Cisco Ironport Email Security inline with Microsoft Forefont

Similar Messages

• Configuring Cisco/IronPort plugin for Outlook with CRES

  With the discontinuation of the IronPort IEA appliances we are getting ready to move from our on-premise IEA appliances to CRES.  I have a demo key for Encryption that I am running on my C660s and I have an Outlook client configured with the Email Security Plug-In version 7.2.0.39.  Currently the Outlook Plug in is configured to point to our on premise IEA appliances for the Server URL attribute in Desktop Encryption Options and is working great.
  My question is, what do I use to connect it to CRES for desktop encryption?
  The Admin guide "Cisco IronPort Email Security Plug-in 7.2 Administrator Guide" page 4-46 just says "Server URL Enter the URL for your  Encryption server."
  Thanks

  Hi Jason,
  Thanks for your question.  The short answer is https://res.cisco.com:443 HOWEVER please note the following two points.  First, you will need a CRES account, so that you can download a token to use with the plugin, to authenticate to CRES; you cannot use the default token which you have probably been using with your IEA.  Second, using the current Outlook plug-in version 7.2 with CRES is not supported; it works, but it is not supported.  There are plans to release a supported version.

• Cisco IronPort Web Security 7.5 (Async OS).

  Hi All,
  Can anybody provide me the W3C sample logs of Cisco IronPort Web Security 7.5 (Async OS).
  Thanks,
  Sachin.

  "05/Oct/2012:10:17:00 +0200" 2152 NONE - 10.0.0.1 NONE 504 0 GET http://www.cisco.com/index.html - ALLOW_CUSTOMCAT_11-Intranet_Access-Intranet_Access_RD-NONE-NONE-NONE-Intranet  "Intranet"

• Command line installation options for Ironport Email Security Plug-in

  We're getting ready to implement email encryption with our C160.  I want to deploy the Outlook plug-in to my users using SCCM.  According to the administrator guide I should be able to do this however I have downloaded the current version of the plug-in and it doesn't seem to support the command line options described in the administrator guide.  Specifically the /f1 switch (page 3-17 of admin guide) used to pass the setup.iss file doesn't work.  This command is then referenced to be used for the distribution package in SCCM.  I'm trying to use CiscoEmailSecurity-7-1-1-002.exe.
  Am I missing something?  Or has something changed in the deployment method?  Thanks for your help.

  Hi Scott,
  Can you include the exact syntax your using?
  it should look like this,
     Start /w CiscoEmailSecurity_7-1-1-002.exe /s /v /qn /f1"J:\install_711002.iss
  Christopher C Smith
  CSE
  Cisco IronPort Customer Support

• Block and Unblock the .zip and .rar files based on doamin or user account base on incoming mails with ironport email security.

  Hi All,
  Request you all to help me out in blocking/dropping only the attachments with the extension .rar and .zip in incoming mails for particular users or domains.
  as of now I have did for all the domains or users.However, I want to unblock it only for some particular/specific users and for rest it should block.
  kindly help me with the steps to do the configuration.
  Thanks a ton in advance
  Regards,
  LRN

  It sounds like you just need to use different incoming mail policies per group of individuals you want to block/drop .rar and .zip and those which you don't want this to happen.
  The fact that you want a specific group to be allowed receipt of these and everyone else should have these blocked I would recommend creating an additional incoming mail policy that does NOT have a content filter that performs this blocking.  Add the appropriate users to this incoming mail policy.  Then create a incoming content filter that does this dropping of .rar and .zip files and apply this to the Default Incoming Mail Policy.
  The content filter in this situation would not need a condition, just a action of strip attachments by file info , filename contains  .rar or .zip
  Here is a useful regex for the content filter action:  (?i)\.(zip|rar)
  Hope this helps!
  Steve

• How to migrate IronPort email security from C350 (6.5) to C370 (7.6)

  Hello
  i have two IP C350 running ios version 6.5, in a cluster mode and would need to know what would be the best (and quickest) way to replace existing units and migrate current configuration from both IPs and have established cluster again.
  Old IPs are C350, running AsyncOS 6.5.3-007. New units are two C370, running IOS AsyncOS 7.6.1
  If there is any how-to with steps required that you guys are aware of and would like to share would be awesome.
  Appreciated.

