ESA 9-7 CLI Reference Guide
ESA 9-7 CLI Reference Guide
7 for
Cisco Email Security Appliances
October 13, 2015
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR
LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright  1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION,
THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE,
OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 2015 Cisco Systems, Inc. All rights reserved.
                                                                        CONTENTS
Preface 1
Typographic Conventions 2
                 Additional Resources 2
                     Documentation 2
                     Knowledge Base 2
                     Cisco Support Community 3
                     Customer Support 3
                     Registering for a Cisco Account 3
                     Cisco Welcomes Your Comments 3
                                                 CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                           1
Contents
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
2
                                                                                                    Contents
    dnshostprefs 3-58
    dnslistconfig 3-59
    dnslisttest 3-60
    dnsstatus 3-60
General Management/Administration/Troubleshooting         3-61
   addressconfig 3-62
   adminaccessconfig 3-64
   certconfig 3-69
   date 3-74
   diagnostic 3-74
   diskquotaconfig 3-78
   ecconfig 3-80
   ecstatus 3-81
   ecupdate 3-81
   encryptionconfig 3-81
   encryptionstatus 3-85
   encryptionupdate 3-85
   featurekey 3-86
   featurekeyconfig 3-87
   generalconfig 3-87
   healthcheck 3-88
   healthconfig 3-89
   ntpconfig 3-90
   reboot 3-91
   repengstatus 3-92
   resume 3-92
   resumedel 3-93
   resumelistener 3-93
   revert 3-94
   settime 3-95
   settz 3-95
   shutdown 3-96
   sshconfig 3-97
   status 3-99
   supportrequest 3-100
   supportrequeststatus 3-102
   supportrequestupdate 3-103
   suspend 3-103
   suspenddel 3-104
   suspendlistener 3-104
                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                          3
Contents
                                tcpservices 3-105
                                techsupport 3-106
                                tlsverify 3-107
                                trace 3-108
                                trackingconfig 3-110
                                tzupdate 3-110
                                updateconfig 3-111
                                updatenow 3-116
                                version 3-116
                                wipedata 3-117
                                upgrade 3-118
                           Content Scanning 3-118
                               contentscannerstatus 3-119
                               contentscannerudpate 3-119
                           LDAP 3-119
                              ldapconfig 3-120
                              ldapflush 3-124
                              ldaptest 3-125
                              sievechar 3-126
                           Mail Delivery Configuration/Monitoring            3-127
                               addresslistconfig 3-127
                               aliasconfig 3-129
                               archivemessage 3-131
                               altsrchost 3-132
                               bounceconfig 3-134
                               bouncerecipients 3-137
                               bvconfig 3-139
                               deleterecipients 3-140
                               deliveryconfig 3-141
                               delivernow 3-142
                               destconfig 3-143
                               hostrate 3-150
                               hoststatus 3-151
                               imageanalysisconfig 3-152
                               oldmessage 3-154
                               rate 3-154
                               redirectrecipients 3-155
                               resetcounters 3-156
                               removemessage 3-156
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
4
                                                                                                        Contents
    showmessage 3-157
    showrecipients 3-157
    status 3-159
    tophosts 3-160
    topin 3-161
    unsubscribe 3-161
    workqueue 3-163
Networking Configuration / Network Tools        3-163
   etherconfig 3-164
   interfaceconfig 3-166
   nslookup 3-168
   netstat 3-169
   packetcapture 3-170
   ping 3-172
   ping6 3-173
   routeconfig 3-173
   setgateway 3-176
   sethostname 3-177
   smtproutes 3-177
   sslconfig 3-179
   sslv3config 3-181
   telnet 3-182
   traceroute 3-183
   traceroute6 3-183
Outbreak Filters 3-185
    outbreakconfig 3-185
    outbreakflush 3-186
    outbreakstatus 3-187
    outbreakupdate 3-187
Policy Enforcement 3-188
     dictionaryconfig 3-188
     exceptionconfig 3-192
     filters 3-193
     policyconfig 3-195
     quarantineconfig 3-218
     scanconfig 3-219
     stripheaders 3-221
     textconfig 3-222
Logging and Alerts   3-225
                              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                              5
Contents
                                alertconfig 3-226
                                displayalerts 3-227
                                findevent 3-228
                                grep 3-230
                                logconfig 3-231
                                rollovernow 3-239
                                snmpconfig 3-239
                                tail 3-241
                           Reporting 3-242
                               reportingconfig        3-243
                           Senderbase 3-246
                               sbstatus 3-246
                               senderbaseconfig          3-247
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
6
             Preface
             The instructions in this book are designed for an experienced system administrator with knowledge of
             networking and email administration.
                                             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                       1
Typographic Conventions
Typeface or
Symbol                   Meaning                                             Examples
                         The names of commands, files, and                   Please choose an IP interface for this Listener.
                         directories; on-screen computer
AaBbCc123                output.                                             The sethostname command sets the name of the appliance.
AaBbCc123                Book titles, new words or terms, words              Read the QuickStart Guide.
                         to be emphasized. Command line
                         variable; replace with a real name or
                         value.                                              The appliance must be able to uniquely select an interface to
                                                                             send an outgoing packet.
Additional Resources
Documentation
                         Documentation for your Email Security appliance is available from:
                         http://www.cisco.com/en/US/products/ps10154/tsd_products_support_series_home.html
Knowledge Base
                         To access the Knowledge Base for information about Cisco Content Security products, visit:
                         http://www.cisco.com/web/ironport/knowledgebase.html
              Note       You need a Cisco.com User ID to access the site. If you do not have a Cisco.com User ID, see Registering
                         for a Cisco Account, page 3.
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  2
Cisco Support Community
             Cisco Support Community is an online forum for Cisco customers, partners, and employees. It provides
             a place to discuss general content security issues, as well as technical information about specific Cisco
             products. You can post topics to the forum to ask questions and share information with other users.
             Access the Cisco Support Community for Email Security appliances at:
                 https://supportforums.cisco.com/community/netpro/security/email
Customer Support
             Use the following methods to obtain support:
             U.S.: Call 1 (408) 526-7209 or Toll-free 1 (800) 553-2447
             International: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
             Support Site: http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
             If you purchased support through a reseller or another supplier, please contact that supplier directly with
             your product support issues.
                                               CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                         3
    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
4
                                                        CH A P T E R                    1
CLI Quick Reference Guide
Use the tables to locate the appropriate CLI command, a brief description and its availability on the C-,
X, and M-series platforms.
    CLI Commands (No Commit Required), page 1-2
    CLI Commands (Commit Required), page 1-5
                                 CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                           1-1
                                                                                                     Chapter 1   CLI Quick Reference Guide
      CLI Commands (No Commit Required)
               CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  1-2
 Chapter 1   CLI Quick Reference Guide
                                                                                                         CLI Commands (No Commit Required)
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       1-3
                                                                                                    Chapter 1   CLI Quick Reference Guide
      CLI Commands (No Commit Required)
showrecipients                   Show messages from the queue by recipient host, Envelope From          C- and X- Series
                                 address, or all messages
shutdown                         Shut down the system to power off                                      C-, X-, and M-Series
slblconfig                       Configure Safelist/Blocklist settings                                  C- and X-Series
status                           System status                                                          C-, X-, and M-Series
supportrequest                   Send a message to Cisco TAC                                            C-, X-, and M-Series
supportrequeststatus             Display Support Request Keywords version information                   C-, X-, and M-Series
supportrequestupdate             Request manual update for Support Request Keywords                     C-, X-, and M-Series
suspend                          Suspend receiving and deliveries                                       C-, X-, and M-Series
suspenddel                       Suspend deliveries                                                     C-, X-, and M-Series
suspendlistener                  Suspend receiving                                                      C-, X-, and M-Series
systemsetup                      First time system setup                                                C- and X- Series
tail                             Continuously display the end of a log file                             C-, X-, and M-Series
techsupport                      Allow Cisco TAC to access your system                                  C-, X-, and M-Series
telnet                           Connect to a remote host                                               C-, X-, and M-Series
tlsverify                        Establish an outbound TLS connection to a remote host and debug C- and X- Series
                                 any TLS connection issues
tophosts                         Display the top hosts by queue size                                    C-, X-, and M-Series
topin                            Display the top hosts by number of incoming connections                C-, X-, and M-Series
trace                            Trace the flow of a message through the system                         C-, X-, and M-Series
traceroute                       Display the network route to a remote host                             C-, X-, and M-Series
traceroute6                      Display the network route to a remote host using IPV6.                 C-, X-, and M- Series
tzupdate                         Update timezone rules                                                  C-, X-, and M-Series
updatenow                        Update all components                                                  C-, X-, and M-Series
upgrade                          Install an upgrade                                                     C-, X-, and M-Series
version                          View system version information                                        C-, X-, and M-Series
wipedata                         Wipe the core files on the disk and check the status of the last       C-, X-, and M-Series
                                 coredump operation
webcacheflush                    Flush the cache used by the URL filtering feature                      C-, X-, and M- Series
websecuritydiagnostics           View diagnostic statistics for URL filtering                           C-, X-, and M- Series
who                              List who is logged in                                                  C-, X-, and M-Series
whoami                           Display your current user id                                           C-, X-, and M-Series
workqueue                        Display and/or alter work queue pause status                           C- and X- Series
               CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  1-4
 Chapter 1   CLI Quick Reference Guide
                                                                                                                CLI Commands (Commit Required)
                                                              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                           1-5
                                                                                                   Chapter 1   CLI Quick Reference Guide
   CLI Commands (Commit Required)
healthconfig                        Configure the threshold of various health parameters of your          C-, X-, and M- Series
                                    appliance
imageanalysisconfig                 Configure the IronPort Image Analysis settings                       C-, X-, and M- Series
incomingrelayconfig                 Configure Incoming Relays                                             C- and X- Series
interfaceconfig                     Configure Ethernet IP addresses                                       C-, X-, and M- Series
ldapconfig                          Configure LDAP servers                                                C- and X- Series
listenerconfig                      Configure mail listeners                                              C- and X- Series
loadconfig                          Load a configuration file                                             C-, X-, and M- Series
localeconfig                        Configure multi-lingual settings                                      C- and X- Series
logconfig                           Configure access to log files                                         C-, X-, and M- Series
ntpconfig                           Configure NTP time server                                             C-, X-, and M- Series
outbreakconfig                      Configure Outbreak Filters                                            C- and X- Series
policyconfig                        Configure per recipient or sender based policies                      C- and X- Series
quarantineconfig                    Configure system quarantines                                          C- and X- Series
reportingconfig                     Configure reporting settings                                          C-, X-, and M- Series
rollbackconfig                      Rollback to one of the previously committed configurations           C-, X-, and M- Series
routeconfig                         Configure IP routing table                                            C-, X-, and M- Series
scanconfig                          Configure attachment scanning policy                                  C- and X- Series
senderbaseconfig                    Configure SenderBase connection settings                              C- and X- Series
setgateway                          Set the default gateway (router)                                      C-, X-, and M- Series
sethostname                         Set the name of the machine                                           C-, X-, and M- Series
settz                               Set the local time zone                                               C-, X-, and M- Series
sievechar                           Configure characters for Sieve Email Filtering, as described in       C- and X- Series
                                    RFC 3598
smimeconfig                         Configure S/MIME functionality                                        C-, X-, and M- Series
smtpauthconfig                      Configure SMTP Auto profiles                                          C- and X- Series
smtproutes                          Set up permanent domain redirections                                  C-, X-, and M- Series
snmpconfig                          Configure SNMP                                                        C-, X-, and M- Series
sshconfig                           Configure SSH keys                                                    C-, X-, and M- Series
sslconfig                           Configure SSL settings                                               C-, X-, and M- Series
sslv3config                         Enable/Disable SSLv3                                                  C-, X-, and M- Series
stripheaders                        Set message headers to remove                                         C- and X- Series
tcpservices                         Display information about files opened by processes                   C-, X-, and M- Series
textconfig                          Configure text resources                                              C- and X- Series
trackingconfig                      Configure the tracking system                                        C-, X-, and M- Series
unsubscribe                         Update the global unsubscribe list                                    C-, X-, and M- Series
updateconfig                        Configure system update parameters                                    C- and X- Series
LDAP                                Configure system upgrade parameters (deprecated command)
urllistconfig                       Configure whitelists of safe URLs.                                    C-, X-, and M- Series
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  1-6
 Chapter 1   CLI Quick Reference Guide
                                                                                                             CLI Commands (Commit Required)
userconfig                          Manage user accounts and connections to external authentication C-, X-, and M- Series
                                    sources.
websecurityadvancedconfig           Configure advanced settings for URL filtering                               C-, X-, and M- Series
websecurityconfig                   Configure global settings for URL filtering                                 C-, X-, and M- Series
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        1-7
                                                                                    Chapter 1   CLI Quick Reference Guide
 CLI Commands (Commit Required)
          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
1-8
                                                                       CH A P T E R                    2
               Command Line Interface: The Basics
login: admin
password: ironport
                                                CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                          2-1
                                                                                      Chapter 2   Command Line Interface: The Basics
  Accessing the Command Line Interface (CLI)
Command Prompt
                       The top-level command prompt consists of the fully qualified hostname, followed by the greater than (>)
                       symbol, followed by a space. For example:
mail3.example.com>
                       If the appliance has been configured as part of a cluster with the Centralized Management feature, the
                       prompt in the CLI changes to indicate the current mode. For example:
or
                       When there is a default setting, the setting is displayed within the command prompt brackets. For
                       example:
                       Ethernet interface:
                       1. Data 1
                       2. Data 2
                       3. Management
                       [1]> 1
When a default setting is shown, typing Return is equivalent to typing the default:
                       Ethernet interface:
                       1. Data 1
                       2. Data 2
                       3. Management
                       [1]> (type Return)
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 2-2
 Chapter 2   Command Line Interface: The Basics
                                                                                                Accessing the Command Line Interface (CLI)
Command Syntax
                         When operating in the interactive mode, the CLI command syntax consists of single commands with no
                         white spaces and no arguments or parameters. For example:
mail3.example.com> systemsetup
Select Lists
                         When you are presented with multiple choices for input, some commands use numbered lists. Enter the
                         number of the selection at the prompt.
                         For example:
                         Log level:
                         1. Error
                         2. Warning
                         3. Information
                         4. Debug
                         5. Trace
                         [3]> 3
Yes/No Queries
                         When given a yes or no option, the question is posed with a default in brackets. You may answer Y, N,
                         Yes, or No. Case is not significant.
