloads.ironport.com/asyncos
Timezone rules
Cisco IronPort Servers
Enrollment Client Updates
Cisco IronPort Servers
Support Request updates
Cisco IronPort Servers
Cisco IronPort AsyncOS upgrades
Cisco IronPort Servers
Service (list):

Update URL:

-----------------------------------------------------------------------------------------Cisco IronPort AsyncOS upgrades

Configure the Appliance to Trust Proxy Server Communication

If you are using a non-transparent proxy server, you can add the CA certificate used to sign the proxy
certificate to the appliance. By doing so, the appliance trusts the proxy server communication. The
following example shows how to configure this option:
...
Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> trusted_certificates

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-115

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

- ADD - Upload a new trusted certificate for updates.

[]> add
Paste certificates to be trusted for secure updater connections, blank to quit
Trusted Certificate for Updater:
Paste cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE----MMIICiDCCAfGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCSU4x
DDAKBgNVBAgTA0tBUjENM............................................
-----END CERTIFICATE----.
Choose the operation you want to perform:
- ADD - Upload a new trusted certificate for updates.
- LIST - List trusted certificates for updates.
- DELETE - Delete a trusted certificate for updates.
[]>

updatenow
Description
Requests an update to all system service components.

Batch Format
The batch format of the updatenow command can be used to update all components on the appliance even
if no changes are detected.
updatenow [force]

Example
mail3.example.com> updatenow
Success - All component updates requested

version
Description
View system version information

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-116

Chapter 3

The Commands: Reference Examples

General Management/Administration/Troubleshooting

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> version
Current Version
===============
Product: Cisco C100V Email Security Virtual Appliance
Model: C100V
Version: 9.1.0-019
Build Date: 2015-02-17
Install Date: 2015-02-19 05:17:56
Serial #: 421C73B18CFB05784A83-B03A99E71ED8
BIOS: 6.00
CPUs: 2 expected, 2 allocated
Memory: 6144 MB expected, 6144 MB allocated
RAID: NA
RAID Status: Unknown
RAID Type: NA
BMC: NA

wipedata
Description
Use the wipedata command to wipe the core files on the disk and check the status of the last coredump
operation.

Note

Depending on the size of the data, wipe action may take a while and can affect the system performance
until the action is complete.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail.example.com> wipedata
Wiping data may take a while and can affect system performance till it completes.
Choose the operation you want to perform:
- STATUS - Display status of last command run

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-117

Chapter 3

The Commands: Reference Examples

LDAP

- COREDUMP - Wipe core files on disk

[]> coredump
wipedata: In progress
mail.example.com> wipedata
Wiping data may take a while and can affect system performance till it completes.
Choose the operation you want to perform:
- STATUS - Display status of last command run
- COREDUMP - Wipe core files on disk
[]> status
Last wipedata status: Successful

upgrade
Description
The upgrade CLI command displays a list of available upgrades and upgrades the AsyncOS system to
the version specified by the user.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> upgrade
Upgrades available:
1. AsyncOS (***DON'T TOUCH!***) 4.0.8 upgrade, 2005-05-09 Build 900
2. AsyncOS 4.0.8 upgrade, 2005-08-12 Build 030
.......
45. SenderBase Network Participation Patch
[45]>
Performing an upgrade will require a reboot of the system after the upgrade is applied.
Do you wish to proceed with the upgrade? [Y]> Y

LDAP
This section contains the following CLI commands:

ldapconfig

ldapflush

ldaptest

sievechar

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-118

Chapter 3

The Commands: Reference Examples

LDAP

ldapconfig
Description
Configure LDAP servers

Example - Creating a New LDAP Server Profile

In the following example, the ldapconfig command is used to define an LDAP server for the appliance
to bind to, and queries for recipient acceptance (ldapaccept subcommand), routing (ldaprouting
subcommand), masquerading (masquerade subcommand), end-user authentication for the Spam
Quarantine (isqauth subcommand), and alias consolidation for spam notifications (isqalias
subcommand) are configured.
First, the nickname of PublicLDAP is given for the mldapserver.example.com LDAP server. Queries
are directed to port 3268 (the default). The search base of example.com is defined (dc=example,dc=com),
and queries for recipient acceptance, mail re-routing, and masquerading are defined. The queries in this
example are similar to an OpenLDAP directory configuration which uses the inetLocalMailRecipient
auxiliary object class defined in the expired Internet Draft draft-lachman-laser-ldap-mail-routing-xx.txt,
also sometimes known as the Laser spec. (A version of this draft is included with the OpenLDAP
source distribution.) Note that in this example, the alternate mailhost to use for queried recipients in the
mail re-routing query is mailForwardingAddress. Remember that query names are case-sensitive and
must match exactly in order to return the proper results.
mail3.example.com> ldapconfig
No LDAP server configurations.
Choose the operation you want to perform:
- NEW - Create a new server configuration.
- SETUP - Configure LDAP options.
[]> new
Please create a name for this server configuration (Ex: "PublicLDAP"):
[]> PublicLDAP
Please enter the hostname:
[]> myldapserver.example.com
Use SSL to connect to the LDAP server? [N]> n
Select the authentication method to use for this server configuration:
1. Anonymous
2. Password based
[1]> 2
Please enter the bind username:
[cn=Anonymous]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-119

Chapter 3

The Commands: Reference Examples

LDAP

LDAP

Current LDAP server configurations:

1. PublicLDAP: (myldapserver.example.com:3268)
Choose the operation you want to perform:
- NEW - Create a new server configuration.
- SETUP - Configure LDAP options.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
[]>

Example - Configuring Global Settings

In the following example, the LDAP global settings are configured, including the certificate for TLS
connections.
mail3.example.com> ldapconfig
No LDAP server configurations.

Choose the operation you want to perform:

- NEW - Create a new server configuration.
- SETUP - Configure LDAP options.
[]> setup
Choose the IP interface for LDAP traffic.
1. Auto
2. Management (10.92.145.175/24: esx16-esa01.qa)
[1]> 1
LDAP will determine the interface automatically.
Should group queries that fail to complete be silently treated as having
negative results? [Y]>
The "Demo" certificate is currently configured. You may use "Demo", but this will not be
secure.

1. partner.com
2. Demo
Please choose the certificate to apply:
[1]> 1
No LDAP server configurations.

Choose the operation you want to perform:

- NEW - Create a new server configuration.
- SETUP - Configure LDAP options.
[]>

ldapflush
Description
Flush any cached LDAP results.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-123

Chapter 3

The Commands: Reference Examples

LDAP

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
mail3.example.com> ldapflush
Are you sure you want to flush any cached LDAP results? [N]> y
Flushing cache
mail3.example.com>

ldaptest
Description
Perform a single LDAP query test

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
In this example, the ldaptest command is used to test the only recipient acceptance query for the
configured LDAP server configuration. The recipient address [email protected] passes the test,
while the recipient address [email protected] fails.
mail3.example.com> ldaptest
Select which LDAP query to test:
1. PublicLDAP.ldapaccep
[1]> 1
Address to use in query:
[]> [email protected]
LDAP query test results:
Query: PublicLDAP.ldapaccept
Argument: [email protected]
Action: pass
LDAP query test finished.
mail3.example.com> ldaptest
Select which LDAP query to test:
1. PublicLDAP.ldapaccep
[1]> 1

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-124

Chapter 3

The Commands: Reference Examples

LDAP

Address to use in query:

[]> [email protected]
LDAP query test results:
Query: PublicLDAP.ldapaccept
Argument: [email protected]
Action: drop or bounce (depending on listener settings)
Reason: no matching LDAP record was found
LDAP query test finished.
mail3.example.com>

sievechar
Description
Sets or disables the character used for Sieve Email Filtering, as described in RFC 3598. Note that the
Sieve Character is ONLY recognized in LDAP Accept and LDAP Reroute queries. Other parts of the
system will operate on the complete email address.
Allowable characters are: -_=+/^#

Example
In this example, the sievechar command is used to define + as the sieve character recognized in Accept
and LDAP Reroute queries.
mail3.example.com> sievechar
Sieve Email Filtering is currently disabled.
Choose the operation you want to perform:
- SETUP - Set the separator character.
[]> setup
Enter the Sieve Filter Character, or a space to disable Sieve Filtering.
[]> +
Sieve Email Filter is enabled, using the '+' character as separator.
This applies only to LDAP Accept and LDAP Reroute Queries.
Choose the operation you want to perform:
- SETUP - Set the separator character.
[]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-125

Chapter 3
Mail Delivery Configuration/Monitoring

Mail Delivery Configuration/Monitoring

This section contains the following CLI commands:

addresslistconfig

aliasconfig

archivemessage

altsrchost

bounceconfig

bouncerecipients

bvconfig

deleterecipients

deliveryconfig

delivernow

destconfig

hostrate

hoststatus

imageanalysisconfig

oldmessage

rate

redirectrecipients

resetcounters

removemessage

showmessage

showrecipients

status

tophosts

topin

unsubscribe

workqueue

addresslistconfig
Description
Configure address lists.

Usage
Commit: This command requires a commit.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-126

The Commands: Reference Examples

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

Batch Format
The batch format for the addresslistconfig command can be used to create a new address list, edit an
existing address list, print a list of address lists, delete an address list, or find conflicting addresses within
an address list.

Adding a new address list

addresslistconfig new <name> --descr=<description>
--addresses=<address1,address2,...>

Editing an existing address list:

addresslistconfig edit <name> --name=<new-name> --descr=<description>
--addresses=<address1,address2,...>

Deleting an address list:

addresslistconfig delete <name>

Printing a list of address lists:

addresslistconfig print <name>

Finding conflicting addresses within an address list:

addresslistconfig conflicts <name>

Example
mail.example.com> addresslistconfig
No address lists configured.
Choose the operation you want to perform:
- NEW - Create a new address list.
[]> new
Enter a name for the address list:
> add-list1
Enter a description for the address list:
> This is a sample address list.
Do you want to enter only full Email Addresses? [N]> Y
Enter a comma separated list of addresses:
(e.g.: [email protected])
> [email protected], [email protected]

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-127

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Address list "add-list1" added.

Choose the operation you want to perform:
- NEW - Create a new address list.
- EDIT - Modify an address list.
- DELETE - Remove an address list.
- PRINT - Display the contents of an address list.
- CONFLICTS - Find conflicting entries within an address list.
[]>

aliasconfig
Description
Configure email aliases.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

Batch Format
The batch format of the aliasconfig command can be used to add a new alias table, edit an existing table,
print a list of email aliases, and import/export alias table. To invoke as a batch command, use the
following format of the aliasconfig command with the variables listed below:

Adding a new email alias:

aliasconfig new <domain> <alias> [email_address1] [email_address2] ...

Note

Using the aliasconfig new command with a non-existant domain causes the domain to be created.

Editing an existing email alias

aliasconfig edit <domain> <alias> <email_address1] [email_address2] ...

Displaying an email alias:

aliasconfig print

Importing a local alias listing:

aliasconfig import <filename>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-128

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Exporting an alias listing on the appliance:

aliasconfig export <filename>

Example
mail3.example.com> aliasconfig
Enter address(es) for "customercare".
Separate multiple addresses with commas.
[]> [email protected], [email protected], [email protected]
Adding alias customercare: [email protected],[email protected],[email protected]
Do you want to add another alias? [N]> n

There are currently 1 mappings defined.

Choose the operation you want to perform:
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- PRINT - Display the table.
- IMPORT - Import aliases from a file.
- EXPORT - Export table to a file.
- CLEAR - Clear the table.
[]> new
How do you want your aliases to apply?
1. Globally
2. Add a new domain context
3. example.com
[1]> 1
Enter the alias(es) to match on.
Separate multiple aliases with commas.
Allowed aliases:
- "user@domain" - This email address.
- "user" - This user for any domain
- "@domain" - All users in this domain.
- "@.partialdomain" - All users in this domain, or any of its sub domains.
[]> admin
Enter address(es) for "admin".
Separate multiple addresses with commas.
[]> [email protected]
Adding alias admin: [email protected]
Do you want to add another alias? [N]> n

There are currently 2 mappings defined.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-129

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

[]> print
admin: [email protected]
[ example.com ]
customercare: [email protected], [email protected], [email protected]
There are currently 2 mappings defined.
Choose the operation you want to perform:
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- PRINT - Display the table.
- IMPORT - Import aliases from a file.
- EXPORT - Export table to a file.
- CLEAR - Clear the table.
[]>

Table 3-7

Arguments for Configuring Aliases

Argument

Description

The domain context in which an alias is applied. Global

specifies the Global Domain Context.
The name of the alias to configure
Aliases permitted at the Global Comain Context:
user@domain This email address.
user This user for any domain.
@domain All users in this domain.
@.partialdomain All users in this domain or any of its
sub-domains.
Aliases permitted for specific domain contexts:
user This user in this domain context

<alias>

user@domain This email address

<email_address>

The email address that an alias mapps to. A single alias can
map to multiple email addresses.

The filename to use with importing/exporting the alias table.

archivemessage
Description
Archive older messages in your queue.

Usage
Commit: This command does not require a commit.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-130

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Cluster Management: This command is restricted to machine mode..

Batch Command: This command does not support a batch format.

Example
In the following example, an older message is archived:
mail3.example.com> archivemessage
Enter the MID to archive.
[0]> 47
MID 47 has been saved in file oldmessage_47.mbox in the configuration

altsrchost
Description
Configure Virtual Gateway(tm) mappings.

Example
In the following example, the altsrchost table is printed to show that there are no existing mappings.
Two entries are then created:

Mail from the groupware server host named @exchange.example.com is mapped to the PublicNet
interface.

Mail from the sender IP address of 192.168.35.35 is mapped to the AnotherPublicNet interface.

Finally, the altsrchost mappings are printed to confirm and the changes are committed.
mail3.example.com> altsrchost
There are currently no mappings configured.
Choose the operation you want to perform:
- NEW - Create a new mapping.
- IMPORT - Load new mappings from a file.
[]> new
Enter the Envelope From address or client IP address for which you want to set up a
Virtual Gateway mapping. Partial addresses such as "@example.com" or "user@" are allowed.
[]> @exchange.example.com
Which interface do you want to send messages for @exchange.example.com from?
1. AnotherPublicNet (192.168.2.2/24: mail4.example.com)
2. Management (192.168.42.42/24: mail3.example.com)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-131

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

3. PrivateNet (192.168.1.1/24: mail3.example.com)

4. PublicNet (192.168.2.1/24: mail4.example.com)
[1]> 4
Mapping for @exchange.example.com on interface PublicNet created.
Choose the operation you want to perform:
- NEW - Create a new mapping.
- EDIT - Modify a mapping.
- DELETE - Remove a mapping.
- IMPORT - Load new mappings from a file.
- EXPORT - Export all mappings to a file.
- PRINT - Display all mappings.
- CLEAR - Remove all mappings.
[]> new
Enter the Envelope From address or client IP address for which you want to set up a
Virtual Gateway mapping. Partial addresses such as "@example.com" or "user@" are allowed.
[]> 192.168.35.35
Which interface do you want to send messages for 192.168.35.35 from?
1. AnotherPublicNet (192.168.2.2/24: mail4.example.com)
2. Management (192.168.42.42/24: mail3.example.com)
3. PrivateNet (192.168.1.1/24: mail3.example.com)
4. PublicNet (192.168.2.1/24: mail4.example.com)
[1]> 1
Mapping for 192.168.35.35 on interface AnotherPublicNet created.
Choose the operation you want to perform:
- NEW - Create a new mapping.
- EDIT - Modify a mapping.
- DELETE - Remove a mapping.
- IMPORT - Load new mappings from a file.
- EXPORT - Export all mappings to a file.
- PRINT - Display all mappings.
- CLEAR - Remove all mappings.
[]> print
1. 192.168.35.35 -> AnotherPublicNet
2. @exchange.example.com -> PublicNet
Choose the operation you want to perform:
- NEW - Create a new mapping.
- EDIT - Modify a mapping.
- DELETE - Remove a mapping.
- IMPORT - Load new mappings from a file.
- EXPORT - Export all mappings to a file.
- PRINT - Display all mappings.
- CLEAR - Remove all mappings.
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> Added 2 altsrchost mappings
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-132

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

bounceconfig
Description
Configure the behavior of bounces.

Example
In the following example, a bounce profile named bounceprofile is created using the bounceconfig
command. In this profile, all hard bounced messages are sent to the alternate address
[email protected]. Delay warnings messages are enabled. One warning message will be
sent per recipient, and the default value of 4 hours (14400 seconds) between warning messages is
accepted
mail3.example.com> bounceconfig
Current bounce profiles:
1. Default
Choose the operation you want to perform:
- NEW - Create a new profile.
- EDIT - Modify a profile.
[]> new
Please create a name for the profile:
[]> bounceprofile
Please enter the maximum number of retries.
[100]> 100
Please enter the maximum number of seconds a message may stay in the queue before being
hard bounced.
[259200]> 259200
Please enter the initial number of seconds to wait before retrying a message.
[60]> 60
Please enter the maximum number of seconds to wait before retrying a message.
[3600]> 3600
Do you want a message sent for each hard bounce? (Yes/No/Default) [Y]> y
Do you want bounce messages to use the DSN message format? (Yes/No/Default) [Y]> y
If a message is undeliverable after some interval, do you want to send a delay warning
message? (Yes/No/Default) [N]> y
Please enter the minimum interval in seconds between delay warning messages.
[14400]> 14400

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-133

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Please enter the maximum number of delay warning messages to send per
recipient.
[1]> 1
Do you want hard bounce and delay warning messages sent to an alternate address, instead
of the sender? [N]> y
Please enter the email address to send hard bounce and delay warning.
[]> [email protected]
Current bounce profiles:
1. Default
2. bounceprofile
Choose the operation you want to perform:
- NEW - Create a new profile.
- EDIT - Modify a profile.
- DELETE - Remove a profile.
[]>
mail3.example.com>

Editing the Default Bounce Profile

You can also edit the default bounce profile. In this example, the default profile is edited to increase the
maximum number of seconds to wait before retrying unreachable hosts from 3600 (one
hour) to 10800 (three hours):
mail3.example.com> bounceconfig
Current bounce profiles:
1. Default
2. bounceprofile
Choose the operation you want to perform:
- NEW - Create a new profile.
- EDIT - Modify a profile.
- DELETE - Remove a profile.
[]> edit
Please enter the number of the profile to edit:
[]> 2
Please enter the maximum number of retries.
[100]>
Please enter the maximum number of seconds a message may stay in the queue before being
hard bounced.
[259200]>
Please enter the initial number of seconds to wait before retrying a message.
[60]>
Please enter the maximum number of seconds to wait before retrying a message.
[3600]> 10800
Do you want a message sent for each hard bounce? (Yes/No/Default)[Y]>
Do you want bounce messages to use the DSN message format? (Yes/No/Default) [N]>
If a message is undeliverable after some interval, do you want to send a delay warning
message? (Yes/No/Default)[N]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-134

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Do you want hard bounce messages sent to an alternate address, instead of the sender? [Y]>
Please enter the email address to send hard bounce.
[[email protected]]>
Current bounce profiles:
1. Default
2. bounceprofile
Choose the operation you want to perform:
- NEW - Create a new profile.
- EDIT - Modify a profile.
- DELETE - Remove a profile.

Applying a Bounce Profile to a Listener

After a bounce profile has been configured, you can apply the profile for each listener using the
listenerconfig -> bounceconfig command and then committing the changes.

Note

Bounce profiles can be applied based upon the listener that a message was received on. However, this
listener has nothing to do with how the message is ultimately delivered.
In this example, the OutboundMail private listener is edited and the bounce profile named bouncepr1 is
applied to it.
mail3.example.com> listenerconfig
Currently configured listeners:
1. InboundMail (on PublicNet, 192.168.2.1) SMTP Port 25 Public
2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP Port 25 Private
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit
Enter the name or number of the listener you wish to edit.
[]> 2
Name: OutboundMail
Type: Private
Interface: PrivateNet (192.168.1.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 600 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Footer: None
LDAP: Off
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-135

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

- HOSTACCESS - Modify the Host Access Table.

- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> bounceconfig
Please choose a bounce profile to apply:
1. Default
2. bouncepr1
3. New Profile
[1]> 2
Name: OutboundMail
Type: Private
Interface: PrivateNet (192.168.1.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 600 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: bouncepr1
Footer: None
LDAP: Off
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]>
Currently configured listeners:
1. InboundMail (on PublicNet, 192.168.2.1) SMTP Port 25 Public
2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP Port 25 Private
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> Enabled the bouncepr1 profile to the Outbound mail listener
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

bouncerecipients
Description
Bounce messages from the queue.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-136

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
Recipients to be bounced are identified by either the destination recipient host or the message sender
identified by the specific address given in the Envelope From line of the message envelope. Alternately,
all messages in the delivery queue can be bounced at once.

Bounce by Recipient Host

mail3.example.com> bouncerecipients
Please select how you would like to bounce messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 1
Please enter the hostname for the messages you wish to bounce.
[]> example.com
Are you sure you want to bounce all messages being delivered to "example.com"? [N]> Y
Bouncing messages, please wait.
100 messages bounced.

Bounce by Envelope From Address

mail3.example.com> bouncerecipients
Please select how you would like to bounce messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 2
Please enter the Envelope From address for the messages you wish to bounce.
[]> [email protected]
Are you sure you want to bounce all messages with the Envelope From address of
"[email protected]"? [N]> Y
Bouncing messages, please wait.
100 messages bounced.

Bounce All
mail3.example.com> bouncerecipients
Please select how you would like to bounce messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-137

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Are you sure you want to bounce all messages in the queue? [N]> Y
Bouncing messages, please wait.
1000 messages bounced.

bvconfig
Description
Configure settings for Bounce Verification. Use this command to configure keys and invalid bounced
emails.

Example
The following exampe shows key configuration and settings configured for invalid bounced emails.
mail3.example.com> bvconfig
Behavior on invalid bounces: reject
Key for tagging outgoing mail: key
Previously-used keys for verifying incoming mail:
1. key (current outgoing key)
2. goodneighbor (last in use Wed May 31 23:21:01 2006 GMT)
Choose the operation you want to perform:
- KEY - Assign a new key for tagging outgoing mail.
- PURGE - Purge keys no longer needed for verifying incoming mail.
- CLEAR - Clear all keys including current key.
- SETUP - Set how invalid bounces will be handled.
[]> key
Enter the key to tag outgoing mail with (when tagging is enabled in the Good
Neighbor Table)
[]> basic_key
Behavior on invalid bounces: reject
Key for tagging outgoing mail: basic_key
Previously-used keys for verifying incoming mail:
1. basic_key (current outgoing key)
2. key (last in use Wed May 31 23:22:49 2006 GMT)
3. goodneighbor (last in use Wed May 31 23:21:01 2006 GMT)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-138

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Choose the operation you want to perform:

- KEY - Assign a new key for tagging outgoing mail.
- PURGE - Purge keys no longer needed for verifying incoming mail.
- CLEAR - Clear all keys including current key.
- SETUP - Set how invalid bounces will be handled.
[]> setup
How do you want bounce messages which are not addressed to a valid tagged
recipient to be handled?
1. Reject.
2. Add a custom header and deliver.
[1]> 1
Behavior on invalid bounces: reject
Key for tagging outgoing mail: basic_key
Previously-used keys for verifying incoming mail:
1. basic_key (current outgoing key)
2. key (last in use Wed May 31 23:22:49 2006 GMT)
3. goodneighbor (last in use Wed May 31 23:21:01 2006 GMT)
Choose the operation you want to perform:
- KEY - Assign a new key for tagging outgoing mail.
- PURGE - Purge keys no longer needed for verifying incoming mail.
- CLEAR - Clear all keys including current key.
- SETUP - Set how invalid bounces will be handled.
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> Configuring a new key and setting reject for invalid email bounces
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

deleterecipients
Description
Delete messages from the queue

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
The appliance gives you various options to delete recipients depending upon the need. The following
example show deleting recipients by recipient host, deleting by Envelope From Address, and deleting all
recipients in the queue.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-139

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Delete by Recipient Domain

mail3.example.com> deleterecipients
Please select how you would like to delete messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 1
Please enter the hostname for the messages you wish to delete.
[]> example.com
Are you sure you want to delete all messages being delivered to "example.com"? [N]> Y
Deleting messages, please wait.
100 messages deleted.

Delete by Envelope From Address

mail3.example.com> deleterecipients
Please select how you would like to delete messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 2
Please enter the Envelope From address for the messages you wish to delete.
[]> [email protected]
Are you sure you want to delete all messages with the Envelope From address of
"[email protected]"? [N]> Y
Deleting messages, please wait.
100 messages deleted.

Delete All
mail3.example.com> deleterecipients
Please select how you would like to delete messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 1
Are you sure you want to delete all messages in the queue? [N]> Y
Deleting messages, please wait.
1000 messages deleted.

deliveryconfig
Description
Configure mail delivery

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-140

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Example
In the following example, the deliveryconfig command is used to set the default interface to Auto
with Possible Delivery enabled. The system-wide maximum outbound message delivery is set to 9000
connections.
mail3.example.com> deliveryconfig
Choose the operation you want to perform:
- SETUP - Configure mail delivery.
[]> setup
Choose the default interface to deliver mail.
1. Auto
2. AnotherPublicNet (192.168.3.1/24: mail4.example.com)
3. Management (192.168.42.42/24: mail3.example.com)
4. PrivateNet (192.168.1.1/24: mail3.example.com)
5. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 1
Enable "Possible Delivery" (recommended)?

[Y]> y

Please enter the default system wide maximum outbound message delivery
concurrency
[10000]> 9000
mail3.example.com>

delivernow
Description
Reschedule messages for immediate delivery. Users have the option of selecting a single recipient host,
or all messages currently scheduled for delivery.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
mail3.example.com> delivernow
Please choose an option for scheduling immediate delivery.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-141

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

1. By recipient domain
2. All messages
[1]> 1
Please enter the recipient domain to schedule for delivery.
[]>foo.com
Scheduling all messages to foo.com for delivery.

destconfig
Formerly the setgoodtable command. The table is now called the Destination Control Table. Use this
table to configure delivery limits for a specified domain.

Using the destconfig Command

The following commands are available within the destconfig submenu:
Table 3-8

destconfig Subcommands

Syntax

Description

SETUP

Change global settings.

NEW

Add new limits for a domain.

EDIT

Modify the limits for a domain.

DELETE

Remove the limits for a domain.

DEFAULT

Change the default limits for non-specified domains.

LIST

Display the list of domains and their limits.

DETAIL

Display the details for one destination or all entries.

CLEAR

Remove all entries from the table.

IMPORT

Imports a table of destination control entries from a .INI

configuration file.

EXPORT

Exports a table of destination control entries to a .INI

configuration file.

The destconfig command requires the following information for each row in the Destination Controls
table.

Domain (recipient host)

Maximum simultaneous connections to the domain

Messages-per-connection limit

Recipient limit

System-wide or Virtual Gateway switch

Enforce limits per MX or domain

Time period for recipient limit (in minutes)

Bounce Verification

Bounce profile to use for the domain

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-142

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Sample Destination Control Table

The following table shows entries in a destination control table.
Table 3-9

Example Destination Control Table Entries

Domain

Conn. Limit

Rcpt. Limit

Min. Prd.

