Getting Started with Cisco Secure Email Gateway

This chapter contains the following sections:

What's New in AsyncOS 16.0

Table 1. Whats New in AsyncOS 16.0

Feature

Description

Regenerating SSH Keys for SCP Push Log Retrieval

Your Secure Email Gateway maintains separate host keys for the SCP Push log retrieval. It also allows you to regenerate SSH keys for the SCP Push log retrieval.

You can regenerate SSH keys using the LOGCONFIG > HOSTKEYCONFIG > REGENERATESCPKEYS subcommand in the CLI.

You can regenerate these new keys only through the CLI and not via the web interface. You must have Administrator, or Cloud Administrator privileges to regenerate these new keys.

Note

 

When you regenerate SSH keys, you need to update these new keys into the SCP log push server.

You can verify these new keys using the LOGCONFIG > HOSTKEYCONFIG > USER subcommand in the CLI.

The management of SSH keys varies depending on the scenarios:

New Install Scenario

When you net install the AsyncOS 16.0 version, a new SSH key is generated.

Upgrade Scenario

When you upgrade from AsyncOS 15.5.1 or earlier version to AsyncOS 16.0, you are prompted for consent to inquire if you want to regenerate SSH keys. If you choose to generate new keys, then a new key is generated, if not, the old key is retained.

When you upgrade from AsyncOS 16.0 earlier version to AsyncOS 16.0 later version, you are not prompted for consent to inquire if you want to generate SSH keys. The available SSH key is retained.

Revert Scenario

When you revert from AsyncOS 16.0 to an earlier version, you will receive a warning message indicating if you need to replace SSH keys on the SCP push log server. If you have not generated new SSH keys, the warning message is not displayed, and you need not replace SSH keys on the SCP push log server.

When you revert from the AsyncOS 16.0 later version to the AsyncOS 16.0 earlier version, the available SSH keys are retained.

For more information, see Configuring Host Keys.

Enhanced File Hash List Support for Content Filters

Your Secure Email Gateway now supports listing file hash lists created with the MD5 Only file hash type option, in addition to those created with the SHA256 Only file hash type option for content filters.

Note

 

This enhancement is available only for content filters and not for message filters. It can be accessed only through the web interface.

You can select the file hast list created with the MD5 Only file hash type option for content filters through the following pages of the web interface:

  • Navigate to Mail Policies -> Incoming Content Filter and click Add Filter. Under Conditions, click Add Conditionand choose Attachment File Info from the Add Condition window.

  • Navigate toMail Policies -> Incoming Content Filter and click Add Filter. Under Actions, click Add Actionsand choose Strip Attachment by File Infofrom the Add Actions window.

When you select the File Hash List radio button, the file hash lists created with the MD5 Only file hash type option are also listed along with file hash lists created with the SHA256 Only file hash type option.

Note

 

When you select the External Threat Feeds radio button , the file hash lists created using the All of the above file hash type option are listed for content filters.

For more information, see

Content Filter Conditions and Content Filter Actions.

Enhanced Alert Emails

You receive alert emails from Secure Email Gateway when you encounter issues with the following limits:

  • Disk Quota for Miscellaneous Services

  • Envelope Sender Rate Limit

  • File Analysis Upload Limit

These Alert emails are enhanced to include a direct link to a comprehensive Tech Zone article. This Tech Zone article provides detailed solutions to address your technical inquiries.

Upgrading Image Analysis Engine to IA8.0

Your Secure Email Gateway is now enhanced with the latest Image Analysis (IA) Engine 8.0. This upgrade from the previous IA6.0 version significantly improves the accuracy of scanning scores.

You will notice a score difference between the two versions, as IA8.0 employs advanced algorithms for more precise image analysis.

Note

 

As part of this update, the image sensitivity prompt is removed from the imageanalysisconfig > SETUP CLI command.

Note

 

Image Analyzer 8.0 uses neural networks for image analysis, whereas Image Analyzer 6.0 relies on skin tone analysis. As a result, Image Analyzer 8.0 is more resource-intensive, leading to a performance degradation of approximately 10%. However, this is offset by a substantial improvement in efficacy.

For more information about Image Analysis, see Image Analysis .

