Configure Secure Email Gateway Outbound Relay Mode
Available Languages
Introduction
This document describes the new Secure Email Gateway (SEG) feature Relay Mode overview and setup.
Prerequisites
Requirements
General knowledge of the Cisco Secure Email Gateway (SEG) general settings and configuration.
Components Used
The information in this document is based on these software and hardware versions:
- SEG AsyncOS 16.0 or newer
- Smart Licensing
- License required: Secure Email Relay
- On-premise Virtual SEG is the only supported platform
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Overview
The new SEG feature, Outbound Relay, permits the conversion from a traditional SEG to a dedicated outbound mass delivery Mail Transfer Agent (MTA).
The SEG license permits the transfer of one million messages per 24 hours.
License PID = SECURE-EMAIL-RELAY
Once Outbound Relay has been enabled, all other license options are removed from Smart Licensing disabling all features except Bounced Tagging.
Configure
Reference SEG & SEWM Smart Licensing Deployment Guide to find answers to general Smart Licensing questions.
Start with a Smart License registered on-premise Virtual SEG:
- WebUI > System Administration > Licenses
- The top-right corner of the Licenses Table is the blue clickable link Switch to relay mode.
- A pop-up warning message and Cancel/Submit options are presented.
- Select Submit to convert to Outbound Relay.
Smart License Page
- The final state of Licenses presents the single line item Secure Email Relay and In Compliance:
Verify
Once the SEG has enabled the Outbound Relay feature, all of the menus and lists in the SEG appear as usual, although the details within the individual menus change:
- All Licensed features within Webui > Security Services displays a message: "The feature cannot be enabled because the license is unavailable or has expired."
- Viewing the Incoming and Outgoing Mail Policies shows each feature as Not Available."
- Incoming Mail Policies do exist, but the mail handling license is absent, generating a rejection and log in the mail_logs.
Sample Logs for inbound rejection:
Tue Oct 8 11:51:21 2024 Info: New SMTP ICID 163 interface Management (x.x.x.x) address x.x.x.x reverse dns host unknown verified no
Tue Oct 8 11:51:21 2024 Info: ICID 163 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS not enabled country not enabled
Tue Oct 8 11:51:21 2024 Info: ICID 163 from address x.x.x.x rejected due to unavailability of mail handling license
Tue Oct 8 11:51:21 2024 Info: ICID 163 close
Sample Logs for Relay (Outbound) successful message:
Tue Oct 8 13:21:35 2024 Info: New SMTP ICID 167 interface Management (x.x.x.x) address x.x.x.x reverse dns host unknown verified no
Tue Oct 8 13:21:35 2024 Info: ICID 167 RELAY SG Outbound_Relay match x.x.x.x SBRS not enabled country not enabled
Tue Oct 8 13:22:12 2024 Info: Start MID 319 ICID 167
Tue Oct 8 13:22:12 2024 Info: MID 319 ICID 167 From: <buyu_c@domain.com>
Tue Oct 8 13:22:16 2024 Info: MID 319 ICID 167 RID 0 To: <charlieb@domain.com>
Tue Oct 8 13:22:29 2024 Info: MID 319 matched all recipients for per-recipient policy DEFAULT in the outbound table
Tue Oct 8 13:22:29 2024 Info: MID 319 queued for delivery
Tue Oct 8 13:22:29 2024 Info: New SMTP DCID 17 interface x.x.x.x address x.x.x.x port 25
Tue Oct 8 13:22:29 2024 Info: TLS processing time client side: 0.157974481583
Tue Oct 8 13:22:29 2024 Info: Delivery start DCID 17 MID 319 to RID [0]
Tue Oct 8 13:22:29 2024 Info: Message done DCID 17 MID 319 to RID [0]
Tue Oct 8 13:22:29 2024 Info: MID 319 RID [0] Response '2.0.0 Ok: queued as A2ADD18000212'
Tue Oct 8 13:22:29 2024 Info: Message finished MID 319 done
Related Information
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
25-Feb-2025
|
Initial Release |
Feedback