Enforce MX/DOM

(default)

500

None

Domain

Unlisted domains get their own set of 500 connections with unlimited rcpts/hr
(default)

500

None

MXIP

Mail gateways at unlisted domains get up to 500 connections, with unlimited rcpts/hr
partner.com

500

Domain

All gateways at partner.com will share 10 connections, with 500 rcpts/minute

maximum
101.202.101.2

500

None

MXIP

Specifying an IP address

Batch Format
The batch format of the destconfig command can be used to perform all the fuctions of the traditional
CLI command.

Creating a new destination control table

destconfig new <profile> [options]

Editing an existing destination control table

destconfig edit <default|profile> [options]

Deleting an existing destination control table

destconfig delete <profile>

Displaying a summary of all destination control entries

destconfig list

Displaying details for one destination or all entries

destconfig detail <default|profile|all>

Deleting all existing destination control table entries

destconfig clear

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-143

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Import table from a file

destconfig import <filename>

Export table to a file

destconfig export <filename>

For the edit and new batch commands, any or all of the following options may be provided by identifying
the value with the variable name and an equals sign. Options not specified will not be modified (if using
edit) or will be set to default values (if using new).
concurrency_limit=<int> - The maximum concurrency for a specific host.
concurrency_limit_type=<host|MXIP> - Maximum concurrency is per host or
per MX IP.
concurrency_limit_apply=<system|VG> - Apply maximum concurrency is system
wide or by Virtual Gateway(tm).
max_messages_per_connection=<int> - The maximum number of messages that
will be sent per connection.
recipient_limit_minutes=<int> - The time frame to check for recipient
limits in minutes.
recipient_limit=<int> - The number of recipients to limit per unit of
time.
use_tls=<off|on|require|on_verify|require_verify> - Whether TLS should be
on, off, or required for a given host.
bounce_profile=<default|profile> - The bounce profile name to use.
bounce_verification=<off|on> - Bounce Verification option.

Example: Creating a new destconfig Entry

In the following example, the current destconfig entries are printed to the screen. Then, a new entry for
the domain partner.com is created. The concurrency limit of 100 simultaneous connections and
recipient limit of 50 recipients for a 60-minute time period is set for that domain. So, the system will
never open more than 100 connections or deliver to more than more than 50 recipients in a given hour
to the domain partner.com. No bounce profile is assigned for this specific domain, and no specific TLS
setting is configured. Finally, the changes are printed to confirm and then committed
mail3.example.com> destconfig
There are currently 2 entries configured.
Choose the operation you want to perform:
- SETUP - Change global settings.
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- DEFAULT - Change the default.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-144

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

- LIST - Display a summary list of all entries.

- DETAIL - Display details for one destination or all entries.
- CLEAR - Remove all entries.
- IMPORT - Import tables from a file.
- EXPORT - Export tables to a file.
[]> list
l
Domain
=========
(Default)

Rate
Limiting
========
On

TLS
=======
Off

Bounce
Verification
============
Off

Bounce
Profile
=========
(Default)

Choose the operation you want to perform:

- SETUP - Change global settings.
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- DEFAULT - Change the default.
- LIST - Display a summary list of all entries.
- DETAIL - Display details for one destination or all entries.
- CLEAR - Remove all entries.
- IMPORT - Import tables from a file.
- EXPORT - Export tables to a file.
[]> new
Enter the domain you wish to configure.
[]> partner.com
Do you wish to configure a concurrency limit for partner.com? [Y]> y
Enter the max concurrency limit for "partner.com".
[500]> 100
Do you wish to apply a messages-per-connection limit to this domain? [N]> n
Do you wish to apply a recipient limit to this domain? [N]> y
Enter the number of minutes used to measure the recipient limit.
[60]> 60
Enter the max number of recipients per 60 minutes for "partner.com".
[]> 50
Select how you want to apply the limits for partner.com:
1. One limit applies to the entire domain for partner.com
2. Separate limit for each mail exchanger IP address
[1]> 1
Select how the limits will be enforced:
1. System Wide
2. Per Virtual Gateway(tm)
[1]> 1
Do you wish to apply a specific TLS setting for this domain? [N]> n
Do you wish to apply a specific bounce verification address tagging setting for
this domain? [N]> n
Do you wish to apply a specific bounce profile to this domain? [N]> n

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-145

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

There are currently 3 entries configured.

mail3.example.com> commit
Please enter some comments describing your changes:
[]> Throttled delivery to partner.com in the destconfig table
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

Example: Bounce Profile and TLS Settings

In this example, a new destconfig entry is configured for the domain newpartner.com. TLS connections
are required. The example also shows the bounce profile named bouncepr1 (see Editing the Default
Bounce Profile on page 134) configured to be used for all email delivery to the domain
newpartner.com.
mail3.example.com> destconfig
There is currently 1 entry configured.
Choose the operation you want to perform:
- SETUP - Change global settings.
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- DEFAULT - Change the default.
- LIST - Display a summary list of all entries.
- DETAIL - Display details for one destination or all entries.
- CLEAR - Remove all entries.
- IMPORT - Import tables from a file.
- EXPORT - Export tables to a file.
[]> new
Enter the domain you wish to configure.
[]> newpartner.com
Do you wish to configure a concurrency limit for newpartner.com? [Y]> n
Do you wish to apply a messages-per-connection limit to this domain? [N]> n
Do you wish to apply a recipient limit to this domain? [N]> n
Do you wish to apply a specific TLS setting for this domain? [N]> y
Do you want to use TLS support?
1. No
2. Preferred
3. Required
4. Preferred(Verify)
5. Required(Verify)
[1]> 3
You have chosen to enable TLS. Please use the 'certconfig' command to ensure that there is
a valid certificate configured.
Do you wish to apply a specific bounce verification address tagging setting for this
domain? [N]> y
Perform bounce verification address tagging? [N]> y
Do you wish to apply a specific bounce profile to this domain? [N]> y

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-146

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Please choose a bounce profile to apply:

1. Default
2. New Profile
[1]> 1
There are currently 2 entries configured.
Choose the operation you want to perform:
- SETUP - Change global settings.
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- DEFAULT - Change the default.
- LIST - Display a summary list of all entries.
- DETAIL - Display details for one destination or all entries.
- CLEAR - Remove all entries.
- IMPORT - Import tables from a file.
- EXPORT - Export tables to a file.
[]> detail

Domain
==============
newpartner.com
(Default)

Rate
Limiting
========
Default
On

TLS
=======
Req
Off

Bounce
Verification
============
On
Off

Bounce
Profile
=========
Default
(Default)

Enter the domain name to view, or enter DEFAULT to view details for the
default, or enter ALL to view details for all:
[]> all
newpartner.com
Maximum messages per connection: Default
Rate Limiting: Default
TLS: Required
Bounce Verification Tagging: On
Bounce Profile: Default
Default
Rate Limiting:
500 concurrent connections
No recipient limit
Limits applied to entire domain, across all virtual gateways
TLS: Off
Bounce Verification Tagging: Off
There are currently 2 entries configured.
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> enabled TLS for delivery to newpartner.com using demo certificate
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-147

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Example: Inbound Shock Absorber

In this example, another destconfig entry is created to throttle mail to the internal groupware server
exchange.example.com. This shock absorber entry for your internal server throttles inbound delivery
to your internal groupware servers during periods of especially high volume traffic. In this example, the
appliance will never open more than ten simultaneous connections or deliver to more than 1000
recipients to the internal groupware server exchange.example.com in any given minute. No bounce
profile or TLS setting is configured:
mail3.example.com> destconfig
There are currently 2 entries configured.
Choose the operation you want to perform:
- SETUP - Change global settings.
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- DEFAULT - Change the default.
- LIST - Display a summary list of all entries.
- DETAIL - Display details for one destination or all entries.
- CLEAR - Remove all entries.
- IMPORT - Import tables from a file.
- CLEAR - Remove all entries.
[]> new
Enter the domain you wish to configure.
[]> exchange.example.com
Do you wish to configure a concurrency limit for exchange.example.com? [Y]> y
Enter the max concurrency limit for "exchange.example.com".
[500]> 10
Do you wish to apply a recipient limit to this domain? [N]> y
Enter the number of minutes used to measure the recipient limit.
[60]> 1
Enter the max number of recipients per 1 minutes for "exchange.example.com".
[]> 1000
Select how you want to apply the limits for exchange.example.com:
1. One limit applies to the entire domain for exchange.example.com
2. Separate limit for each mail exchanger IP address
[1]> 1
Select how the limits will be enforced:
1. System Wide
2. Per Virtual Gateway(tm)
[1]> 1
Do you wish to apply a specific TLS setting for this domain? [N]> n
Do you wish to apply a specific bounce verification address tagging setting for this
domain? [N]> n
Do you wish to apply a specific bounce profile to this domain? [N]> n
There are currently 3 entries configured.
Choose the operation you want to perform:
- SETUP - Change global settings.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-148

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

- NEW - Create a new entry.

- EDIT - Modify an entry.
- DELETE - Remove an entry.
- DEFAULT - Change the default.
- LIST - Display a summary list of all entries.
- DETAIL - Display details for one destination or all entries.
- CLEAR - Remove all entries.
- IMPORT - Import tables from a file.
- CLEAR - Remove all entries.
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> set up shock absorber for inbound mail
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

Example: Global Settings

In this example, the TLS alert and certificate for TLS connections are configured.
mail3.example.com> destconfig
Choose the operation you want to perform:
- SETUP - Change global settings.
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- DEFAULT - Change the default.
- LIST - Display a summary list of all entries.
- DETAIL - Display details for one destination or all entries.
- CLEAR - Remove all entries.
- IMPORT - Import tables from a file.
- EXPORT - Export tables to a file.
[]> setup
The "Demo" certificate is currently configured. You may use "Demo", but this will not be
secure.
1. partner.com
2. Demo
Please choose the certificate to apply:
[1]> 1
Do you want to send an alert when a required TLS connection fails? [N]> n

hostrate
Description
Monitor activity for a particular host

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-149

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Batch Command: This command does not support a batch format

Example
mail3.example.com> hostrate
Recipient host:
[]> aol.com
Enter the number of seconds between displays.
[10]> 1
Time
23:38:23
23:38:24
23:38:25
^C

Host
Status
up
up
up

CrtCncOut
1
1
1

ActvRcp ActvRcp
Delta
0
0
0
0
0
0

DlvRcp HrdBncRcp SftBncEvt

Delta
Delta
Delta
4
0
0
4
0
0
12
0
0

Use Control-C to stop the hostrate command.

hoststatus
Description
Get the status of the given hostname.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format

Example
mail3.example.com> hoststatus
Recipient host:
[]> aol.com
Host mail status for: 'aol.com'
Status as of:
Fri Aug 8 11:12:00 2003
Host up/down:
up
Counters:
Queue
Soft Bounced Events
Completion
Completed Recipients
Hard Bounced Recipients
DNS Hard Bounces
5XX Hard Bounces
Filter Hard Bounces
Expired Hard Bounces

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-150

0
1
1
0
1
0
0

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Other Hard Bounces

Delivered Recipients
Deleted Recipients

0
0
0

Gauges:
Queue
Active Recipients
Unattempted Recipients
Attempted Recipients
Connections
Current Outbound Connections
Pending Outbound Connections

0
0
0
0
0

Oldest Message
No Messages
Last Activity
Fri Aug 8 11:04:24 2003
Ordered IP addresses: (expiring at Fri Aug 8 11:34:24 2003)
Preference
IPs
15
64.12.137.121
64.12.138.89
64.12.138.120
15
64.12.137.89
64.12.138.152
152.163.224.122
15
64.12.137.184
64.12.137.89
64.12.136.57
15
64.12.138.57
64.12.136.153
205.188.156.122
15
64.12.138.57
64.12.137.152
64.12.136.89
15
64.12.138.89
205.188.156.154 64.12.138.152
15
64.12.136.121
152.163.224.26
64.12.137.184
15
64.12.138.120
64.12.137.152
64.12.137.121
MX Records:
Preference
TTL
Hostname
15
52m24s
mailin-01.mx.aol.com
15
52m24s
mailin-02.mx.aol.com
15
52m24s
mailin-03.mx.aol.com
15
52m24s
mailin-04.mx.aol.com
Last 5XX Error:
---------550 REQUESTED ACTION NOT TAKEN: DNS FAILURE
(at Fri Aug 8 11:04:25 2003)
---------Virtual gateway information:
============================================================
example.com (PublicNet_017):
Host up/down:up
Last ActivityWed Nov 13 13:47:02 2003
Recipients0
============================================================
example.com (PublicNet_023):
Host up/down:up
Last ActivityWed Nov 13 13:45:01 2003
Recipients

imageanalysisconfig
Description
Configure the IronPort Image Analysis settings

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-151

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Example
mail.example.com>imageanalysisconfig
IronPort Image Analysis: Enabled
Image Analysis Sensitivity: 65
Verdict Ranges: Clean (0-49), Suspect(50-74), Inappropriate (75+)
Skip small images with size less than 100 pixels (width or height)
(First time users see the license agreement displayed here.)
Choose the operation you want to perform:
- SETUP - Configure IronPort Image Analysis.
[]> setup
IronPort Image Analysis: Enabled
Would you like to use IronPort Image Analysis? [Y]>
Define the image analysis sensitivity. Enter a value between 0 (least sensitive) and 100
(most sensitive). As sensitivity increases, so does the false
positive rate. The default setting of 65 is recommended.
[65]>
Define the range for a CLEAN verdict. Enter the upper bound of the CLEAN range by entering
a value between 0 and 98. The default setting of 49 is
recommended.
[49]>
Define the range for a SUSPECT verdict. Enter the upper bound of the SUSPECT range by
entering a value between 50 and 99. The default setting of 74 is
recommended.
[74]>
Would you like to skip scanning of images smaller than a specific size? [Y]>
Please enter minimum image size to scan in pixels, representing either height or width of
a given image.
[100]>
IronPort Image Analysis: Enabled
Image Analysis Sensitivity: 65
Verdict Ranges: Clean (0-49), Suspect(50-74), Inappropriate (75+)
Skip small images with size less than 100 pixels (width or height)
Choose the operation you want to perform:
- SETUP - Configure IronPort Image Analysis.
[]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-152

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

oldmessage
Description
Displays the mid and headers of the oldest non-quarantine message on the system.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode..
Batch Command: This command does not support a batch format.

Example
In the following example, an older messages are displayed:
mail3.example.com> oldmessage
MID 9: 1 hour 5 mins 35 secs old
Received: from test02.com ([172.19.0.109])
by test02.com with SMTP; 14 Feb 2007 22:11:37 -0800
From: [email protected]
To: [email protected]
Subject: Testing
Message-Id: <[email protected]

rate
Description
Monitor message throughput

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> rate
Enter the number of seconds between displays.
[10]> 1
Hit Ctrl-C to return to the main prompt.
Time

Connections Recipients
In
Out
Received

Delta

Recipients
Completed

Delta

Queue
K-Used

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-153

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

23:37:13
23:37:14
23:37:15
23:37:16
23:37:17
23:37:18
23:37:19
23:37:21
^C

10
8
9
7
5
9
7
11

2
2
2
3
3
3
3
3

41708833
41708841
41708848
41708852
41708858
41708871
41708881
41708893

0
8
7
4
6
13
10
12

40842686
40842692
40842700
40842705
40842711
40842722
40842734
40842744

0
6
8
5
6
11
12
10

64
105
76
64
64
67
64
79

redirectrecipients
Description
Redirect all messages to another relay host.

Warning

Redirecting messages to a receiving domain that has /dev/null as its destination results in the loss of
messages. The CLI does not display a warning if you redirect mail to such a domain. Check the SMTP
route for the receiving domain before redirecting messages.

Warning

Redirecting recipients to a host or IP address that is not prepared to accept large volumes of SMTP
mail from this host will cause messages to bounce and possibly result in the loss of mail.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command supports a batch format.

Batch Format
The batch format of the redirectrecipients command can be used to perform all the fuctions of the
traditional CLI command.

Redirects all mail to another host name or IP address

redirectrecipients host <hostname>

Example
The following example redirects all mail to the example2.com host.
mail3.example.com> redirectrecipients
Please enter the hostname or IP address of the machine you want to send all mail to.
[]> example2.com
WARNING: redirecting recipients to a host or IP address that is not prepared to accept
large volumes of SMTP mail from this host will cause messages to bounce and possibly
result in the loss of mail.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-154

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Are you sure you want to redirect all mail in the queue to "example2.com"? [N]> y
Redirecting messages, please wait.
246 recipients redirected.

resetcounters
Description
Reset all of the counters in the system

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> resetcounters
Counters reset: Mon Jan 01 12:00:01 2003

removemessage
Description
Attempts to safely remove a message for a given message ID.
The removemessage command can only remove messages that are in the work queue, retry queue, or a
destination queue. Note that depending on the state of the system, valid and active messages may not be
in any of those queues.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
example.com> removemessage
Enter the MID to remove.
[]> 1
MID 1: 19 secs old

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-155

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Received: from example2.com ([172.16.0.102])

by test02.com with SMTP; 01 Mar 2007 19:50:41 -0800
From: [email protected]
To: [email protected]
Subject: Testing
Message-Id: <[email protected]>
Remove this message? [N]> y

showmessage
Description
Shows the message and message body for a specified message ID.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
example.com> showmessage
MID 9: 1 hour 5 mins 35 secs old
Received: from example2.com([172.19.0.109])
by test02.com with SMTP; 14 Feb 2007 22:11:37 -0800
From: [email protected]
To: [email protected]
Subject: Testing
Message-Id: <[email protected]>
This is the message body.

showrecipients
Description
Show messages from the queue by recipient host, Envelope From address, or all messages.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does support a batch format.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-156

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Batch Format
The batch format of the showrecipients command can be used to perform all the fuctions of the
traditional CLI command.

Find messages by a recipient host name

showrecipients host <hostname>

Find messages by an envelope from address

showrecipients [sender_options] <sender_email>

The following sender_option is available:

--match-case

Case-sensitive matching for the username portion of an address.

Find all messages

showrecipients all

Example
The following example shows messages in the queue for all recipient hosts.
mail3.example.com> showrecipients
Please select how you would like to show messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 3
Showing messages, please wait.
MID/
[RID]
1527
[0]

Bytes/
[Atmps]
1230
[0]

Sender/
Subject
Recipient
[email protected] Testing
[email protected]

1522
[0]

1230
[0]

[email protected] Testing
[email protected]

1529
[0]

1230
[0]

[email protected] Testing
[email protected]

1530
[0]

1230
[0]

[email protected] Testing
[email protected]

1532
[0]

1230
[0]

[email protected] Testing
[email protected]

1531
[0]

1230
[0]

[email protected] Testing
[email protected]

1518
[0]

1230
[0]

[email protected] Testing
[email protected]

1535

1230

[email protected] Testing

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-157

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

[0]

[email protected]

1533
[0]

1230
[0]

[email protected] Testing
[email protected]

1536
[0]

1230
[0]

[email protected] Testing
[email protected]

status
The status command is used to display the system status of your appliance. Using the detail option
(status detail) displays additional information.

Example
mail.example.com> status detail
Status as of:
Up since:

Mon Sep 08 00:01:44 2014 GMT

Tue Aug 26 17:24:16 2014 GMT

(12d 6h 37m 28s)

Last counter reset:
Never
System status:
Online
Oldest Message:
No Messages
Feature - IronPort Anti-Spam: 1459 days
Feature - Incoming Mail Handling: Perpetual
Feature - Outbreak Filters:
1459 days
Counters:
Receiving
Messages Received
Recipients Received
Rejection
Rejected Recipients
Dropped Messages
Queue
Soft Bounced Events
Completion
Completed Recipients
Current IDs
Message ID (MID)
Injection Conn. ID (ICID)
Delivery Conn. ID (DCID)

Reset

Uptime

Lifetime

2
2

0
0

Gauges:
Connections
Current Inbound Conn.
Current Outbound Conn.
Queue
Active Recipients
Messages In Work Queue

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-158

2
0
13
Current
0
0
2
0

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Kilobytes Used
Kilobytes Free
Quarantine
Messages In Quarantine
Policy, Virus and Outbreak
Kilobytes In Quarantine
Policy, Virus and Outbreak

184
8,388,424

0
0

tophosts
Description
To get immediate information about the email queue and determine if a particular recipient host has
delivery problems such as a queue buildup use the tophosts command. The tophosts command
returns a list of the top 20 recipient hosts in the queue. The list can be sorted by a number of different
statistics, including active recipients, connections out, delivered recipients, soft bounced events, and
hard bounced recipients.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> tophosts
Sort results by:
1. Active Recipients
2. Connections Out
3. Delivered Recipients
4. Hard Bounced Recipients
5. Soft Bounced Events
[1]> 1
Status as of:
Fri Mar 13 06:09:18 2015 GMT
Hosts marked with '*' were down as of the last delivery attempt.

Recipient Host

1*
2
3
4

example.com
the.encryption.queue
the.euq.queue
the.euq.release.queue

Active
Recip.

Conn.
Out

Deliv.
Recip.

Soft
Bounced

Hard
Bounced

2
0
0
0

0
0
0
0

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-159

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

topin
Description
Display the top hosts by number of incoming connections

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> topin
Status as of:

Sat Aug 23 21:50:54 2003

#
Remote hostname
Remote IP addr.
listener
1mail.remotedomain01.com
172.16.0.2
Incoming01
2
mail.remotedomain01.com
172.16.0.2
Incoming02
3
mail.remotedomain03.com
172.16.0.4
Incoming01
4
mail.remotedomain04.com
172.16.0.5
Incoming02
5
mail.remotedomain05.com
172.16.0.6
Incoming01
6
7
8
9
10

mail.remotedomain06.com
mail.remotedomain07.com
mail.remotedomain08.com
mail.remotedomain09.com
mail.remotedomain10.com

172.16.0.7
172.16.0.8
172.16.0.9
172.16.0.10
172.16.0.11

Incoming02
Incoming01
Incoming01
Incoming01
Incoming01

3
3
3
3
2

11
12
13
14
15

mail.remotedomain11.com
mail.remotedomain12.com
mail.remotedomain13.com
mail.remotedomain14.com
mail.remotedomain15.com

172.16.0.12
172.16.0.13
172.16.0.14
172.16.0.15
172.16.0.16

Incoming01
Incoming02
Incoming01
Incoming01
Incoming01

2
2
2
2
2

16
17
18
19
20

mail.remotedomain16.com
mail.remotedomain17.com
mail.remotedomain18.com
mail.remotedomain19.com
mail.remotedomain20.com

172.16.0.17
172.16.0.18
172.16.0.19
172.16.0.20
172.16.0.21

Incoming01
Incoming01
Incoming02
Incoming01
Incoming01

2
1
1
1
1

unsubscribe
Description
Update the global unsubscribe list

Usage
Commit: This command requires a commit.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-160

Conn. In
10
10
5
4
3

Chapter 3

The Commands: Reference Examples

Mail Delivery Configuration/Monitoring

Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command does not support a batch format.

Example
In this example, the address [email protected] is added to the Global Unsubscribe list, and the feature
is configured to hard bounce messages. Messages sent to this address will be bounced; the appliance will
bounce the message immediately prior to delivery.
mail3.example.com> unsubscribe
Global Unsubscribe is enabled. Action: drop.
Choose the operation you want to perform:
- NEW - Create a new entry.
- IMPORT - Import entries from a file.
- SETUP - Configure general settings.
[]> new
Enter the unsubscribe key to add. Partial addresses such as "@example.com"
or "user@" are allowed, as are IP addresses. Partial hostnames such as "@.example.com" are
allowed.
[]> [email protected]
Email Address '[email protected]' added.
Global Unsubscribe is enabled. Action: drop.
Choose the operation you want to perform:
- NEW - Create a new entry.
- DELETE - Remove an entry.
- PRINT - Display all entries.
- IMPORT - Import entries from a file.
- EXPORT - Export all entries to a file.
- SETUP - Configure general settings.
- CLEAR - Remove all entries.
[]> setup
Do you want to enable the Global Unsubscribe feature? [Y]> y
Would you like matching messages to be dropped or bounced?
1. Drop
2. Bounce
[1]> 2
Global Unsubscribe is enabled. Action: bounce.
Choose the operation you want to perform:
- NEW - Create a new entry.
- DELETE - Remove an entry.
- PRINT - Display all entries.
- IMPORT - Import entries from a file.
- EXPORT - Export all entries to a file.
- SETUP - Configure general settings.
- CLEAR - Remove all entries.
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> Added username [email protected] to global unsubscribe

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-161

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Do you want to save the current configuration for rollback? [Y]> n

Changes committed: Fri May 23 11:42:12 2014 GMT

workqueue
Description
Display and/or alter work queue pause status

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> workqueue
Status:
Operational
Messages: 1243
Manually pause work queue?

This will only affect unprocessed messages.

[N]> y

Reason for pausing work queue:

[]> checking LDAP server
Status:
Paused by admin: checking LDAP server
Messages: 1243

Note

Entering a reason is optional. If you do not enter a reason, the system logs the reason as operator
paused.
In this example, the work queue is resumed:
mail3.example.com> workqueue
Status:
Paused by admin: checking LDAP server
Messages: 1243
Resume the work queue?

[Y]> y

Status:
Operational
Messages: 1243

Networking Configuration / Network Tools

This section contains the following CLI commands:

etherconfig

interfaceconfig

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-162

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

netstat

nslookup

packetcapture

ping

ping6

routeconfig

setgateway

sethostname

smtproutes

sslconfig

sslv3config

telnet

traceroute

traceroute6

etherconfig
Description
Configure Ethernet settings, including media settings, NIC pairing, VLAN configuration, and DSR
configuration.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> etherconfig
Choose the operation you want to perform:
- MEDIA - View and edit ethernet media settings.
- VLAN - View and configure VLANs.
- LOOPBACK - View and configure Loopback.
- MTU - View and configure MTU.
[]> vlan
VLAN interfaces:
Choose the operation you want to perform:
- NEW - Create a new VLAN.
[]> new
VLAN tag ID for the interface (Ex: "34"):

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-163

Chapter 3

The Commands: Reference Examples

Choose the operation you want to perform:

- MEDIA - View and edit ethernet media settings.
- VLAN - View and configure VLANs.
- LOOPBACK - View and configure Loopback.
- MTU - View and configure MTU.
[]> loopback
Currently configured loopback interface:
Choose the operation you want to perform:
- ENABLE - Enable Loopback Interface.
[]>

Choose the operation you want to perform:

- MEDIA - View and edit ethernet media settings.
- VLAN - View and configure VLANs.
- LOOPBACK - View and configure Loopback.
- MTU - View and configure MTU.
[]> mtu
Ethernet interfaces:
1. Data 1 default mtu 1500
2. Data 2 default mtu 1500
3. Management default mtu 1500
4. VLAN
12 default mtu 1500
Choose the operation you want to perform:
- EDIT - Edit an ethernet interface.
[]> edit
Enter the name or number of the ethernet interface you wish to edit.
[]> pair1
That value is not valid.
Enter the name or number of the ethernet interface you wish to edit.
[]> 12
That value is not valid.
Enter the name or number of the ethernet interface you wish to edit.
[]> 2
Please enter a non-default (1500) MTU value for the Data 2 interface.
[]> 1200

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-164

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Ethernet interfaces:
1. Data 1 default mtu 1500
2. Data 2 mtu 1200
3. Management default mtu 1500
4. VLAN
12 default mtu 1500
Choose the operation you want to perform:
- EDIT - Edit an ethernet interface.
[]>

interfaceconfig
Description
Configure the interface. You can create, edit, or delete interfaces. You can enable FTP, change an IP
address, and configure Ethernet IP addresses.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command supports a batch format.