  I have completed upgraded of the one ironport out of two. I had issues with clustering since i run upgrade from the GUI (GUI inform you that it would need to disconnect the unit from the cluster in order to perform the upgrade).
  Answering Yes to this the upgrade starts and finishes with no issue. But when you try to migrate config from old unit to the new unit, whole bunch of messages pops out related to cluster, ports, Ethernet, etc. And i put netwrok config part from new unit to the config.
  The CLI at the old unit shows that unit is disconnected from the cluster and not removed, so command to remove the unit from the cluster was issued. After reboot, i export the config from the old unit, made changes to the network part (ports, ethernet, MAC address) and import the config into new unit with no issues.
  Now, i have one new unit handling email and one old unit waiting for replacement. No cluster existis between these units at this point.
  So, for second unit, i will do:
  from CLI remove old unit from the cluster.
  run the upgrade
  reboot
  export configuration and make changes to the network part.
  import config to the new unit and cross fingers (the cross finger method works very well from time to time).
  recreate a cluster.
  Will update the thread once all is done.

• Can't send emails from Mail with microsoft word attachments

  Ok, this is a weird one. About a month ago I realized that people weren't receiving my emails sent from Mail when I attached Microsoft Word documents to them. I can attach anything else, but the second I throw in a .doc, the email simply won't be received. It will send perfectly fine, without any errors or signs of problems. Ever heard of that before? Any ideas?
  12" Powerbook G4   Mac OS X (10.3.9)  

  I've been sending ".doc" files from both Mail and Entourage for some time without a problem.
  Having said that, is there a chance that your Internet Service Provider is somehow blocking some file types?
  I've recently come across a cpouple of European internet providers who do block executables and key file types that are known to cause problems or that might contain viruses/trojans.

• 2 ironports email security appliance redundancy

  Hi,
  I have two IronPort ESA C160 devices and would like to cluster them for redundancy. My question is:
  When the devices are clustered, is there a cluster IP address (not an interface on either device) which is created which emails from Exchange can be routed to? Since only 1 of the 2 devices will be active at any given time, how can Exchange distingiush which Ironport device to route to?
  Any assistance would be greatly appriciated.
  Omar Badawi

  I see your IP is listed as 200.40.148.74
  Checking Senderbase, not seeing any issues relating back to your side:
  http://www.senderbase.org/lookup/?search_string=200.40.148.74
  Changes recently to DNS?  Hostnames resolve, reverse DNS?  Domains correct and resolvable?  SPF in use... any changes, is it correct?  DKIM, same - any changes, is it correct?
  Originating MX?  Any changes of late to local mail or ISP?
  Normally the 421 error is a temporary block due to issues seen coming from your address/originating IP.  Issue still persist?
  -Robert

• Email Security Plug-in - Doesn't seem to work with right click or save and send

  I've searched the knowledge base but have not located the answer yet.
  We have the Encrypt Message plug-in installed to flag the email [SEND SECURE].  This works very well when in Outlook.  It does not seem to work when right clicking a file to send outside of Outlook or performing Save and Send from within Microsoft Office.  The add-in still shows and users are clicking it and the Send button but the emails are not going securely.  We are on Microsoft2010 on mostly XP machines.
  How can I get Encrypt Message to work in all instances?
  Thank you.
  Starla

