Inleiding
Dit document beschrijft wat in de e-mail moet worden geverifieerd wanneer de berichten worden verzonden met een geldig Secure/Multipurpose Internet Mail Extensions (S/MIME)-verzendprofiel.
Hoe te verifiëren berichten verzonden met S/MIME Verzend Profiel op ESA
S/MIME is een op standaarden gebaseerde methode voor het verzenden en ontvangen van beveiligde, geverifieerde e-mailberichten. S/MIME gebruikt publiek/privaat sleutelpaar om berichten te versleutelen of te ondertekenen.
· Als het bericht versleuteld is, kan alleen de ontvanger van het bericht het versleutelde bericht openen.
· Als het bericht wordt ondertekend, kan de berichtontvanger de identiteit van de afzender bevestigen en kan worden verzekerd dat het bericht niet is gewijzigd tijdens het transport.
Met een geldig S/MIME-verzendprofiel dat op de ESA is geconfigureerd, kunnen berichten worden verzonden met een van de vier modi:
· Teken
· Versleutelen
· Ondertekenen/versleutelen (ondertekenen en vervolgens versleutelen)
· Drievoudig (ondertekenen, versleutelen en vervolgens opnieuw ondertekenen)
Deze modi worden direct vanuit de GUI geconfigureerd door Mail Policies > (S/MIME) Sending Profiles te selecteren, of smimeconfig > SENDING op de CLI. Afhankelijk van het bericht of het filter en de acties, moet de actie die in de maillogbestanden wordt ondernomen vergelijkbaar zijn - en alle tonen worden herschreven door S/MIME.
Teken
Mon Nov 24 21:53:24 2014 Info: Start MID 81 ICID 34
Mon Nov 24 21:53:24 2014 Info: MID 81 ICID 34 From: <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 ICID 34 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 Message-ID '<5649F3D8-C782-4929-9E7E-A8F892D4D885@abc.com>'
Mon Nov 24 21:53:24 2014 Info: MID 81 Subject 'signing only'
Mon Nov 24 21:53:24 2014 Info: MID 81 ready 509 bytes from <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 81 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 21:53:24 2014 Info: MID 81 S/MIME: Sign successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 21:53:24 2014 Info: MID 81 rewritten to MID 82 by S/MIME
Mon Nov 24 21:53:24 2014 Info: Start MID 82 ICID 0
Mon Nov 24 21:53:24 2014 Info: MID 82 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 21:53:24 2014 Info: MID 82 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:53:24 2014 Info: Message finished MID 81 done
Mon Nov 24 21:53:24 2014 Info: MID 82 queued for delivery
Mon Nov 24 21:53:24 2014 Info: New SMTP DCID 127 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 21:53:24 2014 Info: Delivery start DCID 127 MID 82 to RID [0]
Mon Nov 24 21:53:24 2014 Info: Message done DCID 127 MID 82 to RID [0]
Mon Nov 24 21:53:24 2014 Info: MID 82 RID [0] Response '2.0.0 sAP2rXHk021241 Message accepted for delivery'
Mon Nov 24 21:53:24 2014 Info: Message finished MID 82 done
Mon Nov 24 21:53:29 2014 Info: DCID 127 close
Mon Nov 24 21:54:24 2014 Info: ICID 34 close
Versleutelen
Mon Nov 24 22:02:58 2014 Info: Start MID 91 ICID 36
Mon Nov 24 22:02:58 2014 Info: MID 91 ICID 36 From: <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 ICID 36 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 Message-ID '<6064CFA9-95F6-4452-8F8F-1554B4B37428@abc.com>'
Mon Nov 24 22:02:58 2014 Info: MID 91 Subject 'encrypt only'
Mon Nov 24 22:02:58 2014 Info: MID 91 ready 531 bytes from <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 91 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 22:02:58 2014 Info: MID 91 S/MIME: Encrypt successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 22:02:58 2014 Info: MID 91 rewritten to MID 92 by S/MIME
Mon Nov 24 22:02:58 2014 Info: Start MID 92 ICID 0