For example:
Subcommands
                         Some commands give you the opportunity to use subcommands. Subcommands include directives such
                         as NEW, EDIT, and DELETE. For the EDIT and DELETE functions, these commands provide a list of the
                         records previously configured in the system.
                         For example:
mail3.example.com> interfaceconfig
Within subcommands, typing Enter or Return at an empty prompt returns you to the main command.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       2-3
                                                                                        Chapter 2   Command Line Interface: The Basics
   Accessing the Command Line Interface (CLI)
Escape
                        You can use the Control-C keyboard shortcut at any time within a subcommand to immediately exit
                        return to the top level of the CLI.
History
                        The CLI keeps a history of all commands you type during a session. Use the Up and Down arrow keys
                        on your keyboard, or the Control-P and Control-N key combinations, to scroll through a running list of
                        the recently-used commands.
Command Completion
                        The command-line interface supports command completion. You can type the first few letters of some
                        commands followed by the Tab key, and the CLI completes the string for unique commands. If the letters
                        you entered are not unique among commands, the CLI narrows the set. For example:
                        For both the history and file completion features of the CLI, you must type Enter or Return to invoke the
                        command.
Configuration Changes
                        You can make configuration changes while email operations proceed normally.
                        Configuration changes will not take effect until you complete the following steps:
                        Changes to configuration that have not been committed will be recorded but not put into effect until the
                        commit command is run.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  2-4
 Chapter 2   Command Line Interface: The Basics
                                                                                                Accessing the Command Line Interface (CLI)
               Note      Not all commands require the commit command to be run. See Chapter 1, CLI Quick Reference Guide
                         for a summary of commands that require commit to be run before their changes take effect.
                         Exiting the CLI session, system shutdown, reboot, failure, or issuing the clear command clears changes
                         that have not yet been committed.
mail3.example.com> commit
               Note      To successfully commit changes, you must be at the top-level command prompt. Type Return at an empty
                         prompt to move up one level in the command line hierarchy.
mail3.example.com> clear
Are you sure you want to clear all changes since the last commit? [Y]> y
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       2-5
                                                                                     Chapter 2   Command Line Interface: The Basics
   Batch Commands
mail3.example.com> quit
mail3.example.com> help
Batch Commands
                      AsyncOS includes support for batch command formats that allow you to execute certain CLI commands
                      using a new, single-line CLI format. This format reduces the number of inputs required to complete tasks
                      and provides a mechanism allowing you to easily automate common configuration tasks. Batch
                      commands also allow you to issue commands remotely using an SSH client. This enables you to easily
                      script CLI commands and execute them on multiple appliances at one time.
                      Not all commands have a batch equivalent, but all batch commands can be executed as non-batch
                      commands.
                      Batch command syntax is dependent on the specific command being used. Please see the appropriate CLI
                      example in Chapter 3, The Commands: Reference Examples for more information about syntax
                      specific to that command.
example.com> listenerconfig
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  2-6
Chapter 2   Command Line Interface: The Basics
                                                                                                                       Batch Commands
[]> edit
[]> IncomingMail
[]> HOSTACCESS
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  2-7
                                                                                   Chapter 2   Command Line Interface: The Basics
 Batch Commands
[]> NEW
2. New Policy
[1]> 1
[]> REDLIST
Enter the hosts to add. CIDR addresses such as 10.1.1.0/24 are allowed.
[]> possible_spammer.com
1. Accept
2. Relay
3. Reject
         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
2-8
Chapter 2   Command Line Interface: The Basics
                                                                                                                       Batch Commands
4. TCP Refuse
5. Continue
6. Policy: ACCEPTED
7. Policy: BLOCKED
8. Policy: THROTTLED
9. Policy: TRUSTED
[1]> 8
[]>
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  2-9
                                                                                    Chapter 2   Command Line Interface: The Basics
  Batch Commands
          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
2-10
                                                        CH A P T E R                    3
The Commands: Reference Examples
                                 CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                           3-1
                                                                                      Chapter 3   The Commands: Reference Examples
   Advanced Malware Protection
            Step 1     Does the command require a commit command to be implemented on the appliance?
            Step 2     Is the command restricted to a particular mode (cluster, group, or machine).?
            Step 3     Does the command permit a batch format?
                       For more information about Centralized Management, see User Guide for AsyncOS for Cisco Email
                       Security Appliances.
                       For more information about batch formats, please see Command Line Interface: The Basics on page 1.
ampconfig
                       Configure file reputation filtering and file analysis. Do not modify advanced options without guidance
                       from Cisco TAC.
Usage
                       Commit: This command requires a commit.
                       Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                       Batch Command: This command supports a batch format. For details, see the inline help by typing the
                       command: help ampconfig.
Examples
                           Enabling File Reputation and File Analysis, page 3-2
                           Configure Email Security appliance to Use Public Cloud File Analysis Server, page 3-3
                           (Public Cloud File Analysis Services Only) Configuring Appliance Groups, page 3-4
                           Configure Email Security appliance to Use an On-Premises File Analysis Server, page 3-5
                           Clearing Local File Reputation Cache, page 3-6
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  3-2
 Chapter 3   The Commands: Reference Examples
                                                                                                           Advanced Malware Protection
1. Microsoft Executables
Do you want to modify the file types selected for File Analysis? [N]>
1. Microsoft Executables
Configure Email Security appliance to Use Public Cloud File Analysis Server
                        mail.example.com> ampconfig
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-3
                                                                                        Chapter 3   The Commands: Reference Examples
   Advanced Malware Protection
[]> advanced
Do you want use the recommended reputation threshold from cloud service? [Y]>
                       Does your organization have multiple Cisco Email, Web, and/or Content Security Management
                       appliances? [N]> Y
                       Do you want this appliance to display detailed analysis reports for files uploaded to the
                       cloud from other appliances in your organization, and vice-versa? [Y]>
                       Enter an Analysis Group name. This name is case-sensitive and must be configured
                       identically on each appliance in the Analysis Group.
                       []> FA_Reporting
                       Registration is successful with the group name. This does not require commit
                       File Reputation: Enabled
                       File Analysis: Enabled
                       File types selected for File Analysis:
                           Microsoft Windows / DOS Executable
                       Appliance Group ID/Name: FA_Reporting
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  3-4
 Chapter 3   The Commands: Reference Examples
                                                                                                            Advanced Malware Protection
               Note     After you configure an appliance group, you cannot use the setgroup subcommand. If you want to need
                        to modify the group for any reason, you must open a case with Cisco TAC.
                        You can view the details of the appliance group using the viewgroup subcommand.
Do you want use the recommended reputation threshold from cloud service? [Y]>
                        Certificate Authority:
                        1. Use Cisco Trusted Root Certificate List
                        2. Paste certificate to CLI
                        [1]>
Do you want to enable SSL communication (port 443) for file reputation? [N]>
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-5
                                                                                         Chapter 3   The Commands: Reference Examples
   Anti-Spam
Anti-Spam
                          This section contains the following commands:
                              antispamconfig
                              antispamstatus
                              antispamupdate
                              incomingrelayconfig
antispamconfig
Description
                          Configure anti-spam policy.
Usage
                          Commit: This command requires a commit.
                          Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
               CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  3-6
 Chapter 3   The Commands: Reference Examples
                                                                                                                                 Anti-Spam
Example
                        The following examples demonstrates the configuration for Anti-Spam functionality.
                        mail3.example.com> antispamconfig
                        The IronPort Anti-Spam License Agreement is displayed (if you have not already accepted
                        it).
                        Increasing the following size settings may result in decreased performance. Please consult
                        documentation for size recommendations based on your environment.
                        Never scan message larger than: (Add a trailing K for kilobytes, M for megabytes, or no
                        letters for bytes.)
                        [1M]>
                        Always scan message smaller than: (Add a trailing K for kilobytes, M for megabytes, or no
                        letters for bytes.)
                        [512K]>
                        IronPort Anti-Spam scanning is now enabled on the system. Please note: you must issue the
                        'policyconfig' command (CLI) or Mail Policies (GUI) to configure
                        Cisco IronPort scanning behavior for default and custom Incoming and Outgoing Mail
                        Policies. This is recommended for your DEFAULT policy.
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-7
                                                                                            Chapter 3   The Commands: Reference Examples
   Anti-Spam
antispamstatus
Description
                          Display anti-spam status.
Usage
                          Commit: This command does not require a commit.
                          Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                          Batch Command: This command does not support a batch format.
Example
                          mail3.example.com> antispamstatus
antispamupdate
Description
                          Manually request an immediate update of Anti-Spam rules and related CASE components. This also
                          includes the Anti-Spam rules and CASE components used by Intelligent Multi-Scan (IMS), but not for
                          the third-party anti-spam engines used by IMS.
Usage
                          Commit: This command does not require a commit.
                          Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                          host (i.e., the specific machine you are logged onto).
                          Batch Command: This command does not support a batch format.
               CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  3-8
 Chapter 3   The Commands: Reference Examples
                                                                                                                                  Anti-Spam
Example
                        mail3.example.com> antispamupdate
[]> ironport
incomingrelayconfig
Description
                        Use the incomingrelayconfig command to enable and configure the Incoming Relays feature. In the
                        following examples, the Incoming Relays feature is first enabled, and then two relays are added, one is
                        modified, and one is deleted.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
                        This command helps your Cisco IronPort appliance determine the sender's
                        originating IP address.
                        You should ONLY enable this command if your Cisco IronPort appliance is NOT
                        directly connected to the Internet as the "first hop" in your email
                        infrastructure.
                        You should configure this feature if other MTAs or servers are configured at
                        your network's perimeter to relay mail to your Cisco IronPort appliance.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        3-9
                                                                                                 Chapter 3    The Commands: Reference Examples
  Anti-Spam
[]> relaylist
Enter the IP address of the incoming relay. IPv4 and IPv6 addresses are supported.
                         For IPv4, CIDR format subnets such as 10.1.1.0/24, IP address ranges such as 10.1.1.10-20,
                         and subnets such as 10.2.3. are allowed.
                         For IPv6, CIDR format subnets such as 2001:db8::/32 and IP address ranges such as
                         2001:db8::1-2001:db8::11 are allowed.
                         Hostnames such as crm.example.com and partial hostnames such as .example.com are allowed.
                         []> 192.168.1.1
                         Do you want to use the "Received:" header or a custom header to determine the originating
                         IP address?
                         1. Use "Received:" header
                         2. Use a custom header
                         [1]> 1
                         Within the "Received:" header, enter the special character or string after which to begin
                         parsing for the originating IP address:
                         [from]> [
                         Within the headers, enter the position of the "Received:" header that contains the
                         originating IP address:
                         [1]> 1
Enter the IP address of the incoming relay. IPv4 and IPv6 addresses are supported.
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-10
Chapter 3   The Commands: Reference Examples
                                                                                                                                   Anti-Spam
                       For IPv4, CIDR format subnets such as 10.1.1.0/24, IP address ranges such as 10.1.1.10-20,
                       and subnets such as 10.2.3. are allowed.
                       For IPv6, CIDR format subnets such as 2001:db8::/32 and IP address ranges such as
                       2001:db8::1-2001:db8::11 are allowed.
                       Hostnames such as crm.example.com and partial hostnames such as .example.com are allowed.
                       []> 192.168.1.2
                       Do you want to use the "Received:" header or a custom header to determine the originating
                       IP address?
                       1. Use "Received:" header
                       2. Use a custom header
                       [1]> 2
                       Enter the custom header name that contains the originating IP address:
                       []> x-Connecting-IP
                       1. first-hop:      192.168.1.1
                       2. second-hop:     192.168.1.2
                       Enter the number of the entry you wish to delete:
                       [1]> 1
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        3-11
                                                                                                 Chapter 3   The Commands: Reference Examples
   Anti-Spam
slblconfig
Description
                          Configure End-User Safelist/Blocklist.
Note Safelists/Blocklists must be enabled on the appliance via the GUI in order to run this command.
Usage
                          Commit: This command does not require a commit.
                          Batch Command: This command supports a batch format.
Batch Format
                          Replaces all entries in the End-User Safelist/Blocklist with entries present in the specified file.
                              filename - Name of the file that has to be imported. The file must be in the /configuration
                               directory on the appliance.
                              ignore invalid entries           - Whether to ignore invalid entries or not. Either 'Yes' or 'No.'
slblconfig export
                          The appliance saves a .CSV file to the /configuration directory using the following naming
                          convention:
                          slbl<timestamp><serial number>.csv.
               CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-12
 Chapter 3   The Commands: Reference Examples
                                                                                                 Graymail Detection and Safe Unsubscribing
                        1. slbl.csv
                        Choose the file to import from.
                        [1]> 1
graymailconfig
Description
                        Configure graymail detection and safe unsubscribing global settings.
                        Note     To enable graymail detection and safe unsubscribing, anti-spam scanning must be enabled
                                 globally.This can be either the IronPort Anti-Spam or the Intelligent Multi-Scan feature.
                        To configure policy settings for graymail detection and safe unsubscribing, use the policyconfig
                        command. For more information, see Create an Incoming Policy to Drop the Messages Identified as Bulk
                        Email or Social Network Email, page 3-216.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format. For details, see the inline help by typing the
                        command: help graymailconfig.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-13
                                                                                            Chapter 3   The Commands: Reference Examples
   Graymail Detection and Safe Unsubscribing
Example
                        Graymail Detection: Disabled
                        Maximum Message Size to Scan (Add a trailing K for kilobytes, M for megabytes,
                        or no letters for bytes.):
                        [1M]>
                        Graymail Detection and Safe Unsubscribe is now enabled. Please note: The global
                        settings are recommended only for your DEFAULT mail policy. To configure policy
                        settings, use the incoming or outgoing policy page on web interface or the
                        'policyconfig' command in CLI.
graymailstatus
Description
                        Display the details of the existing graymail rules.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        mail.example.com> graymailstatus
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-14
 Chapter 3   The Commands: Reference Examples
                                                                                                                                   Anti-Virus
graymailupdate
Description
                        Manually request update of the graymail rules.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        mail.example.com> graymailupdate
Anti-Virus
                        This section contains the following CLI commands:
                            antivirusconfig
                            antivirusstatus
                            antivirusupdate
antivirusconfig
Description
                        Configure anti-virus policy.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        In the following example, the antivirusconfig command is used to enable Sophos virus scanning on
                        the system and set the time-out value to 60 seconds. To configure the update server, update interval, and
                        optional proxy server, see updateconfig on page 111.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                         3-15
                                                                                          Chapter 3   The Commands: Reference Examples
   Anti-Virus
                Note       The first time you invoke the antivirusconfig command, you may be presented with a license
                           agreement, if you did not accept the license during the systemsetup command. If you do not accept the
                           license agreement, the Sophos virus scanning engine will not be enabled on the appliance.
mail3.example.com> antivirusconfig
                           Please note: you must issue the 'policyconfig' command (CLI) or Mail
                           Policies (GUI) to configure Sophos Anti-Virus scanning behavior for default and custom
                           Incoming and Outgoing Mail Policies.