Support for Bounce Verification, SMTP Call Ahead, and Message Filters using AsyncOS APIs

You can now use AsyncOS APIs to view and configure Bounce Verification, SMTP Call-Ahead, and Message Filters in your email gateway.

For more information, see the “Configuration APIs” section of the AsyncOS 16.0 API for Cisco Secure Email Gateway Getting Started Guide - BETA.

Integrating with Email Threat Defense for Microsoft Office Server (on-premises)

If you are using Microsoft Exchange Server (on-premises), you can now use Email Threat Defense API and Email Threat Defense API Polling to perform Mailbox Auto Remediation of convicted emails identified by Secure Email Threat Defense. This feature can be configured via GUI and

threatdefenseconfig command in the CLI.

For more information, see Integrating Secure Email Gateway with Threat Defense.

Email Threat Defense Remediation Report

A new report - Email Threat Defense Remediation has been added to the Remediation Reports page.

For more information on the Email Threat Defense Remediation report, see Remediation Report Page.

Setting Priority for Message Headers

You can now choose to consider only selected priority header for Mail Policy Settings. This can be used if you want the mail policy to match only the priority selected in Match Priority.

Secure Email Relay in Smart Licensing for Virtual Gateways

Secure Email Relay feature lets you send large volumes of emails using the Secure Email Gateway. This feature is only available for accounts with Smart Licensing in virtual gateways, not for on-premises or cloud setups. For more information, see Secure Email Relay in Smart Licensing for Virtual Gateways.

Support for Mail Transfer Agent Strict Transport Security (MTA-STS)

Mail Transfer Agent Strict Transport Security (MTA-STS) protocol enables Secure Email Gateway to determine and act on the TLS policy of a peer Mail Transfer Agent (MTA) for outbound emails, ensuring secure email transmission. You can enable MTA-STS support while configuring the Destination Controls in Secure Email Gateway. For more information, see Mail Transfer Agent Strict Transport Security.

Transitioning from SecureX to XDR

Cisco SecureX is transitioning to an enhanced and more robust platform, Cisco XDR (Extended Detection and Response). As part of this transition, it is essential to integrate your Secure Email Gateway with the new XDR platform.

For more information on how to integrate Secure Email Gateway with XDR, see Integrating with Cisco XDR.

Displaying Warning Messages for Non-Compliant X.509 Certificates

Your Secure Email Gateway now displays warning messages when you import a non-compliant X.509 certificate using the NetworkCertificatesAdd Certificate page on the web interface or certconfig -> IMPORT or PASTE command in the CLI. Despite the warnings, the certificate will still be uploaded.

The warning messages are displayed for the following scenarios:

  • Unregistered URI Schemes in SAN Field - When you import an X.509 certificate that uses a URI with schemes that are not registered with IANA in the Subject Alternative Name (SAN) field, the following warning message is displayed:

    Warning: The X.509 certificate must not use URIs with schemes that are not registered with IANA (such as ‘invalid’). However, the certificate will still be uploaded.

  • SAN - CN Entry Mismatch - When you import an X.509 certificate, it must contain at least one SAN entry exactly matching the CN entry, otherwise the following error message is displayed:

    Warning: The X.509 certificate must contain at least one SAN entry exactly matching the CN entry: tlstest-SAN-has-no-CN.com. However, the certificate will be uploaded.

  • Incorrect IP Address Format in SAN field - When you import an X.509 certificate with an IP address in the wrong format in the SAN field, the following warning message is displayed:

    Warning: The X.509 certificate must not use IP addresses in the format ‘10.10.2.32’ in the Subject Alternative Name (SAN) field. It must be in the format: ’ipAddress-type’. However, the certificate will still be uploaded.

  • Incorrect IP Address Format in CN field and SAN - CN Entry Mismatch - When you import an X.509 certificate with an IP address in the wrong format in the CN field and if the X.509 certificate does not contain at least one SAN entry exactly matching the CN entry, the following warning message is displayed:

    Warning: The X.509 certificate must not use IP addresses in the format ‘10.10.2.32’ in the CommonName (CN) field for the Subject.

    The X.509 certificate must contain at least one SAN entry exactly matching the CN entry. However, the certificate will still be uploaded.