Batch Format
The batch format of the interfaceconfig command can be used to perform all the fuctions of the
traditional CLI command.

Creating a new interface

interfaceconfig new <name>

<ethernet interface>
<hostname>
--ip=IPv4 Address/Netmask
--ip6=IPv6 Address/Prefix Lenght
[--ftp[=<port>]]
[--telnet[=<port>]]
[--ssh[=<port>]]
[--http][=<port>]
[--https[=<port>]]
[--euq_http[=<port>]]

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-165

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

[--euq_https][=<port>]
[--ccs[=<port>]].
FTP is available only on IPv4.

Deleting an interface

interfaceconfig delete <name>

Example: Configuring an Interface

mail.example.com> interfaceconfig
Currently configured interfaces:
1. Management (10.76.69.149/24 on Management: mail.example.com)
Choose the operation you want to perform:
- NEW - Create a new interface.
- EDIT - Modify an interface.
- GROUPS - Define interface groups.
- DELETE - Remove an interface.
[]> edit
Enter the number of the interface you wish to edit.
[]> 1
IP interface name (Ex: "InternalNet"):
[Management]>
Would you like to configure an IPv4 address for this interface (y/n)? [Y]>
IPv4 Address (Ex: 192.168.1.2 ):
[1.1.1.1]>
Netmask (Ex: "24", "255.255.255.0" or "0xffffff00"):
[0xffffffff]>
Would you like to configure an IPv6 address for this interface (y/n)? [N]> n
Ethernet interface:
1. Data 1
2. Data 2
3. Management
[3]>
Hostname:
[mail.example.com]>
Do you want to enable SSH on this interface? [Y]>
Which port do you want to use for SSH?
[22]>
Do you want to enable FTP on this interface? [N]>
Do you want to enable Cluster Communication Service on this interface? [N]>
Do you want to enable HTTP on this interface? [Y]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-166

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Which port do you want to use for HTTP?

[80]>
Do you want to enable HTTPS on this interface? [Y]>
Which port do you want to use for HTTPS?
[443]>
Do you want to enable Spam Quarantine HTTP on this interface? [N]>
Do you want to enable Spam Quarantine HTTPS on this interface? [N]>
Do you want to enable AsyncOS API (Monitoring) HTTP on this interface? [N]> y
Which port do you want to use for AsyncOS API (Monitoring) HTTP?
[6080]>
Do you want to enable AsyncOS API (Monitoring) HTTPS on this interface? [N]> y
Which port do you want to use for AsyncOS API (Monitoring) HTTPS?
[6443]>
The "Demo" certificate is currently configured. You may use "Demo", but this will not be
secure. To assure privacy, run "certconfig" first.
Both HTTP and HTTPS are enabled for this interface, should HTTP requests redirect to the
secure service? [Y]>
You have edited the interface you are currently logged into. Are you sure you want to
change it? [Y]>

Currently configured interfaces:

1. Management (10.76.69.149/24 on Management: mail.example.com)
Choose the operation you want to perform:
- NEW - Create a new interface.
- EDIT - Modify an interface.
- GROUPS - Define interface groups.
- DELETE - Remove an interface.
[]>

nslookup
Description
Use the nslookup command to check the DNS functionality.
The nslookup command can confirm that the appliance is able to reach and resolve hostnames and IP
addresses from a working DNS (domain name service) server.
Table 3-10

nslookup Command Query Types

Query Type

Description

the host's Internet address

CNAME

the canonical name for an alias

the mail exchanger

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-167

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Table 3-10

nslookup Command Query Types

Query Type

Description

the name server for the named zone

PTR

the hostname if the query is an Internet address, otherwise the pointer

to other information

SOA

the domain's start-of-authority information

TXT

the text information

Example
mail.example.com> nslookup
Please enter the host or IP address to resolve.
[]> vm30esa0086.ibqa
Choose the
1. A
2. AAAA
3. CNAME
4. MX
5. NS
6. PTR

query type:
the host's IP address
the host's IPv6 address
the canonical name for an alias
the mail exchanger
the name server for the named zone
the hostname if the query is an Internet address,

otherwise the pointer to other information

7. SOA
the domain's "start-of-authority" information
8. TXT
the text information
[1]> 2
AAAA=2001:420:54ff:ff06::95 TTL=30m

netstat
Description
Use the netstat command to displays network connections (both incoming and outgoing), routing
tables, and a number of network interface statistics. Note that this version will not support all arguments.
Specifically, you cannot use -a, -A, -g, -m, -M, -N, -s. The command was designed to be run in interactive
mode, so that you may enter netstat, then choose from five options to report on. You can also specify the
interface to listen on and the interval for display.

Usage
Commit: This command does not require a commit.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-168

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Cluster Management: This command is restricted to machine mode.

Batch Command: This command does not support a batch format

Example
example.com> netstat
Choose the information you want to display:
1. List of active sockets.
2. State of network interfaces.
3. Contents of routing tables.
4. Size of the listen queues.
5. Packet traffic information.
[1]> 2
Select the ethernet interface whose state you wish to display:
1. Data 1
2. Data 2
3. Management
4. ALL
[]> 1
Show the number of bytes in and out? [N]>
Show the number of dropped packets? [N]> y
Name
Mtu Network
Address
Ipkts Ierrs
Opkts
Oerrs Coll Drop
Data 1 1500 197.19.1/24
example.com
30536
5
example.com>

packetcapture
Description
Use the netstat command to displays network connections (both incoming and outgoing), routing
tables, and a number of network interface statistics. Note that this version will not support all arguments.
Specifically, you cannot use -a, -A, -g, -m, -M, -N, -s. The command was designed to be run in interactive
mode, so that you may enter netstat, then choose from five options to report on. You can also specify the
interface to listen on and the interval for display.

Example
mail.example.com> packetcapture
Capture Information:
Status:

No capture running

Current Settings:
Maximum File Size:
Limit:

200 MB
None (Run Indefinitely)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-169

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Interface(s):
Filter:

ALL
(tcp port 25)

Choose the operation you want to perform:

- START - Start packet capture.
- SETUP - Change packet capture settings.
[]> start
Success - Packet Capture has started
Capture Information:
File Name:
File Size:
Duration:
Limit:
Interface(s):
Filter:

C100V-421C73B18CFB05784A83-B03A99E71ED8-20150312-105256.cap
0 of 200M
0s
None (Run Indefinitely)
ALL
(tcp port 25)

Choose the operation you want to perform:

- STOP - Stop packet capture.
- STATUS - Display current capture status.
- SETUP - Change packet capture settings.
[]> stop
Success - Packet Capture has stopped
Capture Information:
File Name:
File Size:
Duration:
Limit:
Interface(s):
Filter:

C100V-421C73B18CFB05784A83-B03A99E71ED8-20150312-105256.cap
24 of 200M
10s
None (Run Indefinitely)
ALL
(tcp port 25)

Choose the operation you want to perform:

- START - Start packet capture.
- SETUP - Change packet capture settings.
[]> setup
Enter maximum allowable size for the capture file (in MB)
[200]>
Do you want to stop the capture when the file size is reached? (If not, a new file will be
started and the older capture data will be discarded.)
[N]>
The following interfaces are configured:
1. Management
2. ALL
Enter the name or number of one or more interfaces to capture packets from, separated by
commas (enter ALL to use all interfaces):
[2]>
Select an operation. Press enter to continue with the existing filter.
- PREDEFINED - PREDEFINED filter.
- CUSTOM - CUSTOM filter.
- CLEAR - CLEAR filter.
[]>
Capture settings successfully saved.
Current Settings:
Maximum File Size:
Limit:

200 MB
None (Run Indefinitely)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-170

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Interface(s):
Filter:

ALL
(tcp port 25)

Choose the operation you want to perform:

- START - Start packet capture.
- SETUP - Change packet capture settings.
[]>

ping
Description
The ping command allows you to test connectivity to a network host from the appliance.

Example
mail3.example.com> ping
Which interface do you want to send the pings from?
1. Auto
2. Management (192.168.42.42/24: mail3.example.com)
3. PrivateNet (192.168.1.1/24: mail3.example.com)
4. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 1
Please enter the host you wish to ping.
[]> anotherhost.example.com

Press Ctrl-C to stop.

PING anotherhost.example.com (x.x.x.x): 56 data bytes
64 bytes from 10.19.0.31: icmp_seq=0 ttl=64 time=1.421 ms
64 bytes from 10.19.0.31: icmp_seq=1 ttl=64 time=0.126 ms
64 bytes from 10.19.0.31: icmp_seq=2 ttl=64 time=0.118 ms
64 bytes from 10.19.0.31: icmp_seq=3 ttl=64 time=0.115 ms
64 bytes from 10.19.0.31: icmp_seq=4 ttl=64 time=0.139 ms
64 bytes from 10.19.0.31: icmp_seq=5 ttl=64 time=0.125 ms
64 bytes from 10.19.0.31: icmp_seq=6 ttl=64 time=0.124 ms
64 bytes from 10.19.0.31: icmp_seq=7 ttl=64 time=0.122 ms
64 bytes from 10.19.0.31: icmp_seq=8 ttl=64 time=0.126 ms
64 bytes from 10.19.0.31: icmp_seq=9 ttl=64 time=0.133 ms
64 bytes from 10.19.0.31: icmp_seq=10 ttl=64 time=0.115 ms
^C
--- anotherhost.example.com ping statistics --11 packets transmitted, 11 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.115/0.242/1.421/0.373 ms
^C

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-171

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Note

You must use Control-C to end the ping command.

ping6
Description
Ping a network host using IPv6

Example
mail.example.com> ping6
Which interface do you want to send the pings from?
1. Auto
2. Management (192.168.42.42/24: mail3.example.com)
[1]> 1
Please enter the host you wish to ping.
[]> anotherhost.example.com

Press Ctrl-C to stop.

Note

You must use Control-C to end the ping6 command.

routeconfig
Description
The routeconfig command allows you to create, edit, and delete static routes for TCP/IP traffic. By
default, traffic is routed through the default gateway set with the setgateway command. However,
AsyncOS allows specific routing based on destination.
Routes consist of a nickname (for future reference), a destination, and a gateway. A gateway (the next
hop) is an IP address such as 10.1.1.2. The destination can be one of two things:

an IP address, such as 192.168.14.32

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-172

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

a subnet using CIDR notation. For example, 192.168.5.0/24 means the entire class C network from
192.168.5.0 to 192.168.5.255.

For IPv6 addresses, you can use the following formats:

2620:101:2004:4202::0-2620:101:2004:4202::ff

2620:101:2004:4202::

2620:101:2004:4202::23

2620:101:2004:4202::/64

The command presents a list of all currently configured TCP/IP routes for you to select from using the
edit and delete subcommands.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command supports a batch format.

Batch Format
The batch format of the smtproutes command can be used to perform all the fuctions of the traditional
CLI command. You can choose whether to use IPv4 or IPv6 addresses for the route.

Creating a static route:

routeconfig new 4|6 <name> <destination_address> <gateway_ip>

Table 3-11

routeconfig Arguments

Argument

Description

4|6

The IP version (IPv4 or IPv6) to apply this command

to. For clear and print this option can be omitted
and the command applies to both versions.

name

The name of the route.

destination_address

The IP or CIDR address to match on for outgoing IP

traffic.

gateway_ip

The IP address to send this traffic to.

Editing a static route:

routeconfig edit 4|6 <name> <new_name> <destination_address>
<gateway_ip>

Deleting a static route:

routeconfig delete 4|6 <name>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-173

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Deleting all static routes:

routeconfig clear [4|6]

Printing a list of static routes:

routeconfig print [4|6]

Example
mail3.example.com> routeconfig
Configure routes for:
1. IPv4
2. IPv6
[1]>

Currently configured routes:

setgateway
Description
The setgateway command configures the default next-hop intermediary through which packets should
be routed. Alternate (non-default) gateways are configured using the routeconfig command.

Example
mail3.example.com> setgateway
Warning: setting an incorrect default gateway may cause the current connection to be
interrupted when the changes are committed.
Enter new default gateway:
[10.1.1.1]> 192.168.20.1
mail3.example.com> commit
Please enter some comments describing your changes:
[]> changed default gateway to 192.168.20.1
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-175

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

sethostname
Description
The hostname is used to identify the system at the CLI prompt. You must enter a fully-qualified
hostname. The sethostname command sets the name of the Email Security appliance. The new hostname
does not take effect until you issue the commit command.

Example
oldname.example.com> sethostname
[oldname.example.com]> mail3.example.com
oldname.example.com>

For the hostname change to take effect, you must enter the commit command. After you have successfully
committed the hostname change, the new name appears in the CLI prompt:
oldname.example.com> commit
Please enter some comments describing your changes:
[]> Changed System Hostname
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

The new hostname appears in the prompt as follows:

mail3.example.com>

smtproutes
Description
Set up permanent domain redirections.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-176

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Batch Format
The batch format of the smtproutes command can be used to perform all the fuctions of the traditional
CLI command.

Creating a new SMTP route

smtproutes new <source> <destination> [destination] [destination] [...]

Deleting an existing SMTP route

smtproutes delete <source>

Clear a listing of SMTP routes

smtproutes clear

Print a listing of SMTP routes

smtproutes print

Import a listing of SMTP routes

smtproutes import <filenames>

Export a listing of SMTP routes

smtproutes export <filenames>

Example
In the following example, the smptroutes command is used to construct a route (mapping) for the
domain example.com to relay1.example.com, relay2.example.com, and backup-relay.example.com.
Use /pri=# to specify a destination priority. THE # should be from 0-65535, with larger numbers
indicating decreasing priority. If unspecified, the priority defaults to 0.
(Note that you may have constructed the same mapping during the systemsetup command when you
configured the InboundMail public listener.)
mail3.example.com> smtproutes
There are no routes configured.
Choose the operation you want to perform:
- NEW - Create a new route.
- IMPORT - Import new routes from a file.
[]> new
Enter the domain for which you want to set up a permanent route.
Partial hostnames such as ".example.com" are allowed.
Use "ALL" for the default route.
[]> example.com

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-177

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Enter the destination hosts, separated by commas, which you want mail
for example.com to be delivered.
Enter USEDNS by itself to use normal DNS resolution for this route.
Enter /dev/null by itself if you wish to discard the mail.
Enclose in square brackets to force resolution via address (A)
records, ignoring any MX records.
[]> relay1.example.com/pri=10, relay2.example.com, backup-relay.example.com
Mapping for example.com to relay1.example.com, relay2.example.com,
backup-relay.example.com/pri=10 created.
There are currently 1 routes configured.
Choose the operation you want to perform:
- NEW - Create a new route.
- EDIT - Edit destinations of an existing route.
- DELETE - Remove a route.
- PRINT - Display all routes.
- IMPORT - Import new routes from a file.
- EXPORT - Export all routes to a file.
- CLEAR - Remove all routes.
[]>

sslconfig
Description
Configure SSL settings for the appliance.

Usage
Commit: This command requires a commit.
Cluster Management:This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command does not support a batch format.

Example
mail.example.com> sslconfig
sslconfig settings:
GUI HTTPS method: sslv3tlsv1
GUI HTTPS ciphers:
RC4-SHA
RC4-MD5
ALL
Inbound SMTP method: sslv3tlsv1
Inbound SMTP ciphers:
RC4-SHA
RC4-MD5
ALL
Outbound SMTP method: sslv3tlsv1
Outbound SMTP ciphers:
RC4-SHA
RC4-MD5
ALL

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-178

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Choose the operation you want to perform:

- GUI - Edit GUI HTTPS ssl settings.
- INBOUND - Edit Inbound SMTP ssl settings.
- OUTBOUND - Edit Outbound SMTP ssl settings.
- VERIFY - Verify and show ssl cipher list.
[]> gui
Enter the GUI
1. SSL v2.
2. SSL v3
3. TLS v1
4. SSL v2 and
5. SSL v3 and
6. SSL v2, v3
[5]> 6

HTTPS ssl method you want to use.

v3
TLS v1
and TLS v1

Enter the GUI HTTPS ssl cipher you want to use.

[RC4-SHA:RC4-MD5:ALL]>
sslconfig settings:
GUI HTTPS method: sslv2sslv3tlsv1
GUI HTTPS ciphers:
RC4-SHA
RC4-MD5
ALL
Inbound SMTP method: sslv3tlsv1
Inbound SMTP ciphers:
RC4-SHA
RC4-MD5
ALL
Outbound SMTP method: sslv3tlsv1
Outbound SMTP ciphers:
RC4-SHA
RC4-MD5
ALL
Choose the operation you want to perform:
- GUI - Edit GUI HTTPS ssl settings.
- INBOUND - Edit Inbound SMTP ssl settings.
- OUTBOUND - Edit Outbound SMTP ssl settings.
- VERIFY - Verify and show ssl cipher list.
[]> inbound
Enter the inbound SMTP ssl method you want to use.
1. SSL v2.
2. SSL v3
3. TLS v1
4. SSL v2 and v3
5. SSL v3 and TLS v1
6. SSL v2, v3 and TLS v1
[5]> 6
Enter the inbound SMTP ssl cipher you want to use.
[RC4-SHA:RC4-MD5:ALL]>
sslconfig settings:
GUI HTTPS method: sslv2sslv3tlsv1
GUI HTTPS ciphers:
RC4-SHA
RC4-MD5
ALL
Inbound SMTP method: sslv2sslv3tlsv1
Inbound SMTP ciphers:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-179

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

RC4-SHA
RC4-MD5
ALL
Outbound SMTP method: sslv3tlsv1
Outbound SMTP ciphers:
RC4-SHA
RC4-MD5
ALL
Choose the operation you want to perform:
- GUI - Edit GUI HTTPS ssl settings.
- INBOUND - Edit Inbound SMTP ssl settings.
- OUTBOUND - Edit Outbound SMTP ssl settings.
- VERIFY - Verify and show ssl cipher list.
[]>

sslv3config
Description
Enable or disable SSLv3 settings for the appliance.

Usage
Commit: This command requires a commit.
Cluster Management:This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command does not support a batch format.

Example
The following example shows how to disable SSLv3 for End User Quarantine.
mail.example.com> sslv3config
Current SSLv3 Settings:
-------------------------------------------------UPDATER
:
Enabled
WEBSECURITY
:
Enabled
EUQ
:
Enabled
LDAP
:
Enabled
-------------------------------------------------Choose the operation you want to perform:
- SETUP - Toggle SSLv3 settings.
[]> setup
Choose the service to toggle SSLv3 settings:
1. EUQ Service
2. LDAP Service
3. Updater Service
4. Web Security Service
[1]>
Do you want to enable SSLv3 for EUQ Service ? [Y]>n

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-180

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Choose the operation you want to perform:

- SETUP - Toggle SSLv3 settings.
[]>

telnet
Description
Connect to a remote host

Example
mail3.example.com> telnet
Please select which interface you want to telnet from.
1. Auto
2. Management (192.168.42.42/24: mail3.example.com)
3. PrivateNet (192.168.1.1/24: mail3.example.com)
4. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 3
Enter the remote hostname or IP.
[]> 193.168.1.1
Enter the remote port.
[25]> 25
Trying 193.168.1.1...
Connected to 193.168.1.1.
Escape character is '^]'.

traceroute
Description
Use the traceroute command to test connectivity to a network host using IPV4 from the appliance and
debug routing issues with network hops.

Usage
Commit: This command does not require a commit.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-181

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

Cluster Management: This command is restricted to machine mode. It is further restricted to the login
host (i.e., the specific machine you are logged onto). This command requires access to the local file
system.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> traceroute
Which interface do you want to trace from?
1. Auto
2. Management (192.168.42.42/24: mail3.example.com)
3. PrivateNet (192.168.1.1/24: mail3.example.com)
4. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 1
Please enter the host to which you want to trace the route.
[]> 10.1.1.1
Press Ctrl-C to stop.
traceroute to 10.1.1.1 (10.1.1.1), 64 hops max, 44 byte packets
1 gateway (192.168.0.1) 0.202 ms 0.173 ms 0.161 ms
2 hostname (10.1.1.1) 0.298 ms 0.302 ms 0.291 ms
mail3.example.com>

traceroute6
Description
Use the traceroute6 command to test connectivity to a network host using IPV6 from the appliance
and debug routing issues with network hops.

Example
mail.example.com> traceroute6
Which interface do you want to trace from?
1. Auto
2. D1 (2001:db8::/32: example.com)
[1]> 1
Please enter the host to which you want to trace the route.
[]> example.com
Press Ctrl-C to stop.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-182

Chapter 3

The Commands: Reference Examples

Networking Configuration / Network Tools

connect: No route to host

vm10esa0031.qa> traceroute6
Which interface do you want to trace from?
1. Auto
2. D1 (2001:db8::/32: example.com)
[1]> 2
Please enter the host to which you want to trace the route.
[]> example.com
Press Ctrl-C to stop.
traceroute6 to example.com (2606:2800:220:1:248:1893:25c8:1946) from 2001:db8::, 64 hops
max, 12 byte packets
sendto: No route to host
1 traceroute6: wrote example.com 12 chars, ret=-1
*sendto: No route to host
traceroute6: wrote example.com 12 chars, ret=-1
*sendto: No route to host
traceroute6: wrote example.com 12 chars, ret=-1

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-183

Chapter 3

The Commands: Reference Examples

Outbreak Filters

Outbreak Filters
This section contains the following CLI commands:

outbreakconfig

outbreakflush

outbreakstatus

outbreakupdate

outbreakconfig
Description
Use the outbreakconfig command to configure the Outbreak Filter feature. You perform the following
actions using this command:

Enable Outbreak Filters globally

Enable Adaptive Rules scanning

Set a maximum size for files to scan (note that you are entering the size in bytes)

Enable alerts for the Outbreak Filter

Enable Logging of URLs

Example
mail.example.com> outbreakconfig
Outbreak Filters: Enabled
Choose the operation you want to perform:
- SETUP - Change Outbreak Filters settings.
[]> setup
Outbreak Filters: Enabled
Would you like to use Outbreak Filters? [Y]>
Outbreak Filters enabled.
Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or back
down below), meaning that new messages of
certain types could be quarantined or will no longer be quarantined, respectively.
Would you like to receive Outbreak Filter alerts? [N]>
What is the largest size message Outbreak Filters should scan?

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-184

dictionaryconfig
Description
Configure content dictionaries

Example
Use dictionaryconfig -> new to create dictionaries, and dictionaryconfig -> delete to remove
dictionaries.

Creating a Dictionary
example.com> dictionaryconfig
No content dictionaries have been defined.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-187

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Choose the operation you want to perform:

- NEW - Create a new content dictionary.
[]> new
Enter a name for this content dictionary.
[]> HRWords
Do you wish to specify a file for import? [N]>
Enter new words or regular expressions, enter a blank line to finish.
<list of words typed here>
Currently configured content dictionaries:
1. HRWords
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.
[]> delete
Enter the number of the dictionary you want to delete:
1. HRWords
[]> 1
Content dictionary "HRWords" deleted.
No content dictionaries have been defined.
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
[]>

Creating a Dictionary 2
In this example, a new dictionary named secret_words is created to contain the term codename. Once
the dictionary has been entered, the edit -> settings subcommand is used to define the case-sensitivity
and word boundary detection for words in the dictionary.
mail3.example.com> dictionaryconfig
No content dictionaries have been defined.
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
[]> new
Enter a name for this content dictionary.
[]> secret_words
Do you wish to specify a file for import? [N]>
Enter new words or regular expressions, enter a blank line to finish.
codename
Currently configured content dictionaries:
1. secret_words
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-188

Chapter 3

The Commands: Reference Examples

Policy Enforcement

[]> edit
Enter the number of the dictionary you want to edit:
1. secret_words
[]> 1
Choose the operation you want to perform on dictionary 'secret_words':
- NEW - Create new entries in this dictionary.
- IMPORT - Replace all of the words in this dictionary.
- EXPORT - Export the words in this dictionary.
- DELETE - Remove an entry in this dictionary.
- PRINT - List the entries in this dictionary.
- SETTINGS - Change settings for this dictionary.
[]> settings
Do you want to ignore case when matching using this dictionary? [Y]>
Do you want strings in this dictionary to only match complete words? [Y]>
Enter the default encoding to be used for exporting this dictionary:
1. US-ASCII
2. Unicode (UTF-8)
3. Unicode (UTF-16)
4. Western European/Latin-1 (ISO 8859-1)
5. Western European/Latin-1 (Windows CP1252)
6. Traditional Chinese (Big 5)
7. Simplified Chinese (GB 2312)
8. Simplified Chinese (HZ GB 2312)
9. Korean (ISO 2022-KR)
10. Korean (KS-C-5601/EUC-KR)
11. Japanese (Shift-JIS (X0123))
12. Japanese (ISO-2022-JP)
13. Japanese (EUC)
[2]>
Choose the operation you want to perform on dictionary 'secret_words':
- NEW - Create new entries in this dictionary.
- IMPORT - Replace all of the words in this dictionary.
- EXPORT - Export the words in this dictionary.
- DELETE - Remove an entry in this dictionary.
- PRINT - List the entries in this dictionary.
- SETTINGS - Change settings for this dictionary.
[]>
Currently configured content dictionaries:
1. secret_words
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> Added new dictionary: secret_words
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-189

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Importing Dictionaries
In the example below, using the dictionaryconfig command, 84 terms in the profanity.txt text file
are imported as Unicode (UTF-8) into a dictionary named profanity.
mail3.example.com> dictionaryconfig
No content dictionaries have been defined.
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
[]> new
Enter a name for this content dictionary.
[]> profanity
Do you wish to specify a file for import?

[N]> y

Enter the name of the file to import:

[]> profanity.txt
Enter the encoding to use for the imported file:
1. US-ASCII
2. Unicode (UTF-8)
3. Unicode (UTF-16)
4. Western European/Latin-1 (ISO 8859-1)
5. Western European/Latin-1 (Windows CP1252)
6. Traditional Chinese (Big 5)
7. Simplified Chinese (GB 2312)
8. Simplified Chinese (HZ GB 2312)
9. Korean (ISO 2022-KR)
10. Korean (KS-C-5601/EUC-KR)
11. Japanese (Shift-JIS (X0123))
12. Japanese (ISO-2022-JP)
13. Japanese (EUC)
[2]>
84 entries imported successfully.
Currently configured content dictionaries:
1. profanity
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.