                           This is recommended for your DEFAULT policy.
                CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-16
 Chapter 3   The Commands: Reference Examples
                                                                                                                                 Anti-Virus
Sophos Anti-Virus:
                        Product - 3.87
                        Engine - 2.25.0
                        Product Date - 01 Nov 2004
antivirusstatus
Description
                        Display Anti-Virus status.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> antivirusstatus
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-17
                                                                                      Chapter 3   The Commands: Reference Examples
   Command Line Management
antivirusupdate
Description
                       Manually update virus definitions.
Usage
                       Commit: This command does not require a commit.
                       Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                       host (i.e., the specific machine you are logged onto).
                       Batch Command: This command does not support a batch format.
Example
                       mail3.example.com> antivirusupdate
commit
Description
                       Commit changes. Entering comments after the commit command is optional.
Usage
                       Commit: N/A
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-18
 Chapter 3   The Commands: Reference Examples
                                                                                                               Command Line Management
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> commit
commitdetail
Description
                        Display detailed information about the last commit.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> commitdetail
                        Commit at Mon Apr 18 13:46:28 2005 PDT with comments: "Enabled loopback".
                        mail3.example.com>
clearchanges or clear
Description
                        The clear command clears any configuration changes made since the last commit or clear command
                        was issued.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-19
                                                                                      Chapter 3   The Commands: Reference Examples
   Command Line Management
Example
                       mail3.example.com> clear
Are you sure you want to clear all changes since the last commit? [Y]> y
help or h or ?
Description
                       The help command lists all available CLI commands and gives a brief description of each command.
                       The help command can be invoked by typing either help or a single question mark (?) at the command
                       prompt.
Usage
                       Commit: This command does not require a commit.
                       Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                       Batch Command: This command does not support a batch format
Example
                       mail3.example.com> help
                       Displays the list of all available commands.
rollbackconfig
                       The rollbackconfig command allows you to rollback to one of the previously committed 10
                       configurations.
Usage
                       Commit: This command requires a commit.
                       Cluster Management: This command is restricted to machine mode.
                       Batch Command: This command does not support a batch format.
Example
                       mail.example.com> rollbackconfig
                       Previous Commits:
                           Committed On                  User                Description
                       ---------------------------------------------------------------------------------
                       1. Fri May 23 06:53:43 2014      admin               new user
                       2. Fri May 23 06:50:57 2014      admin               rollback
                       3. Fri May 23 05:47:26 2014      admin
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-20
 Chapter 3   The Commands: Reference Examples
                                                                                                           Configuration File Management
Are you sure you want to roll back the configuration? [N]> y
quit or q or exit
Description
                        The quit command logs you out of the CLI application. Configuration changes that have not been
                        committed are cleared. The quit command has no effect on email operations. Logout is logged into the
                        log files. (Typing exit is the same as typing quit.)
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        mail3.example.com> quit
                        Configuration changes entered but not committed. Exiting will lose changes.
                        Type 'commit' at the command prompt to commit changes.
                        Are you sure you wish to exit? [N]> Y
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-21
                                                                                       Chapter 3   The Commands: Reference Examples
   Configuration File Management
loadconfig
Description
                        Load a configuration file.
              Note      Loading configuration on clustered machines is supported only using GUI. For instructions, see User
                        Guide for AsyncOS for Cisco Email Security Appliances.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        In this example, a new configuration file is imported from a local location.
                        mail3.example.com> loadconfig
                        In this example, a new configuration file is pasted directly at the command line. (Remember to type
                        Control-D on a blank line to end the paste command.) Then, the system setup wizard is used to change
                        the default hostname, IP address, and default gateway information. Finally, the changes are committed.
                        mail3.example.com> loadconfig
                        [The configuration file is pasted until the end tag </config>. Control-D is entered on a
                        separate line.]
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-22
 Chapter 3   The Commands: Reference Examples
                                                                                                            Configuration File Management
mail3.example.com> systemsetup
mail3.example.com> commit
mailconfig
Description
                        To test the configuration, you can use the mailconfig command immediately to send a test email
                        containing the system configuration data you just created with the systemsetup command.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        mail.example.com> mailconfig
                        Please enter the email address to which you want to send the configuration file.
                        Separate multiple addresses with commas.
                        []> user@example.com
                        Send the configuration to a mailbox to which you have access to confirm that the system is able to send
                        email on your network.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-23
                                                                                        Chapter 3   The Commands: Reference Examples
   Configuration File Management
resetconfig
Description
                        When physically transferring the appliance, you may want to start with factory defaults. The
                        resetconfig command resets all configuration values to factory defaults. This command is extremely
                        destructive, and it should only be used when you are transferring the unit or as a last resort to solving
                        configuration issues. It is recommended you run the systemsetup command after reconnecting to the
                        CLI after you have run the resetconfig command.
              Note      The resetconfig command only works when the appliance is in the offline state. When the resetconfig
                        command completes, the appliance is automatically returned to the online state, even before you run the
                        systemsetup command again. If mail delivery was suspended before you issued the resetconfig
                        command, the mail will attempt to be delivered again when the resetconfig command completes.
          Warning       The resetconfig command will return all network settings to factory defaults, potentially
                        disconnecting you from the CLI, disabling services that you used to connect to the appliance (FTP,
                        Telnet, SSH, HTTP, HTTPS), and even removing additional user accounts you created with the
                        userconfig command. Do not use this command if you are not able to reconnect to the CLI using the
                        Serial interface or the default settings on the Management port through the default Admin user
                        account.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> suspend
mail3.example.com> resetconfig
Are you sure you want to reset all configuration values? [N]> Y
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-24
 Chapter 3   The Commands: Reference Examples
                                                                                                            Configuration File Management
saveconfig
Description
                        The saveconfig command saves the configuration file with a unique filename to the configuration
                        directory.
               Note     If you are on a clustered environment, this command saves the complete cluster configuration. To run
                        this command on a clustered machine, change your configuration mode to cluster.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        In the following example, the passwords in the configuration file is encrypted and saved in the
                        configuration directory.
                        mail.example.com> saveconfig
showconfig
Description
                        The showconfig command prints the current configuration to the screen.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-25
                                                                                       Chapter 3   The Commands: Reference Examples
   Cluster Management
Example
                        In the following example, the configuration is displayed on CLI and the passwords in the configuration
                        are encrypted.
                        mail.example.com> showconfig
                        <!--
                          Product: Cisco C100V Email Security Virtual Appliance
                          Model Number: C100V
                          Version: 9.0.0-038
                          Serial Number: 4232116C4E14C70C4C7F-7898DA3BD955
                          Number of CPUs: 2
                          Memory (MB): 6144
                          Current Time: Wed Mar 19 05:30:05 2014
                        -->
                        <config>
                        <!--
                        ******************************************************************************
                        *                           Network Configuration                            *
                        ******************************************************************************
                        -->
                        [The remainder of the configuration file is printed to the screen.]
Cluster Management
                        This section contains the following CLI commands:
                            clusterconfig
clusterconfig
Description
                        The clusterconfig command is used to configure cluster-related settings. If this machine is not part of
                        a cluster, running clusterconfig will give you the option of joining a cluster or creating a new cluster.
                        The clusterconfig command provides additional subcommands:
                        Non-Cluster Commands
                        The following commands are available when you are not in a cluster.
                            clusterconfig new <name>  This will create a new cluster with the given name. This machine
                             will be a member of this cluster and a member of a default cluster group called "Main Group".
                                 <name>    - The name of the new cluster.
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-26
Chapter 3   The Commands: Reference Examples
                                                                                                                           Cluster Management
                                     This will display the information needed to prepare the joining of this machine to a cluster over a CCS
                                     port.
                       Cluster Commands
                       The following commands are available when you are in a cluster.
                           clusterconfig addgroup <groupname>                 Creates a new cluster group. The group starts off with
                            no members.
                           clusterconfig renamegroup <old_groupname> <new_groupname>                          Change the name of a cluster
                            group.
                           clusterconfig deletegroup <groupname> [new_groupname]                          Remove a cluster group.
                                 <groupname>      - Name of the cluster group to remove.
                                 <new_groupname>       - The cluster group to put machines of the old group into.
                           clusterconfig reconnect <machinename> -     This will restore connections with machines that
                            were detached with the disconnect command.
                           clusterconfig prepjoin new <serial_number> <hostname> <user_key>                              This will add a new
                            host that is to join the cluster over the CCSport.
                                 <serial_number>       - The serial number of the machine being added.
                                 <hostname>     - The host name of the machine being added.
                                                             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                         3-27
                                                                                         Chapter 3   The Commands: Reference Examples
   Data Loss Prevention
                                   <user_key>     - The SSH user key from the "prepjoin print" command from
                                              the joining machine.
                              clusterconfig prepjoin delete <serial_number|hostname>  This will remove a host that was
                               previously indicated to be added from the "prepjoin new" command. This is only necessary to be
                               used if you later decide not to add the host. When a host is successfully added to the cluster, its
                               prepjoin information is automatically removed.
Usage
                          Commit: This command does not require a commit.
                          Cluster Management: This command is restricted to cluster mode.
                          Batch Command: This command does not support a batch format.
Example
                          For an explanation of the clusterconfig command and its uses, see User Guide for AsyncOS for Cisco
                          Email Security Appliances.
dlprollback
Description
                          Rollback DLP engine and config to the previous version.
              Note        DLP must already be configured via the DLP Global Settings page in the GUI before you can use the
                          dlprollback command.
          Warning         This command will revert your appliance to older DLP policies. You must re-enable DLP policies in
                          Outbound Mail Policies so that DLP scanning can be resumed.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-28
 Chapter 3   The Commands: Reference Examples
                                                                                                                     Data Loss Prevention
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is can be used at cluster, group or machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> dlprollback
dlpstatus
                        Request version information for DLP Engine.
               Note     DLP must already be configured via the DLP Global Settings page in the GUI before you can use the
                        dlpstatus command.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is can be used at cluster, group or machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> dlpstatus
dlpupdate
Description
                        Update RSA DLP Engine.
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-29
                                                                                       Chapter 3   The Commands: Reference Examples
   Data Loss Prevention
              Note        DLP must already be configured via the DLP Global Settings page in the GUI before you can use the
                          dlpupdate command.
Usage
                          Commit: This command does not require a commit.
                          Cluster Management: This command is can be used at cluster, group or machine mode.
                          Batch Command: This command supports a batch format.
Batch Format
                          The batch format of the dlpupdate command forces an update of the DLP engine even if no changes are
                          detected.
dlpupdate [force]
Example
                          mail.example.com> dlpupdate
                          Checking for available updates. This may take a few seconds..
                          Could not check for available updates. Please check your Network and Service Updates
                          settings and retry.
emconfig
Description
                          Configure the interoperability settings for RSA Enterprise Manager.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-30
 Chapter 3   The Commands: Reference Examples
                                                                                                                          Data Loss Prevention
               Note     RSA Enterprise Manager must already be configured via the DLP Global Settings page in the GUI before
                        you can use the emconfig command. You cannot enable this functionality using the CLI, only edit the
                        existing settings.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is can be used at cluster, group or machine mode.
                        Batch Command: This command does not support a batch format.
Batch Format
                        To set up a connection between the Email Security appliance and RSA Enterprise Manager:
                                                Option                           Description
                                                --remote_host                    Hostname or IP address of the RSA Enterprise
                                                                                 Manager.
                                                --remote_port                    Port to connect to on RSA Enterprise Manager.
                                                --local_port                     Port on the ESA for Enterprise Manager to connect.
                                                --enable_ssl                     Enable SSL communication to the RSA Enterprise
                                                                                 Manager.
                                                                                 Use 1 to enable, 0 to disable.
                                                            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                          3-31
                                                                                       Chapter 3   The Commands: Reference Examples
   S/MIME Security Services
[20002]>
                        Advanced Settings:
                          RSA Enterprise Manager GUID: emlocalsite
                          Device Vendor name: Cisco Systems
                          Device Status Interval: 5 seconds
                          Polling Cycle Interval: 30 seconds
                          Connection Throttle Interval: 0 milliseconds
                          Max event archive size: 31457280 bytes
                          Max files in event archive: 50
                          Max file size in event archive: 10485760 MB
                          Max size of event.xml file: 1048576 MB
                          Interoperability subsystem heartbeat interval: 500 milliseconds
                          Heartbeat service attempts before failing: 3
                          Connection timeout duration: 30 seconds
                          Command status timeout duration: 30 seconds
                          Max chunk size: 1000
                          Msg exchange cycle: 1
                        Do you want to change advanced settings? [N]>
emdiagnostic
Description
                        Diagnostic tool for RSA EM on ESA.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
smimeconfig
Description
                        Configure S/MIME settings such as sending profiles, managing public keys, and so on.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-32
  Chapter 3   The Commands: Reference Examples
                                                                                                                  S/MIME Security Services
Usage
                         Commit: This command requires a commit.
                         Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                         Batch Command: This command does not support a batch format.
Examples
                             Creating a Sending Profile for Signing and Encryption, page 3-33
                             Adding a Public Key for Encryption, page 3-34
                         The following example shows how to create a sending profile for signing and encrypting messages using
                         S/MIME.
                         mail.example.com> smimeconfig
                         1. Encrypt
                         2. Sign
                         3. Sign/Encrypt
                         4. Triple
                         Enter S/MIME mode:
                         [2]> 3
1. smime_signing
                         1. Detached
                         2. Opaque
                         Enter S/MIME sign mode:
                         [1]>
                         1. Bounce
                         2. Drop
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-33
                                                                                               Chapter 3   The Commands: Reference Examples
    S/MIME Security Services
                         3. Split
                         Enter S/MIME action:
                         [1]> 3
                         The following example shows how to add the public key of the recipient's S/MIME certificate to the
                         appliance for encrypting messages.
                         mail.example.com> smimeconfig
                         1. Import
                         2. Paste
                         Choose one of the options for the certificate introducing:
                         [2]>
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  3-34
 Chapter 3   The Commands: Reference Examples
                                                                                                                              Domain Keys
                        .
