安全 : Cisco IronPort Email 安全设备

如何从在思科电子邮件安全工具(ESA)的本地垃圾邮件检疫移植到在安全管理设备(SMA)的中央垃圾邮件检疫?

2016 年 10 月 27 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈

简介

本文描述如何迁移从本地垃圾邮件检疫的被检疫的消息在ESA向在SMA的中央垃圾邮件检疫。

贡献用亚历山大Didebulidze和斯蒂芬贝尔, Cisco TAC工程师。

如何从在思科电子邮件安全工具(ESA)的本地垃圾邮件检疫移植到在安全管理设备(SMA)的中央垃圾邮件检疫?

假定

以下解决方案假设, SMA设备配置,因此ESA设备被添加了,并且集中式检疫启用。

配置汇总

  1. Enable (event)在ESA设备的集中化检疫:GUI > Security Services>垃圾邮件检疫>Check Enable (event)外部垃圾邮件检疫
  2. 禁用本地检疫:GUI >监视器>垃圾邮件Quarantine>不选定Enable (event)垃圾邮件检疫
  3. 提交并且确认更改。
  4. 随意地请移植从本地的检疫消息到中央检疫通过下面进程。

步骤

在ESA设备上您会需要清空队列。倒空workqueue :

暂停使用CLI命令suspendlistener的所有监听程序并且选择选项"1。所有”。

> suspendlistener

Choose the listener(s) you wish to suspend.
Separate multiple entries with commas.
1. All
2. Public
3. Test
[*]> 1

请等待一些时间,直到在交付队列的多数宣传品的消息传送。(您能看到“活动收件人”数量在status命令和tophosts的输出中)。

>status
...
Gauges:                                      Current
  Connections
    Current Inbound Conn.                          0
    Current Outbound Conn.                         0
  Queue
    Active Recipients                              1
    Messages In Work Queue                         0
    Kilobytes Used                                85
    Kilobytes Free                        71,303,083
    Messages In Quarantine
      Policy, Virus and Outbreak                  10
    Kilobytes In Quarantine
      Policy, Virus and Outbreak                  50
> tophosts

Sort results by:

1. Active Recipients
2. Connections Out
3. Delivered Recipients
4. Hard Bounced Recipients
5. Soft Bounced Events
[1]>1

Status as of:                   Mon Sep 29 13:09:53 2014 EDT
Hosts marked with '*' were down as of the last delivery attempt.

                                 Active  Conn.     Deliv.       Soft       Hard
#   Recipient Host               Recip.    Out     Recip.    Bounced    Bounced

1   earthlink.net                     1      0          2          0          0
2   the.cpq.host                      0      0          1          0          0
3   the.encryption.queue              0      0         14          0          0
4   the.euq.queue                     0      0          2          0          0
5   the.euq.release.queue             0      0          0          0          0
 


如果在1-2个小时之后仍有在交付队列的一些消息会需要重新启动这些消息使用命令bouncerecipients选择选项"3的您。直到队列的所有”并且等待获得空。

> bouncerecipients

Please select how you would like to bounce messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 3

重新启动的消息的发送方将接收通知消息不可能传送)
 
使用命令suspenddel,暂停消息交付。

> suspenddel

Enter the number of seconds to wait before abruptly closing connections.
[30]>

做备份您的配置通过命令saveconfigmailconfig,要求清除您的smtp路由然后添加他们回到以后:

> saveconfig

Do you want to mask the password? Files with masked passwords cannot be loaded using
loadconfig command. [Y]>

通过GUI请去Network-> SMTP路由并且删除所有smtp路由。(注意在旧有路由下,因为您再将需要添加他们以后)。或者,通过CLI然后显示清楚的使用打印删除。

> smtproutes


There are currently 4 routes configured.

Choose the operation you want to perform:
- NEW - Create a new route.
- EDIT - Edit destinations of an existing route.
- DELETE - Remove a route.
- PRINT - Display all routes.
- IMPORT - Import new routes from a file.
- EXPORT - Export all routes to a file.
- CLEAR - Remove all routes.
[]> print
..
[]> clear

编辑“其他域” smtp路由并且设置它为SMA设备和端口的IP地址到6025

>smtproutes
[]> edit

Enter the hostname you want to edit.
[]> ALL


Choose the operation you want to perform:
- ADD - Add new destination hosts.
- REPLACE - Specify a new destination or set of destinations
[]> REPLACE

Enter the destination hosts, separated by commas, which you want mail for ALL to be
delivered.
Enter USEDNS by itself to use normal DNS resolution for this route.
Enter /dev/null by itself if you wish to discard the mail.
Enclose in square brackets to force resolution via address (A)
records, ignoring any MX records.
[]> mysma.com:6025

Default route updated.

验证: 做更改和版本2-3垃圾邮件消息从您的本地检疫作为测验。

> commit

Please enter some comments describing your changes:
[]> changed default smtp route to point to SMA


如果发布的消息正确地到达对集中化垃圾邮件检疫,请发表消息的其余。

在所有消息转接到SMA设备后,请恢复在ESA设备的旧有SMTP路由路由。

禁用本地垃圾邮件检疫并且启用集中式检疫。

使用命令恢复,恢复在ESA的正常操作

> resume
Mail delivery resumed.


Document ID: 118555