Cómo verificar los mensajes enviados con el perfil de envío S/MIME en ESA

Introducción

Este documento describe qué se debe verificar en los registros de correo del dispositivo de seguridad Cisco Email Security Appliance (ESA) cuando se envían mensajes con un perfil de envío válido de extensiones seguras/multipropósito de correo Internet (S/MIME).  

Cómo verificar los mensajes enviados con el perfil de envío S/MIME en ESA

S/MIME es un método basado en estándares para enviar y recibir mensajes de correo electrónico seguros y verificados. S/MIME utiliza un par de claves pública/privada para cifrar o firmar mensajes.

· Si el mensaje está cifrado, solo el destinatario del mensaje puede abrir el mensaje cifrado.
· Si el mensaje está firmado, el destinatario del mensaje puede validar la identidad del remitente y puede estar seguro de que el mensaje no se ha alterado mientras estaba en tránsito.

Con un perfil de envío S/MIME válido configurado en el ESA, los mensajes se pueden enviar con uno de cuatro modos:

 · Firmar
 · Cifrar
 · Firmar/Cifrar (Firmar y luego cifrar)
 · Triple (Firmar, cifrar y firmar de nuevo)

Estos modos se configuran directamente desde la GUI seleccionando Mail Policies > (S/MIME) Sending Profiles, o smimeconfig > SENDING en la CLI. Dependiendo de las condiciones y acciones del filtro de mensajes o contenido, la acción tomada en los registros de correo debe ser similar - todos mostrándose como reescrito por S/MIME.

Firmar

Mon Nov 24 21:53:24 2014 Info: Start MID 81 ICID 34
Mon Nov 24 21:53:24 2014 Info: MID 81 ICID 34 From: <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 ICID 34 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 Message-ID '<5649F3D8-C782-4929-9E7E-A8F892D4D885@abc.com>'
Mon Nov 24 21:53:24 2014 Info: MID 81 Subject 'signing only'
Mon Nov 24 21:53:24 2014 Info: MID 81 ready 509 bytes from <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 21:53:24 2014 Info: MID 81 S/MIME: Sign successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 21:53:24 2014 Info: MID 81 rewritten to MID 82 by S/MIME
Mon Nov 24 21:53:24 2014 Info: Start MID 82 ICID 0
Mon Nov 24 21:53:24 2014 Info: MID 82 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 82 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:53:24 2014 Info: Message finished MID 81 done
Mon Nov 24 21:53:24 2014 Info: MID 82 queued for delivery
Mon Nov 24 21:53:24 2014 Info: New SMTP DCID 127 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 21:53:24 2014 Info: Delivery start DCID 127 MID 82 to RID [0]
Mon Nov 24 21:53:24 2014 Info: Message done DCID 127 MID 82 to RID [0] 
Mon Nov 24 21:53:24 2014 Info: MID 82 RID [0] Response '2.0.0 sAP2rXHk021241 Message accepted for delivery'
Mon Nov 24 21:53:24 2014 Info: Message finished MID 82 done
Mon Nov 24 21:53:29 2014 Info: DCID 127 close
Mon Nov 24 21:54:24 2014 Info: ICID 34 close

Cifrar

Mon Nov 24 22:02:58 2014 Info: Start MID 91 ICID 36
Mon Nov 24 22:02:58 2014 Info: MID 91 ICID 36 From: <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 ICID 36 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 Message-ID '<6064CFA9-95F6-4452-8F8F-1554B4B37428@abc.com>'
Mon Nov 24 22:02:58 2014 Info: MID 91 Subject 'encrypt only'
Mon Nov 24 22:02:58 2014 Info: MID 91 ready 531 bytes from <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 22:02:58 2014 Info: MID 91 S/MIME: Encrypt successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 22:02:58 2014 Info: MID 91 rewritten to MID 92 by S/MIME
Mon Nov 24 22:02:58 2014 Info: Start MID 92 ICID 0
Mon Nov 24 22:02:58 2014 Info: MID 92 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 92 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:02:58 2014 Info: Message finished MID 91 done
Mon Nov 24 22:02:58 2014 Info: MID 92 queued for delivery
Mon Nov 24 22:02:59 2014 Info: New SMTP DCID 132 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 22:02:59 2014 Info: Delivery start DCID 132 MID 92 to RID [0]
Mon Nov 24 22:02:59 2014 Info: Message done DCID 132 MID 92 to RID [0] 
Mon Nov 24 22:02:59 2014 Info: MID 92 RID [0] Response '2.0.0 sAP337xR017219 Message accepted for delivery'
Mon Nov 24 22:02:59 2014 Info: Message finished MID 92 done
Mon Nov 24 22:03:04 2014 Info: DCID 132 close

