Introduzione
In questo documento viene descritto cosa verificare nei log di posta di Cisco Email Security Appliance (ESA) quando i messaggi vengono inviati con un profilo di invio S/MIME (Secure/Multipurpose Internet Mail Extensions) valido.
Come verificare i messaggi inviati con S/MIME Sending Profile su ESA
S/MIME è un metodo basato su standard per l'invio e la ricezione di messaggi e-mail sicuri e verificati. S/MIME utilizza una coppia di chiavi pubblica/privata per crittografare o firmare i messaggi.
· Se il messaggio è crittografato, solo il destinatario può aprirlo.
· Se il messaggio è firmato, il destinatario può convalidare l'identità del mittente e assicurarsi che il messaggio non sia stato alterato durante la trasmissione.
Se sull'ESA è stato configurato un profilo di invio S/MIME valido, i messaggi possono essere inviati in una delle quattro modalità descritte di seguito.
· Firma
· Crittografia
· Firma/Crittografa (firma e quindi crittografa)
· Triplo (firma, crittografa e quindi firma di nuovo)
Queste modalità vengono configurate direttamente dalla GUI selezionando Mail Policies > (S/MIME) Sending Profiles o smimeconfig > SENDING sulla CLI. A seconda delle condizioni e delle azioni del filtro messaggi o contenuti, l'azione intrapresa nei log di posta deve essere simile - il tutto mostrato come riscritto da S/MIME.
Firma
Mon Nov 24 21:53:24 2014 Info: Start MID 81 ICID 34
Mon Nov 24 21:53:24 2014 Info: MID 81 ICID 34 From: <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 ICID 34 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 Message-ID '<5649F3D8-C782-4929-9E7E-A8F892D4D885@abc.com>'
Mon Nov 24 21:53:24 2014 Info: MID 81 Subject 'signing only'
Mon Nov 24 21:53:24 2014 Info: MID 81 ready 509 bytes from <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 21:53:24 2014 Info: MID 81 S/MIME: Sign successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 21:53:24 2014 Info: MID 81 rewritten to MID 82 by S/MIME
Mon Nov 24 21:53:24 2014 Info: Start MID 82 ICID 0
Mon Nov 24 21:53:24 2014 Info: MID 82 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 82 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:53:24 2014 Info: Message finished MID 81 done
Mon Nov 24 21:53:24 2014 Info: MID 82 queued for delivery
Mon Nov 24 21:53:24 2014 Info: New SMTP DCID 127 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 21:53:24 2014 Info: Delivery start DCID 127 MID 82 to RID [0]
Mon Nov 24 21:53:24 2014 Info: Message done DCID 127 MID 82 to RID [0]
Mon Nov 24 21:53:24 2014 Info: MID 82 RID [0] Response '2.0.0 sAP2rXHk021241 Message accepted for delivery'
Mon Nov 24 21:53:24 2014 Info: Message finished MID 82 done
Mon Nov 24 21:53:29 2014 Info: DCID 127 close
Mon Nov 24 21:54:24 2014 Info: ICID 34 close
Crittografare
Mon Nov 24 22:02:58 2014 Info: Start MID 91 ICID 36
Mon Nov 24 22:02:58 2014 Info: MID 91 ICID 36 From: <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 ICID 36 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 Message-ID '<6064CFA9-95F6-4452-8F8F-1554B4B37428@abc.com>'
Mon Nov 24 22:02:58 2014 Info: MID 91 Subject 'encrypt only'
Mon Nov 24 22:02:58 2014 Info: MID 91 ready 531 bytes from <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 22:02:58 2014 Info: MID 91 S/MIME: Encrypt successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 22:02:58 2014 Info: MID 91 rewritten to MID 92 by S/MIME
Mon Nov 24 22:02:58 2014 Info: Start MID 92 ICID 0