Exporting Dictionaries
In the example below, using the dictionaryconfig command, the secret_words dictionary is exported
to a text file named secret_words_export.txt
mail3.example.com> dictionaryconfig
Currently configured content dictionaries:
1. secret_words
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-190

Chapter 3

The Commands: Reference Examples

Policy Enforcement

[]> edit
Enter the number of the dictionary you want to edit:
1. secret_words
[]> 1
Choose the operation you want to perform on dictionary 'secret_words':
- NEW - Create new entries in this dictionary.
- IMPORT - Replace all of the words in this dictionary.
- EXPORT - Export the words in this dictionary.
- DELETE - Remove an entry in this dictionary.
- PRINT - List the entries in this dictionary.
- SETTINGS - Change settings for this dictionary.
[]> export
Enter a name for the exported file:
[]> secret_words_export.txt
mail3.example.com> dictionaryconfig
Currently configured content dictionaries:
1. secret_words
Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.
[]> edit
Enter the number of the dictionary you want to edit:
1. secret_words
[]> 1
Choose the operation you want to perform on dictionary 'secret_words':
- NEW - Create new entries in this dictionary.
- IMPORT - Replace all of the words in this dictionary.
- EXPORT - Export the words in this dictionary.
- DELETE - Remove an entry in this dictionary.
- PRINT - List the entries in this dictionary.
- SETTINGS - Change settings for this dictionary.
[]> export
Enter a name for the exported file:
[]> secret_words_export.txt

exceptionconfig
Description
Use the exceptionconfig command in the CLI to create the domain exception table. In this example,
the email address [email protected] is added to the domain exception table with a policy of
Allow.

Usage
Commit: This command requires a commit.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-191

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Cluster Management: This command can be used in all three machine modes (cluster, group,
machine)..
Batch Command: This command does not support a batch format.

Example
mail3.example.com> exceptionconfig
Choose the operation you want to perform:
- NEW - Create a new domain exception table entry
[]> new
Enter a domain, sub-domain, user, or email address for which you wish to
provide an exception:
[]> mail.partner.com
Any of the following passes:
- @[IP address]
Matches any email address with this IP address.
- @domain
Matches any email address with this domain.
- @.partial.domain
Matches any email address domain ending in this domain.
- user@
Matches any email address beginning with user@.
- user@domain
Matches entire email address.
Enter a domain, sub-domain, user, or email address for which you wish to
provide an exception:
[]> [email protected]
Choose a policy for this domain exception:
1. Allow
2. Reject
[1]> 1
Choose the operation you want to perform:
- NEW - Create a new domain exception table entry
- EDIT - Edit a domain exception table entry
- DELETE - Delete a domain exception table entry
- PRINT - Print all domain exception table entries
- SEARCH - Search domain exception table
- CLEAR - Clear all domain exception entries
[]>

filters
Description
Configure message processing options.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-192

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Batch Command: This command does not support a batch format

Example
In this example, the filter command is used to create three new filters:

The first filter is named big_messages. It uses the body-size rule to drop messages larger than 10
megabytes.

The second filter is named no_mp3s. It uses the attachment-filename rule to drop messages that
contain attachments with the filename extension of .mp3.

The third filter is named mailfrompm. It uses mail-from rule examines all mail from
[email protected] and blind-carbon copies [email protected].

Using the filter -> list subcommand, the filters are listed to confirm that they are active and valid,
and then the first and last filters are switched in position using the move subcommand. Finally, the
changes are committed so that the filters take effect.
mail3.example.com> filters
Choose the operation you want to perform:
- NEW - Create a new filter.
- IMPORT - Import a filter script from a file.
[]> new
Enter filter script. Enter '.' on its own line to end.
big_messages:
if (body-size >= 10M) {
drop();
}
.
1 filters added.
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]> new
Enter filter script. Enter '.' on its own line to end.
no_mp3s:
if (attachment-filename == '\\.mp3$') {
drop();
}
.
1 filters added.
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-193

Chapter 3

The Commands: Reference Examples

Policy Enforcement

- LOGCONFIG - Configure log subscriptions used by filters.

- ROLLOVERNOW - Roll over a filter log file.
[]> new
Enter filter script. Enter '.' on its own line to end.
mailfrompm:
if (mail-from == "^postmaster$")
{ bcc ("[email protected]");}
.
1 filters added.
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]> list

policyconfig
Description
Configure per recipient or sender based policies.

Examples

Creating an Incoming Mail Policy to Drop Spam Messages and Archive Suspected Spam Messages,
page 3-195

Creating a Policy for the Sales Team, page 3-197

Creating a Policy for the Engineering Team, page 3-199

Creating the scan_for_confidential Content Filter, page 3-201

Creating the no_mp3s and ex_employee Content Filters, page 3-205

Enabling Content Filters for Specific Policies, page 3-210

DLP Policies for Default Outgoing Policy, page 3-213

Create an Incoming Policy to Drop the Messages Identified as Bulk Email or Social Network Email,
page 3-215

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-194

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Creating an Incoming Mail Policy to Drop Spam Messages and Archive Suspected Spam Messages
In this example, the policyconfig -> edit -> antispam subcommand is used to edit the Anti-Spam
settings for the default incoming mail policy. (Note that this same configuration is available in the GUI
from the Email Security Manager feature.)

First, messages positively identified as spam are chosen not to be archived; they will be dropped.

Messages that are suspected to be spam are chosen to be archived. They will also be sent to the Spam
Quarantine installed on the server named quarantine.example.com. The text [quarantined:
possible spam] is prepended to the subject line and a special header of X-quarantined: true is
configured to be added to these suspect messages. In this scenario, Administrators and end-users can
check the quarantine for false positives, and an administrator can adjust, if necessary, the suspected
spam threshold.

Finally, the changes are committed.

mail3.example.com> policyconfig
Would you like to configure Incoming or Outgoing Mail Policies?
1. Incoming
2. Outgoing
[1]> 1

Incoming Mail Policy Configuration

Name:
Anti-Spam:
Anti-Virus:
-----------------------

DEFAULT

Ironport

Mcafee

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

N/A

Off

Enabled

Choose the operation you want to perform:

- NEW - Create a new policy
- EDIT - Edit an existing policy
- PRINT - Print all policies
- FILTERS - Edit content filters
[]> edit
Name:
-----

1. DEFAULT

Anti-Spam:
----------

Graymail:
Anti-Virus: Advanced
------------------- Malware
Protection:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

Ironport

Mcafee

Off

Enabled

N/A

Enter the name or number of the entry you wish to edit:

[]> 1
Policy Summaries:
Anti-Spam: IronPort - Deliver, Prepend "[SPAM] " to Subject
Suspect-Spam: IronPort - Deliver, Prepend "[SUSPECTED SPAM] " to Subject
Anti-Virus: Off
Content Filters: Off (No content filters have been created)
Choose the operation you want to perform:
- ANTISPAM - Modify Anti-Spam policy
- ANTIVIRUS - Modify Anti-Virus policy

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-195

Chapter 3

The Commands: Reference Examples

Policy Enforcement

- OUTBREAK - Modify Outbreak Filters policy

[]> antispam
Choose the operation you want to perform:
- EDIT - Edit Anti-Spam policy
- DISABLE - Disable Anti-Spam policy (Disables all policy-related actions)
[]> edit
Begin Anti-Spam configuration
Some messages will be positively identified as spam. Some messages will be
identified as suspected spam. You can set the IronPort Anti-Spam Suspected Spam Threshold
below.
The following configuration options apply to messages POSITIVELY identified as spam:
What score would you like to set for the IronPort Anti-Spam spam threshold?
[90]> 90
1. DELIVER
2. DROP
3. BOUNCE
4. IRONPORT QUARANTINE
What do you want to do with messages identified as spam?
[1]> 2
Do you want to archive messages identified as spam? [N]>
Do you want to enable special treatment of suspected spam? [Y]> y
What score would you like to set for the IronPort Anti-Spam suspect spam threshold?
[50]> 50
The following configuration options apply to messages identified as SUSPECTED spam:
1. DELIVER
2. DROP
3. BOUNCE
4. IRONPORT QUARANTINE
What do you want to do with messages identified as SUSPECTED spam?
[1]> 4
Do you want to archive messages identified as SUSPECTED spam? [N]> y
1. PREPEND
2. APPEND
3. NONE
Do you want to add text to the subject of messages identified as SUSPECTED spam?
[1]> 1
What text do you want to prepend to the subject?
[[SUSPECTED SPAM] ]> [quarantined: possible spam]
Do you want to add a custom header to messages identified as SUSPECTED spam? [N]> y
Enter the name of the header:
[]> X-quarantined
Enter the text for the content of the header:
[]> true

Anti-Spam configuration complete

Policy Summaries:
Anti-Spam: IronPort - Drop

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-196

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Suspect-Spam: IronPort - Quarantine - Archiving copies of the original message.

Anti-Virus: McAfee - Scan and Clean
Content Filters: Off (No content filters have been created)
Outbreak Filters: Enabled. No bypass extensions.
Choose the operation you want to perform:
- ANTISPAM - Modify Anti-Spam policy
- ANTIVIRUS - Modify Anti-Virus policy
- OUTBREAK - Modify Outbreak Filters policy
[]>
Name:
-----

Anti-Spam:
----------

Anti-Virus:
----------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

- NEW - Create a new policy
- EDIT - Edit an existing policy
- PRINT - Print all policies
- FILTERS - Edit content filters
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> configured anti-spam for Incoming Default Policy
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

Creating a Policy for the Sales Team

Incoming Mail Policy Configuration
Name:
-----

Anti-Spam:
----------

Anti-Virus:
----------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

- NEW - Create a new policy
- EDIT - Edit an existing policy
- PRINT - Print all policies
- FILTERS - Edit content filters
[]> new
Enter the name for this policy:
[]> sales_team
Begin entering policy members. The following types of entries are allowed:
Username entries such as joe@, domain entries such as @example.com, sub-domain
entries such as @.example.com, LDAP group memberships such as ldap(Engineers)
Enter a member for this policy:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-197

Chapter 3

The Commands: Reference Examples

Policy Enforcement

[]> ldap(sales)
Please select an LDAP group query:
1. PublicLDAP.ldapgroup
[1]> 1
Is this entry a recipient or a sender?
1. Recipient
2. Sender
[1]> 1
Add another member? [Y]> n
Would you like to enable Anti-Spam support? [Y]> y
Use the policy table default? [Y]> n
Begin Anti-Spam configuration
Some messages will be positively identified as spam. Some messages will be
identified as suspected spam. You can set the IronPort Anti-Spam Suspected Spam Threshold
below.
The following configuration options apply to messages POSITIVELY identified as spam:
What score would you like to set for the IronPort Anti-Spam spam threshold?
[90]> 90
1. DELIVER
2. DROP
3. BOUNCE
4. IRONPORT QUARANTINE
What do you want to do with messages identified as spam?
[1]> 2
Do you want to archive messages identified as spam? [N]> n
Do you want to enable special treatment of suspected spam? [Y]> y
What score would you like to set for the IronPort Anti-Spam suspect spam
threshold?
[50]> 50
The following configuration options apply to messages identified as SUSPECTED
spam:
1. DELIVER
2. DROP
3. BOUNCE
4. IRONPORT QUARANTINE
What do you want to do with messages identified as SUSPECTED spam?
[1]> 4
Do you want to archive messages identified as SUSPECTED spam? [N]> n
1. PREPEND
2. APPEND
3. NONE
Do you want to add text to the subject of messages identified as SUSPECTED
spam?
[1]> 3
Do you want to add a custom header to messages identified as SUSPECTED spam? [N]> n
Anti-Spam configuration complete
Would you like to enable Anti-Virus support? [Y]> y

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-198

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Use the policy table default? [Y]> y

Would you like to enable Outbreak Filters for this policy? [Y]> y
Use the policy table default? [Y]> y
Incoming Mail Policy Configuration
Name:
Anti-Spam:
Anti-Virus:
-----------------------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

sales_team

IronPort

Default

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

Then, create the policy for the engineering team (three individual email recipients), specifying that .dwg
files are exempt from Outbreak Filter scanning.

Creating a Policy for the Engineering Team

Incoming Mail Policy Configuration
Name:
Anti-Spam:
Anti-Virus:
-----------------------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

sales_team

IronPort

Default

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

- NEW - Create a new policy
- EDIT - Edit an existing policy
- DELETE - Remove a policy
- PRINT - Print all policies
- SEARCH - Search for a policy by member
- FILTERS - Edit content filters
- CLEAR - Clear all policies
[]> new
Enter the name for this policy:
[]> engineering
Begin entering policy members. The following types of entries are allowed:
Username entries such as joe@, domain entries such as @example.com, sub-domain entries
such as @.example.com, LDAP group memberships such as ldap(Engineers)
Enter a member for this policy:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-199

Chapter 3

The Commands: Reference Examples

Policy Enforcement

[]> [email protected]
Is this entry a recipient or a sender?
1. Recipient
2. Sender
[1]> 1
Add another member? [Y]> y
Enter a member for this policy:
[]> [email protected]
Is this entry a recipient or a sender?
1. Recipient
2. Sender
[1]> 1
Add another member? [Y]> y
Enter a member for this policy:
[]> [email protected]
Is this entry a recipient or a sender?
1. Recipient
2. Sender
[1]> 1
Add another member? [Y]> n
Would you like to enable Anti-Spam support? [Y]> y
Use the policy table default? [Y]> y
Would you like to enable Anti-Virus support? [Y]> y
Use the policy table default? [Y]> y
Would you like to enable Outbreak Filters for this policy? [Y]> y
Use the policy table default? [Y]> n
Would you like to modify the list of file extensions that bypass
Outbreak Filters? [N]> y

Choose the operation you want to perform:

- NEW - Add a file extension
[]> new
Enter a file extension:
[]> dwg

Choose the operation you want to perform:

- NEW - Add a file extension
- DELETE - Delete a file extension
- PRINT - Display all file extensions
- CLEAR - Clear all file extensions
[]> print
The following file extensions will bypass Outbreak Filter processing:
dwg

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-200

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Choose the operation you want to perform:

- NEW - Add a file extension
- DELETE - Delete a file extension
- PRINT - Display all file extensions
- CLEAR - Clear all file extensions
[]>
Incoming Mail Policy Configuration
Name:
Anti-Spam:
Anti-Virus:
-----------------------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

sales_team

IronPort

Default

engineering

Default

Enabled

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

- NEW - Create a new policy
- EDIT - Edit an existing policy
- DELETE - Remove a policy
- PRINT - Print all policies
- SEARCH - Search for a policy by member
- MOVE - Move the position of a policy
- FILTERS - Edit content filters
- CLEAR - Clear all policies
[]>

Next, create three new content filters to be used in the Incoming Mail Overview policy table.
In the CLI, the filters subcommand of the policyconfig command is the equivalent of the Incoming
Content Filters GUI page. When you create content filters in the CLI, you must use the save
subcommand to save the filter and return to the policyconfig command.
First, create the scan_for_confidential content filter:

Creating the scan_for_confidential Content Filter

Incoming Mail Policy Configuration
Name:
Anti-Spam:
Anti-Virus:
-----------------------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

sales_team

IronPort

Default

engineering

Default

Enabled

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-201

Chapter 3

The Commands: Reference Examples

Policy Enforcement

[]> filters
No filters defined.
Choose the operation you want to perform:
- NEW - Create a new filter
[]> new
Enter a name for this filter:
[]> scan_for_confidential
Enter a description or comment for this filter (optional):
[]> scan all incoming mail for the string 'confidential'
Filter Name:

scan_for_confidential

Conditions:
Always Run
Actions:
No actions defined yet.
Description:
scan all incoming mail for the string 'confidential'
Choose the operation you want to perform:
- RENAME - Rename this filter
- DESC - Edit filter description
- ADD - Add condition or action
[]> add
1. Condition
2. Action
[1]> 1
1. Message Body Contains
2. Only Body Contains (Attachments are not scanned)
3. Message Body Size
4. Subject Header
5. Other Header
6. Attachment Contains
7. Attachment File Type
8. Attachment Name
9. Attachment MIME Type
10. Attachment Protected
11. Attachment Unprotected
12. Attachment Corrupt
13. Envelope Recipient Address
14. Envelope Recipient in LDAP Group
15. Envelope Sender Address
16. Envelope Sender in LDAP Group
17. Reputation Score
18. Remote IP
19. DKIM authentication result
20. SPF verification result
[1]> 1
Enter regular expression or smart identifier to search message contents for:
[]> confidential
Threshold required for match:
[1]> 1
Filter Name:

scan_for_confidential

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-202

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Conditions:
body-contains("confidential", 1)
Actions:
No actions defined yet.
Description:
scan all incoming mail for the string 'confidential'
Choose the operation you want to perform:
- RENAME - Rename this filter
- DESC - Edit filter description
- ADD - Add condition or action
- DELETE - Delete condition or action
[]> add
1. Condition
2. Action
[1]> 2
1. Bcc
2. Notify
3. Redirect To Alternate Email Address
4. Redirect To Alternate Host
5. Insert A Custom Header
6. Insert A Message Tag
7. Strip A Header
8. Send From Specific IP Interface
9. Drop Attachments By Content
10. Drop Attachments By Name
11. Drop Attachments By MIME Type
12. Drop Attachments By File Type
13. Drop Attachments By Size
14. Send To System Quarantine
15. Duplicate And Send To System Quarantine
16. Add Log Entry
17. Drop (Final Action)
18. Bounce (Final Action)
19. Skip Remaining Content Filters (Final Action)
20. Encrypt (Final Action)
21. Encrypt on Delivery
22. Skip Outbreak Filters check
[1]> 1
Enter the email address(es) to send the Bcc message to:
[]> [email protected]
Do you want to edit the subject line used on the Bcc message? [N]> y
Enter the subject to use:
[$Subject]> [message matched confidential filter]
Do you want to edit the return path of the Bcc message? [N]> n
Filter Name:

scan_for_confidential

Conditions:
body-contains("confidential", 1)
Actions:
bcc ("[email protected]", "[message matched confidential filter]")
Description:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-203

Chapter 3

The Commands: Reference Examples

Policy Enforcement

scan all incoming mail for the string 'confidential'

Choose the operation you want to perform:
- RENAME - Rename this filter
- DESC - Edit filter description
- ADD - Add condition or action
- DELETE - Delete condition or action
- SAVE - Save filter
[]> add
1. Condition
2. Action
[1]> 2
1. Bcc
2. Notify
3. Redirect To Alternate Email Address
4. Redirect To Alternate Host
5. Insert A Custom Header
6. Insert A Message Tag
7. Strip A Header
8. Send From Specific IP Interface
9. Drop Attachments By Content
10. Drop Attachments By Name
11. Drop Attachments By MIME Type
12. Drop Attachments By File Type
13. Drop Attachments By Size
14. Send To System Quarantine
15. Duplicate And Send To System Quarantine
16. Add Log Entry
17. Drop (Final Action)
18. Bounce (Final Action)
19. Skip Remaining Content Filters (Final Action)
20. Encrypt (Final Action)
21. Encrypt on Delivery
22. Skip Outbreak Filters check
[1]> 14
1. Policy
[1]> 1
Filter Name:

scan_for_confidential

Conditions:
body-contains("confidential", 1)
Actions:
bcc ("[email protected]", "[message matched confidential filter]")
quarantine ("Policy")
Description:
scan all incoming mail for the string 'confidential'
Choose the operation you want to perform:
- RENAME - Rename this filter
- DESC - Edit filter description
- ADD - Add condition or action
- DELETE - Delete condition or action
- MOVE - Reorder the conditions or actions
- SAVE - Save filter
[]> save
Defined filters:
1. scan_for_confidential: scan all incoming mail for the string 'confidential'

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-204

Chapter 3

The Commands: Reference Examples

3-207

Chapter 3

The Commands: Reference Examples

Policy Enforcement

12. Drop Attachments By File Type

13. Drop Attachments By Size
14. Send To System Quarantine
15. Duplicate And Send To System Quarantine
16. Add Log Entry
17. Drop (Final Action)
18. Bounce (Final Action)
19. Skip Remaining Content Filters (Final Action)
20. Encrypt (Final Action)
21. Encrypt on Delivery
22. Skip Outbreak Filters check
[1]> 2
Enter the email address(es) to send the notification to:
[]> [email protected]
Do you want to edit the subject line used on the notification? [N]> y
Enter the subject to use:
[]> message bounced for ex-employee of example.com
Do you want to edit the return path of the notification? [N]> n
Do you want to include a copy of the original message as an attachment to the
notification? [N]> y
Filter Name:

ex_employee

Conditions:
rcpt-to == "doug"
Actions:
notify-copy ("[email protected]", "message bounced for ex-employee of
example.com")
Description:
bounce messages intended for Doug
Choose the operation you want to perform:
- RENAME - Rename this filter
- DESC - Edit filter description
- ADD - Add condition or action
- DELETE - Delete condition or action
- SAVE - Save filter
[]> add
1. Condition
2. Action
[1]> 2
1. Bcc
2. Notify
3. Redirect To Alternate Email Address
4. Redirect To Alternate Host
5. Insert A Custom Header
6. Insert A Message Tag
7. Strip A Header
8. Send From Specific IP Interface
9. Drop Attachments By Content
10. Drop Attachments By Name
11. Drop Attachments By MIME Type
12. Drop Attachments By File Type
13. Drop Attachments By Size
14. Send To System Quarantine

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-208

Chapter 3

The Commands: Reference Examples

Policy Enforcement

15. Duplicate And Send To System Quarantine

16. Add Log Entry
17. Drop (Final Action)
18. Bounce (Final Action)
19. Skip Remaining Content Filters (Final Action)
20. Encrypt (Final Action)
21. Encrypt on Delivery
22. Skip Outbreak Filters check
[1]> 18
Filter Name:

ex_employee

Conditions:
rcpt-to == "doug"
Actions:
notify-copy ("[email protected]", "message bounced for ex-employee of
example.com")
bounce()
Description:
bounce messages intended for Doug
Choose the operation you want to perform:
- RENAME - Rename this filter
- DESC - Edit filter description
- ADD - Add condition or action
- DELETE - Delete condition or action
- SAVE - Save filter
[]> save
Defined filters:
1. scan_for_confidential: scan all incoming mail for the string 'confidential'
2. no_mp3s: strip all MP3 attachments
3. ex_employee: bounce messages intended for Doug
Choose the operation you want to perform:
- NEW - Create a new filter
- EDIT - Edit an existing filter
- DELETE - Delete a filter
- PRINT - Print all filters
- MOVE - Reorder a filter
- RENAME - Rename a filter
[]>
Incoming Mail Policy Configuration
Name:
Anti-Spam:
Anti-Virus:
-----------------------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

sales_team

IronPort

Default

engineering

Default

Enabled

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

- NEW - Create a new policy
- EDIT - Edit an existing policy
- DELETE - Remove a policy
- PRINT - Print all policies
- SEARCH - Search for a policy by member

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-209

Chapter 3

The Commands: Reference Examples

Policy Enforcement

- MOVE - Move the position of a policy

- FILTERS - Edit content filters
- CLEAR - Clear all policies
[]>

Enabling Content Filters for Specific Policies

Code Example illustrates how to enable the policies once again to enable the content filters for some
policies, but not for others.
Incoming Mail Policy Configuration
Name:
Anti-Spam:
Anti-Virus:
-----------------------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

sales_team

IronPort

Default

engineering

Default

Enabled

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

Graymail:
Anti-Virus: Advanced
------------------- Malware
Protection:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

IronPort

Default

2. engineering Default

Default

Enabled

3. DEFAULT

Mcafee

N/A

Off

Enabled

Name:
-----

1. sales_team

Ironport

Enter the name or number of the entry you wish to edit:

[]> 3
Policy Summaries:
Anti-Spam: IronPort - Drop
Suspect-Spam: IronPort - Quarantine - Archiving copies of the original message.
Anti-Virus: McAfee - Scan and Clean
Graymail Detection: Unsubscribe - Disabled
Content Filters: Off
Outbreak Filters: Enabled. No bypass extensions.
Choose the operation you want to perform:
- ANTISPAM - Modify Anti-Spam policy
- ANTIVIRUS - Modify Anti-Virus policy
- GRAYMAIL - Modify Graymail policy

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-210

Chapter 3

The Commands: Reference Examples

Policy Enforcement

- OUTBREAK - Modify Outbreak Filters policy

- FILTERS - Modify filters
[]> filters

Choose the operation you want to perform:

- ENABLE - Enable Content Filters policy
[]> enable
1.
2.
3.
Enter the
[]> 1

scan_for_confidential
no_mp3s
ex_employee
filter to toggle on/off, or press enter to finish:

1. Active
2.
3.
Enter the
[]> 2

scan_for_confidential
no_mp3s
ex_employee
filter to toggle on/off, or press enter to finish:

1. Active
2. Active
3.
Enter the
[]> 3

scan_for_confidential
no_mp3s
ex_employee
filter to toggle on/off, or press enter to finish:

1. Active
2. Active
3. Active
Enter the
[]>

scan_for_confidential
no_mp3s
ex_employee
filter to toggle on/off, or press enter to finish:

Policy Summaries:
Anti-Spam: IronPort - Drop
Suspect-Spam: IronPort - Quarantine - Archiving copies of the original message.
Anti-Virus: McAfee - Scan and Clean
Graymail Detection: Unsubscribe - Disabled
Content Filters: Enabled. Filters: scan_for_confidential, no_mp3s, ex_employee
Outbreak Filters: Enabled. No bypass extensions.
Choose the operation you want to perform:
- ANTISPAM - Modify Anti-Spam policy
- ANTIVIRUS - Modify Anti-Virus policy
- GRAYMAIL - Modify Graymail policy
- OUTBREAK - Modify Outbreak Filters policy
- FILTERS - Modify filters
[]>
Incoming Mail Policy Configuration
Name:
Anti-Spam:
Anti-Virus:
-----------------------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

sales_team

IronPort

Default

engineering

Default

Enabled

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-211

Chapter 3

The Commands: Reference Examples

Policy Enforcement

- NEW - Create a new policy

- EDIT - Edit an existing policy
- DELETE - Remove a policy
- PRINT - Print all policies
- SEARCH - Search for a policy by member
- MOVE - Move the position of a policy
- FILTERS - Edit content filters
- CLEAR - Clear all policies
[]> edit
Anti-Spam:
----------

Graymail:
Anti-Virus: Advanced
------------------- Malware
Protection:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

IronPort

Default

2. engineering Default

Default

Enabled

3. DEFAULT

Mcafee

N/A

Off

Enabled

Name:
-----

1. sales_team

Ironport

Enter the name or number of the entry you wish to edit:

[]> 2
Policy Summaries:
Anti-Spam: Default
Anti-Virus: Default
Graymail Detection: Unsubscribe - Default
Content Filters: Default
Outbreak Filters: Enabled. Bypass extensions: dwg
Choose the operation you want to perform:
- NAME - Change name of policy
- NEW - Add a new member
- DELETE - Remove a member
- PRINT - Print policy members
- ANTISPAM - Modify Anti-Spam policy
- ANTIVIRUS - Modify Anti-Virus policy
- GRAYMAIL - Modify Graymail policy
- OUTBREAK - Modify Outbreak Filters policy
- FILTERS - Modify filters
[]> filters

Choose the operation you want to perform:

- DISABLE - Disable Content Filters policy (Disables all policy-related
actions)
- ENABLE - Enable Content Filters policy
[]> enable
1.
2.
3.
Enter the
[]> 1

scan_for_confidential
no_mp3s
ex_employee
filter to toggle on/off, or press enter to finish:

1. Active
2.
3.
Enter the
[]> 3

scan_for_confidential
no_mp3s
ex_employee
filter to toggle on/off, or press enter to finish:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-212

Chapter 3

The Commands: Reference Examples

Policy Enforcement

1. Active
2.
3. Active
Enter the
[]>

scan_for_confidential
no_mp3s
ex_employee
filter to toggle on/off, or press enter to finish:

Policy Summaries:
Anti-Spam: Default
Anti-Virus: Default
Graymail Detection: Unsubscribe - Default
Content Filters: Enabled. Filters: scan_for_confidential, ex_employee
Outbreak Filters: Enabled. Bypass extensions: dwg
Choose the operation you want to perform:
- NAME - Change name of policy
- NEW - Add a new member
- DELETE - Remove a member
- PRINT - Print policy members
- ANTISPAM - Modify Anti-Spam policy
- ANTIVIRUS - Modify Anti-Virus policy
- GRAYMAIL - Modify Graymail policy
- OUTBREAK - Modify Outbreak Filters policy
- FILTERS - Modify filters
[]>
Incoming Mail Policy Configuration
Name:
Anti-Spam:
Anti-Virus:
-----------------------

Advanced
Malware
Protection:
----------

Graymail:
----------

Content
Filter:
----------

Outbreak
Filters:
-----------

sales_team

IronPort

Default

engineering

Default

Enabled

DEFAULT

Ironport

Mcafee

N/A

Off

Enabled

Choose the operation you want to perform:

Note

The CLI does not contain the notion of adding a new content filter within an individual policy. Rather,
the filters subcommand forces you to manage all content filters from within one subsection of the
policyconfig command. For that reason, adding the drop_large_attachments has been omitted from
this example.