Mon Nov 24 22:02:58 2014 Info: MID 92 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 22:02:58 2014 Info: MID 92 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:02:58 2014 Info: Message finished MID 91 done
Mon Nov 24 22:02:58 2014 Info: MID 92 queued for delivery
Mon Nov 24 22:02:59 2014 Info: New SMTP DCID 132 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 22:02:59 2014 Info: Delivery start DCID 132 MID 92 to RID [0]
Mon Nov 24 22:02:59 2014 Info: Message done DCID 132 MID 92 to RID [0]
Mon Nov 24 22:02:59 2014 Info: MID 92 RID [0] Response '2.0.0 sAP337xR017219 Message accepted for delivery'
Mon Nov 24 22:02:59 2014 Info: Message finished MID 92 done
Mon Nov 24 22:03:04 2014 Info: DCID 132 close
Aanmelden/versleutelen
Mon Nov 24 21:39:26 2014 Info: Start MID 71 ICID 31
Mon Nov 24 21:39:26 2014 Info: MID 71 ICID 31 From: <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 ICID 31 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 Message-ID '<CFCE466D-7E58-4AA9-8F8A-FD5BD7A3E753@abc.com>'
Mon Nov 24 21:39:26 2014 Info: MID 71 Subject 'sign and encrypt'
Mon Nov 24 21:39:26 2014 Info: MID 71 ready 498 bytes from <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 71 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 21:39:26 2014 Info: MID 71 S/MIME: Sign/Encrypt successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 21:39:26 2014 Info: MID 71 rewritten to MID 72 by S/MIME
Mon Nov 24 21:39:26 2014 Info: Start MID 72 ICID 0
Mon Nov 24 21:39:26 2014 Info: MID 72 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 21:39:26 2014 Info: MID 72 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 21:39:26 2014 Info: Message finished MID 71 done
Mon Nov 24 21:39:26 2014 Info: MID 72 queued for delivery
Mon Nov 24 21:39:26 2014 Info: New SMTP DCID 122 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 21:39:26 2014 Info: Delivery start DCID 122 MID 72 to RID [0]
Mon Nov 24 21:39:26 2014 Info: Message done DCID 122 MID 72 to RID [0]
Mon Nov 24 21:39:26 2014 Info: MID 72 RID [0] Response '2.0.0 sAP2dZOJ009639 Message accepted for delivery'
Mon Nov 24 21:39:26 2014 Info: Message finished MID 72 done
Mon Nov 24 21:39:32 2014 Info: DCID 122 close
Mon Nov 24 21:40:26 2014 Info: ICID 31 close
Drievoudig
Mon Nov 24 22:00:25 2014 Info: Start MID 89 ICID 35
Mon Nov 24 22:00:25 2014 Info: MID 89 ICID 35 From: <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 ICID 35 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 Message-ID '<DEE18BFD-F988-43CC-930A-78D0A194FC15@abc.com>'
Mon Nov 24 22:00:25 2014 Info: MID 89 Subject 'triple sign encrypt sign'
Mon Nov 24 22:00:25 2014 Info: MID 89 ready 514 bytes from <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 89 matched all recipients for per-recipient policy cisco users in the outbound table
Mon Nov 24 22:00:25 2014 Info: MID 89 S/MIME: Triple successful by filter s_mime_outgoing in the outbound table
Mon Nov 24 22:00:25 2014 Info: MID 89 rewritten to MID 90 by S/MIME
Mon Nov 24 22:00:25 2014 Info: Start MID 90 ICID 0
Mon Nov 24 22:00:25 2014 Info: MID 90 ICID 0 From: <userencrypted@abc.com>
Mon Nov 24 22:00:25 2014 Info: MID 90 ICID 0 RID 0 To: <recipient@xyz.com>
Mon Nov 24 22:00:25 2014 Info: Message finished MID 89 done
Mon Nov 24 22:00:25 2014 Info: MID 90 queued for delivery
Mon Nov 24 22:00:25 2014 Info: New SMTP DCID 131 interface 172.172.254.60 address 192.173.93.161 port 25
Mon Nov 24 22:00:25 2014 Info: Delivery start DCID 131 MID 90 to RID [0]
Mon Nov 24 22:00:25 2014 Info: Message done DCID 131 MID 90 to RID [0]
Mon Nov 24 22:00:25 2014 Info: MID 90 RID [0] Response '2.0.0 sAP30YsV031103 Message accepted for delivery'
Mon Nov 24 22:00:25 2014 Info: Message finished MID 90 done
Mon Nov 24 22:00:30 2014 Info: DCID 131 close
Gerelateerde informatie