You can view consolidated warning messages on the Certificates (NetworkCertificates) page.

Note

 

When you upgrade or load the configuration file, consolidated warning messages are displayed on the Certificates (NetworkCertificates) page if the previous release had non-compliant X.509 certificates or if the configuration file contains non-compliant X.509 certificates.

Nutanix Support

Your Secure Email Gateway 16.0 now supports Nutanix.

Nutanix Version Details:

  • Nutanix AOS: 6.5.5.7

  • Nutanix Prism Central: pc.2022.6.0.10

For more information, see Cisco Secure Email Virtual Gateway and Secure Email and Web Manager Virtual Appliance Installation Guide available at https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html.

[On-premises only] ESXi 8.0 Support

Your Secure Email Gateway 16.0 now supports ESXi 8.0.

For more information, see Cisco Secure Email Virtual Gateway and Secure Email and Web Manager Virtual Appliance Installation Guide available at https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html.

Comparison of Web Interfaces, New Web Interface with Legacy Web Interface

The following table shows the comparison of the new web interface with the legacy interface:

Table 2. Comparison of New Web Interface with legacy interface

Web Interface Page or Element

New Web Interface

Legacy Web Interface

Landing Page

 After you log in to the email gateway, the Mail Flow Summary page is displayed. After you log in to the email gateway, the My Dashboard page is displayed.

Reports Drop-down

 You can view reports for your email gateways from the Reports drop-down. You can view reports for your email gateway from the Monitor menu.

My Reports Page

 Choose My Reports from the Reports drop-down. You can view the My Reports page from Monitor > My Dashboard.

Mail Flow Summary Page

The Mail Flow Summary page includes trend graphs and summary tables for incoming and outgoing messages.

The Incoming Mail includes graphs and summary tables for the incoming and outgoing messages.

Advanced Malware Protection Report Pages

The following sections are available on the Advanced Malware Protection report page of the Reports menu:

  • Summary

  • AMP File Reputation

  • File Analysis

  • File Retrospection

  • Mailbox Auto Remediation

The email gateway has the following Advanced Malware Protection report pages under Montior menu:

  • Advanced Malware Protection

  • AMP File Analysis

  • AMP Verdict Updates

  • Mailbox Auto Remediation

Outbreak Filters Page

The Past Year Virus Outbreaks and Past Year Virus Outbreak Summary are not available in the Outbreak Filtering report page of the new web interface.

The Monitor > Outbreak Filters page displays the Past Year Virus Outbreaks and Past Year Virus Outbreak Summary.

Spam Quarantines (Administrative and End Users)

Click Quarantine > Spam Quarantine > Search in the new web interface.

The end users can access the spam quarantine using the URL:

https://example.com:<https-api-port>/euq-login

where example.com is the appliance hostname and <https-api-port> is the AsyncOS API HTTPS port opened on the firewall.

You can view spam quarantine from the Monitor > Spam Quarantine menu.

Policy, Virus and Outbreak Quarantines

Click Quarantine > Other Quarantine in the new web interface.

You can only view Policy, Virus and Outbreak Quarantines in the new web interface.

You can view, configure and modify the Policy, Virus and Outbreak Quarantines on the email gateway using the Monitor > Policy, Virus and Outbreak Quarantines.

Select All Action for Messages in Quarantine

You can select multiple (or all) messages and perform a message action such as delete, delay, release, move, etc.

You cannot select multiple messages to perform a message action.

Maximum Download Limit for Attachments

The maximum limit for downloading attachments of a quarantined message is restricted to 25 MB.

-

Rejected Connections

To search for rejected connections, click Tracking > Search > Rejected Connection tab on the .

-

Query Settings

The Query Settings field of the Message Tracking feature is not available on the .

You can set the query timeout in the Query Settings field of the Message Tracking feature.

Message Tracking Data Availability

Click the gear icon on the upper right side of the page the web interface to access Message Tracking Data Availability page.

You can view the missing-data intervals for your email gateway.

Show Additional Details of Messages

You can view additional details of a message such as Verdict Charts, Last State, Sender Groups, Sender IP, IP Reputation Score and Policy Match details.

-

Verdict Charts and Last State Verdicts

Verdict Chart displays information of the various possible verdicts triggered by each engine in your email gateway.