  Andreas
  I am getting an error.  See below for what I'm choosing and the response.  let me know if I'm supposed to be trying to download from another area.
  Thanks
  Starla
  Email Security Plug-in - Doesn't seem to work with right click or save and send
  Cisco IronPort Email Security Appliance C370
  Release:IPAS
  Filename: CiscoEmailSecurity_7-2-0-039.exe
    Remove
  Details
  Release
  IPAS
  Filename
  CiscoEmailSecurity_7-2-0-039.exe
  Release Date
  25/Oct/2011
  Description
  Cisco IronPort Email Security Plug-in (Outlook)
  Size
  32541.84375 KB (33322848 bytes)
  Router Checksum
  0x553f
  MD5
  f0c864697d9e1a3e8f5297062943ac50
  Email Security Plug-in - Doesn't seem to work with right click or save and send
  Save the device to 'My Added Devices' list
  More Info
  'My Added Devices' list could be found by: 1. Clicking on 'My Cisco' Tab and expanding
      the 'Added Devices' section. 2. Selecting any task specific product
     selector and clicking on 'My Added
      Devices' in left pane.
  Email Security Plug-in - Doesn't seem to work with right click or save and send
  Set Cisco Notification Alert
  More Info
  All 'Cisco Notification Alerts' list could be found
  by: 1. Clicking on 'My Cisco' Tab and expanding
      the 'Support Notifications' section.
  Cisco service contract information indicates you are not authorized to download software for the following product(s):
  Cisco IronPort Email Security Appliance C170
  Cisco IronPort Email Security Appliance C370
  Cisco IronPort Email Security Appliance C650
  To download software for other product(s), remove the software for the product(s) listed above.
  Or, if you feel this message is in error, please:
  1. Email technical support for 24x7 assistance. To expedite your request, please include the following information:
           User ID (Cisco.com ID used to download software)
           Contact Name
           Company Name
           Contract Number
           Product ID
           Desired Software Release or File Name
  2. Contact your Cisco Representative, Partner or Reseller to ensure product(s) listed above are covered on a service contract. The Partner Locator link may assist in locating your nearest partner.
  3. Associate contracts for those products to your Cisco.com profile using the Instructions found in Profile Manager. After you submit your additional contracts, verification and updates may take up to 6 hours to complete.

• Cisco IronPort Plug-In 7.3 breaks when multiple profiles are used?

  In our testing of the Cisco IronPort Plug-In 7.3 we found that if seperate Outlook profiles are used that are configured to different e-mail accounts the plug-in gives an error.
  Here's the scenario.
  Profile A configured with [email protected] up and running receives the BCS Configuratoin File and the plug-in recognizes it and enables the ENCRYPT button.   User1 can use Outlook along with ENCRYPT and all works well.
  But, if that same workstation users opens a different Outlook mail profile is opened that is configured to a different e-mail account.  Profile B configured with [email protected] the following error is generated:  "An error occurred during C:\ProgramData\Cisco\Cisco IronPort Email Security Plug-in\user1\config_2.xml configuartion file initialization.  Some settings have been set to the default values."   Outlook works fine, the decrypt button is greyed out, which is expected, [email protected] is not ENCRYPT enabled.
  The problem is when the user opens up Profile A again, a different error occurs "
  "An error occurred during C:\ProgramData\Cisco\Cisco IronPort Email Security Plug-in\user1\config_1.xml configuartion file initialization.  Some settings have been set to the default values." and the ENCRYPT button is still disabled, even though this user is authorized for ENCRYPTION.   At this point the user has to open the BCS Configuration File again, which does give the message 'This message contains a secure attachment with settings for [email protected]  Do you want to apply these settings?".   If they answer YES, the ENCRYPT button is re-enabled.
  Is Cisco aware of this?   What is the resolution?
  Thanks.

  Same workstation AD login that has full access to both e-mail accounts. 
  Email account A profile A is the same as the workstation login used.   Email account B profile B is a different e-mail address / AD object but user A has full access to the mailbox.
  I would expect Encryption to work for Profile A and not for Profile B, e-mail address B was never sent the configuration file.  But when I go back to use Profile A, encryption is no longer enabled, requireing me to run the configuration again.

• Silient Uninstall Cisco Ironport Outlook Plugin

  Basically need to uninstall 7-2-7.3 versions of the outlook plugin silently on hundreds of machines.
  Basically the opposite of:
  Cisco Ironport Email Security Plug-in.exe /exenoui /qu UseCustomConfig=\\server\shared\config\
  I have tried different variations with no luck.

  I found my answer. Pretty simple, could have been easier. 
  msiexec /x {GUID} /q
  the GUID or Product ID, I was able to find using SCCM. Each version of the plugin is a different GUID. I used a script to se the right uninstalled line fore which version is installed. 