                        C=IN,ST=KA,L=BN,O=Cisco,OU=stg,CN=cert_for_enc,emailAddress=admin@example.com
Domain Keys
                        This section contains the following CLI commands:
                            domainkeysconfig
domainkeysconfig
Description
                        Configure DomainKeys/DKIM support.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-35
                                                                                                   Chapter 3   The Commands: Reference Examples
  Domain Keys
                                                  Argument                           Description
                                                  <name>                             Name of domain profile.
                                                  <type>                             Type of domain. Can be dk or dkim.
                                                  <domain>                           Domain field of domain profile. This forms the d tag
                                                                                     of the Domain-Keys signature.
                                                  <selector>                         Selector field of domain profile. This forms the s tag
                                                                                     of the Domain-Keys signature.
                                                  <user-list>                        Comma separated list of domain profile users. Users
                                                                                     are used to match against email addresses to
                                                                                     determine if a specific domain profile should be used
                                                                                     to sign an email. Use the special keyword all to
                                                                                     match all domain users.
                                                  [options]
                                                  --key_name                         The name of the private key that will be used for
                                                                                     signing.
                                                  --canon                            The canonicalization algorithm to use when signing
                                                                                     by DK. Currently supported algorithms are simple
                                                                                     and nofws. Default is nofws.
                                                  --body_canon                       The body canonicalization algorithm of to use when
                                                                                     signing by DKIM. Currently supported algorithms
                                                                                     are simple and relaxed. Default is simple.
                                                  --header_canon                     The headers canonicalization algorithm of to use
                                                                                     when signing by DKIM. Currently supported
                                                                                     algorithms are simple and relaxed. Default is
                                                                                     simple.
                                                  --body_length                      Number of bytes of canonicalized body that are used
                                                                                     to calculate the signature. Is used only in DKIM
                                                                                     profiles. If used this value becomes l tag of the
                                                                                     signature. By default it is not used.
                                                  --headers_select                   Detrmines how to select headers for signing. Is used
                                                                                     only in DKIM profiles. Can be one of all,
                                                                                     standard, standard_and_custom. all means to sign
                                                                                     all non-repetitive headers. "standard" means to sign
                                                                                     pedefined set of well known headers such as Subject,
                                                                                     From, To, Sender, MIME heades etc.
                                                                                     standard_and_custom means to sign well known
                                                                                     headers and user-defined set of headers. Default is
                                                                                     standard.
                                                  --custom_headers                   User-defined set of headers to sign. Is used only in
                                                                                     DKIM profiles if headers_select is
                                                                                     standard_and_custom. Default is empty set.
                                                  --i_tag                            Determines whether to include the i tag into the
                                                                                     signature. Possible values are yes or no. Default is
                                                                                     yes.
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-36
Chapter 3   The Commands: Reference Examples
                                                                                                                                 Domain Keys
                                               Argument                         Description
                                               --agent_identity                 The identity of the user or agent on behalf of which
                                                                                this message is signed. The syntax is a standard
                                                                                email address where the local-part may be omitted.
                                                                                Domain part of this address should be a sub-domain
                                                                                of or equal to the <domain>. This option is only
                                                                                applicable if --i_tag value is set to yes. Default is
                                                                                an empty local-part followed by an @ and by the
                                                                                <domain>.
                                               --q_tag                          Determines whether to include the q tag into the
                                                                                signature. Possible values are yes or no. Default is
                                                                                yes.
                                               --t_tag                          Determines whether to include the t tag into the
                                                                                signature. Possible values are yes or no. Default is
                                                                                yes.
                                               --x_tag                          Determines whether to include the x tag into the
                                                                                signature. Possible values are yes or no. Default is
                                                                                yes.
                                               --expiration_time                Number of seconds before signature is expired. Is
                                                                                used only in DKIM profiles. This value becomes a
                                                                                difference of x and t tags of the signature. This
                                                                                option is only applicable if --x_tag value is set to
                                                                                yes. Default is 31536000 seconds (one year).
                                               --z_tag                          Determines whether to include the z tag into the
                                                                                signature. Possible values are yes or no. Default is
                                                                                no.
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        3-37
                                                                                        Chapter 3   The Commands: Reference Examples
   Domain Keys
                              qtag <q_tag>
                              ttag <t_tag>
                              xtag <x_tag> [<expiration_time>]
                              ztag <z_tag>
                              new <user-list>
                              delete <user-list>
                              print
                              clear
                           Delete a signing profile:
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-38
Chapter 3   The Commands: Reference Examples
                                                                                                                                 Domain Keys
                        Argument                      Description
                        --name                        The name of DKIM verification profile.
                        --min_key_size                The smallest key to be accepted. Possible key-length
                                                      values (in bits) are 512, 768, 1024, 1536 and 2048.
                                                      Default is 512.
                        --max_key_size                The largest key to be accepted. Possible key-length
                                                      values (in bits) are 512, 768, 1024, 1536 and 2048.
                                                      Default is 2048.
                        --max_signatures_num          A maximum number of signatures in the message to
                                                      verify. Possible value is any positive number.
                                                      Default is 5.
                        --key_query_timeout           A number of seconds before the key query is timed
                                                      out. Possible value is any positive number. Default is
                                                      10.
                        --max_systemtime_diverge      A number of seconds to tolerate wall clock
                        nce                           asynchronization between sender and verifier.
                                                      Possible value is any positive number. Default is 60.
                        --use_body_length             Whether to use a body length parameter. Possible
                                                      values are yes or no. Default is yes.
                        --tempfail_action             The SMTP action should be taken in case of
                                                      temporary failure. Possible values are accept or
                                                      reject. Default is accept.
                        --tempfail_response_code      The SMTP response code for rejected message in
                                                      case of temporary failure. Possible value is number
                                                      in 4XX format. Default is 451.
                        --tempfail_response_text      The SMTP response text for rejected message in
                                                      case of temporary failure. Default is #4.7.5 Unable
                                                      to verify signature - key server unavailable.
                        --permfail_action             The SMTP action should be taken in case of
                                                      permanent failure. Possible values are accept or
                                                      reject. Default is accept.
                        --permfail_response_code      The SMTP response code for rejected message in
                                                      case of permanent failure. Possible value is number
                                                      in 5XX format. Default is 550.
                        --permfail_response_text      The SMTP response text for rejected message in
                                                      case of permanent failure. Default is #5.7.5 DKIM
                                                      unauthenticated mail is prohibited.
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        3-39
                                                                                            Chapter 3   The Commands: Reference Examples
   Domain Keys
                       Argument                          Description
                       --generate_key                    Generate a private key. Possible key-length values
                                                         (in bits) are 512, 768, 1024, 1536, and 2048.
                       --use_key                         Use supplied private key.
                       --public_key                      Flag to derive and print to the screen a matching
                                                         public key for the specified private key. If
                                                         --generate_key is specified first, a new private key
                                                         is generated first, followed by the display of a
                                                         matching public key.
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-40
 Chapter 3   The Commands: Reference Examples
                                                                                                                                Domain Keys
Delete a key:
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-41
                                                                                      Chapter 3   The Commands: Reference Examples
   Domain Keys
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-42
Chapter 3   The Commands: Reference Examples
                                                                                                                         Domain Keys
                       The domain field forms the basis of the public-key query. The value in
                       this field MUST match the domain of the sending email address or MUST
                       be one of the parent domains of the sending email address. This value
                       becomes the "d" tag of the Domain-Keys signature.
                       Enter the domain name of the signing domain:
                       []> example.com
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-43
                                                                                     Chapter 3   The Commands: Reference Examples
  Domain Keys
[1]>
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-44
 Chapter 3   The Commands: Reference Examples
                                                                                                                          Domain Keys
                                                    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-45
                                                                                     Chapter 3   The Commands: Reference Examples
  Domain Keys
[1]>
                      The answers to the following questions will be used to construct DKIM text
                      record for DNS. It can be used to publish information about this profile.
                      The "testing mode" can be set to specify that this domain is testing DKIM and
                      that unverified email must not be treated differently from verified email.
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-46
 Chapter 3   The Commands: Reference Examples
                                                                                                                        DMARC Verification
DMARC Verification
                        This section contains the following CLI commands:
                            dmarcconfig
dmarcconfig
Description
                        Configure DMARC settings.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format.
                         Argument                                Description
                         <name>                                  Name of the DMARC profile.
                         [options]
                         --rejectpolicy_action                   The message action that AsyncOS must take when the policy in
                                                                 DMARC record is reject. Possible values are reject,
                                                                 quarantine, or none.
                         --rejectpolicy_response_code            The SMTP response code for rejected messages. The default
                                                                 value is 550.
                         --rejectpolicy_response_text            The SMTP response text for rejected messages. The default
                                                                 value is #5.7.1 DMARC unauthenticated mail is prohibited.
                         --rejectpolicy_quarantine               The quarantine for messages that fail DMARC verification.
                         --quarantinepolicy_action               The message action that AsyncOS must take when the policy in
                                                                 DMARC record is quarantine. Possible values are quarantine
                                                                 or none.
                         --quarantinepolicy_quarantine           The quarantine for messages that fail DMARC verification.
                         --tempfail_action                       The message action that AsyncOS must take on the messages
                                                                 that result in temporary failure during DMARC verification.
                                                                 Possible values are accept or reject.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-47
                                                                                               Chapter 3   The Commands: Reference Examples
    DMARC Verification
                         Argument                                        Description
                         --tempfail_response_code                        The SMTP response code for rejected messages in case of
                                                                         temporary failure. The default value is 451.
                         --tempfail_response_text                        The SMTP response text for rejected messages in case of
                                                                         temporary failure. The default value is #4.7.1 Unable to
                                                                         perform DMARC verification.
                         --permfail_action                               The message action that AsyncOS must take on the messages
                                                                         that result in permanent failure during DMARC verification.
                                                                         Possible values are accept or reject.
                         --permfail_response_code                        The SMTP response code for rejected messages in case of
                                                                         permanent failure. The default value is 550.
                         --permfail_response_text                        The SMTP response text for rejected messages in case of
                                                                         permanent failure. The default value is #5.7.1 DMARC
                                                                         verification failed.
                         Options                              Description
                         --report_schedule                    The time when you want AsyncOS to generate DMARC aggregate
                                                              reports.
                         --error_reports                      Send delivery error reports to the domain owners if the DMARC
                                                              aggregate report size exceeds 10 MB or the size specified in the RUA
                                                              tag of DMARC record.
                         --org_name                           The entity generating DMARC aggregate reports. This must be a
                                                              domain name.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  3-48
 Chapter 3   The Commands: Reference Examples
                                                                                                                       DMARC Verification
                         Options                      Description
                         --contact_info               Additional contact information, for example, details of your
                                                      organization's customer support, if the domain owners who receive
                                                      DMARC aggregate reports want to contact the entity that generated the
                                                      report.
                         --copy_reports               Send copy of all the DMARC aggregate reports to specific users, for
                                                      example, internal users who perform analysis on the aggregate reports.
                                                      Enter an email address or multiple addresses separated by commas.
                         --bypass_addresslist         Skip DMARC verification of messages from specific senders (address
                                                      list).
                                                      Note      You can choose only address lists created with full email
                                                                addresses.
                         --bypass_headers             Skip DMARC verification of messages that contain specific header field
                                                      names. For example, use this option to skip DMARC verification of
                                                      messages from mailing lists and trusted forwarders. Enter a header or
                                                      multiple headers separated by commas.
Example
                        The following example shows how to setup a DMARC verification profile and edit the global settings of
                        DMARC verification profiles.
                        mail.example.com> dmarcconfig
                        Select the message action when the policy in DMARC record is reject:
                        1. No Action
                        2. Quarantine the message
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-49
                                                                                     Chapter 3   The Commands: Reference Examples
  DMARC Verification
                       Select the message action when the policy in DMARC record is quarantine:
                       1. No Action
                       2. Quarantine the message
                       [2]> 2
                       Select the quarantine for messages that fail DMARC verification (when the DMARC policy is
                       quarantine).
                       1. Policy
                       [1]> 1
                       Enter the SMTP response code for rejected messages in case of temporary failure.
                       [451]>
                       Enter the SMTP response text for rejected messages in case of temporary failure. Type
                       DEFAULT to use the default response text '#4.7.1 Unable to perform
                       DMARC verification.'
                       [#4.7.1 Unable to perform DMARC verification.]>
                       Enter the SMTP response code for rejected messages in case of permanent failure.
                       [550]>
                       Enter the SMTP response text for rejected messages in case of permanent failure. Type
                       DEFAULT to use the default response text '#4.7.1 Unable to perform
                       DMARC verification.'
                       [#5.7.1 DMARC verification failed.]>
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-50
Chapter 3   The Commands: Reference Examples
                                                                                                                    DMARC Verification
                       Enter the time of day to generate aggregate feedback reports. Use 24-hour format (HH:MM).
                       [00:00]>
                       Enter the entity name responsible for report generation. This is added to the DMARC
                       aggregate reports.
                       []> example.com
                       Enter additional contact information to be added to DMARC aggregate reports. This could be
                       an email address, URL of a website with additional help, a phone
                       number etc.
                       []> http://dmarc.example.com
Would you like to send a copy of all aggregate reports? (Yes/No) [N]>
Would you like to bypass DMARC verification for an addresslist? (Yes/No) [N]>
Would you like to bypass DMARC verification for specific header fields? (Yes/No) [N]> y
                       DMARC verification is configured to bypass DMARC verification for messages containing the
                       following header fields.
                       1. List-Unsubscribe
                       DMARC verification is configured to bypass DMARC verification for messages containing the
                       following header fields.
                       1. List-Unsubscribe
                       2. List-ID
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-51
                                                                                          Chapter 3   The Commands: Reference Examples
   DNS
DNS
                    This section contains the following CLI commands:
                        dig
                        dnsconfig
                        dnsflush
                        dnshostprefs
                        dnslistconfig
                        dnslisttest
                        dnsstatus
dig
Description
                    Look up a record on a DNS server
Usage
                    Commit: This command does not require a commit.
                    Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                    Batch Command: This command supports a batch format.
Batch Format
                    The batch format of the dig command can be used to perform all the functions of the traditional CLI
                    command.
                        Look up a record on a DNS server
These are the options available for the dig commands batch format
         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-52
 Chapter 3   The Commands: Reference Examples
                                                                                                                                  DNS
Example
                        The following example explicitly specifies a DNS server for the lookup.
                        mail.com> dig @111.111.111.111 example.com MX
                        ;; QUESTION SECTION:
                        ;example.com.                               IN          MX
                        ;; ANSWER SECTION:
                        mexample.com.                    10800       IN          MX        10 mexample.com.