Last State of the message determines the final verdict triggered after all the possible verdicts of the engine.

Verdict Charts and Last State Verdicts of the messages are not available.

Message Attachments and Host Names in Message Details

Message attachments and host names are not displayed in the Message Details section of the message on the email gateway.

Message attachments and host names are displayed in the Message Details section of the message.

Sender Groups, Sender IP, IP Reputation Score and Policy Match in Message Details

Sender Groups, Sender IP, IP Reputation Score, and Policy Match details of the message is displayed in the Message Details section, on the email gateway.

Sender Groups, Sender IP, IP Reputation Score, and Policy Match of the message is not available in the Message Details section of the message.

Direction of the Message (Incoming or Outgoing)

Direction of the message (incoming or outgoing) is displayed in the message tracking results page, on the email gateway.

Direction of the message (incoming or outgoing) is not displayed in the message tracking results page.

Where to Find More Information

Cisco offers the following resources to learn more about your email gateway:

Documentation

You can access the online help version of this user guide directly from the appliance GUI by clicking Help and Support in the upper-right corner.

The documentation set for the Cisco Secure Email Gateway includes the following documents and books:

  • Release Notes
  • Quick Start Guide for your Cisco Email Security Appliance model
  • Cisco Content Security Virtual Appliance Installation Guide
  • User Guide for AsyncOS for Cisco Secure Email Gateway (this book)
  • CLI Reference Guide for AsyncOS for Cisco Secure Email Gateway
  • AsyncOS API for Cisco Secure Email Gateway - Getting Started Guide

Documentation for all Cisco Content Security products is available from:

Documentation For Cisco Content Security Products

Location

Hardware and virtual appliances

See the applicable product in this table.

Cisco Secure Email Gateway

http://www.cisco.com/c/en/us/support/security/ email-security-appliance/tsd- products-support-series-home.html

Cisco Secure Web Appliance

http://www.cisco.com/c/en/us/support/security/ web-security-appliance/tsd-products- support-series-home.html

Cisco Secure Email and Web Manager

http://www.cisco.com/c/en/us/support/ security/content-security-management- appliance/tsd- products-support-series-home.html

CLI Reference Guide for Cisco Secure Email Gateway

http://www.cisco.com/c/en/us/support/security/ email-security-appliance/products-command-reference-list.html

API Getting Started Guide for Cisco Secure Email Gateway

https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-programming-reference-guides-list.html

Privacy Datasheet for Cisco Secure Email Gateway

https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-email-security-appliance-privacy-data-sheet.pdf

Cisco Notification Service

Sign up to receive notifications relevant to your Cisco Content Security Appliances, such as Security Advisories, Field Notices, End of Sale and End of Support statements, and information about software updates and known issues.

You can specify options such as notification frequency and types of information to receive. You should sign up separately for notifications for each product that you use.

To sign up, visit http://www.cisco.com/cisco/support/notifications.html

A Cisco.com account is required. If you do not have one, see Registering for a Cisco Account.

Cisco Support Community

The Cisco Support Community is an online forum for Cisco customers, partners, and employees. It provides a place to discuss general email and web security issues, as well as technical information about specific Cisco products. You can post topics to the forum to ask questions and share information with other Cisco users.

Access the Cisco Support Community on the Customer Support Portal at the following URLs:

Cisco Customer Support

Do not contact Cisco Customer Support for help with Cisco Secure Email Gateway. See the Cisco IronPort Hosted Email Security / Hybrid Hosted Email Security Overview Guide for information on getting support for Cloud/Hybrid Email Security appliances.

Cisco TAC: http://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Support site for legacy IronPort: http://www.cisco.com/c/en/us/services/acquisitions/ironport.html

For non-critical issues, you can also access customer support from the email gateway. For instructions, see the User Guide or online help.

Third Party Contributors

See Open Source licensing information for your release on this page: http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html .

Some software included within Cisco AsyncOS is distributed under the terms, notices, and conditions of software license agreements of FreeBSD, Inc., Stichting Mathematisch Centrum, Corporation for National Research Initiatives, Inc., and other third party contributors, and all such terms and conditions are incorporated in Cisco license agreements.