• Cisco Email Security Appliance (ESA) - Reporting

  In previous versions on ESA you could export data and reports in CSV formats using an API. Is that still available?
  >From the following document :
  IRONPORT ASYNCOS 6.4 REPORTING API FOR IRONPORT APPLIANCES
  REPORTING API OVERVIEW
  The Reporting API feature allows you to download the same data collected by the Email Security Monitor component of the IronPort Email Security appliance or Security Management appliance in a comma separated value (CSV) format. This format allows users to integrate the IronPort appliance's data gathering capabilities into other IT and business reporting systems. 
  DOWNLOADING REPORTING DATA
  You can retrieve the data used to build the charts and graphs in the Email Security Monitor feature via HTTP. This is useful if you plan to perform further analysis on the data via other tools. The data is available in standard comma separated value (CSV) format. The easiest way to get the HTTP query you will need is to configure one of the Email Security Monitor pages to display the type of data you want. You can then simply click the Export... link to initiate the download process.

  It went away, there's a new one (RESTful) in 9.0/9.1
  http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-0/ESA_API_1-0_Getting_Started_Guide.pdf

• Configure Encryption Notifcation Templates for IronPort Email Encryption

  We are running a Cisco C100V Email Security Virtual Appliance and are going to start using the IronPort Email Encryption capabilities to send secure email to recipients outside of our organization.
  I see under Mail Polices --> Text Resources that you can create an "Encryption Notification Template" HTML or text based that gives a general message to a recipient on what to do when they receive this secure email using this process.
  Is there a way that I can customize that template a little more?  I would like to add at least our corporate logo to that template just to make things more visible to the recipient who the message is coming from.
  Ive tried to copy and paste the HTML code out and edit it throwing a <IMG> tag in with a URL as the source back to a logo I put in a folder on our public website however it didn't work.
  Can this be done or am I just stuck with the dull as dishwasher framework of that template..?
  Thanks.

  Yes - you can edit the template to include the logo, or anything you wish --- standard HTML encoding applies...
  Here - I have added in the Pittsburgh Pirates "P" logo --->
  My HTML code --- only choosing to add a NEW template in the text resources, using the template wording --- and inserting the BOLD RED section w/ the image location for the Pirate "P" source:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
  <html>
   <head>
    <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
    <meta name=version
     content="$RCSfile: PostXMessage.html,v $ $Revision: 1.10 $">
    <title>Secure Email Message</title>
   </head>
   <body bgcolor="#EEEEEE">
    <table align=center style="width:80%;border:1px solid #336699;
     background-color:white">
     <tr>
      <td>
       <table width="95%" cellspacing=0 cellpadding=0 align=center>
        <tr>
         <td>&nbsp;</td>
        </tr>
        <tr>
         <th style="font-family:Verdana,sans-serif;font-weight:700;
          font-size:10pt;text-align:left;color:#333333">
          You have received a secure message
         </th>
        </tr>
        <tr>
         <td style="border-top:1px solid black">&nbsp;</td>
        </tr>
        <tr>
  <img  src="http://pittsburgh.pirates.mlb.com/images/homepage/team/y2011/footer/pit.png" border="0">
         <td style="font-family:Verdana,sans-serif;font-size:8pt;
          text-align:left;color:black">
            <strong>Read your secure message by opening the attachment,
            ${AttachmentName}.</strong> You will be prompted to open (view)
            the file or save (download) it to your computer. For best
            results, save the file first, then open it in a Web browser.
            To access from a mobile device, forward this message to
            [email protected] to receive a mobile login URL.
            <br><br>
            If you have concerns about the validity of this message, contact
            the sender directly.
            <br>
            <p>
            <strong>First time users -</strong> will need to register after
            opening the attachment. For more information, click the following Help link.
            <br>
            <strong>Help -</strong> <a href="https://res.cisco.com/websafe/help?topic=RegEnvelope">https://res.cisco.com/websafe/help?topic=RegEnvelope</a><br>
            <strong>About Cisco Registered Email Service -</strong> <a href="https://res.cisco.com/websafe/about">https://res.cisco.com/websafe/about</a>
            </p>
          </td>
        </tr>
        <tr>
         <td>&nbsp;</td>
        </tr>
       </table>
      </td>
     </tr>
    </table>
   </body>
  </html>
  Test your HTML coding out before hand if you need --->
  Can you test the code from this site:
  http://www.w3schools.com/TAGS/tryit.asp?filename=tryhtml_pre
  I hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