                        ;; AUTHORITY SECTION:
                        example.com.                              10800    IN         NS        test.example.com.
                        ;; ADDITIONAL SECTION:
                        example.com. 10800 IN          A           111.111.111.111
                        example.com. 10800 IN          AAAA        2620:101:2004:4201::bd
                        example.com.   300     IN             A        111.111.111.111
               Note     The dig command filters out the information in the Authority and Additional sections if you do not
                        explicitly specify the DNS server when using the command.
dnsconfig
Description
                        Configure DNS setup
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-53
                                                                                   Chapter 3   The Commands: Reference Examples
   DNS
Usage
                    Commit: This command requires a commit.
                    Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                    Batch Command: This command supports a batch format.
Batch Format
                    The batch format of the dnsconfig command can be used to perform all the functions of the traditional
                    CLI command.
                        Configuring DNS to use a local nameserver cache:
                         Command arguments:
                           <ns_ip> - The IP address of the nameserver. Separate multiple IP addresses with commas.
                           <priority> - The priority for this entry.
                        Deleting the local nameserver cache:
                         Command arguments:
                           <ns_ip> - The IP address of the nameserver. Separate multiple IP addresses with commas.
                           <domains> - A comma separated list of domains.
                        Deleting the alternate DNS cache for a specific domain:
                         Nameserver arguments:
                           <ns_domain> - The domain to override.
                           <ns_name> - The name of the nameserver.
                           <ns_ip> - The IP address of the nameserver.
         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-54
 Chapter 3   The Commands: Reference Examples
                                                                                                                                     DNS
Note You can override certain domains by specifying an alternate name server for that domain.
Deleting nameservers:
Note When deleting, if you do not specify an ns_name, then all nameservers for that domain will be removed.
Clearing all DNS settings and automatically configuring the system to use the Internet root servers:
dnsconfig roots
dnsconfig print
Example
                        Each user-specified DNS server requires the following information:
                              Hostname
                              IP address
                              Domain authoritative for (alternate servers only)
                        Four subcommands are available within the dnsconfig command:
                        Table 3-5           Subcommands for dnsconfig Command
                         Syntax          Description
                         new             Add a new alternate DNS server to use for specific domains or local
                                         DNS server.
                         delete          Remove an alternate server or local DNS server.
                         edit            Modify an alternate server or local DNS server.
                         setup           Switch between Internet root DNS servers or local DNS servers.
mail3.example.com> dnsconfig
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-55
                                                                                       Chapter 3   The Commands: Reference Examples
    DNS
                       Do you want the Gateway to use the Internet's root DNS servers or would you like
                       it to use your own DNS servers?
                       1. Use Internet root DNS servers
                       2. Use own DNS cache servers
                       [1]> 1
                       Enter the number of seconds to wait before timing out reverse DNS lookups.
                       [20]>
                       You can configure the appliance to use the Internet root servers for all DNS queries except specific local
                       domains.
                       mail3.example.com> dnsconfig
                       Please enter the domain this server is authoritative for. (Ex: "com").
                       []> example.com
                       Please enter the fully qualified hostname of the DNS server for the domain "example.com".
                       (Ex: "dns.example.com").
                       []> dns.example.com
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
  3-56
 Chapter 3   The Commands: Reference Examples
                                                                                                                                 DNS
                        You can configure the appliance to use your own DNS cache server.
                        mail3.example.com> dnsconfig
                        Do you want the Gateway to use the Internet's root DNS servers or would you like
                        it to use your own DNS servers?
                        1. Use Internet root DNS servers
                        2. Use own DNS cache servers
                        [1]> 2
                        Enter the number of seconds to wait before timing out reverse DNS lookups.
                        [20]>
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-57
                                                                                    Chapter 3   The Commands: Reference Examples
   DNS
[]>
dnsflush
Description
                     Clear all entries from the DNS cache.
Usage
                     Commit: This command does not require a commit.
                     Cluster Management: This command is restricted to machine mode.
                     Batch Command: This command does not support a batch format
Example
                     mail3.example.com> dnsflush
                     Are you sure you want to clear out the DNS cache? [N]> Y
dnshostprefs
Description
                     Configure IPv4/IPv6 DNS preferences
Usage
                     Commit: This command requires a commit.
                     Cluster Management: This command is restricted to machine mode.
                     Batch Command: This command does not support a batch format
Example
                     mail3.example.com> dnshostprefs
          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-58
 Chapter 3   The Commands: Reference Examples
                                                                                                                                DNS
                        3. Require IPv4
                        4. Require IPv6
                        [2]> 3
dnslistconfig
Description
                        Configure DNS List services support
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format
Example
                        mail3.example.com> dnslistconfig
Settings updated.
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-59
                                                                                    Chapter 3   The Commands: Reference Examples
   DNS
dnslisttest
Description
                     Test a DNS lookup for a DNS-based list service.
Usage
                     Commit: This command does not require a commit.
                     Cluster Management: This command is restricted to machine mode.
                     Batch Command: This command does not support a batch format
Example
                     mail3.example.com> dnslisttest
                     Querying: 10.10.1.11.mail4.example.com
                     Result: MATCHED
dnsstatus
Description
                     Display DNS statistics.
Usage
                     Commit: This command does not require a commit.
                     Cluster Management: This command is restricted to machine mode.
                     Batch Command: This command does not support a batch format.
          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-60
 Chapter 3   The Commands: Reference Examples
                                                                                     General Management/Administration/Troubleshooting
Example
                        mail3.example.com> dnsstatus
General Management/Administration/Troubleshooting
                        This section contains the following CLI commands:
                            addressconfig
                            adminaccessconfig
                            certconfig
                            date
                            diagnostic
                            diskquotaconfig
                            ecconfig
                            ecstatus
                            ecupdate
                            encryptionconfig
                            encryptionstatus
                            encryptionupdate
                            featurekey
                            featurekeyconfig
                            generalconfig
                            healthcheck
                            healthconfig
                            ntpconfig
                            reboot
                            repengstatus
                            repengstatus
                            resume
                            resumedel
                            resumelistener
                            revert
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-61
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
                            settime
                            settz
                            shutdown
                            sshconfig
                            status
                            supportrequest
                            supportrequeststatus
                            supportrequestupdate
                            suspend
                            suspenddel
                            suspendlistener
                            tcpservices
                            techsupport
                            tlsverify
                            trace
                            trackingconfig
                            updateconfig
                            updatenow
                            upgrade
                            version
                            wipedata
                        See also Virtual Appliance Management, page 3-294.
addressconfig
Description
                        The addressconfig command is used to configure the From: Address header. You can specify the
                        display, user, and domain names of the From: address. You can also choose to use the Virtual Gateway
                        domain for the domain name. Use the addressconfig command for mail generated by AsyncOS for the
                        following circumstances:
                            Anti-virus notifications
                            Bounces
                            DMARC feedback reports
                            Notifications (notify() and notify-copy() filter actions)
                            Quarantine Messages (and Send Copy in quarantine management)
                            Reports
                            All other messages
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-62
 Chapter 3   The Commands: Reference Examples
                                                                                     General Management/Administration/Troubleshooting
                        In the following example, the From: Address for notifications is changed from: Mail Delivery System
                        [MAILER-DAEMON@domain] (the default) to Notifications [Notification@example.com]
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> addressconfig
                        Please enter the display name portion of the "notify from" address
                        ["Mail Delivery System"]> Notifications
                        Please enter the user name portion of the "notify from" address
                        [MAILER-DAEMON]> Notification
Do you want the virtual gateway domain used for the domain? [Y]> n
                        Please enter the domain name portion of the "notify from" address
                        []> example.com
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-63
                                                                                         Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
adminaccessconfig
Description
                        Use the adminaccessconfig command to configure:
                            Login message (banner) for the administrator.
                            IP-based access for appliance administrative interface.
                            Web interface Cross-Site Request Forgeries protection.
                            Option to use host header in HTTP requests.
                            Web interface and CLI session inactivity timeout.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the adminaccessconfig command can be used to perform all the functions of the
                        traditional CLI command.
                            Select whether to allow access for all IP addresses or limit access to specific IP address/subnet/range
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-64
Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-65
                                                                                            Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-66
 Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
1. 192.168.1.2-100
                        1.   192.168.1.2-100
                        2.   192.168.255.12
                        Warning: The host you are currently using [72.163.202.175] is not included in the User
                        Access list. Excluding it will prevent your
                        host from connecting to the administrative interface. Are you sure you want to continue?
                        [N]> Y
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-67
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
                        the GUI. You can use the login banner to display internal security information or best practice
                        instructions for the appliance. For example, you can create a simple note that saying that unauthorized
                        use of the appliance is prohibited or a detailed warning concerning the organizations right to review
                        changes made by the user to the appliance.
                        The maximum length of the login banner is 2000 characters to fit 80x25 consoles. A login banner can
                        be imported from a file in the /data/pub/configuration directory on the appliance. After creating the
                        banner, commit your changes.
                        In the following example, the login banner Use of this system in an unauthorized manner is prohibited
                        is added to the appliance:
                        mail.example.com> adminaccessconfig
                        Enter or paste the banner text here. Enter CTRL-D on a blank line to end.
                        Use of this system in an unauthorized manner is prohibited.
                        ^D
              Note      The CLI session timeout applies only to the connections using Secure Shell (SSH), SCP, and direct serial
                        connection. Any uncommitted configuration changes at the time of CLI session timeout will be lost.
                        Make sure that you commit the configuration changes as soon as they are made.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-68
 Chapter 3   The Commands: Reference Examples
                                                                                       General Management/Administration/Troubleshooting
mail.example.com> adminaccessconfig
mail.example.com> commit
               Note     After committing the changes, the new CLI session timeout takes affect only during the subsequent
                        login.
certconfig
Description
                        Configure security certificates and keys.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-69
                                                                                              Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
[]> certificate
                        List of Certificates
                        Name       Common Name                         Issued By              Status              Remaining
                        --------- --------------------                 --------------------   -------------       ---------
                        Demo       Cisco Appliance Demo                Cisco Appliance Demo   Active              3467 days
List of Certificates
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-70
 Chapter 3   The Commands: Reference Examples
                                                                                       General Management/Administration/Troubleshooting
[]>
                        mail3.example.com> commit
                        Please enter some comments describing your changes:
                        []> Installed certificate and key for receiving, delivery, and https
[]> certificate
                        List of Certificates
                        Name       Common Name                 Issued By                      Status                Remaining
                        --------- --------------------         --------------------           -------------         ---------
                        partner.c brutus.neuronio.pt           brutus.neuronio.pt             Expired               -4930
                        days
                        Demo       Cisco Appliance Demo        Cisco Appliance Demo           Active                3467 days
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-71
                                                                                      Chapter 3   The Commands: Reference Examples
  General Management/Administration/Troubleshooting
[1]> 1
                       Enter Organization:
                       > Example
                       1. 1024
                       2. 2048
                       Enter size of private key:
                       [2]>
                       List of Certificates
                       Name       Common Name           Issued By            Status        Remaining
                       --------- ------------------- -------------------- ------------- ---------
                       example.c example.com            example.com          Valid         3649 days
                       partner.c brutus.partner.com    brutus.partner.com Valid        30 days
                       Demo       Cisco Appliance Demo Cisco Appliance Demo Active         3467 days
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-72
 Chapter 3   The Commands: Reference Examples
                                                                                     General Management/Administration/Troubleshooting
                        List of Certificates
                        Name       Common Name               Issued By                      Status                Remaining
                        --------- --------------------       --------------------           -------------         ---------
                        Demo       Cisco Appliance Demo      Cisco Appliance Demo           Active                3329 days
                        Enter Organization:
                        > ORG
                        1. 1024
                        2. 2048
                        Enter size of private key:
                        [2]>
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-73
                                                                                              Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
[]> admin@example.com
                        List of Certificates
                        Name       Common Name                         Issued By              Status              Remaining
                        --------- --------------------                 --------------------   -------------       ---------
                        smime_sig CN                                   CN                     Valid               3649 days
                        Demo       Cisco Appliance Demo                Cisco Appliance Demo   Active              3329 days
date
Description
                        Displays the current date and time
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> date
diagnostic
Description
                        Use the diagnostic command to:
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-74
 Chapter 3   The Commands: Reference Examples
                                                                                          General Management/Administration/Troubleshooting
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the diagnostic command can be used to check RAID status, clear caches and show
                        the contents of the ARP cache. To invoke as a batch command, use the following formats:
                        Use the batch format to perform the following operations:
                                                            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-75
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
diagnostic raid
diagnostic reload
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-76
 Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-77
                                                                                             Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
                        Do you want to type in a test message to send?                 If not, the connection will be tested but
                        no email will be sent. [N]>
[]> reload
This command will remove all user settings and reset the entire device.
diskquotaconfig
                        View or configure disk space allocation for reporting and tracking, quarantines, log files, packet
                        captures, and configuration files.
                        See User Guide for AsyncOS for Cisco Email Security Appliances for complete information about this
                        feature.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-78
 Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command supports a batch format.
Batch Format
                        diskquotaconfig <feature> <quota> [<feature> <quota> [<feature> <quota>[<feature>
                        <quota>]]]
                        Valid values for <feature> are euq, pvo, tracking, reporting
                        Valid values for <quota> are integers.
Example
                        mail.example.com> diskquotaconfig
                        Enter the number of the service for which you would like to edit disk quota:
                        1. Spam Quarantine (EUQ)
                        2. Policy, Virus & Outbreak Quarantines
                        3. Reporting
                        4. Tracking
                        5. Miscellaneous Files
                        [1]> 1
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-79
                                                                                          Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
[]>
ecconfig
                        Set or clear the enrollment client that is used to obtain certificates for use with the URL Filtering feature.
                        Do not use this command without guidance from Cisco support.
                        Entries must be in the format <hostname:port> or <IPv4 address:port>. Port is optional.
                        To specify the default server, enter ecconfig server default.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used at all levels in a cluster.
                        Batch Command: This command supports a batch format.
Batch Format
                             To specify a non-default enrollment client server:
                              > ecconfig server <server_name:port>
Example
                        mail.example.com> ecconfig
[]> 192.0.2.1
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-80
 Chapter 3   The Commands: Reference Examples
                                                                                       General Management/Administration/Troubleshooting
ecstatus
                        Display the current version of the enrollment client that is used to automatically obtain certificates for
                        use with the URL Filtering feature.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> ecstatus
                        Component                  Version           Last Updated
                        Enrollment Client          1.0.2-046         Never updated
ecupdate
                        Manually update the enrollment client that is used to automatically obtain certificates for use with the
                        URL Filtering feature. Normally, these updates occur automatically. Do not use this command without
                        guidance from Cisco support.