DLP Policies for Default Outgoing Policy

This illustrates how to enable DLP policies on the default outgoing policy.
mail3.example.com> policyconfig

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-213

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Would you like to configure Incoming or Outgoing Mail Policies?

1. Incoming
2. Outgoing
[1]> 2
Outgoing Mail Policy Configuration
Name:
Anti-Spam: Anti-Virus: Advanced
-------------- ---------Malware
Protection:
---------DEFAULT

N/A

Graymail:
----------

Outbreak
Content
Filters:
Filter:
---------- -----------

DLP:
----

Off

Choose the operation you want to perform:

- NEW - Create a new policy
- EDIT - Edit an existing policy
- PRINT - Print all policies
- FILTERS - Edit content filters
[]> edit
Name:
-----

Anti-Spam: Anti-Virus: Advanced

---------- ---------- Malware
Protection:
----------

1. DEFAULT N/A

N/A

Outbreak
Graymail:
Content
Filters:
---------- Filter:
---------- -----------

DLP:
----

Off

Enter the name or number of the entry you wish to edit:

[]> 1
Policy Summaries:
Anti-Spam: Off
Anti-Virus: Off
Graymail Detection: Unsubscribe - Disabled
Content Filters: Off (No content filters have been created)
Outbreak Filters: Off
DLP: Off
Choose the operation you want to perform:
- ANTISPAM - Modify Anti-Spam policy
- ANTIVIRUS - Modify Anti-Virus policy
- GRAYMAIL - Modify Graymail policy
- OUTBREAK - Modify Outbreak Filters policy
- DLP - Modify DLP policy
[]> dlp
Choose the operation you want to perform:
- ENABLE - Enable DLP policy
[]> enable
1.
2.
3.
Enter the
[]> 1

California AB-1298
Suspicious Transmission - Zip Files
Restricted Files
policy to toggle on/off, or press enter to finish:

1. Active California AB-1298

2. Suspicious Transmission - Zip Files
3. Restricted Files

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-214

Off

Chapter 3

The Commands: Reference Examples

N/A

Off

N/A

Enter the name or number of the entry you wish to edit:

[]> 1
Policy Summaries:
Anti-Spam: Off
Graymail Detection: Off
Content Filters: Off (No content filters have been created)
Choose the operation you want to perform:
- ANTISPAM - Modify Anti-Spam policy
- GRAYMAIL - Modify Graymail policy
- FILTERS - Modify filters
[]> graymail

Choose the operation you want to perform:

- ENABLE - Enable Graymail policy
[]> enable
Begin Graymail configuration
Do you want to enable Safe Unsubscribe? [N]> y
Do you want to perform Safe Unsubscribe action only for unsigned messages (recommended)?
[Y]>
Do you want to enable actions on messages identified as Marketing Email? [N]>
Do you want to enable actions on messages identified as Social Networking Email? [N]> y
1. DELIVER
2. DROP
3. BOUNCE
What do you want to do with messages identified as Social Networking Email?
[1]> 2
Do you want to archive messages identified as Social Networking Email? [N]>
Do you want to enable actions on messages identified as Bulk Email? [N]> y
1. DELIVER
2. DROP
3. BOUNCE
What do you want to do with messages identified as Bulk Email?
[1]> 2
Do you want to archive messages identified as Bulk Email? [N]>
Graymail configuration complete.
Policy Summaries:
Anti-Spam: Off

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-216

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Graymail Detection: Unsubscribe - Enabled

Social Networking mails : Drop
Bulk mails : Drop
Content Filters: Off (No content filters have been created)
Choose the operation you want to perform:
- ANTISPAM - Modify Anti-Spam policy
- GRAYMAIL - Modify Graymail policy
- FILTERS - Modify filters
[]>

quarantineconfig
Description
Configure system quarantines.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> quarantineconfig
Currently configured quarantines:
#
1
2
3

Quarantine Name
Outbreak
Policy
Virus

Size (MB)
3,072
1,024
2,048

% full
0.0
0.1
empty

Messages
1
497
0

Retention
12h
10d
30d

Policy
Release
Delete
Delete

2,048 MB available for quarantine allocation.

Choose the operation you want to perform:
- NEW - Create a new quarantine.
- EDIT - Modify a quarantine.
- DELETE - Remove a quarantine.
- OUTBREAKMANAGE - Manage the Outbreak Filters quarantine.
[]> new
Please enter the name for this quarantine:
[]> HRQuarantine
Retention period for this quarantine. (Use 'd' for days or 'h' for hours.):
[]> 15 d
1. Delete
2. Release
Enter default action for quarantine:
[1]> 2
Do you want to modify the subject of messages that are released because
"HRQuarantine" overflows? [N]>
Do you want add a custom header to messages that are released because

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-217

Chapter 3

The Commands: Reference Examples

Policy Enforcement

"HRQuarantine" overflows? [N]>

Do you want to strip all attachments from messages that are released
because "HRQuarantine" overflows? [N]>
Do you want default action to apply automatically when quarantine space fills up? [Y]>

Currently configured quarantines:

# Quarantine Name
Size (MB) % full Messages Retention
1 HRQuarantine
1,024
N/A
N/A
15d
2 Outbreak
3,072
0.0
1
12h
3 Policy
1,024
0.1
497
10d
4 Virus
2,048
empty
0
30d
(N/A: Quarantine contents is not available at this time.)

Policy
Release
Release
Delete
Delete

1,024 MB available for quarantine allocation.

Choose the operation you want to perform:
- NEW - Create a new quarantine.
- EDIT - Modify a quarantine.
- DELETE - Remove a quarantine.
- OUTBREAKMANAGE - Manage the Outbreak Filters quarantine.

Users and Quarantines

Once you answer y or yes to the question about adding users, you begin user management, where you
can manage the user list. This lets you add or remove multiple users to the quarantine without having to
go through the other quarantine configuration questions. Press Return (Enter) at an empty prompt ([]>)
to exit the user management section and continue with configuring the quarantine.

Note

You will only be prompted to give users access to the quarantine if guest or operator users have already
been created on the system.
A quarantine's user list only contains users belonging to the Operators or Guests groups. Users in the
Administrators group always have full access to the quarantine. When managing the user list, the NEW
command is suppressed if all the Operator/Guest users are already on the quarantine's user list. Similarly,
DELETE is suppressed if there are no users to delete.

scanconfig
Description
Configure attachment scanning policy

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-218

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Example
In this example, the scanconfig command sets these parameters:

Note

MIME types of video/*, audio/*, image/* are skipped (not scanned for content).

Nested (recursive) archive attachments up to 10 levels are scanned. (The default is 5 levels.)

The maximum size for attachments to be scanned is 25 megabytes; anything larger will be skipped.
(The default is 5 megabytes.)

The document metadata is scannned.

Attachment scanning timeout is set at 180 seconds.

Attachments that were not scanned are assumed to not match the search pattern. (This is the default
behavior.)

ASCII encoding is configured for use when none is specified for plain body text or anything with
MIME type plain/text or plain/html.

When setting the assume the attachment matches the search pattern to Y, messages that cannot be
scanned will cause the message filter rule to evaluate to true. This could result in unexpected behavior,
such as the quarantining of messages that do not match a dictionary, but were quarantined because their
content could not be correctly scanned. This setting does not apply to RSA Email DLP scanning.
mail3.example.com> scanconfig
There are currently 5 attachment type mappings configured to be SKIPPED.
Choose the operation you want to perform:
- NEW - Add a new entry.
- DELETE - Remove an entry.
- SETUP - Configure scanning behavior.
- IMPORT - Load mappings from a file.
- EXPORT - Save mappings to a file.
- PRINT - Display the list.
- CLEAR - Remove all entries.
- SMIME - Configure S/MIME unpacking.
[]> setup
1. Scan only attachments with MIME types or fingerprints in the list.
2. Skip attachments with MIME types or fingerprints in the list.
Choose one:
[2]> 2
Enter the maximum depth of attachment recursion to scan:
[5]> 10
Enter the maximum size of attachment to scan:
[5242880]> 10m
Do you want to scan attachment metadata? [Y]> y
Enter the attachment scanning timeout (in seconds):
[30]> 180
If a message has attachments that were not scanned for any reason (e.g.
because of size, depth limits, or scanning timeout), assume the attachment matches the
search pattern? [N]> n
If a message could not be deconstructed into its component parts in order to remove
specified attachments, the system should:
1. Deliver

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-219

Chapter 3

The Commands: Reference Examples

Policy Enforcement

2. Bounce
3. Drop
[1]>
Configure encoding to use when none is specified for plain body text or
anything with MIME type plain/text or plain/html.
1. US-ASCII
2. Unicode (UTF-8)
3. Unicode (UTF-16)
4. Western European/Latin-1 (ISO 8859-1)
5. Western European/Latin-1 (Windows CP1252)
6. Traditional Chinese (Big 5)
7. Simplified Chinese (GB 2312)
8. Simplified Chinese (HZ GB 2312)
9. Korean (ISO 2022-KR)
10. Korean (KS-C-5601/EUC-KR)
11. Japanese (Shift-JIS (X0123))
12. Japanese (ISO-2022-JP)
13. Japanese (EUC)
[1]> 1
Scan behavior changed.
There are currently 5 attachment type mappings configured to be SKIPPED.
Choose the operation you want to perform:
- NEW - Add a new entry.
- DELETE - Remove an entry.
- SETUP - Configure scanning behavior.
- IMPORT - Load mappings from a file.
- EXPORT - Save mappings to a file.
- PRINT - Display the list.
- CLEAR - Remove all entries.
- SMIME - Configure S/MIME unpacking.
[]> print
1. Fingerprint
2. Fingerprint
3. MIME Type
4. MIME Type
5. MIME Type

Image
Media
audio/*
image/*
video/*

stripheaders
Description
Define a list of message headers to remove.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-220

Chapter 3

The Commands: Reference Examples

Policy Enforcement

Example
mail3.example.com> stripheaders
Not currently stripping any headers.
Choose the operation you want to perform:
- SETUP - Set message headers to remove.
[]> setup
Enter the list of headers you wish to strip from the messages before they are delivered.
Separate multiple headers with commas.
[]> Delivered-To
Currently stripping headers: Delivered-To

Choose the operation you want to perform:

- SETUP - Set message headers to remove.
[]>
mail3.example.com>

textconfig
Description
Configure text resources such as anti-virus alert templates, message disclaimers, and notification
templates, including DLP, bounce, and encryption notifications.

Example
Use textconfig -> NEW to create text resources, and textconfig > delete to remove them.
mail3.example.com> textconfig
Choose the operation you want to perform:
- NEW - Create a new text resource.
- IMPORT - Import a text resource from a file.
[]> new

What kind of text resource would you like to create?

1. Anti-Virus Container Template
2. Anti-Virus Notification Template
3. DLP Notification Template
4. Bounce and Encryption Failure Notification Template
5. Message Disclaimer

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-221

Chapter 3

The Commands: Reference Examples

Policy Enforcement

6. Encryption Notification Template (HTML)

7. Encryption Notification Template (text)
8. Notification Template
[1]> 5
Please create a name for the message disclaimer:
[]> disclaimer 1
Enter the encoding for the message disclaimer:
1. US-ASCII
2. Unicode (UTF-8)
3. Unicode (UTF-16)
4. Western European/Latin-1 (ISO 8859-1)
5. Western European/Latin-1 (Windows CP1252)
6. Traditional Chinese (Big 5)
7. Simplified Chinese (GB 2312)
8. Simplified Chinese (HZ GB 2312)
9. Korean (ISO 2022-KR)
10. Korean (KS-C-5601/EUC-KR)
11. Japanese (Shift-JIS (X0123))
12. Japanese (ISO-2022-JP)
13. Japanese (EUC)
[1]>
Enter or paste the message disclaimer here. Enter '.' on a blank line to end.
This message was sent from an IronPort(tm) Email Security appliance.
.
Message disclaimer "disclaimer 1" created.

Choose the operation you want to perform:

- NEW - Create a new text resource.
- IMPORT - Import a text resource from a file.
- EXPORT - Export text resource to a file.
- PRINT - Display the content of a resource.
- EDIT - Modify a resource.
- DELETE - Remove a resource from the system.
- LIST - List configured resources.
[]> delete
Please enter the name or number of the resource to delete:
[]> 1

Message disclaimer "disclaimer 1" has been deleted.

Choose the operation you want to perform:

- NEW - Create a new text resource.
- IMPORT - Import a text resource from a file.
[]>

Use textconfig -> EDIT to modify an existing text resource. You can change the encoding or replace
the text of the selected text resource.

Importing Text Resources

Use textconfig -> IMPORT to import a text file as a text resource. The text file must be present in the
configuration directory on the appliance.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-222

Chapter 3

The Commands: Reference Examples

Policy Enforcement

mail3.example.com> textconfig
Current Text Resources:
1. footer.2.message (Message Footer)
Choose the operation you want to perform:
- NEW - Create a new text resource.
- IMPORT - Import a text resource from a file.
- EXPORT - Export text resource to a file.
- PRINT - Display the content of a resource.
- EDIT - Modify a resource.
- DELETE - Remove a resource from the system.
- LIST - List configured resources.
[]> import
What kind of text resource would you like to create?
1. Anti-Virus Container Template
2. Anti-Virus Notification Template
3. DLP Notification Template
4. Bounce and Encryption Failure Notification Template
5. Message Disclaimer
6. Encryption Notification Template (HTML)
7. Encryption Notification Template (text)
8. Notification Template
[1]> 8
Please create a name for the notification template:
[]> strip.mp3files
Enter the name of the file to import:
[]> strip.mp3.txt
Enter the encoding to use for the imported file:
1. US-ASCII
[ list of encodings ]
[1]>
Notification template "strip.mp3files" created.
Current Text Resources:
1. disclaimer.2.message (Message Disclaimer)
2. strip.mp3files (Notification Template)
Choose the operation you want to perform:
- NEW - Create a new text resource.
- IMPORT - Import a text resource from a file.
- EXPORT - Export text resource to a file.
- PRINT - Display the content of a resource.
- EDIT - Modify a resource.
- DELETE - Remove a resource from the system.
- LIST - List configured resources.
[]>

Exporting Text Resources

Use textconfig -> EXPORT to export a text resource as a text file. The text file will be created in the
configuration directory on the appliance.
mail3.example.com> textconfig
Current Text Resources:
1. footer.2.message (Message Footer)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-223

Chapter 3

The Commands: Reference Examples

Logging and Alerts

2. strip.mp3 (Notification Template)

Choose the operation you want to perform:
- NEW - Create a new text resource.
- IMPORT - Import a text resource from a file.
- EXPORT - Export text resource to a file.
- PRINT - Display the content of a resource.
- EDIT - Modify a resource.
- DELETE - Remove a resource from the system.
- LIST - List configured resources.
[]> export
Please enter the name or number of the resource to export:
[]> 2
Enter the name of the file to export:
[strip.mp3]> strip.mp3.txt
Enter the encoding to use for the exported file:
1. US-ASCII
[ list of encoding types ]
[1]>
File written on machine "mail3.example.com" using us-ascii encoding.
Current Text Resources:
1. footer.2.message (Message Footer)
2. strip.mp3 (Notification Template)
Choose the operation you want to perform:
- NEW - Create a new text resource.
- IMPORT - Import a text resource from a file.
- EXPORT - Export text resource to a file.
- PRINT - Display the content of a resource.
- EDIT - Modify a resource.
- DELETE - Remove a resource from the system.
- LIST - List configured resources.
[]>

Logging and Alerts

This section contains the following CLI commands:

alertconfig

displayalerts

findevent

grep

logconfig

rollovernow

snmpconfig

tail

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-224

Chapter 3

The Commands: Reference Examples

Logging and Alerts

alertconfig
Description
Configure email alerts.

Example: Creating a New Alert

In this example, a new alert recipient ([email protected]) is created and set to receive critical
system, hardware, and directory harvest attack alerts.
vm30esa0086.ibqa> alertconfig
Not sending alerts (no configured addresses)
Alerts will be sent using the system-default From Address.
Cisco IronPort AutoSupport: Disabled
Choose the operation you want to perform:
- NEW - Add a new email address to send alerts.
- SETUP - Configure alert settings.
- FROM - Configure the From Address of alert emails.
[]> new
Please enter a new email address to send alerts.
(Ex: "[email protected]")
[]> [email protected]
Choose the Alert Classes. Separate multiple choices with commas.
1. All
2. System
3. Hardware
4. Updater
5. Outbreak Filters
6. Anti-Virus
7. Anti-Spam
8. Directory Harvest Attack Prevention
9. Release and Support Notifications
[1]> 2,3,8
Select a Severity Level.
1. All
2. Critical
3. Warning
4. Information
[1]> 2

Separate multiple choices with commas.

Sending alerts to:

[email protected]
Class: Hardware - Severities: Critical

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-225

Chapter 3

The Commands: Reference Examples

Logging and Alerts

Class: Directory Harvest Attack Prevention - Severities: Critical

Class: System - Severities: Critical
Initial number of seconds to wait before sending a duplicate alert: 300
Maximum number of seconds to wait before sending a duplicate alert: 3600
Maximum number of alerts stored in the system are: 50
Alerts will be sent using the system-default From Address.
Cisco IronPort AutoSupport: Disabled
Choose the operation you want to perform:
- NEW - Add a new email address to send alerts.
- EDIT - Modify alert subscription for an email address.
- DELETE - Remove an email address.
- CLEAR - Remove all email addresses (disable alerts).
- SETUP - Configure alert settings.
- FROM - Configure the From Address of alert emails.
[]>

displayalerts
Description
Display the last n alerts sent by the appliance

Example
> displayalerts
Date and Time Stamp

Description

-------------------------------------------------------------------------------10 Mar 2015 11:33:36 +0000

The updater could not validate the server certificate.
Server certificate not validated - unable to get local issuer
certificate
Last message occurred 28 times between Tue Mar 10 10:34:57 2015 and Tue Mar 10 11:32:24
2015.

10 Mar 2015 11:23:39 +0000

server for at least 1h.

The updater has been unable to communicate with the update

Last message occurred 8 times between Tue Mar 10 10:29:57 2015 and Tue Mar 10 11:18:24
2015.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-226

Chapter 3

The Commands: Reference Examples

Logging and Alerts

10 Mar 2015 10:33:36 +0000

The updater could not validate the server certificate.
Server certificate not validated - unable to get local issuer
certificate
Last message occurred 26 times between Tue Mar 10 09:33:55 2015 and Tue Mar 10 10:29:57
2015.

10 Mar 2015 10:23:39 +0000

server for at least 1h.

The updater has been unable to communicate with the update

Last message occurred 9 times between Tue Mar 10 09:26:54 2015 and Tue Mar 10 10:22:56
2015.

findevent
Description
Find events in mail log files

Example: Search by envelope FROM

mail.example.com> findevent
Please choose which type of search you want to perform:
1. Search by envelope FROM
2. Search by Message ID
3. Search by Subject
4. Search by envelope TO
[1]> 1
Enter the regular expression to search for.
[]> "
Currently configured logs:
Log Name
Log Type
Retrieval
Interval
--------------------------------------------------------------------------------1. mail_logs
IronPort Text Mail Logs
Manual Download
None
Enter the number of the log you wish to use for message tracking.
[1]> 1
Please choose which set of logs to search:
1. All available log files
2. Select log files by date list
3. Current log file
[3]> 3
No matching message IDs were found

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-227

Chapter 3

The Commands: Reference Examples

Logging and Alerts

Example: Search by Message ID

mail.example.com> findevent
Please choose which type of search you want to perform:
1. Search by envelope FROM
2. Search by Message ID
3. Search by Subject
4. Search by envelope TO
[1]> 2
Enter the Message ID (MID) to search for.
[]> 1
Currently configured logs:
Log Name
Log Type
Retrieval
Interval
--------------------------------------------------------------------------------1. mail_logs
IronPort Text Mail Logs
Manual Download
None
Enter the number of the log you wish to use for message tracking.
[1]> 1
Please choose which set of logs to search:
1. All available log files
2. Select log files by date list
3. Current log file
[3]> 1

Example: Search by Subject

mail.example.com> findevent
Please choose which type of search you want to perform:
1. Search by envelope FROM
2. Search by Message ID
3. Search by Subject
4. Search by envelope TO
[1]> 3
Enter the regular expression to search for.
[]> "
Currently configured logs:
Log Name
Log Type
Retrieval
Interval
--------------------------------------------------------------------------------1. mail_logs
IronPort Text Mail Logs
Manual Download
None
Enter the number of the log you wish to use for message tracking.
[1]> 1
Please choose which set of logs to search:
1. All available log files
2. Select log files by date list
3. Current log file
[3]> 2
Available mail log files, listed by log file start time. Specify multiple log files by
separating with commas or specify a range with a dash:
1. Thu Feb 19 05:18:02 2015
[1]>
No matching message IDs were found

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-228

Chapter 3

The Commands: Reference Examples

Logging and Alerts

Example: Search by envelope TO

mail.example.com> findevent
Please choose which type of search you want to perform:
1. Search by envelope FROM
2. Search by Message ID
3. Search by Subject
4. Search by envelope TO
[1]> 4
Enter the regular expression to search for.
[]> '
Currently configured logs:
Log Name
Log Type
Retrieval
Interval
--------------------------------------------------------------------------------1. mail_logs
IronPort Text Mail Logs
Manual Download
None
Enter the number of the log you wish to use for message tracking.
[1]> 1
Please choose which set of logs to search:
1. All available log files
2. Select log files by date list
3. Current log file
[3]> 3
No matching message IDs were found

grep
Description
Searches for text in a log file.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode. It is further restricted to the login
host (i.e., the specific machine you are logged onto). This command requires access to the local file
system.
Batch Command: This command does not support a batch format.
The grep command can be used to search for text strings within logs. Use the following syntax when
you run the grep command:
grep [-C count] [-e regex] [-i] [-p] [-t] [regex] log_name

Note

You must enter either -e regex or regex to return results.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-229

Chapter 3

The Commands: Reference Examples

Logging and Alerts

Use the following options when you run the grep command:
Table 3-12

grep Command Options

Option

Description

-C

Provides lines of context around the grep

pattern found. Enter a value to specify the
number of lines to include.

-e

Enter a regular expression.

-i

Ignores case sensitivities.

-p

Paginates the output.

-t

Runs the grep command over the tail of the log

file.

regex

Enter a regular expression.

Example of grep
The following example shows a search for the text string clean or viral within the antivirus logs. The
grep command includes a regex expression:
mail3.example.com> grep "CLEAN\\|VIRAL" antivirus
Fri Jun 9 21:50:25
Fri Jun 9 21:53:15
Fri Jun 9 22:47:41
Fri Jun 9 22:47:41
Fri Jun 9 22:47:41
Fri Jun 9 22:47:41
Fri Jun 9 22:47:42
Fri Jun 9 22:53:04
Fri Jun 9 22:53:05
Fri Jun 9 22:53:06
Fri Jun 9 22:53:07
Fri Jun 9 22:53:08
Fri Jun 9 22:53:08
mail3.example.com>

2006
2006
2006
2006
2006
2006
2006
2006
2006
2006
2006
2006
2006

Info:
Info:
Info:
Info:
Info:
Info:
Info:
Info:
Info:
Info:
Info:
Info:
Info:

sophos
sophos
sophos
sophos
sophos
sophos
sophos
sophos
sophos
sophos
sophos
sophos
sophos

antivirus
antivirus
antivirus
antivirus
antivirus
antivirus
antivirus
antivirus
antivirus
antivirus
antivirus
antivirus
antivirus

MID
MID
MID
MID
MID
MID
MID
MID
MID
MID
MID
MID
MID

1 - Result 'CLEAN' ()
2 - Result 'CLEAN' ()
3 - Result 'CLEAN' ()
4 - Result 'CLEAN' ()
5 - Result 'CLEAN' ()
6 - Result 'CLEAN' ()
12 - Result 'CLEAN' ()
18 - Result 'VIRAL' ()
16 - Result 'VIRAL' ()
19 - Result 'VIRAL' ()
21 - Result 'VIRAL' ()
20 - Result 'VIRAL' ()
22 - Result 'VIRAL' ()

Poll
Push
Push

Hostname to deliver the logs:

[]> 10.1.1.1
Port to connect to on the remote host:
[22]>
Username on the remote host:
[]> logger
Directory on remote host to place logs:
[]> /tmp
Filename to use for log files:
[delivery.log]>
Maximum time to wait before transferring:
[3600]>
Maximum filesize before transferring:
[10485760]>
Protocol:
1. SSH1
2. SSH2
[2]> 2
Do you want to enable host key checking?

[N]> y

Do you want to automatically scan the host for its SSH key, or enter it
manually?
1. Automatically scan.
2. Enter manually.
[1]> 1

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-234

Chapter 3

The Commands: Reference Examples

Logging and Alerts

SSH2:dsa
10.1.1.1 ssh-dss
AAAAB3NzaC1kc3MAAACBALwGi4IlWLDVndbIwEsArt9LVE2ts5yE9JBTSdUwLvoq0G3FRqifrce92zgyHtc/ZWyXav
UTIM3Xd1bpiEcscMp2XKpSnPPx21y8bqkpJsSCQcM8zZMDjnOPm8ghiwHXYh7oNEUJCCPnPxAy44rlJ5Yz4x9eIoAL
p0dHU0GR+j1NAAAAFQDQi5GY/X9PlDM3fPMvEx7wc0edlwAAAIB9cgMTEFP1WTAGrlRtbowZP5zWZtVDTxLhdXzjlo
4+bB4hBR7DKuc80+naAFnThyH/J8R3WlJVF79M5geKJbXzuJGDK3Zwl3UYefPqBqXp2O1zLRQSJYx1WhwYz/rooopN
1BnF4sh12mtq3tde1176bQgtwaQA4wKO15k3zOWsPwAAAIAicRYat3y+Blv/V6wdE6BBk+oULv3eK38gafuip4WMBx
kG9GO6EQi8nss82oznwWBy/pITRQfh4MBmlxTF4VEY00sARrlZtuUJC1QGQvCgh7Nd3YNais2CSbEKBEaIOTF6+SX2
RNpcUF3Wg5ygw92xtqQPKMcZeLtK2ZJRkhC+Vw==
Add the preceding host key(s) for 10.1.1.1?

