How do I configure a relay host on the ESA for outbound mail?

Available Languages

Updated:July 31, 2014
Document ID:118136

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.


Question:

How do I  configure a relay host on the ESA for outbound mail?

Answer:

The Cisco ESA appliance will not relay messages for hosts that are not configured in the relay list. 

SMTP servers that allow relay by unspecified hosts are called Open Relay or insecure relay.  A server that is configured as an Open Relay is subject to use by those who would send spam messages through it, causing the server IP address to appear on blacklists and have its messages rejected.

Two methods for setting up relay (outbound email):

1. use an existing Listener by adding an appropriate Sender Group and Mail Flow Policy.

  • First create a new Mail Flow Policy from the Mail Flow Policies page of the Mail Policies tab.  You can give it any name you want; the most common is RELAYED.  The critical setting on this that the 'Connection Behavior' must be set to 'Relay'.  You may want to make the other settings appropriately generous for your outbound mail needs.
  • Once the Mail Flow Policy is created, go to the HAT Overview page of the Mail Policies tab and create a new Sender Group.  You can give it any name you like; the most common is RELAYLIST.  From the Policy dropdown list, select your new Mail Flow Policy.  Change the Order to 1; the first match wins and we want to make sure your trusted hosts always match on this Sender Group.  Then click on 'Submit and Add Senders'.  On this page, add the IP addresses of the machines you trust to send outbound mail.
  • Submit, Commit, and test to make sure your outbound mail setup is working appropriately.

2. Alternately, setup a new Listener

  • Starting on the Listeners page of the Network tab, click on 'Add Listener'.  You can give it any name you like; a common name is 'OutboundMail'.  The important step here is to select the 'Type of Listener' as 'Private' and make certain that the appropriate Interface is selected.  Review and adjust the other settings if desired and then click 'Submit'.
  • This will bring you back to the Listeners page.  From here click on 'HAT' in the same row as your new Listener.  On the new page you will find a Sender Group named RELAYLIST already created.  Click on its name and on the new page add the IP addresses of the machines you trust to send outbound mail. The sendergroup used also needs to have the action RELAY configured.
  • Submit, Commit, and test to make sure your outbound mail setup is working appropriately.

Revision History

Revision Publish Date Comments
1.0
31-Jul-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Nasir Shakour and Stephan Bayer
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products