                        If you use the force parameter (ecupdate [force]) the client is updated even if no changes are detected.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command supports a batch format.
Batch Format
                        > ecupdate [force]
Example
                        mail.example.com> ecupdate
                        Requesting update of Enrollment Client.
encryptionconfig
                        Configure email encryption.
Usage
                        Commit: This command requires a commit.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-81
                                                                                                 Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
Example
                        The following example shows modifications to an encryption profile:
                        mail.example.com> encryptionconfig
                        Maximum message size for encryption: (Add a trailing K for kilobytes, M for
                        megabytes, or no letters for bytes.)
                        [10M]>
                        1. HIPAA
                        Select the profile you wish to edit:
                        [1]> 1
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-82
Chapter 3   The Commands: Reference Examples
                                                                                 General Management/Administration/Troubleshooting
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                              3-83
                                                                                                Chapter 3   The Commands: Reference Examples
  General Management/Administration/Troubleshooting
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-84
 Chapter 3   The Commands: Reference Examples
                                                                                   General Management/Administration/Troubleshooting
encryptionstatus
Description
                        The encryptionstatus command shows the version of the PXE Engine and Domain Mappings file on
                        the Email Security appliance, as well as the date and time the components were last updated.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> encryptionstatus
encryptionupdate
Description
                        The encryptionupdate command requests an update to the PXE Engine on the Email Security
                        appliance.
Usage
                        Commit: This command does not require a commit.
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-85
                                                                                                 Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> encryptionupdate
featurekey
Description
                        The featurekey command lists all functionality enabled by keys on the system and information related
                        to the keys. It also allows you to activate features using a key or check for new feature keys.
                        For virtual appliances, see also loadlicense and showlicense.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format
Example
                        In this example, the featurekey command is used to check for new feature keys.
                        mail3.example.com> featurekey
                        Module                              Quantity                   Status         Remaining      Expiration Date
                        Outbreak Filters                    1                          Active         28 days        Tue Feb 25 06:40:53
                        2014
                        IronPort Anti-Spam                  1                          Dormant        30 days        Wed Feb 26 07:56:57
                        2014
                        Sophos Anti-Virus                   1                          Active         26 days        Sun Feb 23 02:27:48
                        2014
                        Bounce Verification                 1                          Dormant        30 days        Wed Feb 26 07:56:57
                        2014
                        Incoming Mail Handling              1                          Active         20 days        Sun Feb 16 08:55:58
                        2014
                        IronPort Email Encryption           1                          Dormant        30 days        Wed Feb 26 07:56:57
                        2014
                        RSA Email Data Loss Prevention      1                          Active         25 days        Fri Feb 21 10:07:10
                        2014
                        McAfee                              1                          Dormant        30 days        Wed Feb 26 07:56:57
                        2014
                        Choose the operation you want to perform:
                        - ACTIVATE - Activate a (pending) key.
                        - CHECKNOW - Check now for new feature keys.
                        []> checknow
                        No new feature keys are available.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-86
 Chapter 3   The Commands: Reference Examples
                                                                                    General Management/Administration/Troubleshooting
featurekeyconfig
Description
                        The featurekeyconfig command allows you to configure the machine to automatically download
                        available keys and update the keys on the machine.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine.
                        Batch Command: This command does not support a batch format.
Example
                        In this example, the featurekeyconfig command is used to enable the autoactivate and autocheck
                        features.
                        mail3.example.com> featurekeyconfig
                        []> autocheck
                        Do you want to periodically query for new feature keys? [N]> y
generalconfig
Description
                        The generalconfig command allows you to configure browser settings.
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-87
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
Usage
                        Commit: This command requires commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format. For details, see the inline help by typing the
                        command: help generalconfig.
                             For better web interface rendering, we recommend that you enable Internet
                             Explorer Compatibility Mode Override. However, if enabling this feature
                             is against your organizational policy, you may disable this feature.
Would you like to enable Internet Explorer Compatibility Mode Override? [N]y
healthcheck
Description
                        Checks the health of your Email Security appliance. Health check analyzes historical data (up to three
                        months) in the current Status Logs to determine the health of the appliance.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> healthcheck
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-88
 Chapter 3   The Commands: Reference Examples
                                                                                    General Management/Administration/Troubleshooting
healthconfig
Description
                        Configure the threshold of various health parameters of your appliance such as CPU usage, maximum
                        messages in work queue and so on
Usage
                        Commit: This command requires commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> healthconfig
                        Please enter the threshold value for number of messages in work queue.
                        [500]> 550
                        Do you want to receive alerts if the number of messages in work queue exceeds
                        threshold value? [N]> n
                        Please enter the threshold value for overall CPU usage (in percent)
                        [85]> 90
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-89
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
Do you want to receive alerts if the overall CPU usage exceeds threshold value?[N]> n
                        Please enter the threshold value for number of pages swapped from memory in a
                        minute.
                        [5000]> 5500
ntpconfig
Description
                        The ntpconfig command configures AsyncOS to use Network Time Protocol (NTP) to synchronize the
                        system clock with other computers. NTP can be turned off using the settime command.
Usage
                        Commit: This command requires commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> ntpconfig
[]> new
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-90
 Chapter 3   The Commands: Reference Examples
                                                                                   General Management/Administration/Troubleshooting
                        Please enter the fully qualified hostname or IP address of your NTP server.
                        []> ntp.example.com
mail3.example.com> commit
reboot
Description
                        Restart the appliance.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> reboot
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-91
                                                                                          Chapter 3    The Commands: Reference Examples
   General Management/Administration/Troubleshooting
repengstatus
Description
                        Request version information of Reputation Engine.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> repengstatus
resume
Description
                        Resume receiving and deliveries
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> resume
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-92
 Chapter 3   The Commands: Reference Examples
                                                                                        General Management/Administration/Troubleshooting
resumedel
Description
                        Resume deliveries.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> resumedel
                        Enter one or more domains [comma-separated] to which you want to resume delivery.
                        [ALL]> domain1.com, domain2.com
resumelistener
Description
                        Resume receiving on a listener.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> resumelistener
Receiving resumed.
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-93
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
mail3.example.com>
revert
Description
                        Revert to a previous release.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> revert
                            Available versions
                            =================
                         1. 9.1.0-019
                        Please select an AsyncOS version [1]:
                        Do you want to continue? [N]>
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-94
 Chapter 3   The Commands: Reference Examples
                                                                                     General Management/Administration/Troubleshooting
settime
Description
                        The settime command allows you to manually set the time if you are not using an NTP server. The
                        command asks you if you want to stop NTP and manually set the system clock. Enter the time is using
                        this format: MM/DD/YYYY HH:MM:SS.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> settime
settz
Description
                        Set the local time zone.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> settz
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-95
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
shutdown
Description
                        Shut down the system to power off
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> shutdown
System shutting down. Please wait while the queue is being closed...
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-96
 Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
sshconfig
Description
                        Configure SSH server and user key settings.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to cluster mode.
                        Batch Command: This command does not support a batch format.
                        Reboot. Reboot is required for changes to take effect.
Example
                        In the following example, a new public key is installed for the administrator account:
                        mail.example.com> sshconfig
                        The following example shows how to edit the SSH server configuration.
                        mail.example.com> sshconfig
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-97
                                                                                      Chapter 3   The Commands: Reference Examples
  General Management/Administration/Troubleshooting
                               ssh-rsa
                       Cipher Algorithms:
                               aes128-ctr
                               aes192-ctr
                               aes256-ctr
                               arcfour256
                               arcfour128
                               aes128-cbc
                               3des-cbc
                               blowfish-cbc
                               cast128-cbc
                               aes192-cbc
                               aes256-cbc
                               arcfour
                               rijndael-cbc@lysator.liu.se
                       MAC Methods:
                               hmac-md5
                               hmac-sha1
                               umac-64@openssh.com
                               hmac-ripemd160
                               hmac-ripemd160@openssh.com
                               hmac-sha1-96
                               hmac-md5-96
                       Minimum Server Key Size:
                               1024
                       KEX Algorithms:
                               diffie-hellman-group-exchange-sha256
                               diffie-hellman-group-exchange-sha1
                               diffie-hellman-group14-sha1
                               diffie-hellman-group1-sha1
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-98
 Chapter 3   The Commands: Reference Examples
                                                                                   General Management/Administration/Troubleshooting
                                aes128-cbc
                                3des-cbc
                                blowfish-cbc
                                cast128-cbc
                                aes192-cbc
                                aes256-cbc
                                arcfour
                                rijndael-cbc@lysator.liu.se
                        MAC Methods:
                                hmac-md5
                                hmac-sha1
                                umac-64@openssh.com
                                hmac-ripemd160
                                hmac-ripemd160@openssh.com
                                hmac-sha1-96
                                hmac-md5-96
                        Minimum Server Key Size:
                                1024
                        KEX Algorithms:
                                diffie-hellman-group-exchange-sha256
                                diffie-hellman-group-exchange-sha1
                                diffie-hellman-group14-sha1
                                diffie-hellman-group1-sha1
status
Description
                        Show system status.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> status
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-99
                                                                                                   Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
                        Gauges:                                               Current
                          Connections
                            Current Inbound Conn.                                       0
                            Current Outbound Conn.                                     14
                        Queue
                            Active Recipients                                                  1
                            Messages In Work Queue                                             0
                            Kilobytes Used                                                    92
                            Kilobytes Free                                             8,388,516
                          Quarantine
                            Messages In Quarantine
                              Policy, Virus and Outbreak                                       0
                            Kilobytes In Quarantine
                              Policy, Virus and Outbreak                                       0
supportrequest
Description
                        Send a message to Cisco customer support. This command requires that the appliance is able to send
                        mail to the Internet. A trouble ticket is automatically created, or you can associate the support request
                        with an existing trouble ticket.
                        To access Cisco technical support directly from the appliance, your Cisco.com user ID must be
                        associated with your service agreement contract for this appliance. To view a list of service contracts
                        that are currently associated with your Cisco.com profile, visit the Cisco.com Profile Manager at
                        https://sso.cisco.com/autho/forms/CDClogin.html. If you do not have a Cisco.com user ID, register to
                        get one. See information about registering for an account in the online help or user guide for your release.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-100
 Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
Example
                        The following example shows a support request that is not related to an existing support ticket.
                        mail.example.com> supportrequest
                        Please Note:
                        If you have an urgent issue, please call one of our worldwide Support Centers
                        (www.cisco.com/support). Use this command to open a technical support request
                        for issues that are not urgent, such as:
                        - Request for information.
                        - Problem for which you have a work-around, but would like an alternative
                        solution.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-101
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
                        It is important to associate all your service contracts with your Cisco.com profile (CCO
                        ID) in order for you to receive complete access to support and
                        services from Cisco. Please follow the URLs below to associate your contract coverage on
                        your Cisco.com profile. If you do not have a CCO ID, please follow
                        the URL below to create a CCO ID.
The CCO ID may contain alphabets, numbers and '@', '.', '-' and '_' symbols.
supportrequeststatus
Description
                        Display Support Request Keywords version information for requesting support from Cisco TAC.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-102
 Chapter 3   The Commands: Reference Examples
                                                                                     General Management/Administration/Troubleshooting
Example
                        mail.example.com> supportrequeststatus
supportrequestupdate
Description
                        Request manual update of Support Request Keywords for requesting support from Cisco TAC.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> supportrequestupdate
suspend
Description
                        Suspend receiving and deliveries
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> suspend
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-103
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
mail3.example.com>
suspenddel
Description
                        Suspend deliveries
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> suspenddel
                        Enter one or more domains [comma-separated] to which you want to suspend delivery.
                        [ALL]> domain1.com, domain2.com, domain3.com
suspendlistener
Description
                        Suspend receiving.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> suspendlistener
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-104
 Chapter 3   The Commands: Reference Examples
                                                                                         General Management/Administration/Troubleshooting
                        3. OutboundMail
                        [1]> 1
tcpservices
Description
                        Display information about files opened by processes.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.cisco.com> tcpservices
                        Feature Processes
                          euq_webui    - GUI for ISQ
                          gui          - GUI process
                          hermes       - MGA mail server
                          postgres     - Process for storing and querying quarantine data
                          splunkd      - Processes for storing and querying Email Tracking data
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-105
                                                                                              Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
techsupport
Description
                        Allow Cisco TAC to access your system.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> techsupport
QT22-JQZF-YAQL-TL8L-8@2L-95
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-106
 Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
tlsverify
Description
                        Establish an outbound TLS connection on demand and debug any TLS connection issues concerning a
                        destination domain. To create the connection, specify the domain to verify against and the destination
                        host. AsyncOS checks the TLS connection based on the Required (Verify) TLS setting
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the tlsverify command can be used to perform all the fuctions of the traditional
                        CLI command to check the TLS connection to the given hostname.
Example
                        mail3.example.com> tlsverify
                        Enter the destination host to connect to.           Append the port (example.com:26) if you are not
                        connecting on port 25:
                        [example.com]> mxe.example.com:25
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-107
                                                                                               Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
trace
Description
                        Trace the flow of a message through the system
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> trace
                        Enter the SenderBase Reputation Score of the source IP.                   The actual score is N/A.
                        [N/A]>
                        Enter or paste the message body here. Enter '.' on a blank line to end.
                        Subject: Hello
                        This is a test message.
                        .
                        HAT matched on unnamed sender group, host ALL
                          - Applying $ACCEPTED policy (ACCEPT behavior).
                          - Maximum Message Size: 100M (Default)
                          - Maximum Number Of Connections From A Single IP: 1000 (Default)
                          - Maximum Number Of Messages Per Connection: 1,000 (Default)
                          - Maximum Number Of Recipients Per Message: 1,000 (Default)
                          - Maximum Recipients Per Hour: 100 (Default)
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-108
Chapter 3   The Commands: Reference Examples
                                                                                   General Management/Administration/Troubleshooting
                       Message Processing:
                        - No Virtual Gateway(tm) Assigned
                        - No Bounce Profile Assigned
                       Footer Stamping:
                        - Not Performed
                       AntiSpam Evaluation:
                        - Not Spam
                       AntiVirus Evaluation:
                        - Message Clean.
                        - Elapsed Time = '0.000 sec'
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                               3-109
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
Subject: hello
Note When using trace, you must include both the header and the body of the message pasted into the CLI.
trackingconfig
Description
                        Configure the tracking system.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> trackingconfig
Do you want to use Centralized Message Tracking for this appliance? [N]>
tzupdate
Description
                        Update timezone rules
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-110
 Chapter 3   The Commands: Reference Examples
                                                                                       General Management/Administration/Troubleshooting
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto).