[Y]> y

Currently installed host keys:

1. 10.1.1.1 1024 35 12260642076447444117847407996206675325...3520565607
2. 10.1.1.1 ssh-dss AAAAB3NzaC1kc3MAAACBALwGi4IlWLDVndbIwE...JRkhC+Vw==
Choose the operation you want to perform:
- NEW - Add a new key.
- EDIT - Modify a key.
- DELETE - Remove a key.
- SCAN - Automatically download a host key.
- PRINT - Display a key.
- HOST - Display this machine's host keys.
[]>
Maximum filesize before transferring:
[10485760]>
Protocol:
1. SSH1
2. SSH2
[2]> 2
Do you want to enable host key checking?

[N]> y

Currently installed host keys:

Choose the operation you want to perform:
- NEW - Add a new key.
- SCAN - Automatically download a host key.
- HOST - Display this machine's host keys.
[]> scan
Choose the ssh protocol type:
1. SSH1:rsa
2. SSH2:rsa
3. SSH2:dsa
4. All
[4]> 4

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail3.example.com> rollovernow

Currently configured logs:

1. "antispam" Type: "Anti-Spam Logs" Retrieval: FTP Poll
2. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
3. "asarchive" Type: "Anti-Spam Archive" Retrieval: FTP Poll
4. "authentication" Type: "Authentication Logs" Retrieval: FTP Poll
5. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
6. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
7. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
8. "encryption" Type: "Encryption Logs" Retrieval: FTP Poll
9. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
10. "euq_logs" Type: "IronPort Spam Quarantine Logs" Retrieval: FTP Poll
11. "euqgui_logs" Type: "IronPort Spam Quarantine GUI Logs" Retrieval: FTP Poll
12. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
13. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
14. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
15. "reportd_logs" Type: "Reporting Logs" Retrieval: FTP Poll
16. "reportqueryd_logs" Type: "Reporting Query Logs" Retrieval: FTP Poll
17. "scanning" Type: "Scanning Logs" Retrieval: FTP Poll
18. "slbld_logs" Type: "Safe/Block Lists Logs" Retrieval: FTP Poll
19. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
20. "status" Type: "Status Logs" Retrieval: FTP Poll
21. "system_logs" Type: "System Logs" Retrieval: FTP Poll
22. "trackerd_logs" Type: "Tracking Logs" Retrieval: FTP Poll
23. "updater_logs" Type: "Updater Logs" Retrieval: FTP Poll
24. All Logs
Which log would you like to roll over?
[]> 2
Log files successfully rolled over.
mail3.example.com>

snmpconfig
Description
Configure SNMP.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-238

Chapter 3

The Commands: Reference Examples

Logging and Alerts

Example
In the following example, the snmpconfig command is used to enable SNMP on the PublicNet
interface on port 161. A passphrase for version 3 is entered and then re-entered for confirmation. The
system is configured to service version 1 and 2 requests, and the community string public is entered for
GET requests from those versions 1 and 2. The trap target of snmp-monitor.example.com is entered.
Finally, system location and contact information is entered.
mail3.example.com> snmpconfig
Current SNMP settings:
SNMP Disabled.
Choose the operation you want to perform:
- SETUP - Configure SNMP.
[]> setup
Do you want to enable SNMP? [N]> y
Please choose an IP interface for SNMP requests.
1. Data 1 (192.168.1.1/24: buttercup.run)
2. Data 2 (192.168.2.1/24: buttercup.run)
3. Management (192.168.44.44/24: buttercup.run)
[1]>
Enter the SNMPv3 passphrase.
>
Please enter the SNMPv3 passphrase again to confirm.
>
Which port shall the SNMP daemon listen on?
[161]>
Service SNMP V1/V2c requests? [N]> y
Enter the SNMP V1/V2c community string.
[]> public
From which network shall SNMP V1/V2c requests be allowed?
[192.168.2.0/24]>
Enter the Trap target (IP address). Enter "None" to disable traps.
[None]> snmp-monitor.example.com
Enterprise Trap Status
1. RAIDStatusChange
Enabled
2. fanFailure
Enabled
3. highTemperature
Enabled
4. keyExpiration
Enabled
5. linkDown
Enabled
6. linkUp
Enabled
7. powerSupplyStatusChange
Enabled
8. resourceConservationMode
Enabled
9. updateFailure
Enabled
Do you want to change any of these settings? [N]> y

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-239

Chapter 3

The Commands: Reference Examples

Logging and Alerts

Do you want to disable any of these traps? [Y]>

Enter number or numbers of traps to disable. Separate multiple numbers with commas.
[]> 1,8
Enterprise Trap Status
1. RAIDStatusChange
Disabled
2. fanFailure
Enabled
3. highTemperature
Enabled
4. keyExpiration
Enabled
5. linkDown
Enabled
6. linkUp
Enabled
7. powerSupplyStatusChange
Enabled
8. resourceConservationMode
Disabled
9. updateFailure
Enabled
Do you want to change any of these settings? [N]>
Enter the System Location string.
[Unknown: Not Yet Configured]> Network Operations Center - west; rack #31, position 2
Enter the System Contact string.
[snmp@localhost]> Joe Administrator, x8888
Current SNMP settings:
Listening on interface "Data 1" 192.168.2.1/24 port 161.
SNMP v3: Enabled.
SNMP v1/v2: Enabled, accepting requests from subnet 192.168.2.0/24.
SNMP v1/v2 Community String: public
Trap target: snmp-monitor.example.com
Location: Network Operations Center - west; rack #31, position 2
System Contact: Joe Administrator, x8888
mail3.example.com>

tail
Description
Continuously display the end of a log file. The tail command also accepts the name or number of a log
to view as a parameter: tail 9 or tail mail_logs.

Example
mail3.example.com> tail

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-240

Chapter 3

The Commands: Reference Examples

Reporting

Currently configured logs:

1. "antispam" Type: "Anti-Spam Logs" Retrieval: FTP Poll
2. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
3. "asarchive" Type: "Anti-Spam Archive" Retrieval: FTP Poll
4. "authentication" Type: "Authentication Logs" Retrieval: FTP Poll
5. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
6. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
7. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
8. "encryption" Type: "Encryption Logs" Retrieval: FTP Poll
9. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
10. "euq_logs" Type: "IronPort Spam Quarantine Logs" Retrieval: FTP Poll
11. "euqgui_logs" Type: "IronPort Spam Quarantine GUI Logs" Retrieval: FTP Poll
12. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
13. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
14. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
15. "reportd_logs" Type: "Reporting Logs" Retrieval: FTP Poll
16. "reportqueryd_logs" Type: "Reporting Query Logs" Retrieval: FTP Poll
17. "scanning" Type: "Scanning Logs" Retrieval: FTP Poll
18. "slbld_logs" Type: "Safe/Block Lists Logs" Retrieval: FTP Poll
19. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
20. "status" Type: "Status Logs" Retrieval: FTP Poll
21. "system_logs" Type: "System Logs" Retrieval: FTP Poll
22. "trackerd_logs" Type: "Tracking Logs" Retrieval: FTP Poll
23. "updater_logs" Type: "Updater Logs" Retrieval: FTP Poll
Enter the number of the log you wish to tail.
[]> 19
Press Ctrl-C to stop.
Sat May 15 12:25:10 2008
Quarantine Delivery Host
Sat May 15 23:18:10 2008
Sat May 15 23:18:10 2008
config
Sat May 15 23:46:06 2008
Sat May 15 23:46:06 2008
Sat May 15 23:46:35 2008
Sat May 15 23:46:35 2008
Sat May 15 23:48:17 2008
Sun May 16 00:00:00 2008
2004, size 2154 bytes
^Cmail3.example.com>

Info: PID 274: User system commit changes: Automated Update for
Info: PID 19626: User admin commit changes:
Info: PID 274: User system commit changes: Updated filter logs
Info:
Info:
Info:
Info:
Info:
Info:

PID 25696: User admin commit changes: Receiving

PID 25696: User admin commit changes: Suspended
PID 25696: User admin commit changes: Receiving
PID 25696: User admin commit changes: Receiving
PID 25696: User admin commit changes:
Generated report: name b, start time Sun May 16

suspended.
receiving.
resumed.
resumed.
00:00:00

Reporting
This section contains the following CLI commands:

reportingconfig

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-241

Chapter 3

The Commands: Reference Examples

Reporting

reportingconfig
Using the reportingconfig command
The following subcommands are available within the reportingconfig submenu:
Table 3-13

reportingconfig Subcommands

Syntax

Description

Availability

filters

Configure filters for the Security

Management appliance.

M-Series only

alert_timeout

Configure when you will be alerted due M-Series only

to failing to get reporting data.

domain

Configure domain report settings.

mode

C-, M-Series
Enable centralized reporting on the
Security Management appliance.
Enable centralized or local reporting for
the Email Security appliance.

mailsetup

Configure reporting for the Email

Security applaince.

M-Series only

C-Series only

Usage
Commit: This command requires a commit.

Example: Enabling Reporting Filters (M-Series only)

mail3.example.com> reportingconfig

Choose the operation you want to perform:

- FILTERS - Configure filtering for the SMA.
- ALERT_TIMEOUT - Configure when you will be alerted due to failing to get reporting data
- DOMAIN - Configure domain report settings.
- MODE - Enable/disable centralized reporting.
[]> filters
Filters remove specific sets of centralized reporting data from the "last year" reports.
Data from the reporting groups selected below will not be recorded.
All filtering has been disabled.
1. No Filtering enabled
2. IP Connection Level Detail.
3. User Detail.
4. Mail Traffic Detail.
Choose which groups to filter, you can specify multiple filters by entering a comma
separated list:
[]> 2, 3

Choose the operation you want to perform:

- FILTERS - Configure filtering for the SMA.
- ALERT_TIMEOUT - Configure when you will be alerted due to failing to get

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-242

Chapter 3

The Commands: Reference Examples

Reporting

reporting data
- DOMAIN - Configure domain report settings.
- MODE - Enable/disable centralized reporting.
[]>

Enabling HAT REJECT Information for Domain Reports (M-Series only)

mail3.example.com> reportingconfig

Choose the operation you want to perform:

- FILTERS - Configure filtering for the SMA.
- ALERT_TIMEOUT - Configure when you will be alerted due to failing to get reporting data
- DOMAIN - Configure domain report settings.
- MODE - Enable/disable centralized reporting.
[]> domain
If you have configured HAT REJECT policy on all remote appliances providing reporting data
to this appliance to occur at the message recipient level then of domain reports.
Use message recipient HAT REJECT information for domain reports? [N]> y

Choose the operation you want to perform:

Enabling Timeout Alerts (M-Series only)

mail3.example.com> reportingconfig

Choose the operation you want to perform:

- FILTERS - Configure filtering for the SMA.
- ALERT_TIMEOUT - Configure when you will be alerted due to failing to get reporting data
- DOMAIN - Configure domain report settings.
- MODE - Enable/disable centralized reporting.
[]> alert_timeout
An alert will be sent if reporting data has not been fetched from an appliance after 360
minutes.
Would you like timeout alerts to be enabled? [Y]> y
After how many minutes should an alert be sent?
[360]> 240

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-243

Chapter 3

The Commands: Reference Examples

Reporting

Enabling Centralized Reporting for an Email Security Appliance

mail3.example.com> reportingconfig

Choose the operation you want to perform:

- MAILSETUP - Configure reporting for the ESA.
- MODE - Enable centralized or local reporting for the ESA.
[]> mode
Centralized reporting: Local reporting only.
Do you want to enable centralized reporting? [N]> y

Choose the operation you want to perform:

- MAILSETUP - Configure reporting for the ESA.
- MODE - Enable centralized or local reporting for the ESA.
[]>

Configure Storage Limit for Reporting Data (C-Series only)

mail.example.com> reportingconfig

Choose the operation you want to perform:

- MAILSETUP - Configure reporting for the ESA.
- MODE - Enable centralized or local reporting for the ESA.
[]> mailsetup
SenderBase timeout used by the web interface: 5 seconds
Sender Reputation Multiplier: 3
The current level of reporting data recording is: unlimited
No custom second level domains are defined.
Legacy mailflow report: Disabled

Choose the operation you want to perform:

- SENDERBASE - Configure SenderBase timeout for the web interface.
- MULTIPLIER - Configure Sender Reputation Multiplier.
- COUNTERS - Limit counters recorded by the reporting system.
- THROTTLING - Limit unique hosts tracked for rejected connection reporting.
- TLD - Add customer specific domains for reporting rollup.
- STORAGE - How long centralized reporting data will be stored on the C-series before
being overwritten.
- LEGACY - Configure legacy mailflow report.
[]> storage

While in centralized mode the C-series will store reporting data for the M-series to
collect. If the M-series does not collect that data then eventually the C-series will
begin to overwrite the oldest data with new data.
A maximum of 24 hours of reporting data will be stored.
How many hours of reporting data should be stored before data loss?
[24]> 48
SenderBase timeout used by the web interface: 5 seconds
Sender Reputation Multiplier: 3
The current level of reporting data recording is: unlimited
No custom second level domains are defined.
Legacy mailflow report: Disabled

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-244

Chapter 3

The Commands: Reference Examples

Senderbase

Choose the operation you want to perform:

- SENDERBASE - Configure SenderBase timeout for the web interface.
- MULTIPLIER - Configure Sender Reputation Multiplier.
- COUNTERS - Limit counters recorded by the reporting system.
- THROTTLING - Limit unique hosts tracked for rejected connection reporting.
- TLD - Add customer specific domains for reporting rollup.
- STORAGE - How long centralized reporting data will be stored on the C-series
before being overwritten.
- LEGACY - Configure legacy mailflow report.
[]>

Senderbase
This section contains the following CLI commands:

sbstatus

senderbaseconfig

sbstatus
Description
Display status of SenderBase queries.

Example
mail3.example.com> sbstatus
SenderBase host status
Status as of:
Tue Oct 21 10:55:04 2003
Host up/down:
up

If the appliance is unable to contact the SenderBase Reputation Service, or the service has never been
contacted, the following is displayed:
mail3.example.com> sbstatus
SenderBase host status
Host up/down:
Unknown (never contacted)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-245

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

senderbaseconfig
Description
Configure SenderBase connection settings.

Example
mail3.example.com> senderbaseconfig
Share statistics with SenderBase Information Service: Enabled
Choose the operation you want to perform:
- SETUP - Configure SenderBase Network Participation settings
[]> setup
Do you want to share statistical data with the SenderBase Information Service
(recommended)? [Y]>
Share statistics with SenderBase Information Service: Enabled
Choose the operation you want to perform:
- SETUP - Configure SenderBase Network Participation settings
[]>

SMTP Services Configuration

This section contains the following CLI commands:

callaheadconfig

listenerconfig

localeconfig

smtpauthconfig

callaheadconfig
Description
Add, edit, and remove SMTP Call-Ahead profiles

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-246

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Example
In the following example you can create a new SMTP call-ahead profile for delivery host.
> callaheadconfig
No SMTP Call-Ahead profiles are configured on the system.
Choose the operation you want to perform:
- NEW - Create a new profile.
[]> new
Select the type of profile you want to create:
1. Delivery Host
2. Static Call-Ahead Servers
[1]> 1
Please enter a name for the profile:
[]> delhost01
Advanced Settings:
MAIL FROM Address: <>
Interface: Auto
Timeout Value: 30
Validation Failure Action: ACCEPT
Temporary Failure Action: REJECT with same code
Maximum number of connections: 5
Maximum number of validation queries: 1000
Cache size: 10000
Cache TTL: 900
Do you want to change advanced settings? [N]> n
Currently configured SMTP Call-Ahead profiles:
1. delhost01 (Delivery Host)
Choose the operation you want to perform:
- NEW - Create a new profile.
- EDIT - Modify a profile.
- DELETE - Delete a profile.
- PRINT - Display profile information.
- TEST - Test profile.
- FLUSHCACHE - Flush SMTP Call-Ahead cache.
[]>

In the following example you can create a new SMTP call-ahead profile for call ahead server.
> callaheadconfig
Currently configured SMTP Call-Ahead profiles:
1. delhost01 (Delivery Host)
Choose the operation you want to perform:
- NEW - Create a new profile.
- EDIT - Modify a profile.
- DELETE - Delete a profile.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-247

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

- PRINT - Display profile information.

- TEST - Test profile.
- FLUSHCACHE - Flush SMTP Call-Ahead cache.
[]> new
Select the type of profile you want to create:
1. Delivery Host
2. Static Call-Ahead Servers
[1]> 2
Please enter a name for the profile:
[]> Static
Enter one or more Call-Ahead servers hostname separated by commas.
[]> 192.168.1.2
Advanced Settings:
MAIL FROM Address: <>
Interface: Auto
Timeout Value: 30
Validation Failure Action: ACCEPT
Temporary Failure Action: REJECT with same code
Maximum number of connections: 5
Maximum number of validation queries: 1000
Cache size: 10000
Cache TTL: 900
Do you want to change advanced settings? [N]> n
Currently configured SMTP Call-Ahead profiles:
1. Static (Static Call-Ahead Servers)
2. delhost01 (Delivery Host)
Choose the operation you want to perform:
- NEW - Create a new profile.
- EDIT - Modify a profile.
- DELETE - Delete a profile.
- PRINT - Display profile information.
- TEST - Test profile.
- FLUSHCACHE - Flush SMTP Call-Ahead cache.
[]> print
Select the profile you want to print:
1. Static (Static Call-Ahead Servers)
2. delhost01 (Delivery Host)
[1]>

listenerconfig
Description
The listenerconfig command allows you to create, edit, and delete a listener. AsyncOS requires that you
specify criteria that messages must meet in order to be accepted and then relayed to recipient hosts
either internal to your network or to external recipients on the Internet.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-248

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

These qualifying criteria are defined in listeners; collectively, they define and enforce your mail flow
policies. Listeners also define how the appliance communicates with the system that is injecting email.
Table 3-14

listenerconfig Commands

Name

Unique nickname you supply for the listener, for future reference.
The names you define for listeners are case-sensitive. AsyncOS does
not allow you to create two identical listener names.

IP Interface

Listeners are assigned to IP interfaces. All IP interfaces must be

configured using the systemstartup command or the
interfaceconfig command before you create and assign a listener
to it.

Mail protocol

The mail protocol is used for email receiving: either ESMTP or

QMQP

IP Port

The specific IP
port used for
connections to the
listener. by default
SMTP uses port
25 and QMQP
uses port 628.
Public
Private

Blackhole

Listener Type:

Public and private listeners are used for most

configurations. By convention, private listeners
are intended to be used for private (internal)
networks, while public listeners contain default
characteristics for receiving email from the
Internet.
Blackhole listeners can be used for testing or
troubleshooting purposes. When you create a
blackhole listener, you choose whether
messages are written to disk or not before they
are deleted. (See the Testing and
Troubleshooting chapter of the User Guide for
AsyncOS for Cisco Email Security Appliances
for more information.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

Batch Format - General listenerconfig

The batch format of the listenerconfig command can be used to add and delete listeners on a particular
interface. The batch format of the listenerconfig command also allows you to configure a listeners HAT
and RAT.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-249

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Adding a new listener:

listenerconfig new <name> <public|private|blackhole|blackholequeueing>
<interface_name> <smtp|qmqp>

Deleting a listener:
listenerconfig delete <name>

Batch Format - HAT

The following examples demonstrate the use of the batch format of listenerconfig to perform various
HAT-related tasks. For more information about arguments, consult Table 3-15, listenerconfig Argument
Values -HAT, on page 252

Adding a new sendergroup to the HAT

listenerconfig edit <name> hostaccess new sendergroup <name>
<host_list> <behavior> [options [--comments]

Add a new policy to the HAT

listenerconfig edit <name> hostaccess new policy <name> <behavior>
[options]

Add a new host list to a sendergroup

listenerconfig edit sendergroup <name> hostaccess edit sendergroup
<name> new <host_list>

Delete a host from a sendergroup

listenerconfig edit sendergroup <name> hostaccess edit sendergroup
<name> delete <host>

Move a host in a sendergroups list order

listenerconfig edit sendergroup <name> hostaccess edit sendergroup
<name> move <host> <host-to-insert-before>

Modify a sendergroups policy

listenerconfig edit sendergroup <name> hostaccess edit sendergroup
<name> policy <behavior> [options]

Print a sendergroup listing

listenerconfig edit <name> hostaccess edit sendergroup <name> print

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-250

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Rename a sendergroup
listenerconfig edit sendergroup <name> hostaccess edit sendergroup
<name> rename <name>

Editing a HATs policy

listenerconfig edit <name> hostaccess edit policy <name> <behavior>
[options]

Deleting a sendergroup from a HAT

listenerconfig edit <name> hostaccess delete sendergroup <name>

Deleting a policy
listenerconfig edit <name> hostaccess delete policy <name>

Moving a sendergroups position in the HAT

listenerconfig edit <name> hostaccess move <group>
<group-to-insert-before>

Changing a HAT default option

listenerconfig edit <name> hostaccess default [options]

Printing the hostaccess table

listenerconfig edit <name> hostaccess print

Import a local copy of a HAT

listenerconfig edit <name> hostaccess import <filename>

Exporting a copy of the HAT from the appliance

listenerconfig edit <name> hostaccess export <filename>

Deleting all user defined sendergroups and policies from the HAT
listenerconfig edit <name> hostaccess clear

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-251

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Table 3-15

listenerconfig Argument Values -HAT

Argument

Description

Accept, Relay, Reject, TCP Refuse, or

Continue. When selecting a behavior for use
with a sendergroup, additional behaviors of the
form Policy: FOO are available (where FOO is
the name of policy).

The filename to use with importing and exporting

the hostaccess tables.

<group>

A sendergroup <name>.

<host>

A single entity of a <host_list>

Enter the hosts to add. Hosts can be formatted as
follows:
CIDR addresses (10.1.1.0/24)
IP address ranges (10.1.1.10-20)
IP Subnets (10.2.3)
Hostname (crm.example.com)
Partial Hostname (.example.com)
Sender Base Reputation Score range (7.5:10.0)
Senderbase Network Owner IDS (SBO:12345)
Remote blacklist queries
(dnslist[query.blacklist.example]

<host_list>

Note

<name>

The name of the sendergroup or policy. HAT labels

must start with a letter or underscore, followed by
any number of letters, numbers, underscores or
hyphens.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-252

Separate multiple hosts with commas

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Table 3-15

listenerconfig Argument Values -HAT

--max_size

Maximum message size. Add a trailing k for

kilobytes, M for megabytes, or no letters for bytes.

--max_conn

Maximum number of connections allowed from a

single host.

--max_msgs

Maximum number of messages per connection.

--max_rcpt

Maximum number of recipients per message.

--override

Override the hostname in the SMTP banner. No

or SMTP banner string.

--cust_acc

Specify a custom SMTP acceptance response.

No or SMTP acceptance response string.

--acc_code

Custom SMTP acceptance response code. Default

is 220.

--cust_rej

Specify a custom SMTP rejection response. No

or SMTP rejection response string.

--rej_code

Custom SMTP rejection response code. Default is

554.

--rate_lim

Enable rate limiting per host. No, default or

maximum number of recipients per hour per host.

--cust_lim

Specify a custom SMTP limit exceeded response

message. No or SMTP rejection response string.
Default is No.

--lim_code

Custom SMTP limit exceeded response code.

Default is 452.

--use_sb

Use SenderBase for flow control by default. Yes,

No, or default.

--as_scan

Enable anti-spam scanning. Yes, No,

Default.

--av_scan

Enable anti-virus scanning. Yes, No,

Default.

--dhap

Directory Harvest Attack Prevention. No,

default, or maximum number of invalid
recipients per hour from a remote host.

--tls

Not supported; use menuing system to configure

TLS.

--sig_bits

Number of bits of IP address to treat as significant.

From 0 to 32, No or default.

--dkim_signing

Enable DKIM signing. Yes, No, Default.

--dkim_verification

Enable DKIM verification. Yes, No,

Default.

--dkim_verification_profile
<name>

The name of DKIM verification profile. This

option is only applicable if --dkim_verification
value is set to Yes.

[options]

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-253

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Table 3-15

listenerconfig Argument Values -HAT

--spf

Enable SPF verification. Yes, No, Default.

--spf_conf_level

SPF conformance level. Used with --spf Yes

only. spf_only, sidf_compatible, sidf_strict.

--spf_downgrade_pra

Downgrade SPF PRA verification result. Used

with --spf Yes and --spf_conf_level
sidf_compatible only. Yes, No.

--spf_helo_test

SPF HELO test. Used with --spf Yes and

--spf_conf_level sidf_compatible, or
--spf_conf_level spf_only. Yes, No.

--dmarc_verification

Enable DMARC verification. Yes, No,

Default.

--dmarc_verification_profile
<name>

The name of DMARC verification profile. This

option is only applicable if --dmarc_verification
value is set to Yes.

--dmarc_agg_reports

Enable DMARC aggregate reports. Yes, No,

Default. This option is only applicable if
--dmarc_verification value is set to Yes.

Batch Format - RAT

The following examples demonstrate the use of the batch format of listenerconfig to perform various
RAT-related tasks. For more information about arguments, consult Table 3-16, listenerconfig Argument
Values - RAT, on page 255

Adding a new recipient to the RAT

listenerconfig edit <name> rcptacess new <rat_addr> [options]

Editing a recipient in the RAT

listenerconfig edit <name> rcptacess edit <rat_addr> [options]

Deleting a recipient from the RAT

listenerconfig edit <name> rcptacess delete <rat_addr>

Printing a copy of the RAT

listenerconfig edit <name> rcptacess print

Importing a local RAT to your appliance

listenerconfig edit <name> rcptacess import <filename>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-254

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Exporting a RAT
listenerconfig edit <name> rcptacess export <filename>

Clearing the default access

listenerconfig edit <name> rcptacess clear <default_access>

Table 3-16

listenerconfig Argument Values - RAT

Argument

Description
Enter the hosts to add. Hosts can be formatted as
follows:
CIDR addresses (10.1.1.0/24)
Hostname (crm.example.com)
Partial Hostname (.example.com)
Usernames (postmaster@)
Full email addresses ([email protected],
joe@[1.2.3.4]
Note

Separate multiple hosts with commas

<rat_addr>
--action

Action to apply to address(es). Either Accept or

Reject. Default is Accept.

--cust_resp

Specify a custom SMTP response. No or SMTP

acceptance response string.

--resp_code

Custom SMTP response code. Default is 250 for

Accept actions, 550 for Reject.

--bypass_rc

Bypass receiving control. Default is No.

--bypass_la

Bypass LDAP Accept query. Either Yes or

No.