• Security mails from Microsoft cant be delivered to Exchange 2010

  Hi there,
  I have strange issue with delivering e-mails from Microsoft account team to my Exchange 2010 users.
  That is single Exchange 2010 server scenario with Microsoft antispam features installed.
  There is one setting that is affecting behavior of that: Sender-ID filtering. If it is configured as reject messages, the authentication e-mails are rejected with error:
  550 5.7.1
  Missing purported responsible address,MissingPRA,No valid PRA
  I was doing some research around the Sender-ID filter and found this:https://technet.microsoft.com/en-us/library/aa997242(v=exchg.141).aspx pointing
  to this:
  http://www.ietf.org/rfc/rfc4407.txt
  (see chapter 2, points 5 and 6)
  And Im thinking that the From: header is too long for the filter having 133 characters...
  From: =?windows-1250?Q?T=FDm,=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <[email protected]>
  See https://tools.ietf.org/html/rfc2822 chapter 2.1.1
  And if from header is not read properly, there is no other chance to define PRA.
  Im attaching the header with some privacy related edits (*)
  And also connection to my previos post:
  https://social.technet.microsoft.com/Forums/cs-CZ/63366c5f-5028-4b86-8cd9-815b2474083e/authentication-email-from-onedrive-is-not-delivered-to-exchange-2010?forum=exchangesvrsecuremessaging
  Received: from BAYIDSTOOL3E005 ([65.54.190.61]) by BAY004-OMC1S28.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
  Wed, 21 Jan 2015 03:50:31 -0800
  Message-ID: <[email protected]>
  X-Message-Routing: sKFde7CS5BHygFZaC4gFZWeHmOM+Rjf1iOmv8meDbQqeD+9kHFgbAflrz5UYy6v/Ov/vRliTx0hzi7ScTgwYCoH5DCu2Fahk9R9SdBH5Nsa5oB9Sz/gjNEAPF3tI/C3nFECX7BGzTiSSOg8TKAUbuCEwYGg==
  Return-Path: [email protected]
  Date: Wed, 21 Jan 2015 03:50:31 -0800
  From: =?windows-1250?Q?T=FDm,=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <[email protected]>
  Subject: =?windows-1250?Q?Bezpe=E8nostn=ED=20k=F3d=20=FA=E8tu=20Microsoft?=
  To: <t*****f@jv*******ms.cz>
  X-Priority: 3
  X-MSAMetaData: Cn0c88Cz0sGsI0Nfm6RO9sA/7VbWGUJeVNx9a4NXy37JI18dwFph0xDWcW8LScCF+MW2Lz28gPZz9dv7HW6EgfszNl0B6YfvjoqD5EXhCIrXhZTYSSbIB1Ix/LTVnuXoQieHLbzlKEn/wPNttCFyHop5rh2n8Sm26X38Eqj+/+Nh4VXFdEZ2I+gyInEElCSMfg==
  MIME-Version: 1.0
  Content-Type: multipart/alternative;
  boundary="------=_Next_Part_0490624281.535"
  X-OriginalArrivalTime: 21 Jan 2015 11:50:31.0736 (UTC) FILETIME=[757B2B80:01D03570]
  Do anyone knows the limits of header lines in the Exchange 2010 Antispam Filters?

  I have tested it deeply and strange thing gets even stranger:
  If I send entire email with telnet the difference between error and accepting message by server is comma in From: header. so:
  Message is not accepted with that line:
  From: =?windows-1250?Q?T=FDm,=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <[email protected]>
  Message is accepted if I delete a comma:
  From: =?windows-1250?Q?T=FDm=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <[email protected]>

• Ironport web security appliance

  Hi,
  Just want to check if the IRONPORT
  S series web security appliances support
  failover/clustering of 2 boxes.
  thanks,

  Each Cisco IronPort web security appliance can be configured as a standalone proxy or to co-exist with other proxies (such as in a proxy hierarchy for conditional routing, failover and load balancing