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the tzupdate command forces an update off all time zone rules even if no changes
                        are detected.
tzupdate [force]
Example
                        mail.example.com> tzupdate
updateconfig
Description
                        Configure system update parameters.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Examples
                            Configure the Appliance to Download Updates from Updater Servers, page 3-111
                            Configure the Appliance to Verify the Validity of Updater Server Certificate, page 3-114
                            Configure the Appliance to Trust Proxy Server Communication, page 3-115
                        In the following example, the updateconfig command is used to configure the appliance to download
                        update images from Cisco servers and download the list of available AsyncOS upgrades from a local
                        server.
                        mail.example.com> updateconfig
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-111
                                                                                       Chapter 3   The Commands: Reference Examples
  General Management/Administration/Troubleshooting
                       ------------------------------------------------------------------------------------------
                       Feature Key updates                                  http://downloads.ironport.com/asyncos
                       Timezone rules                                       Cisco IronPort Servers
                       Enrollment Client Updates                            Cisco IronPort Servers
                       Support Request updates                              Cisco IronPort Servers
                       Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
                       ------------------------------------------------------------------------------------------
                       Timezone rules                                       Cisco IronPort Servers
                       Enrollment Client Updates                            Cisco IronPort Servers
                       Support Request updates                              Cisco IronPort Servers
                       ------------------------------------------------------------------------------------------
                       Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
Update interval: 5m
                       For the following services, please select where the system will download updates from:
                       Service (images):                                     Update URL:
                       ------------------------------------------------------------------------------------------
                       Feature Key updates
                       http://downloads.ironport.com/asyncos
                       For the following services, please select where the system will download updates from
                       (images):
                       Service (images):                                    Update URL:
                       ------------------------------------------------------------------------------------------
                       Timezone rules                                       Cisco IronPort Servers
                       Enrollment Client Updates                            Cisco IronPort Servers
                       Support Request updates                              Cisco IronPort Servers
                       For the following services, please select where the system will download updates from
                       (images):
                       Service (images):                                    Update URL:
                       ------------------------------------------------------------------------------------------
                       Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-112
Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
                       For the following services, please select where the system will download the list of
                       available
                       updates from:
                       Service (list):                                      Update URL:
                       ------------------------------------------------------------------------------------------
                       Timezone rules                                       Cisco IronPort Servers
                       Enrollment Client Updates                            Cisco IronPort Servers
                       Support Request updates                              Cisco IronPort Servers
                       For the following services, please select where the system will download the list of
                       available
                       updates from:
                       Service (list):                                      Update URL:
                       ------------------------------------------------------------------------------------------
                       Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
                       Do you want to set up a proxy server for HTTP updates for ALL of the following
                       services:
                       Do you want to set up an HTTPS proxy server for HTTPS updates for ALL of the following
                       services:
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-113
                                                                                          Chapter 3   The Commands: Reference Examples
    General Management/Administration/Troubleshooting
[N]>
                         ------------------------------------------------------------------------------------------
                         Feature Key updates                                  http://downloads.ironport.com/asyncos
                         Timezone rules                                       Cisco IronPort Servers
                         Enrollment Client Updates                            Cisco IronPort Servers
                         Support Request updates                              Cisco IronPort Servers
                         Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
                         ------------------------------------------------------------------------------------------
                         Timezone rules                                       Cisco IronPort Servers
                         Enrollment Client Updates Cisco IronPort Servers
                         Support Request updates                              Cisco IronPort Servers
                         ------------------------------------------------------------------------------------------
                         Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
Update interval: 5m
                         If you configure this option, every time the appliance communicates the Cisco updater server, the
                         validity of the updater server certificate is verified. If the verification fails, updates are not downloaded
                         and the details are logged in Updater Logs. The following example shows how to configure this option:
                         mail.example.com> updateconfig
                         ------------------------------------------------------------------------------------------
                         Feature Key updates                                  http://downloads.ironport.com/asyncos
                         Timezone rules                                       Cisco IronPort Servers
                         Enrollment Client Updates                            Cisco IronPort Servers
                         Support Request updates                              Cisco IronPort Servers
                         Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
                         ------------------------------------------------------------------------------------------
                         Timezone rules                                       Cisco IronPort Servers
                         Enrollment Client Updates                            Cisco IronPort Servers
                         Support Request updates                              Cisco IronPort Servers
                         ------------------------------------------------------------------------------------------
                         Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-114
 Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
Update interval: 5m
                        ------------------------------------------------------------------------------------------
                        Timezone rules                                       Cisco IronPort Servers
                        Enrollment Client Updates                            Cisco IronPort Servers
                        Support Request updates                              Cisco IronPort Servers
                        ------------------------------------------------------------------------------------------
                        Cisco IronPort AsyncOS upgrades                      Cisco IronPort Servers
Update interval: 5m
                        If you are using a non-transparent proxy server, you can add the CA certificate used to sign the proxy
                        certificate to the appliance. By doing so, the appliance trusts the proxy server communication. The
                        following example shows how to configure this option:
                        ...
                        Choose the operation you want to perform:
                        - SETUP - Edit update configuration.
                        - VALIDATE_CERTIFICATES - Validate update server certificates
                        - TRUSTED_CERTIFICATES - Manage trusted certificates for updates
                        []> trusted_certificates
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-115
                                                                                       Chapter 3   The Commands: Reference Examples
   General Management/Administration/Troubleshooting
updatenow
Description
                        Requests an update to all system service components.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto).
                        Batch Command: This command does support a batch format.
Batch Format
                        The batch format of the updatenow command can be used to update all components on the appliance even
                        if no changes are detected.
updatenow [force]
Example
                        mail3.example.com> updatenow
version
Description
                        View system version information
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-116
 Chapter 3   The Commands: Reference Examples
                                                                                      General Management/Administration/Troubleshooting
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> version
                        Current Version
                        ===============
                        Product: Cisco C100V Email Security Virtual Appliance
                        Model: C100V
                        Version: 9.1.0-019
                        Build Date: 2015-02-17
                        Install Date: 2015-02-19 05:17:56
                        Serial #: 421C73B18CFB05784A83-B03A99E71ED8
                        BIOS: 6.00
                        CPUs: 2 expected, 2 allocated
                        Memory: 6144 MB expected, 6144 MB allocated
                        RAID: NA
                        RAID Status: Unknown
                        RAID Type: NA
                        BMC: NA
wipedata
Description
                        Use the wipedata command to wipe the core files on the disk and check the status of the last coredump
                        operation.
               Note     Depending on the size of the data, wipe action may take a while and can affect the system performance
                        until the action is complete.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> wipedata
Wiping data may take a while and can affect system performance till it completes.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-117
                                                                                       Chapter 3   The Commands: Reference Examples
   Content Scanning
                        wipedata: In progress
                        mail.example.com> wipedata
Wiping data may take a while and can affect system performance till it completes.
upgrade
Description
                        The upgrade CLI command displays a list of available upgrades and upgrades the AsyncOS system to
                        the version specified by the user.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> upgrade
                        Upgrades available:
                        1. AsyncOS (***DON'T TOUCH!***) 4.0.8 upgrade, 2005-05-09 Build 900
                        2. AsyncOS 4.0.8 upgrade, 2005-08-12 Build 030
                        .......
                        45. SenderBase Network Participation Patch
                        [45]>
                        Performing an upgrade will require a reboot of the system after the upgrade is applied.
                         Do you wish to proceed with the upgrade? [Y]> Y
Content Scanning
                            contentscannerstatus, page 3-119
                            contentscannerudpate, page 3-119
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-118
 Chapter 3   The Commands: Reference Examples
                                                                                                                                  LDAP
contentscannerstatus
                        Display the content scanning engine version information.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> contentscannerstatus
contentscannerudpate
                        Request manual update of the content scanning engine. If force parameter is used, update is performed
                        even if no changes are detected.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> contentscannerupdate force
LDAP
                        This section contains the following CLI commands:
                            ldapconfig
                            ldapflush
                            ldaptest
                            sievechar
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-119
                                                                                      Chapter 3   The Commands: Reference Examples
   LDAP
ldapconfig
Description
                     Configure LDAP servers
Usage
                     Commit: This command requires a commit.
                     Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                     Batch Command: This command does not support a batch format.
          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-120
Chapter 3   The Commands: Reference Examples
                                                                                                                             LDAP
                       Name: PublicLDAP
                       Hostname: myldapserver.example.com Port 3268
                       Server Type: Active Directory
                       Authentication Type: password
                       Base: dc=example,dc=com
                       Name: PublicLDAP
                       Hostname: myldapserver.example.com Port 3268
                       Server Type: Active Directory
                       Authentication Type: password
                       Base: dc=example,dc=com
                       LDAPACCEPT: PublicLDAP.ldapaccept
                       Choose the operation you want to perform:
                       - SERVER - Change the server for the query.
                       - LDAPACCEPT - Configure whether a recipient address should be accepted or
                       bounced/dropped.
                       - LDAPROUTING - Configure message routing.
                       - MASQUERADE - Configure domain masquerading.
                       - LDAPGROUP - Configure whether a sender or recipient is in a specified group.
                       - SMTPAUTH - Configure SMTP authentication.
                       - EXTERNALAUTH - Configure external authentication queries.
                       - ISQAUTH - Configure Spam Quarantine End-User Authentication Query.
                       - ISQALIAS - Configure Spam Quarantine Alias Consolidation Query.
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                             3-121
                                                                                   Chapter 3   The Commands: Reference Examples
  LDAP
[]> ldaprouting
                    The query requires one of the attributes below. Please make a selection.
                      [1] Configure MAILROUTINGADDRESS only - Rewrite the Envelope Recipient (and
                    leave MAILHOST unconfigured)?
                      [2] Configure MAILHOST only - Send the messages to an alternate mail host
                    (and leave MAILROUTINGADDRESS unconfigured)?
                      [3] Configure both attributes
                    []> 1
                    Enter the attribute which contains the full rfc822 email address for the
                    recipients.
                    [mailRoutingAddress]> mailRoutingAddress
                    Name: PublicLDAP
                    Hostname: myldapserver.example.com Port 3268
                    Server Type: Active Directory
                    Authentication Type: password
                    Base: dc=example,dc=com
                    LDAPACCEPT: PublicLDAP.ldapaccept
                    LDAPROUTING: PublicLDAP.routing
                    Enter the attribute which contains the externally visible full rfc822 email address.
                    []> mailLocalAddress
                    Do you want the results of the returned attribute to replace the entire friendly portion
                    of the original recipient? [N]> n
                    Name: PublicLDAP
                    Hostname: myldapserver.example.com Port 3268
                    Server Type: Active Directory
                    Authentication Type: password
                    Base: dc=example,dc=com
                    LDAPACCEPT: PublicLDAP.ldapaccept
                    LDAPROUTING: PublicLDAP.routing
         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-122
Chapter 3   The Commands: Reference Examples
                                                                                                                             LDAP
MASQUERADE: PublicLDAP.masquerade
                       Name: PublicLDAP
                       Hostname: myldapserver.example.com Port 3268
                       Server Type: Active Directory
                       Authentication Type: password
                       Base: dc=example,dc=com
                       LDAPACCEPT: PublicLDAP.ldapaccept
                       LDAPROUTING: PublicLDAP.routing
                       MASQUERADE: PublicLDAP.masquerade
                       ISQAUTH: PublicLDAP.isqauth [active]
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                             3-123
                                                                                    Chapter 3   The Commands: Reference Examples
   LDAP
                     The "Demo" certificate is currently configured. You may use "Demo", but this will not be
                     secure.
                     1. partner.com
                     2. Demo
                     Please choose the certificate to apply:
                     [1]> 1
ldapflush
Description
                     Flush any cached LDAP results.
          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-124
 Chapter 3   The Commands: Reference Examples
                                                                                                                                  LDAP
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format
Example
                        mail3.example.com> ldapflush
Are you sure you want to flush any cached LDAP results? [N]> y
                        Flushing cache
                        mail3.example.com>
ldaptest
Description
                        Perform a single LDAP query test
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format
Example
                        In this example, the ldaptest command is used to test the only recipient acceptance query for the
                        configured LDAP server configuration. The recipient address admin@example.com passes the test,
                        while the recipient address bogus@example.com fails.
                        mail3.example.com> ldaptest
                                            Query: PublicLDAP.ldapaccept
                                         Argument: admin@example.com
                                           Action: pass
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-125
                                                                                    Chapter 3   The Commands: Reference Examples
   LDAP
                      Query: PublicLDAP.ldapaccept
                      Argument: bogus@example.com
                      Action: drop or bounce (depending on listener settings)
                      Reason: no matching LDAP record was found
                     LDAP query test finished.
                     mail3.example.com>
sievechar
Description
                     Sets or disables the character used for Sieve Email Filtering, as described in RFC 3598. Note that the
                     Sieve Character is ONLY recognized in LDAP Accept and LDAP Reroute queries. Other parts of the
                     system will operate on the complete email address.
                     Allowable characters are: -_=+/^#
Usage
                     Commit: This command does not require a commit.
                     Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                     Batch Command: This command does not support a batch format
Example
                     In this example, the sievechar command is used to define + as the sieve character recognized in Accept
                     and LDAP Reroute queries.
                     mail3.example.com> sievechar
          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-126
 Chapter 3   The Commands: Reference Examples
                                                                                                  Mail Delivery Configuration/Monitoring
addresslistconfig
Description
                        Configure address lists.
Usage
                        Commit: This command requires a commit.
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-127
                                                                                             Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format for the addresslistconfig command can be used to create a new address list, edit an
                        existing address list, print a list of address lists, delete an address list, or find conflicting addresses within
                        an address list.
                             Adding a new address list
Example
                        mail.example.com> addresslistconfig
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-128
 Chapter 3   The Commands: Reference Examples
                                                                                                       Mail Delivery Configuration/Monitoring
aliasconfig
Description
                        Configure email aliases.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the aliasconfig command can be used to add a new alias table, edit an existing table,
                        print a list of email aliases, and import/export alias table. To invoke as a batch command, use the
                        following format of the aliasconfig command with the variables listed below:
                            Adding a new email alias:
Note Using the aliasconfig new command with a non-existant domain causes the domain to be created.
aliasconfig print
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        3-129
                                                                                       Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
Example
                        mail3.example.com> aliasconfig
                        Enter address(es) for "customercare".
                        Separate multiple addresses with commas.