Example - Adding a listener

In the following example, the listenerconfig command is used to create a new private listener called
OutboundMail that can be used for the B listener needed in the Enterprise Gateway configuration. (Note:
you also had the option to add this private listener during the GUIs System Setup Wizard CLI
systemsetup command.)
A private listener type is chosen and named OutboundMail. It is specified to run on the PrivateNet IP
interface, using the SMTP protocol over port 25. The default values for the Host Access Policy for this
listener are then accepted.
mail3.example.com> listenerconfig
Currently configured listeners:
1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public
Choose the operation you want to perform:
- NEW - Create a new listener.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-255

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

- EDIT - Modify a listener.

- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> new
Please select the type of listener you want to create.
1. Private
2. Public
3. Blackhole
[2]> 1
Please create a name for this listener (Ex: "OutboundMail"):
[]> OutboundMail
Please choose an IP interface for this Listener.
1. Management (192.168.42.42/24: mail3.example.com)
2. PrivateNet (192.168.1.1/24: mail3.example.com)
3. PublicNet (192.168.2.1/24: mail3.example.com)
[1]> 2
Choose a protocol.
1. SMTP
2. QMQP
[1]> 1
Please enter the TCP port for this listener.
[25]> 25

Please specify the systems allowed to relay email through the IronPort C60.
Hostnames such as "example.com" are allowed.
Partial hostnames such as ".example.com" are allowed.
IP addresses, IP address ranges, and partial IP addresses are allowed.
Separate multiple entries with commas.
[]> .example.com
Do you want to enable rate limiting for this listener? (Rate limiting defines the maximum
number of recipients per hour you are willing to receive from a remote domain.)
[N]> n
Default Policy Parameters
==========================
Maximum Message Size: 100M
Maximum Number Of Connections From A Single IP: 600
Maximum Number Of Messages Per Connection: 10,000
Maximum Number Of Recipients Per Message: 100,000
Maximum Number Of Recipients Per Hour: Disabled
Use SenderBase for Flow Control: No
Spam Detection Enabled: No
Virus Detection Enabled: Yes
Allow TLS Connections: No
Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
Would you like to change the default host access policy? [N]> n
Listener OutboundMail created.
Defaults have been set for a Private listener.
Use the listenerconfig->EDIT command to customize the listener.
Currently configured listeners:
1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public
2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-256

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

- DELETE - Remove a listener.

- SETUP - Change global settings.
[]>

Example - Customizing the Host Acess Table (HAT ) for a listener via Export and Import
Many of the subcommands within the listenerconfig command allow you to import and export data in
order to make large configuration changes without having to enter data piecemeal in the CLI.
These steps use the CLI to modify the Host Access Table (HAT) of a listener by exporting, modifying,
and importing a file. You can also use the HAT CLI editor or the GUI to customize the HAT for a listener.
For more information, see the Configuring the Gateway to Receive Mail and Using Mail Flow
Monitor chapters in the User Guide for AsyncOS for Cisco Email Security Appliances.
To customize a HAT for a listener you have defined via export and import:
Step 1

Use the hostaccess -> export subcommands of listenerconfig to export the default HAT to a file.
In the following example, the HAT for the public listener InboundMail is printed, and then exported to
a file named inbound.HAT.txt
mail3.example.com> listenerconfig

Currently configured listeners:

1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public
2. OutboundMail (on PrivateNet, 192.168.1.1) SMTP TCP Port 25 Private
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit
Enter the name or number of the listener you wish to edit.
[]> 1
Name: InboundMail
Type: Public
Interface: PublicNet (192.168.2.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 1000 (TCP Queue: 50)
Domain map: disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
LDAP: off
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-257

Chapter 3
SMTP Services Configuration

- DOMAINMAP - Configure domain mappings.

[]> hostaccess
Default Policy Parameters
=================
Maximum Message Size: 10M
Maximum Number Of Concurrent Connections From A Single IP: 10
Maximum Number Of Messages Per Connection: 10
Maximum Number Of Recipients Per Message: 50
Directory Harvest Attack Prevention: Enabled
Maximum Number Of Invalid Recipients Per Hour: 25
Maximum Number Of Recipients Per Hour: Disabled
Use SenderBase for Flow Control: Yes
Spam Detection Enabled: Yes
Virus Detection Enabled: Yes
Allow TLS Connections: No
Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
DKIM/DomainKeys Signing Enabled: No
DKIM Verification Enabled: No
SPF/SIDF Verification Enabled: No
DMARC Verification Enabled: No
Envelope Sender DNS Verification Enabled: No
Domain Exception Table Enabled: No
Accept untagged bounces: No
There are currently 4 policies defined.
There are currently 5 sender groups.
Choose the operation you want to perform:
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- MOVE - Move an entry.
- DEFAULT - Set the defaults.
- PRINT - Display the table.
- IMPORT - Import a table from a file.
- EXPORT - Export the table to a file.
- CLEAR - Remove all entries.
[]> print
$BLOCKED
REJECT {}
$TRUSTED
ACCEPT {
tls = "off"
dhap_limit = 0
max_rcpts_per_hour = -1
virus_check = "on"
max_msgs_per_session = 5000
spam_check = "off"
use_sb = "off"
max_message_size = 104857600
max_rcpts_per_msg = 5000
max_concurrency = 600
}
$ACCEPTED
ACCEPT {}
$THROTTLED
ACCEPT {
tls = "off"
dhap_limit = 0
max_rcpts_per_hour = 1
virus_check = "on"

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-258

The Commands: Reference Examples

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

max_msgs_per_session = 10
spam_check = "on"
use_sb = "on"
max_message_size = 1048576
max_rcpts_per_msg = 25
max_concurrency = 10
}
WHITELIST:
$TRUSTED (My trusted senders have no anti-spam or rate limiting)
BLACKLIST:
$BLOCKED (Spammers are rejected)
SUSPECTLIST:
$THROTTLED (Suspicious senders are throttled)
UNKNOWNLIST:
$ACCEPTED (Reviewed but undecided, continue normal acceptance)
ALL
$ACCEPTED (Everyone else)
Default Policy Parameters
=========================
Allow TLS Connections: No
Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
Maximum Concurrency Per IP: 1,000
Maximum Message Size: 100M
Maximum Messages Per Connection: 1,000
Maximum Recipients Per Message: 1,000
Maximum Recipients Per Hour: Disabled
Use SenderBase For Flow Control: Yes
Spam Detection Enabled: Yes
Virus Detection Enabled: Yes
There are currently 4 policies defined.
There are currently 5 sender groups.
Choose the operation you want to perform:
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- MOVE - Move an entry.
- DEFAULT - Set the defaults.
- PRINT - Display the table.
- IMPORT - Import a table from a file.
- EXPORT - Export the table to a file.
- CLEAR - Remove all entries.
[]> export
Enter a name for the exported file:
[]> inbound.HAT.txt
File written on machine "mail3.example.com".

Step 2

Outside of the Command Line Interface (CLI), get the file inbound.HAT.txt.

Step 3

With a text editor, create new HAT entries in the file.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-259

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

In this example, the following entries are added to the HAT above the ALL entry:
spamdomain.com
.spamdomain.com
251.192.1.
169.254.10.10

REJECT
REJECT
TCPREFUSE
RELAY

The first two entries reject all connections from the remote hosts in the domain spamdomain.com

and any subdomain of spamdomain.com.

The third line refuses connections from any host with an IP address of 251.192.1.x.
The fourth line allows the remote host with the IP address of 169.254.10.10 to use the Email

Security appliance as an SMTP relay for all of its outbound email to the Internet

Note

The order that rules appear in the HAT is important. The HAT is read from top to bottom for each
host that attempts to connect to the listener. If a rule matches a connecting host, the action is
taken for that connection immediately. You should place all custom entries in the HAT above an
ALL host definition. You can also use the HAT CLI editor or the GUI to customize the HAT for
a listener. For more information, see the Configuring the Gateway to Receive Mail and Using
Mail Flow Monitor chapters in the User Guide for AsyncOS for Cisco Email Security
Appliances.

Step 4

Save the file and place it in the configuration directory for the interface so that it can be imported. (See
Appendix B, Accessing the Appliance, for more information.)

Step 5

Use the hostaccess -> import subcommand of listenerconfig to import the edited Host Access Table
file.
In the following example, the edited file named inbound.HAT.txt is imported into the HAT for the
InboundMail listener. The new entries are printed using the print subcommand.
mail3.example.com> listenerconfig

Currently configured listeners:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-260

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Bounce Profile: Default

Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
LDAP: Off
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> hostaccess
Default Policy Parameters
=========================
Allow TLS Connections: No
Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
Maximum Concurrency Per IP: 1,000
Maximum Message Size: 100M
Maximum Messages Per Connection: 1,000
Maximum Recipients Per Message: 1,000
Maximum Recipients Per Hour: Disabled
Use SenderBase For Flow Control: Yes
Spam Detection Enabled: Yes
Virus Detection Enabled: Yes
There are currently 4 policies defined.
There are currently 5 sender groups.
Choose the operation you want to perform:
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- MOVE - Move an entry.
- DEFAULT - Set the defaults.
- PRINT - Display the table.
- IMPORT - Import a table from a file.
- EXPORT - Export the table to a file.
- CLEAR - Remove all entries.
[]> import
Enter the name of the file to import:
[]> inbound.HAT.txt
9 entries imported successfully.
Default Policy Parameters
=========================
Allow TLS Connections: No
Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
Maximum Concurrency Per IP: 1,000
Maximum Message Size: 100M
Maximum Messages Per Connection: 1,000
Maximum Recipients Per Message: 1,000
Maximum Recipients Per Hour: Disabled
Use SenderBase For Flow Control: Yes
Spam Detection Enabled: Yes
Virus Detection Enabled: Yes

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-261

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

There are currently 4 policies defined.

There are currently 5 sender groups.
Choose the operation you want to perform:
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- MOVE - Move an entry.
- DEFAULT - Set the defaults.
- PRINT - Display the table.
- IMPORT - Import a table from a file.
- EXPORT - Export the table to a file.
- CLEAR - Remove all entries.
[]> print
$ACCEPTED
ACCEPT
$THROTTLED
ACCEPT {
spam_check = "on"
max_msgs_per_session = 10
max_concurrency = 10
max_rcpts_per_msg = 25
max_rcpts_per_hour = 1
dhap_limit = 0
virus_check = "on"
max_message_size = 1048576
use_sb = "on"
tls = "off"
}
$TRUSTED
ACCEPT {
spam_check = "off"
max_msgs_per_session = 5000
max_concurrency = 600
max_rcpts_per_msg = 5000
max_rcpts_per_hour = -1
dhap_limit = 0
virus_check = "on"
max_message_size = 104857600
use_sb = "off"
tls = "off"
}
$BLOCKED
REJECT
WHITELIST:
$TRUSTED (My trusted senders have no anti-spam scanning or rate limiting)
BLACKLIST:
$BLOCKED (Spammers are rejected)
SUSPECTLIST:
$THROTTLED (Suspicious senders are throttled)
UNKNOWNLIST:
$ACCEPTED (Reviewed but undecided, continue normal acceptance)
spamdomain.com
REJECT (reject the domain "spamdomain.com")
.spamdomain.com
REJECT (reject all subdomains of ".spamdomain.com")

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-262

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

251.192.1.
TCPREFUSE (TCPREFUSE the IP addresses in "251.192.1")
169.254.10.10
RELAY (RELAY the address 169.254.10.10)
ALL
$ACCEPTED (Everyone else)

Default Policy Parameters

=========================
Allow TLS Connections: No
Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
Maximum Concurrency Per IP: 1,000
Maximum Message Size: 100M
Maximum Messages Per Connection: 1,000
Maximum Recipients Per Message: 1,000
Maximum Recipients Per Hour: Disabled
Use SenderBase For Flow Control: Yes
Spam Detection Enabled: Yes
Virus Detection Enabled: Yes
There are currently 4 policies defined.
There are currently 5 sender groups.
Choose the operation you want to perform:
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- MOVE - Move an entry.
- DEFAULT - Set the defaults.
- PRINT - Display the table.
- IMPORT - Import a table from a file.
- EXPORT - Export the table to a file.
- CLEAR - Remove all entries.
[]>

Remember to issue the commit command after you import so that the configuration change takes effect.

Example - Enabling Public Key Harvesting and S/MIME Decryption and Verification
The following example shows how to:

Retrieve (harvest) public key from the incoming S/MIME signed messages

Enable S/MIME decryption and verification

mail.example.com> listenerconfig
Currently configured listeners:
1. MyListener (on Management, 172.29.181.70) SMTP TCP Port 25 Public
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-263

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Enter the name or number of the listener you wish to edit.

[]> 1
Name: MyListener
Type: Public
Interface: Management (172.29.181.70/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> hostaccess
Default Policy Parameters
==========================
Maximum Message Size: 10M
Maximum Number Of Concurrent Connections From A Single IP: 10
Maximum Number Of Messages Per Connection: 10
Maximum Number Of Recipients Per Message: 50
Directory Harvest Attack Prevention: Enabled
Maximum Number Of Invalid Recipients Per Hour: 25
Maximum Number Of Recipients Per Hour: Disabled
Maximum Number of Recipients per Envelope Sender: Disabled
Use SenderBase for Flow Control: Yes
Spam Detection Enabled: Yes
Virus Detection Enabled: Yes
Allow TLS Connections: No
Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
DKIM/DomainKeys Signing Enabled: No
DKIM Verification Enabled: No
S/MIME Public Key Harvesting Enabled: No
S/MIME Decryption/Verification Enabled: No
SPF/SIDF Verification Enabled: No
DMARC Verification Enabled: No
Envelope Sender DNS Verification Enabled: No
Domain Exception Table Enabled: No
Accept untagged bounces: No
There are currently 4 policies defined.
There are currently 5 sender groups.
Choose the operation you want to perform:
- NEW - Create a new entry.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-264

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

- EDIT - Modify an entry.

- DELETE - Remove an entry.
- MOVE - Move an entry.
- DEFAULT - Set the defaults.
- PRINT - Display the table.
- IMPORT - Import a table from a file.
- EXPORT - Export the table to a file.
- RESET - Remove senders and set policies to system default.
[]> default
Enter the default maximum message size. Add a trailing k for kilobytes, M for megabytes,
or no letter for b
[10M]>
Enter the maximum number of concurrent connections allowed from a single IP address.
[10]>
Enter the maximum number of messages per connection.
[10]>
Enter the maximum number of recipients per message.
[50]>
Do you want to override the hostname in the SMTP banner?

[N]>

Would you like to specify a custom SMTP acceptance response? [N]>

Would you like to specify a custom SMTP rejection response? [N]>
Do you want to enable rate limiting per host?

[N]>

Do you want to enable rate limiting per envelope sender?

[N]>

Do you want to enable Directory Harvest Attack Prevention per host?

[Y]>

Enter the maximum number of invalid recipients per hour from a remote host.
[25]>
Select an action to apply when a recipient is rejected due to DHAP:
1. Drop
2. Code
[1]>
Would you like to specify a custom SMTP DHAP response? [Y]>
Enter the SMTP code to use in the response. 550 is the standard code.
[550]>
Enter your custom SMTP response.
custom_response

Press Enter on a blank line to finish.

Would you like to use SenderBase for flow control by default?

Would you like to enable anti-spam scanning?

[Y]>

Would you like to enable anti-virus scanning?

[Y]>

Do you want to allow encrypted TLS connections?

1. No
2. Preferred
3. Required
4. Preferred - Verify
5. Required - Verify
[1]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-265

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Would you like to enable DKIM/DomainKeys signing?

Would you like to enable DKIM verification?

[N]>

Would you like to enable S/MIME Public Key Harvesting?

[N]> y

Would you like to harvest certificate on verification failure?

Would you like to harvest updated certificate?

3-266

[N]>

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

- IMPORT - Import a table from a file.

- EXPORT - Export the table to a file.
- RESET - Remove senders and set policies to system default.
[]>

Example - Advanced HAT Parameters

Table 3-17 defines the syntax of advanced HAT parameters. Note that for the values below which are
numbers, you can add a trailing k to denote kilobytes or a trailing M to denote megabytes. Values with no
letters are considered bytes. Parameters marked with an asterisk support the variable syntax shown in
Table 3-17
Table 3-17

Advanced HAT Parameter Syntax

Parameter

Syntax

Values

Example Values

Maximum messages per

connection

max_msgs_per_session

Number

1000

Maximum recipients per

message

max_rcpts_per_msg

Number

10000
1k

Maximum message size

max_message_size

Number

1048576
20M

Maximum concurrent
connections allowed to
this listener

max_concurrency

Number

1000

SMTP Banner Code

smtp_banner_code

Number

220

SMTP Banner Text (*)

smtp_banner_text

String

Accepted

SMTP Reject Banner

Code

smtp_banner_code

Number

550

SMTP Reject Banner Text smtp_banner_text

(*)

String

Rejected

Override SMTP Banner

Hostname

on | off |

default

use_override_hostname

default

override_hostname

String

Use SenderBase

use_sb

on | off

required

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-267

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Table 3-17

Advanced HAT Parameter Syntax

Parameter

Syntax

Values

Example Values

Define SenderBase
Reputation Score

sbrs[value1:value2]

-10.0- 10.0

sbrs[-10:-7.5]

Directory Harvest Attack

Prevention: Maximum
Invalid Recipients Per
Hour

dhap_limit

Number

150

Example - Configuring SPF and SIDF

When configuring the default settings for a listeners Host Access Table, you can choose the listeners
SPF/SIDF conformance level and the SMTP actions (ACCEPT or REJECT) that the appliance performs,
based on the SPF/SIDF verification results. You can also define the SMTP response that the appliance
sends when it rejects a message.
Depending on the conformance level, the appliance performs a check against the HELO identity, MAIL
FROM identity, or PRA identity. You can specify whether the appliance proceeds with the session
(ACCEPT) or terminates the session (REJECT) for each of the following SPF/SIDF verification results
for each identity check:

None. No verification can be performed due to the lack of information.

Neutral. The domain owner does not assert whether the client is authorized to use the given identity.

SoftFail. The domain owner believes the host is not authorized to use the given identity but is not
willing to make a definitive statement.

Fail. The client is not authorized to send mail with the given identity.

TempError. A transient error occurred during verification.

PermError. A permanent error occurred during verification.

The appliance accepts the message for a Pass result unless you configure the SIDF Compatible
conformance level to downgrade a Pass result of the PRA identity to None if there are Resent-Sender:
or Resent-From: headers present in the message. The appliance then takes the SMTP action specified for
when the PRA check returns None.
If you choose not to define the SMTP actions for an identity check, the appliance automatically accepts
all verification results, including Fail.
The appliance terminates the session if the identity verification result matches a REJECT action for any
of the enabled identity checks. For example, an administrator configures a listener to accept messages
based on all HELO identity check results, including Fail, but also configures it to reject messages for a
Fail result from the MAIL FROM identity check. If a message fails the HELO identity check, the session
proceeds because the appliance accepts that result. If the message then fails the MAIL FROM identity
check, the listener terminates the session and then returns the STMP response for the REJECT action.
The SMTP response is a code number and message that the appliance returns when it rejects a message
based on the SPF/SIDF verification result. The TempError result returns a different SMTP response from
the other verification results. For TempError, the default response code is 451 and the default message
text is #4.4.3 Temporary error occurred during SPF verification. For all other verification results,
the default response code is 550 and the default message text is #5.7.1 SPF unauthorized mail is
prohibited. You can specify your own response code and message text for TempError and the other
verification results.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-268

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Optionally, you can configure the appliance to return a third-party response from the SPF publisher
domain if the REJECT action is taken for Neutral, SoftFail, or Fail verification result. By default, the
appliance returns the following response:
550-#5.7.1 SPF unauthorized mail is prohibited.
550-The domain example.com explains:
550 <Response text from SPF domain publisher>

To enable these SPF/SIDF settings, use the listenerconfig -> edit subcommand and select a listener.
Then use the hostaccess -> default subcommand to edit the Host Access Tables default settings.
Answer yes to the following prompts to configure the SPF controls:
Would you like to change SPF/SIDF settings?

[N]> yes

Would you like to perform SPF/SIDF Verification?

[Y]> yes

The following SPF control settings are available for the Host Access Table:
Table 3-18

SPF Control Settings

Conformance Level
SPF Only

Available SPF Control Settings

whether to perform HELO identity check

SMTP actions taken based on the results of

the following identity checks:

HELO identity (if enabled)

MAIL FROM Identity

SMTP response code and text returned for the

REJECT action

verification time out (in seconds)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-269

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Table 3-18

SPF Control Settings

Conformance Level
SIDF Compatible

SIDF Strict

Available SPF Control Settings

whether to perform a HELO identity check

whether the verification downgrades a Pass

result of the PRA identity to None if the
Resent-Sender: or Resent-From: headers are
present in the message

SMTP actions taken based on the results of

the following identity checks:

HELO identity (if enabled)

MAIL FROM Identity

PRA Identity

SMTP response code and text returned for the

REJECT action

verification timeout (in seconds)

SMTP actions taken based on the results of

the following identity checks:

MAIL FROM Identity

PRA Identity

SMTP response code and text returned in case

of SPF REJECT action

verification timeout (in seconds)

The following example shows a user configuring the SPF/SIDF verification using the SPF Only
conformance level. The appliance performs the HELO identity check and accepts the None and Neutral
verification results and rejects the others. The CLI prompts for the SMTP actions are the same for all
identity types. The user does not define the SMTP actions for the MAIL FROM identity. The appliance
automatically accepts all verification results for the identity. The appliance uses the default reject code
and text for all REJECT results.

Example: SPF/SIDF Settings

Would you like to change SPF/SIDF settings?

[N]> yes

Would you like to perform SPF/SIDF Verification?

[N]> yes

What Conformance Level would you like to use?

1. SPF only
2. SIDF compatible
3. SIDF strict
[2]> 1
Would you like to have the HELO check performed? [Y]> y
Would you like to change SMTP actions taken as result of the SPF verification? [N]> y
Would you like to change SMTP actions taken for the HELO identity? [N]> y

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-270

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

What SMTP action should be taken if HELO check returns None?

1. Accept
2. Reject
[1]> 1
What SMTP action should be taken if HELO check returns Neutral?
1. Accept
2. Reject
[1]> 1
What SMTP action should be taken if HELO check returns SoftFail?
1. Accept
2. Reject
[1]> 2
What SMTP action should be taken if HELO check returns Fail?
1. Accept
2. Reject
[1]> 2
What SMTP action should be taken if HELO check returns TempError?
1. Accept
2. Reject
[1]> 2
What SMTP action should be taken if HELO check returns PermError?
1. Accept
2. Reject
[1]> 2
Would you like to change SMTP actions taken for the MAIL FROM identity? [N]> n
Would you like to change SMTP response settings for the REJECT action? [N]> n
Verification timeout (seconds)
[40]>

The following shows how the SPF/SIDF settings are displayed for the listeners Default Policy
Parameters.

Example: SPF/SIDF in Default Policy Parameters

SPF/SIDF Verification Enabled: Yes
Conformance Level: SPF only
Do HELO test: Yes
SMTP actions:
For HELO Identity:
None, Neutral: Accept
SoftFail, Fail, TempError, PermError: Reject
For MAIL FROM Identity: Accept
SMTP Response Settings:
Reject code: 550
Reject text: #5.7.1 SPF unauthorized mail is prohibited.
Get reject response text from publisher: Yes
Defer code: 451
Defer text: #4.4.3 Temporary error occurred during SPF verification.
Verification timeout: 40

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-271

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Example - Enable DMARC Verification

The following example shows how to enable DMARC verification.
mail.example.com> listenerconfig

Currently configured listeners:

1. Listener 1 (on Management, 172.29.181.70) SMTP TCP Port 25 Public
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit
Enter the name or number of the listener you wish to edit.
[]> 1
Name: Listener 1
Type: Public
Interface: Management (172.29.181.70/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 300 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off

Choose the operation you want to perform:

- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> hostaccess
Default Policy Parameters
==========================
Maximum Message Size: 20M
Maximum Number Of Concurrent Connections From A Single IP: 10
Maximum Number Of Messages Per Connection: 10
Maximum Number Of Recipients Per Message: 50
Directory Harvest Attack Prevention: Enabled
Maximum Number Of Invalid Recipients Per Hour: 25
Maximum Number Of Recipients Per Hour: Disabled
Maximum Number of Recipients per Envelope Sender: Disabled
Use SenderBase for Flow Control: Yes
Spam Detection Enabled: Yes
Virus Detection Enabled: Yes

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-272

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Allow TLS Connections: No

Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
DKIM/DomainKeys Signing Enabled: No
DKIM Verification Enabled: No
SPF/SIDF Verification Enabled: No
DMARC Verification Enabled: No
Envelope Sender DNS Verification Enabled: No
Domain Exception Table Enabled: No
Accept untagged bounces: No
There are currently 4 policies defined.
There are currently 5 sender groups.
Choose the operation you want to
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- MOVE - Move an entry.
- DEFAULT - Set the defaults.
- PRINT - Display the table.
- IMPORT - Import a table from a
- EXPORT - Export the table to a
- RESET - Remove senders and set
[]> default

perform:

file.
file.
policies to system default.

Enter the default maximum message size. Add a trailing k for kilobytes, M for megabytes,
or no letter for bytes.
[20M]>
Enter the maximum number of concurrent connections allowed from a single IP address.
[10]>
Enter the maximum number of messages per connection.
[10]>
Enter the maximum number of recipients per message.
[50]>
Do you want to override the hostname in the SMTP banner?

[N]>

Would you like to specify a custom SMTP acceptance response? [N]>

Would you like to specify a custom SMTP rejection response? [N]>
Do you want to enable rate limiting per host?

[N]>

Do you want to enable rate limiting per envelope sender?

[N]>

Do you want to enable Directory Harvest Attack Prevention per host?

[Y]>

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-273

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

Select the DMARC verification profile to use:

1. DEFAULT
[1]> 1
Would you like to send aggregate reports? [N]> Y
Note: DMARC reports should be DMARC compliant.
Secure delivery is recommended for delivery of DMARC reports.
Please enable TLS support using the `destconfig` command.
Would you like to enable envelope sender verification? [N]> Y
Would you like to specify a custom SMTP response for malformed envelope senders? [Y]>
Enter the SMTP code to use in the response. 553 is the standard code.
[553]>
Enter your custom SMTP response.

Press Enter on a blank line to finish.

Would you like to specify a custom SMTP response for envelope sender domains which do not
resolve? [Y]>
Enter the SMTP code to use in the response. 451 is the standard code.
[451]>
Enter your custom SMTP response.

Press Enter on a blank line to finish.

Would you like to specify a custom SMTP response for envelope sender domains which do not
exist? [Y]>
Enter the SMTP code to use in the response. 553 is the standard code.
[553]>
Enter your custom SMTP response.

Press Enter on a blank line to finish.

Would you like to enable use of the domain exception table?

Do you wish to accept untagged bounces?