The full text of these agreements can be found here:

https://support.ironport.com/3rdparty/AsyncOS_User_Guide-1-1.html.

Portions of the software within Cisco AsyncOS is based upon the RRDtool with the express written consent of Tobi Oetiker.

Portions of this document are reproduced with permission of Dell Computer Corporation. Portions of this document are reproduced with permission of McAfee, Inc. Portions of this document are reproduced with permission of Sophos Plc.

Cisco Welcomes Your Comments

The Cisco Technical Publications team is interested in improving the product documentation. Your comments and suggestions are always welcome. You can send comments to the following email address:

contentsecuritydocs@cisco.com

Please include the product name, release number, and document publication date in the subject of your message.

Cisco Secure Email Gateway Overview

The AsyncOS™ operating system includes the following features:

  • Anti-Spam at the gateway, through the unique, multi-layer approach of SenderBase Reputation Filters and Cisco Anti-Spam integration.
  • Anti-Virus at the gateway with the Sophos and McAfee Anti-Virus scanning engines.
  • Outbreak Filters™, Cisco’s unique, preventive protection against new virus, scam, and phishing outbreaks that can quarantine dangerous messages until new updates are applied, reducing the window of vulnerability to new message threats.
  • Policy, Virus, and Outbreak Quarantines provide a safe place to store suspect messages for evaluation by an administrator.
  • Spam Quarantine either on-box or off, providing end user access to quarantined spam and suspected spam.
  • Email Authentication. Cisco AsyncOS supports various forms of email authentication, including Sender Policy Framework (SPF), Sender ID Framework (SIDF), and DomainKeys Identified Mail (DKIM) verification of incoming mail, as well as DomainKeys and DKIM signing of outgoing mail.
  • Cisco Email Encryption. You can encrypt outgoing mail to address HIPAA, GLBA and similar regulatory mandates. To do this, you configure an encryption policy on the email gateway and use a local key server or hosted key service to encrypt the message.
  • Email Security Manager, a single, comprehensive dashboard to manage all email security services and applications on the email gateway. Email Security Manager can enforce email security based on user groups, allowing you to manage Cisco Reputation Filters, Outbreak Filters, Anti-Spam, Anti-Virus, and email content policies through distinct inbound and outbound policies.
  • On-box message tracking. AsyncOS for Email includes an on-box message tracking feature that makes it easy to find the status of messages that the E email gateway processes.
  • Mail Flow Monitoring of all inbound and outbound email that provides complete visibility into all email traffic for your enterprise.
  • Access control for inbound senders, based upon the sender’s IP address, IP address range, or domain.
  • Extensive message and content filtering technology allows you to enforce corporate policy and act on specific messages as they enter or leave your corporate infrastructure. Filter rules identify messages based on message or attachment content, information about the network, message envelope, message headers, or message body. Filter actions allow messages to be dropped, bounced, archived, blind carbon copied, or altered, or to generate notifications.
  • Message encryption via secure SMTP over Transport Layer Security ensures messages traveling between your corporate infrastructure and other trusted hosts are encrypted.
  • Virtual Gateway™ technology allows the email gateway to function as several email gateways within a single server, which allows you to partition email from different sources or campaigns to be sent over separate IP addresses. This ensures that deliverability issues affecting one IP address do not impact others.
  • Protection against malicious attachments and links in email messages, provided by multiple services.
  • Use Data Loss Prevention to control and monitor the information that leaves your organization.

AsyncOS supports RFC 2821-compliant Simple Mail Transfer Protocol (SMTP) to accept and deliver messages.

Most reporting, monitoring, and configuration commands are available through both the web-based GUI via HTTP or HTTPS. In addition, an interactive Command Line Interface (CLI) which you access from a Secure Shell (SSH) or direct serial connection is provided for the system.

You can also set up a Cisco Secure Email and Web Manager to consolidate reporting, tracking, and quarantine management for multiple E email gateways.

Related Topics

Supported Languages

AsyncOS can display its GUI and CLI in any of the following languages:

  • English
  • French
  • Spanish
  • German
  • Italian
  • Korean
  • Japanese
  • Portuguese (Brazil)
  • Chinese (traditional and simplified)
  • Russian