Firmar/cifrar

Mon Nov 24 21:39:26 2014 Info: Start MID 71 ICID 31
Mon Nov 24 21:39:26 2014 Info: MID 71 ICID 31 From: <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 ICID 31 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 Message-ID '<CFCE466D-7E58-4AA9-8F8A-FD5BD7A3E753@abc.com>'
Mon Nov 24 21:39:26 2014 Info: MID 71 Subject 'sign and encrypt'
Mon Nov 24 21:39:26 2014 Info: MID 71 ready 498 bytes from <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 21:39:26 2014 Info: MID 71 S/MIME: Sign/Encrypt successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 21:39:26 2014 Info: MID 71 rewritten to MID 72 by S/MIME
Mon Nov 24 21:39:26 2014 Info: Start MID 72 ICID 0
Mon Nov 24 21:39:26 2014 Info: MID 72 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 72 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:39:26 2014 Info: Message finished MID 71 done
Mon Nov 24 21:39:26 2014 Info: MID 72 queued for delivery
Mon Nov 24 21:39:26 2014 Info: New SMTP DCID 122 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 21:39:26 2014 Info: Delivery start DCID 122 MID 72 to RID [0]
Mon Nov 24 21:39:26 2014 Info: Message done DCID 122 MID 72 to RID [0] 
Mon Nov 24 21:39:26 2014 Info: MID 72 RID [0] Response '2.0.0 sAP2dZOJ009639 Message accepted for delivery'
Mon Nov 24 21:39:26 2014 Info: Message finished MID 72 done
Mon Nov 24 21:39:32 2014 Info: DCID 122 close
Mon Nov 24 21:40:26 2014 Info: ICID 31 close

Triple

Mon Nov 24 22:00:25 2014 Info: Start MID 89 ICID 35
Mon Nov 24 22:00:25 2014 Info: MID 89 ICID 35 From: <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 ICID 35 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 Message-ID '<DEE18BFD-F988-43CC-930A-78D0A194FC15@abc.com>'
Mon Nov 24 22:00:25 2014 Info: MID 89 Subject 'triple sign encrypt sign'
Mon Nov 24 22:00:25 2014 Info: MID 89 ready 514 bytes from <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 22:00:25 2014 Info: MID 89 S/MIME: Triple successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 22:00:25 2014 Info: MID 89 rewritten to MID 90 by S/MIME
Mon Nov 24 22:00:25 2014 Info: Start MID 90 ICID 0
Mon Nov 24 22:00:25 2014 Info: MID 90 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 90 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:00:25 2014 Info: Message finished MID 89 done
Mon Nov 24 22:00:25 2014 Info: MID 90 queued for delivery
Mon Nov 24 22:00:25 2014 Info: New SMTP DCID 131 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 22:00:25 2014 Info: Delivery start DCID 131 MID 90 to RID [0]
Mon Nov 24 22:00:25 2014 Info: Message done DCID 131 MID 90 to RID [0] 
Mon Nov 24 22:00:25 2014 Info: MID 90 RID [0] Response '2.0.0 sAP30YsV031103 Message accepted for delivery'
Mon Nov 24 22:00:25 2014 Info: Message finished MID 90 done
Mon Nov 24 22:00:30 2014 Info: DCID 131 close

Información Relacionada

• Cómo verificar los mensajes recibidos con S/MIME en ESA
• Soporte Técnico y Documentación - Cisco Systems
• Cisco Email Security Appliance: guías del usuario