[N]>

Default Policy Parameters

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-274

[N]>

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

==========================
Maximum Message Size: 20M
Maximum Number Of Concurrent Connections From A Single IP: 10
Maximum Number Of Messages Per Connection: 10
Maximum Number Of Recipients Per Message: 50
Directory Harvest Attack Prevention: Enabled
Maximum Number Of Invalid Recipients Per Hour: 25
Maximum Number Of Recipients Per Hour: Disabled
Maximum Number of Recipients per Envelope Sender: Disabled
Use SenderBase for Flow Control: Yes
Spam Detection Enabled: Yes
Virus Detection Enabled: Yes
Allow TLS Connections: No
Allow SMTP Authentication: No
Require TLS To Offer SMTP authentication: No
DKIM/DomainKeys Signing Enabled: No
DKIM Verification Enabled: No
SPF/SIDF Verification Enabled: No
DMARC Verification Enabled: Yes
DMARC Verification Profile: DEFAULT
Aggregate reports: Yes
Envelope Sender DNS Verification Enabled: Yes
Domain Exception Table Enabled: No
Accept untagged bounces: No
There are currently 4 policies defined.
There are currently 5 sender groups.
Choose the operation you want to
- NEW - Create a new entry.
- EDIT - Modify an entry.
- DELETE - Remove an entry.
- MOVE - Move an entry.
- DEFAULT - Set the defaults.
- PRINT - Display the table.
- IMPORT - Import a table from a
- EXPORT - Export the table to a
- RESET - Remove senders and set
[]>

perform:

file.
file.
policies to system default.

Name: Listener 1
Type: Public
Interface: Management (172.29.181.70/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 300 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off

Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-275

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

- RCPTACCESS - Modify the Recipient Access Table.

- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]>

Currently configured listeners:

localeconfig
Description
Configure multi-lingual settings

Example
mail3.example.com> localeconfig
Behavior when modifying headers: Use encoding of message body
Behavior for untagged non-ASCII headers: Impose encoding of message body
Behavior for mismatched encodings bodies and footers: Use encoding of message footer
Choose the operation you want to perform:
- SETUP - Configure multi-lingual settings.
[]> setup
If a header is modified, encode the new header in the same encoding as the message body?
(Some MUAs incorrectly handle headers encoded in a different encoding than the body.
However, encoding a modified header in the same encoding as the message body may cause
certain characters in the modified header to be lost.) [Y]>
If a non-ASCII header is not properly tagged with a character set, impose the encoding of
the body on the header during processing and final representation of the message? (Many
MUAs create non-RFC-compliant headers that are then handled in an undefined way. Imposing
the encoding of the body on the header may encode the header more precisely.) [Y]>
When there is an encoding mismatch between the message body and a footer, the system
initially attempts to encode the entire message in the same encoding as the message body.
If the system cannot combine the message body and the footer in the same encoding, do you

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-276

Chapter 3

The Commands: Reference Examples

SMTP Services Configuration

want the system to failover and attempt to encode the entire message using the encoding of
the message footer? (When this feature is enabled, the system will attempt to display the
footer "in-line" rather than defaulting to adding it as an attachment.) [N]> y
Behavior when modifying headers: Use encoding of message body
Behavior for untagged non-ASCII headers: Impose encoding of message body
Behavior for mismatched encodings bodies and footers: Use encoding of message body
Choose the operation you want to perform:
- SETUP - Configure multi-lingual settings.
[]>mail3.example.com>

smtpauthconfig
Description
Configure SMTP Auth outgoing and forwarding profiles.

Example
In the following example, the smtpauthconfig command is used to create a new, forwarding-based
profile for the server smtp2.example.com:
mail3.example.com> smtpauthconfig
Choose the operation you want to perform:
- NEW - Create a new SMTP Auth profile
[]> new
Choose the type of profile you wish to create:
- FORWARD - Create an SMTP Auth forwarding server group profile
- OUTGOING - Create an outgoing SMTP Auth profile
[]> forward
Enter a name for this profile:
[]> forwarding-based
Please begin entering forwarding servers for this group profile.
Enter a hostname or an IP address for the forwarding server:
[]> smtp2.example.com
Enter a port:
[25]>
Choose the interface to use for forwarding requests:
1. Auto
2. Data 1 (192.168.1.1/24: mail3.example.com)

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-277

Chapter 3

The Commands: Reference Examples

System Setup

3. Data 2 (192.168.2.1/24: mail3.example.com)

4. Management (192.168.42.42/24: mail3.example.com)
[1]>
Require TLS? (issue STARTTLS) [Y]> y
Enter the maximum number of simultaneous connections allowed:
[10]>
Use SASL PLAIN mechanism when contacting forwarding server? [Y]>
Use SASL LOGIN mechanism when contacting forwarding server? [Y]>
Would you like to enter another forwarding server to this group? [N]>
Choose the operation you want to perform:
- NEW - Create a new SMTP Auth profile
- EDIT - Edit an existing SMTP Auth profile
- PRINT - List all profiles
- DELETE - Delete a profile
- CLEAR - Delete all profiles
[]>
mail3.example.com> commit
Please enter some comments describing your changes:
[]> created SMTP auth profile
Do you want to save the current configuration for rollback? [Y]> n
Changes committed: Fri May 23 11:42:12 2014 GMT

Note

An authenticated user is granted a RELAY HAT policy.

Note

You may specify more than one forwarding server in a profile. SASL mechanisms CRAM-MD5 and
DIGEST-MD5 are not supported between the Email Security appliance and a forwarding server.

System Setup
systemsetup
Description
First time system setup as well as re-installation of the system.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-278

Chapter 3

The Commands: Reference Examples

System Setup

Example
mail3.example.com> systemsetup

WARNING: The system setup wizard will completely delete any existing
'listeners' and all associated settings including the 'Host Access Table' mail operations may be interrupted.
Are you sure you wish to continue? [Y]> y

Before you begin, please reset the administrator password to a new value.
Old password:
New password:
Retype new password:
*****
You will now configure the network settings for the IronPort C100.
Please create a fully qualified hostname for the IronPort C100 appliance
(Ex: "ironport-C100.example.com"):
[]> ironport-C100.example.com

*****
You will now assign an IP address for the "Data 1" interface.
Please create a nickname for the "Data 1" interface (Ex: "Data 1"):
[]> Data 1
Enter the static IP address for "Data 1" on the "Data 1" interface? (Ex:
"192.168.1.1"):
[]> 192.168.1.1
What is the netmask for this IP address? (Ex: "255.255.255.0" or "0xffffff00"):
[255.255.255.0]>
You have successfully configured IP Interface "Data 1".
*****
Would you like to assign a second IP address for the "Data 1" interface? [Y]> n
What is the IP address of the default router (gateway) on your network?:
[192.168.1.1]> 192.168.2.1

*****
You will now configure scheduled reporting.
Please enter the email address(es) to deliver scheduled reports to.
(Leave blank to only archive reports on-box.)
Separate multiple addresses with commas.
[]> [email protected]

*****
You will now configure system time settings.
Please choose your continent:
1. Africa
2. America
...
11. GMT Offset
[11]> 2

Please choose your country:

1. Anguilla
...
47. United States
48. Uruguay
49. Venezuela
50. Virgin Islands (British)
51. Virgin Islands (U.S.)
[]> 47
Please choose your timezone:
1. Alaska Time (Anchorage)
...
26. Pacific Time (Los_Angeles)
[]> 26
Do you wish to use NTP to set system time? [Y]> y
Please enter the fully qualified hostname or IP address of your NTP server, or
press Enter to use time.ironport.com:
[time.ironport.com]>

*****
Would you like to commit these changes at this time? [Y]> y

Congratulations! System setup is complete.

For advanced configuration, please refer to the User Guide.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-282

Chapter 3

The Commands: Reference Examples

URL Filtering

URL Filtering
This section contains the following CLI commands:

aggregatorconfig

urllistconfig

webcacheflush

websecurityadvancedconfig

websecurityconfig

websecuritydiagnostics

aggregatorconfig
Description
Configure address for Cisco Aggregator Server on the Email Security appliance. This server provides
details of the end users who clicked on rewritten URLs and the action (allowed, blocked or unknown)
associated with each user click.

Example
mail.example.com> aggregatorconfig

Choose the operation you want to perform:

- EDIT - Edit aggregator configuration
[]> edit
Edit aggregator address:
[aggregator.organization.com]> org-aggregator.com
Successfully changed aggregator address to : org-aggregator.com

urllistconfig
Description
Configure or import whitelists of URLs that will not be evaluated by URL filtering features. These lists
are not used by the Outbreak Filters feature.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-283

Chapter 3

The Commands: Reference Examples

URL Filtering

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format.

Example
> urllistconfig
No URL lists configured.
Choose the operation you want to perform:
NEW - Create a new URL list[]> new
Do you want to import a URL list?
[N]>
Enter a name for the URL list
[]> sample
Enter the URL domains that need to be skipped from scanning for URL Filtering.
Enter one URL domain per line and '.' to finish.
cisco.com
ironport.com/*
*.example.com
10.2.4.5/24
[2001:DB8::1]
URL list sample added.
There are currently 4 URL lists configured.
Choose the operation you want to perform:
- NEW - Create a new URL whitelist.
- EDIT - Modify an existing URL whitelist.
- DELETE - Delete an existing URL whitelist.
[]>EDIT
Choose the operation to edit the URL whitelist:
IMPORT Import a file into an existing URL whitelist
EXPORT Export an existing URL whitelist into a file
RENAME Rename an existing URL whitelist
[]>IMPORT
Assign new name to the imported list? (By default, name stored in the
file will be applied to the list)
[N] > Y
Enter name of the list > new_list
Enter filename to import from > URLfile
NOTE: These files will be stored in /pub/configuration
URL list new_list added.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-284

Chapter 3

The Commands: Reference Examples

URL Filtering

webcacheflush
Description
Flush the cache used by URL filtering features. Use this command if you change the certificate that is
used for communication with Cisco Web Security Services. Generally, you will use this command only
at the direction of Cisco support.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
> webcacheflush
Web Security cache has been flushed.

websecurityadvancedconfig
Description
Configure advanced settings for URL filtering.

Note

Except to change timeout values for troubleshooting purposes, use this command only under the
direction of Cisco support.
The timeout value is the value, in seconds, for communication with the cloud services that provide
reputation and category for URLs.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command supports a batch format.

Batch Format
For the batch format, see the CLI inline help.

Example
> websecurityadvancedconfig

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-285

Chapter 3

The Commands: Reference Examples

URL Filtering

Enter URL lookup timeout (includes any DNS lookup time) in seconds:
[15]>
Enter the URL cache size (no. of URLs):
[1215000]>
Do you want to disable DNS lookups? [N]>
Enter the maximum number of URLs that should be scanned:
[100]>
Enter the Web security service hostname:
[example.com]>
Enter the threshold value for outstanding requests:
[20]>
Do you want to verify server certificate? [Y]>
Enter the default time-to-live value (seconds):
[30]>
Do you want to include additional headers? [N]>
Enter the default debug log level for RPC server:
[Info]>
Enter the default debug log level for SDS cache:
[Info]>
Enter the default debug log level for HTTP client:
[Info]>

websecurityconfig
Description
Configure basic settings for URL filtering (URL reputation and URL category features.)
Normally, certificate management is automatic. Unless directed to do otherwise by Cisco TAC, you
should select No at the prompt to set a certificate.

Usage
Commit: This command requires a commit.
Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
Batch Command: This command supports a batch format. See the inline CLI help for more details. Use
the help command to access the inline help for this command.

Example
mail.example.com> websecurityconfig
Enable URL Filtering? [N]> y

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-286

Chapter 3

The Commands: Reference Examples

URL Filtering

Do you wish to enable Web Interaction Tracking? [N]> y

Web Interaction Tracking is enabled.
Do you want to whitelist URLs using a URL list? [N]> y
1. urllist1
2. urllist2
3. No URL list
Enter the number of URL list
[1]> 1
URL list 'urllist1' added
mail.example.com> websecurityconfig
URL Filtering is enabled.
URL list 'urllist1' used.
System provided certificate used.
Web Interaction Tracking is enabled.

websecuritydiagnostics
Description
View diagnostic statistics related to URL filtering.

Usage
Commit: This command does not require a commit.
Cluster Management: This command is restricted to machine mode.
Batch Command: This command does not support a batch format.

Example
mail.example.com> websecuritydiagnostics
Cache Size: 254
Cache Hits: 551
Response Time
Minimum: None
Average: 0.0
Maximum: None
DNS Lookup Time
Minimum: 9.4198775
Average: 10.1786801765
Maximum: 10.544356

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-287

Chapter 3

The Commands: Reference Examples

User Management

User Management
This section contains the following CLI commands:

userconfig

password or passwd

last

who

whoami

userconfig
Description
Manage user accounts and connections to external authentication sources.

Usage
Commit: This command requires a commit.
Cluster Management: This command is restricted to cluster mode.
Batch Command: This command supports a batch format. See the inline CLI help for more details. Use
the help command to access the inline help for this command, for example,
mail.example.com> userconfig help

Example - Creating a New User Account

The following example shows how to create a new user account with a Help Desk User role.
mail.example.com> userconfig
Users:
1. admin - "Administrator" (admin)
External authentication: Disabled
Choose the operation you want to perform:
- NEW - Create a new account.
- EDIT - Modify an account.
- DELETE - Remove an account.
- POLICY - Change password and account policy settings.
- PASSWORD - Change the password for a user.
- ROLE - Create/modify user roles.
- STATUS - Change the account status.
- EXTERNAL - Configure external authentication.
- DLPTRACKING - Configure DLP tracking privileges.
[]> new
Enter the new username.
[]> helpdesk
Enter the full name for helpdesk.
[]> HELP DESK

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-288

Chapter 3

The Commands: Reference Examples

User Management

Assign a role to "helpdesk":

1. Administrators - Administrators have full access to all settings of the system.
2. Operators - Operators are restricted from creating new user accounts.
3. Read-Only Operators - Read-Only operators may only view settings and status
information.
4. Guests - Guest users may only view status information.
5. Technicians - Technician can only manage upgrades and feature keys.
6. Help Desk Users - Help Desk users have access only to ISQ and Message Tracking.
[1]> 6
Would you like to get a system generated password? [N]>
Enter the password for helpdesk
[]>
Please enter the new password again:
Users:
1. admin - "Administrator" (admin)
2. helpdesk - "HELP DESK" (helpdesk)
External authentication: Disabled
Choose the operation you want to perform:
- NEW - Create a new account.
- EDIT - Modify an account.
- DELETE - Remove an account.
- POLICY - Change password and account policy settings.
- PASSWORD - Change the password for a user.
- ROLE - Create/modify user roles.
- STATUS - Change the account status.
- EXTERNAL - Configure external authentication.
- DLPTRACKING - Configure DLP tracking privileges.
[]>

Example - Setting Up a RADIUS Server for External Authentication

The following example shows how to set up a RADIUS server for external authentication. To set up a
RADIUS server, enter the hostname, port, shared password, and whether to use CHAP or PAP for the
authentication protocol.
mail.example.com> userconfig
Users:
1. admin - "Administrator" (admin)
2. hdesk_user - "Helpdesk User" (helpdesk)
External authentication: Disabled
Choose the operation you want to perform:
- NEW - Create a new account.
- EDIT - Modify an account.
- DELETE - Remove an account.
- POLICY - Change password and account policy settings.
- PASSWORD - Change the password for a user.
- ROLE - Create/modify user roles.
- STATUS - Change the account status.
- EXTERNAL - Configure external authentication.
- DLPTRACKING - Configure DLP tracking privileges.
[]> external
Choose the operation you want to perform:

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-289

Chapter 3

The Commands: Reference Examples

Idle Time
=========
0s

Remote Host
===========
10.1.3.201

What
====
cli

whoami
Description
The whoami command displays the username and full name of the user currently logged in, and which
groups the user belongs to.

Example
mail3.example.com> whoami
Username: admin

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-292

Chapter 3

The Commands: Reference Examples

Virtual Appliance Management

Full Name: Administrator

Groups: admin, operators, config, log, guest

Virtual Appliance Management

loadlicense

showlicense

loadlicense
Description
Loads an XML license for a virtual appliance. You can load from a file or copy and paste. For complete
information, see the Cisco Content Security Virtual Appliance Installation Guide available from
http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-li
st.html.
This command is available to users with Admin or Operator privileges.

Example
mail.example.com> loadlicense
1 Paste via CLI
2 Load from file
How would you like to load a license file?
[1]> 2
Enter the name of the file in /configurations to import:
[]> <filename>
TERMS AND CONDITIONS OF USE
<Terms and conditions>
Do you accept the above license agreement?
[]> y
The license agreement was accepted.
The following feature key have been added:
<feature keys>

Errors and hardware misconfigurations may also be shown.

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-293

Chapter 3

The Commands: Reference Examples

Virtual Appliance Management

showlicense
Description
Displays information about the current virtual appliance license. Additional details are available using
the featurekey command.
This command is available to users with Admin or Operator privileges.

Batch Format
The syntax of this command is: showlicense

Example
mail.example.com> showlicense
company: Example Inc.
org: Widget Division
unit: Portland Data Center
seats: 1000
city: Portland
state: Oregon
country: US
email: [email protected]
begin_date: Tue Dec 6 17:45:19 2011
end_date: Mon Sep 1 17:45:19 2014
vln: ABC-123423123
serial: 1003385

CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances

3-294

Linux Security Fundamentals
From Everand
Linux Security Fundamentals
David Clinton
No ratings yet
Cisco Next-Generation Security Solutions All-In-One Cisco ASA Firepower Services, NGIPS, and AMP
86% (7)
Cisco Next-Generation Security Solutions All-In-One Cisco ASA Firepower Services, NGIPS, and AMP
547 pages
Glitch2 User Guide
100% (1)
Glitch2 User Guide
32 pages
ADMS Presentation
No ratings yet
ADMS Presentation
28 pages
ESA 9-7 CLI Reference Guide
No ratings yet
ESA 9-7 CLI Reference Guide
325 pages
B CLI Reference Guide 13 0
No ratings yet
B CLI Reference Guide 13 0
366 pages
ESA 8-0 User Guide
No ratings yet
ESA 8-0 User Guide
1,124 pages
B Esa API Guide 13-5-1
No ratings yet
B Esa API Guide 13-5-1
104 pages
Asa 918 General Config
No ratings yet
Asa 918 General Config
1,470 pages
ESA Admin Guide 13-5 (LD)
No ratings yet
ESA Admin Guide 13-5 (LD)
1,352 pages
WSA 9-2-0 UserGuide PDF
No ratings yet
WSA 9-2-0 UserGuide PDF
286 pages
WSA 9-1 User Guide
No ratings yet
WSA 9-1 User Guide
496 pages
Cisco ESA Admin Guide 14-0
No ratings yet
Cisco ESA Admin Guide 14-0
1,416 pages
Asa General
No ratings yet
Asa General
932 pages
Cisco ASA Series Firewall 9.4 Configuration PDF
No ratings yet
Cisco ASA Series Firewall 9.4 Configuration PDF
428 pages
B ESA Admin Guide 11 1
No ratings yet
B ESA Admin Guide 11 1
1,176 pages
Asa 916 General Config
No ratings yet
Asa 916 General Config
1,416 pages
ESA 7.6 Configuration Guide
No ratings yet
ESA 7.6 Configuration Guide
460 pages
Asa 99 Firewall Config PDF
No ratings yet
Asa 99 Firewall Config PDF
500 pages
Asa 917 General Config
No ratings yet
Asa 917 General Config
1,478 pages
Asa 918 General Config
No ratings yet
Asa 918 General Config
1,474 pages
Asa 98 General Config
No ratings yet
Asa 98 General Config
1,356 pages
Cisco ESA Ironport
No ratings yet
Cisco ESA Ironport
1,219 pages
Asa 916 General Config
No ratings yet
Asa 916 General Config
1,396 pages
Asa 96 General Config PDF
No ratings yet
Asa 96 General Config PDF
1,260 pages
Asa 96 Firewall Config
No ratings yet
Asa 96 Firewall Config
454 pages
Asa Firewall Cli
100% (1)
Asa Firewall Cli
422 pages
Asa 914 General Config
No ratings yet
Asa 914 General Config
1,392 pages
ESA 7-5 Daily Management Guide PDF
No ratings yet
ESA 7-5 Daily Management Guide PDF
456 pages
ESA 7.1.1 Configuration Guide
No ratings yet
ESA 7.1.1 Configuration Guide
630 pages
B CLI Config Guide 1 3 1
No ratings yet
B CLI Config Guide 1 3 1
462 pages
Asa General Config
No ratings yet
Asa General Config
1,148 pages
Asa 914 General Config PDF
No ratings yet
Asa 914 General Config PDF
1,396 pages
Command Line Interface Reference Guide For Cisco Unified Communications Solutions Release 7.1
No ratings yet
Command Line Interface Reference Guide For Cisco Unified Communications Solutions Release 7.1
118 pages
Asa 91 VPN Config
No ratings yet
Asa 91 VPN Config
472 pages
Asa 96 VPN Config
No ratings yet
Asa 96 VPN Config
424 pages
swa-userguide-15-2
No ratings yet
swa-userguide-15-2
644 pages
Dia 12 4t Book
No ratings yet
Dia 12 4t Book
1,372 pages
Cisco Next-Generation Security Solutions All-In-One Cisco ASA Firepower Services, NGIPS, and AMP
100% (1)
Cisco Next-Generation Security Solutions All-In-One Cisco ASA Firepower Services, NGIPS, and AMP
547 pages
CF CR
No ratings yet
CF CR
1,244 pages
Cisco Commands
No ratings yet
Cisco Commands
1,244 pages
B CLI Reference Guide
No ratings yet
B CLI Reference Guide
320 pages
Cisco 860-890 ISR Config Guide
No ratings yet
Cisco 860-890 ISR Config Guide
332 pages
Asa 94 General Config
No ratings yet
Asa 94 General Config
1,034 pages
Scribd 3
No ratings yet
Scribd 3
1,380 pages
Cisco WSA
No ratings yet
Cisco WSA
442 pages
Release Notes For Asyncos 13.0.1 For Cisco Email Security Appliances
No ratings yet
Release Notes For Asyncos 13.0.1 For Cisco Email Security Appliances
28 pages
Release Notes For Asyncos 13.5.1 For Cisco Email Security Appliances
No ratings yet
Release Notes For Asyncos 13.5.1 For Cisco Email Security Appliances
17 pages
Cisco IronPort Async OS 7.2.0 For The Security Management Appliance User Guide
No ratings yet
Cisco IronPort Async OS 7.2.0 For The Security Management Appliance User Guide
590 pages
SMA 9-5-2 User Guide
No ratings yet
SMA 9-5-2 User Guide
432 pages
Asa General Cli
No ratings yet
Asa General Cli
996 pages
Cisco Unified Communications Operating System Administration Guide
No ratings yet
Cisco Unified Communications Operating System Administration Guide
94 pages
Cisco ASA Series General Operations CLI Configuration Guide, 9.2 PDF
No ratings yet
Cisco ASA Series General Operations CLI Configuration Guide, 9.2 PDF
1,164 pages
B Ise Cli Reference Guide 31
No ratings yet
B Ise Cli Reference Guide 31
264 pages
Deploying Certificates Cisco Meeting Server: Design your certificates for CMS services and integrate with Cisco UCM Expressway and TMS
From Everand
Deploying Certificates Cisco Meeting Server: Design your certificates for CMS services and integrate with Cisco UCM Expressway and TMS
Redouane MEDDANE
No ratings yet
Securing Communication of Legacy Applications with IPSec: Step-by-Step Guide to Protecting “Data in Transit” without Changes in Your Existing Software
From Everand
Securing Communication of Legacy Applications with IPSec: Step-by-Step Guide to Protecting “Data in Transit” without Changes in Your Existing Software
Slava Gomzin
No ratings yet
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
From Everand
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
Slava Gomzin
No ratings yet
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
Docker, Containers And All The Rest: First Edition, #1
From Everand
Docker, Containers And All The Rest: First Edition, #1
Ami Adi
No ratings yet
Cloud Infrastructure and Data Center
From Everand
Cloud Infrastructure and Data Center
Duong Tran
No ratings yet
Ultimate Cisco Collaboration Infrastructure for Enterprise Solutions: Unlock the True Potential of Cisco Collaboration Infrastructure for Deploying and Managing Solutions for Enterprises (English Edition)
From Everand
Ultimate Cisco Collaboration Infrastructure for Enterprise Solutions: Unlock the True Potential of Cisco Collaboration Infrastructure for Deploying and Managing Solutions for Enterprises (English Edition)
Lalit Pamnani
No ratings yet
FCSS—Enterprise Firewall 7.4 Administrator Exam Preparation
From Everand
FCSS—Enterprise Firewall 7.4 Administrator Exam Preparation
Georgio Daccache
No ratings yet
Pengantar Basis Data
No ratings yet
Pengantar Basis Data
21 pages
Eric Raymond Cathedral Bazaar PDF
No ratings yet
Eric Raymond Cathedral Bazaar PDF
2 pages
Strace ITCAM TT
No ratings yet
Strace ITCAM TT
6 pages
Useful Oracle Queries For SAP Basis Adminsitrators
100% (1)
Useful Oracle Queries For SAP Basis Adminsitrators
15 pages
Cheatsheet
No ratings yet
Cheatsheet
9 pages
Morris Attack
No ratings yet
Morris Attack
48 pages
Mini DV U9 Instruction Manual
0% (1)
Mini DV U9 Instruction Manual
3 pages
PIMS - Log - iOS - MyPeugeot - 30-07-2024 09-40-19
No ratings yet
PIMS - Log - iOS - MyPeugeot - 30-07-2024 09-40-19
70 pages
Shop Manual IM Trouble Shoot Section - Prelimary PDF
No ratings yet
Shop Manual IM Trouble Shoot Section - Prelimary PDF
226 pages
Itas-User-Manual-46871eac18 Copy 2
No ratings yet
Itas-User-Manual-46871eac18 Copy 2
8 pages
(How To) Using Python Based Move Preprocessors
No ratings yet
(How To) Using Python Based Move Preprocessors
8 pages
H 5 Ai
No ratings yet
H 5 Ai
3 pages
Launching A Panel/driver: Applications) Will Be Loaded
No ratings yet
Launching A Panel/driver: Applications) Will Be Loaded
2 pages
Xorcom Rapid Recovery Live Rescue User Guide
No ratings yet
Xorcom Rapid Recovery Live Rescue User Guide
4 pages
Minor Project
No ratings yet
Minor Project
15 pages
SAP NWBC Quick Start Guide
No ratings yet
SAP NWBC Quick Start Guide
10 pages
Webservices Building Blocks: N.Rajganesh
No ratings yet
Webservices Building Blocks: N.Rajganesh
29 pages
Object-Oriented Programming (CS F213) : BITS Pilani
No ratings yet
Object-Oriented Programming (CS F213) : BITS Pilani
14 pages
Unit 5 OOSE
No ratings yet
Unit 5 OOSE
6 pages
Lab 5
No ratings yet
Lab 5
4 pages
Netsh Int TCP Show Global
No ratings yet
Netsh Int TCP Show Global
1 page
Wordpress Theme Like Thesis
100% (2)
Wordpress Theme Like Thesis
7 pages
Autobus 43 - Ilidza - Osjek
100% (3)
Autobus 43 - Ilidza - Osjek
2 pages
Logcat 1709751358000
No ratings yet
Logcat 1709751358000
9 pages
Project Report Format
No ratings yet
Project Report Format
10 pages
16 CDS Table Function and Analytic Query
No ratings yet
16 CDS Table Function and Analytic Query
3 pages
Ultimate Test Drive: Network Security Management With Panorama
No ratings yet
Ultimate Test Drive: Network Security Management With Panorama
64 pages
CSc. 360 NetCentricComputing
No ratings yet
CSc. 360 NetCentricComputing
2 pages