Mon Nov 24 22:02:58 2014 Info: MID 92 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 92 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:02:58 2014 Info: Message finished MID 91 done
Mon Nov 24 22:02:58 2014 Info: MID 92 queued for delivery
Mon Nov 24 22:02:59 2014 Info: New SMTP DCID 132 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 22:02:59 2014 Info: Delivery start DCID 132 MID 92 to RID [0]
Mon Nov 24 22:02:59 2014 Info: Message done DCID 132 MID 92 to RID [0]
Mon Nov 24 22:02:59 2014 Info: MID 92 RID [0] Response '2.0.0 sAP337xR017219 Message accepted for delivery'
Mon Nov 24 22:02:59 2014 Info: Message finished MID 92 done
Mon Nov 24 22:03:04 2014 Info: DCID 132 close
Firma/Crittografa
Mon Nov 24 21:39:26 2014 Info: Start MID 71 ICID 31
Mon Nov 24 21:39:26 2014 Info: MID 71 ICID 31 From: <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 ICID 31 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 Message-ID '<CFCE466D-7E58-4AA9-8F8A-FD5BD7A3E753@abc.com>'
Mon Nov 24 21:39:26 2014 Info: MID 71 Subject 'sign and encrypt'
Mon Nov 24 21:39:26 2014 Info: MID 71 ready 498 bytes from <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 21:39:26 2014 Info: MID 71 S/MIME: Sign/Encrypt successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 21:39:26 2014 Info: MID 71 rewritten to MID 72 by S/MIME
Mon Nov 24 21:39:26 2014 Info: Start MID 72 ICID 0
Mon Nov 24 21:39:26 2014 Info: MID 72 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 72 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:39:26 2014 Info: Message finished MID 71 done
Mon Nov 24 21:39:26 2014 Info: MID 72 queued for delivery
Mon Nov 24 21:39:26 2014 Info: New SMTP DCID 122 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 21:39:26 2014 Info: Delivery start DCID 122 MID 72 to RID [0]
Mon Nov 24 21:39:26 2014 Info: Message done DCID 122 MID 72 to RID [0]
Mon Nov 24 21:39:26 2014 Info: MID 72 RID [0] Response '2.0.0 sAP2dZOJ009639 Message accepted for delivery'
Mon Nov 24 21:39:26 2014 Info: Message finished MID 72 done
Mon Nov 24 21:39:32 2014 Info: DCID 122 close
Mon Nov 24 21:40:26 2014 Info: ICID 31 close
Triplo
Mon Nov 24 22:00:25 2014 Info: Start MID 89 ICID 35
Mon Nov 24 22:00:25 2014 Info: MID 89 ICID 35 From: <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 ICID 35 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 Message-ID '<DEE18BFD-F988-43CC-930A-78D0A194FC15@abc.com>'
Mon Nov 24 22:00:25 2014 Info: MID 89 Subject 'triple sign encrypt sign'
Mon Nov 24 22:00:25 2014 Info: MID 89 ready 514 bytes from <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 22:00:25 2014 Info: MID 89 S/MIME: Triple successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 22:00:25 2014 Info: MID 89 rewritten to MID 90 by S/MIME
Mon Nov 24 22:00:25 2014 Info: Start MID 90 ICID 0
Mon Nov 24 22:00:25 2014 Info: MID 90 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 90 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:00:25 2014 Info: Message finished MID 89 done
Mon Nov 24 22:00:25 2014 Info: MID 90 queued for delivery
Mon Nov 24 22:00:25 2014 Info: New SMTP DCID 131 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 22:00:25 2014 Info: Delivery start DCID 131 MID 90 to RID [0]
Mon Nov 24 22:00:25 2014 Info: Message done DCID 131 MID 90 to RID [0]
Mon Nov 24 22:00:25 2014 Info: MID 90 RID [0] Response '2.0.0 sAP30YsV031103 Message accepted for delivery'
Mon Nov 24 22:00:25 2014 Info: Message finished MID 90 done
Mon Nov 24 22:00:30 2014 Info: DCID 131 close
Informazioni correlate