*****
产品
*****
ESA - Cisco Email Security Appliance
SMA: Cisco Security Management Appliance
*****
背景
*****
如果您一直以来都在使用ESA的Spam Quarantine(垃圾邮件隔离区),现在需要开始使用SMA的垃圾邮件隔离区对垃圾邮件进行集中管理,您将需要将现有ESA上的垃圾邮件转移至SMA
*****
前提:
*****
通过下面的菜单路径于ESA上开启External Spam Quarantine:
GUI > Security Services > Spam Quarantine>Check Enable External Spam Quarantine
按下面步骤disable掉ESA上的LocalQuarantine:
GUI > Monitor > Spam Quarantine> Uncheck Enable SpamQuarantine
提交并保存修改
***************************************************
将Spam Quarantine中的邮件由ESA转移至SMA:
***************************************************
步骤:
在ESA使工作队列清空,清空的方式为在CLI(命令行)中使用下面命令:(选择选项‘ALL’)
============
> suspendlistener
Choose the listener(s) you wish to suspend.
Separate multiple entries with commas.
1. All
2. Public
3. Test
> 1
====
动作执行后等候少许,待Delivery queue中的邮件投递完成,然后使用’tophost’或’status’命令查看设备中‘Active Recipients’一项(即未完成投递的邮件)确认邮件已完成投递:
>status
...
Gauges: Current
Connections
Current InboundConn. 0
Current OutboundConn. 0
Queue
Active Recipients 1
Messages In WorkQueue 0
KilobytesUsed 85
KilobytesFree 71,303,083
Messages In Quarantine
Policy, Virus andOutbreak 10
Kilobytes In Quarantine
Policy, Virus andOutbreak 50
=============================
> tophosts
Sort results by:
1. Active Recipients
2. Connections Out
3. Delivered Recipients
4. Hard Bounced Recipients
5. Soft Bounced Events
[1]>1
Status asof: Mon Sep 29 13:09:53 2014 EDT
Hosts marked with '*' were down as of the last delivery attempt.
Active Conn. Deliv. Soft Hard
# RecipientHost Recip. Out Recip. Bounced Bounced
1 earthlink.net 1 0 2 0 0
2 the.cpq.host 0 0 1 0 0
3 the.encryption.queue 0 0 14 0 0
4 the.euq.queue 0 0 2 0 0
5 the.euq.release.queue 0 0 0 0 0
==============
如果1-2小时以后仍然有邮件滞留在Delivery queue当中,您需要使用’bouncerecipients’命令,选中选项‘3. All’,直至投递队列清空:
==============
> bouncerecipients
Please select how you would like to bounce messages:
1. By recipient host.
2. By Envelope From address.
3. All.
[1]> 3
========================
发件方会收到邮件无法发送的退信信息
接下来您需要将邮件的delivery suspend: (使用suspenddel命令)
========================
> suspenddel
Enter the number of seconds to wait before abruptly closingconnections.
[30]>
使用’saveconfig’命令保存一份配置文件(请不要Mask password,如果选择则配置文件将无法导入),您也可以使用’mailconfig’命令将配置文件发送至指定邮箱地址:
> saveconfig
Do you want to mask the password? Files with masked passwordscannot be loaded using
loadconfig command. > N
===================
到设备GUI, ‘Network’ ->‘SMTP Routes’菜单下,删除所有既存的SMTPRoute配置(这里建议您将现有SMTP route配置信息保存以便后续add back),您也可以使用下面的CLI命令来进行此项操作:
===================
> smtproutes
There are currently 4 routes configured.
Choose the operation you want to perform:
- NEW - Create a new route.
- EDIT - Edit destinations of an existing route.
- DELETE - Remove a route.
- PRINT - Display all routes.
- IMPORT - Import new routes from a file.
- EXPORT - Export all routes to a file.
- CLEAR - Remove all routes.
[]> print
..
[]> clear
=====
编辑‘All Other Domains’一项的SMTP Route,将其指向SMA设备的IP地址及端口(默认未6025):
=====
>smtproutes
[]> edit
Enter the hostname you want to edit.
[]> ALL
Choose the operation you want to perform:
- ADD - Add new destination hosts.
- REPLACE - Specify a new destination or set of destinations
[]> REPLACE
Enter the destination hosts, separated by commas, which you wantmail for ALL to be
delivered.
Enter USEDNS by itself to use normal DNS resolution for thisroute.
Enter /dev/null by itself if you wish to discard the mail.
Enclose in square brackets to force resolution via address (A)
records, ignoring any MX records.
[]> mysma.com:6025
Default route updated.
====
验证:
====
> commit
Please enter some comments describing your changes:
[]> changed default smtp route to point to SMA
===============================
上述更改完成后请提交并保存,于ESA Spam Quarantine中测试释放2-3封垃圾邮件观察其是否成功转移至SMA,如SMA方面确认收到,将余下的邮件全部释放,所有邮件将被传送至SMA, 当所有邮件传送完成后,将ESA上原有的SMTP Route配回。确保ESA上LocalSpam Quarantine是disabled,同时CentralizedQuarantine是Enabled.
=======
于ESA上resume设备的operation:
=======
> resume
Mail delivery resumed.
***********************
同时,您可以于SMA上下面的菜单中开启最终给用户的SLBL:
SMA: Management Appliance > Centralized Services >Spam Quarantine > End-User Safelist/Blocklist > Edit Settings
*********