                        []> bob@example.com, frank@example.com, sally@example.com
                        1. Globally
                        2. Add a new domain context
                        3. example.com
                        [1]> 1
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-130
 Chapter 3   The Commands: Reference Examples
                                                                                                      Mail Delivery Configuration/Monitoring
admin: administrator@example.com
                        [ example.com ]
                        customercare: bob@example.com, frank@example.com, sally@example.com
                         Argument                 Description
                                                  The domain context in which an alias is applied. Global
                         <domain>                 specifies the Global Domain Context.
                                                  The name of the alias to configure
                                                  Aliases permitted at the Global Comain Context:
                                                  user@domain  This email address.
                                                  user This user for any domain.
                                                  @domain All users in this domain.
                                                  @.partialdomain All users in this domain or any of its
                                                  sub-domains.
                                                  Aliases permitted for specific domain contexts:
                                                  user This user in this domain context
                         <alias>                  user@domain This email address
                                                  The email address that an alias mapps to. A single alias can
                         <email_address>          map to multiple email addresses.
                         <filename>               The filename to use with importing/exporting the alias table.
archivemessage
Description
                        Archive older messages in your queue.
Usage
                        Commit: This command does not require a commit.
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-131
                                                                                       Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
Example
                        In the following example, an older message is archived:
                        mail3.example.com> archivemessage
[0]> 47
altsrchost
Description
                        Configure Virtual Gateway(tm) mappings.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        In the following example, the altsrchost table is printed to show that there are no existing mappings.
                        Two entries are then created:
                             Mail from the groupware server host named @exchange.example.com is mapped to the PublicNet
                              interface.
                             Mail from the sender IP address of 192.168.35.35 is mapped to the AnotherPublicNet interface.
                        Finally, the altsrchost mappings are printed to confirm and the changes are committed.
                        mail3.example.com> altsrchost
                        Enter the Envelope From address or client IP address for which you want to set up a
                        Virtual Gateway mapping. Partial addresses such as "@example.com" or "user@" are allowed.
                        []> @exchange.example.com
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-132
Chapter 3   The Commands: Reference Examples
                                                                                               Mail Delivery Configuration/Monitoring
                       Enter the Envelope From address or client IP address for which you want to set up a
                       Virtual Gateway mapping. Partial addresses such as "@example.com" or "user@" are allowed.
                       []> 192.168.35.35
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-133
                                                                                       Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
bounceconfig
Description
                        Configure the behavior of bounces.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        In the following example, a bounce profile named bounceprofile is created using the bounceconfig
                        command. In this profile, all hard bounced messages are sent to the alternate address
                        bounce-mailbox@example.com. Delay warnings messages are enabled. One warning message will be
                        sent per recipient, and the default value of 4 hours (14400 seconds) between warning messages is
                        accepted
                        mail3.example.com> bounceconfig
                        Please enter the maximum number of seconds a message may stay in the queue before being
                        hard bounced.
[259200]> 259200
                        Please enter the initial number of seconds to wait before retrying a message.
                        [60]> 60
                        Please enter the maximum number of seconds to wait before retrying a message.
                        [3600]> 3600
Do you want a message sent for each hard bounce? (Yes/No/Default) [Y]> y
Do you want bounce messages to use the DSN message format? (Yes/No/Default) [Y]> y
                        If a message is undeliverable after some interval, do you want to send a delay warning
                        message? (Yes/No/Default) [N]> y
                        Please enter the minimum interval in seconds between delay warning messages.
                        [14400]> 14400
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-134
 Chapter 3   The Commands: Reference Examples
                                                                                                      Mail Delivery Configuration/Monitoring
                        Please enter the maximum number of delay warning messages to send per
                        recipient.
                        [1]> 1
                        Do you want hard bounce and delay warning messages sent to an alternate address, instead
                        of the sender? [N]> y
                        Please enter the email address to send hard bounce and delay warning.
                        []> bounce-mailbox@example.com
                        Please enter the maximum number of seconds a message may stay in the queue before being
                        hard bounced.
                        [259200]>
                        Please enter the initial number of seconds to wait before retrying a message.
                        [60]>
                        Please enter the maximum number of seconds to wait before retrying a message.
                        [3600]> 10800
Do you want bounce messages to use the DSN message format? (Yes/No/Default) [N]>
                        If a message is undeliverable after some interval, do you want to send a delay warning
                        message? (Yes/No/Default)[N]>
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-135
                                                                                       Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
Do you want hard bounce messages sent to an alternate address, instead of the sender? [Y]>
              Note      Bounce profiles can be applied based upon the listener that a message was received on. However, this
                        listener has nothing to do with how the message is ultimately delivered.
                        In this example, the OutboundMail private listener is edited and the bounce profile named bouncepr1 is
                        applied to it.
                        mail3.example.com> listenerconfig
                        Name: OutboundMail
                        Type: Private
                        Interface: PrivateNet (192.168.1.1/24) TCP Port 25
                        Protocol: SMTP
                        Default Domain:
                        Max Concurrency: 600 (TCP Queue: 50)
                        Domain Map: Disabled
                        TLS: No
                        SMTP Authentication: Disabled
                        Bounce Profile: Default
                        Footer: None
                        LDAP: Off
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-136
 Chapter 3   The Commands: Reference Examples
                                                                                                 Mail Delivery Configuration/Monitoring
                        Name: OutboundMail
                        Type: Private
                        Interface: PrivateNet (192.168.1.1/24) TCP Port 25
                        Protocol: SMTP
                        Default Domain:
                        Max Concurrency: 600 (TCP Queue: 50)
                        Domain Map: Disabled
                        TLS: No
                        SMTP Authentication: Disabled
                        Bounce Profile: bouncepr1
                        Footer: None
                        LDAP: Off
mail3.example.com> commit
bouncerecipients
Description
                        Bounce messages from the queue.
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-137
                                                                                        Chapter 3   The Commands: Reference Examples
    Mail Delivery Configuration/Monitoring
Usage
                         Commit: This command does not require a commit.
                         Cluster Management: This command is restricted to machine mode.
                         Batch Command: This command does not support a batch format
Example
                         Recipients to be bounced are identified by either the destination recipient host or the message sender
                         identified by the specific address given in the Envelope From line of the message envelope. Alternately,
                         all messages in the delivery queue can be bounced at once.
                         Please enter the hostname for the messages you wish to bounce.
                         []> example.com
Are you sure you want to bounce all messages being delivered to "example.com"? [N]> Y
                         Please enter the Envelope From address for the messages you wish to bounce.
                         []> mailadmin@example.com
                         Are you sure you want to bounce all messages with the Envelope From address of
                         "mailadmin@example.com"? [N]> Y
Bounce All
                         mail3.example.com> bouncerecipients
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-138
 Chapter 3   The Commands: Reference Examples
                                                                                                   Mail Delivery Configuration/Monitoring
Are you sure you want to bounce all messages in the queue? [N]> Y
bvconfig
Description
                        Configure settings for Bounce Verification. Use this command to configure keys and invalid bounced
                        emails.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        The following exampe shows key configuration and settings configured for invalid bounced emails.
                        mail3.example.com> bvconfig
                        Enter the key to tag outgoing mail with (when tagging is enabled in the Good
                        Neighbor Table)
                        []> basic_key
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-139
                                                                                       Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
                        How do you want bounce messages which are not addressed to a valid tagged
                        recipient to be handled?
                        1. Reject.
                        2. Add a custom header and deliver.
                        [1]> 1
mail3.example.com> commit
deleterecipients
Description
                        Delete messages from the queue
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format
Example
                        The appliance gives you various options to delete recipients depending upon the need. The following
                        example show deleting recipients by recipient host, deleting by Envelope From Address, and deleting all
                        recipients in the queue.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-140
 Chapter 3   The Commands: Reference Examples
                                                                                                Mail Delivery Configuration/Monitoring
Are you sure you want to delete all messages being delivered to "example.com"? [N]> Y
                        Are you sure you want to delete all messages with the Envelope From address of
                        "mailadmin@example.com"? [N]> Y
Delete All
                        mail3.example.com> deleterecipients
deliveryconfig
Description
                        Configure mail delivery
                                                    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-141
                                                                                                Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        In the following example, the deliveryconfig command is used to set the default interface to Auto
                        with Possible Delivery enabled. The system-wide maximum outbound message delivery is set to 9000
                        connections.
                        mail3.example.com> deliveryconfig
                        Please enter the default system wide maximum outbound message delivery
                        concurrency
                        [10000]> 9000
mail3.example.com>
delivernow
Description
                        Reschedule messages for immediate delivery. Users have the option of selecting a single recipient host,
                        or all messages currently scheduled for delivery.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format
Example
                        mail3.example.com> delivernow
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-142
 Chapter 3   The Commands: Reference Examples
                                                                                                        Mail Delivery Configuration/Monitoring
                        1. By recipient domain
                        2. All messages
                        [1]> 1
destconfig
                        Formerly the setgoodtable command. The table is now called the Destination Control Table. Use this
                        table to configure delivery limits for a specified domain.
                                                Syntax                Description
                                                SETUP                 Change global settings.
                                                NEW                   Add new limits for a domain.
                                                EDIT                  Modify the limits for a domain.
                                                DELETE                Remove the limits for a domain.
                                                DEFAULT               Change the default limits for non-specified domains.
                                                LIST                  Display the list of domains and their limits.
                                                DETAIL                Display the details for one destination or all entries.
                                                CLEAR                 Remove all entries from the table.
                                                IMPORT                Imports a table of destination control entries from a .INI
                                                                      configuration file.
                                                EXPORT                Exports a table of destination control entries to a .INI
                                                                      configuration file.
                        The destconfig command requires the following information for each row in the Destination Controls
                        table.
                            Domain (recipient host)
                            Maximum simultaneous connections to the domain
                            Messages-per-connection limit
                            Recipient limit
                            System-wide or Virtual Gateway switch
                            Enforce limits per MX or domain
                            Time period for recipient limit (in minutes)
                            Bounce Verification
                            Bounce profile to use for the domain
                                                            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                         3-143
                                                                                                Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
Batch Format
                        The batch format of the destconfig command can be used to perform all the fuctions of the traditional
                        CLI command.
                             Creating a new destination control table
destconfig list
destconfig clear
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-144
 Chapter 3   The Commands: Reference Examples
                                                                                                     Mail Delivery Configuration/Monitoring
                        For the edit and new batch commands, any or all of the following options may be provided by identifying
                        the value with the variable name and an equals sign. Options not specified will not be modified (if using
                        edit) or will be set to default values (if using new).
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-145
                                                                                                  Chapter 3   The Commands: Reference Examples
  Mail Delivery Configuration/Monitoring
                       l
                                       Rate                      Bounce               Bounce
                       Domain          Limiting     TLS          Verification         Profile
                       =========       ========     =======      ============         =========
                       (Default)       On           Off          Off                  (Default)
[]> partner.com
Do you wish to apply a specific TLS setting for this domain? [N]> n
                       Do you wish to apply a specific bounce verification address tagging setting for
                       this domain? [N]> n
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-146
 Chapter 3   The Commands: Reference Examples
                                                                                                   Mail Delivery Configuration/Monitoring
mail3.example.com> commit
Do you wish to apply a specific TLS setting for this domain? [N]> y
                        You have chosen to enable TLS. Please use the 'certconfig' command to ensure that there is
                        a valid certificate configured.
                        Do you wish to apply a specific bounce verification address tagging setting for this
                        domain? [N]> y
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-147
                                                                                            Chapter 3   The Commands: Reference Examples
  Mail Delivery Configuration/Monitoring
                       Enter the domain name to view, or enter DEFAULT to view details for the
                       default, or enter ALL to view details for all:
                       []> all
                       newpartner.com
                        Maximum messages per connection: Default
                        Rate Limiting: Default
                        TLS: Required
                        Bounce Verification Tagging: On
                        Bounce Profile: Default
                       Default
                        Rate Limiting:
                        500 concurrent connections
                        No recipient limit
                        Limits applied to entire domain, across all virtual gateways
                        TLS: Off
                        Bounce Verification Tagging: Off
[]>
mail3.example.com> commit
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-148
 Chapter 3   The Commands: Reference Examples
                                                                                                     Mail Delivery Configuration/Monitoring
                        Do you wish to apply a specific TLS setting for this domain? [N]> n
                        Do you wish to apply a specific bounce verification address tagging setting for this
                        domain? [N]> n
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-149
                                                                                       Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
mail3.example.com> commit
                        The "Demo" certificate is currently configured. You may use "Demo", but this will not be
                        secure.
                        1. partner.com
                        2. Demo
                        Please choose the certificate to apply:
                        [1]> 1
Do you want to send an alert when a required TLS connection fails? [N]> n
hostrate
Description
                        Monitor activity for a particular host
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-150
 Chapter 3   The Commands: Reference Examples
                                                                                                     Mail Delivery Configuration/Monitoring
Example
                        mail3.example.com> hostrate
                        Recipient host:
                        []> aol.com
hoststatus
Description
                        Get the status of the given hostname.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format
Example
                        mail3.example.com> hoststatus
                        Recipient host:
                        []> aol.com
                        Counters:
                          Queue
                            Soft Bounced Events                                    0
                          Completion
                            Completed Recipients                                   1
                              Hard Bounced Recipients                              1
                                DNS Hard Bounces                                   0
                                5XX Hard Bounces                                   1
                                Filter Hard Bounces                                0
                                Expired Hard Bounces                               0
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-151
                                                                                           Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
                        Gauges:
                          Queue
                            Active Recipients                                          0
                              Unattempted Recipients                                   0
                              Attempted Recipients                                     0
                            Connections
                              Current Outbound Connections                             0
                              Pending Outbound Connections                             0
imageanalysisconfig
Description
                        Configure the IronPort Image Analysis settings
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-152
 Chapter 3   The Commands: Reference Examples
                                                                                                  Mail Delivery Configuration/Monitoring
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        mail.example.com>imageanalysisconfig
                        Define the image analysis sensitivity. Enter a value between 0 (least sensitive) and 100
                        (most sensitive). As sensitivity increases, so does the false
                        positive rate. The default setting of 65 is recommended.
                        [65]>
                        Define the range for a CLEAN verdict. Enter the upper bound of the CLEAN range by entering
                        a value between 0 and 98. The default setting of 49 is
                        recommended.
                        [49]>
                        Define the range for a SUSPECT verdict. Enter the upper bound of the SUSPECT range by
                        entering a value between 50 and 99. The default setting of 74 is
                        recommended.
                        [74]>
Would you like to skip scanning of images smaller than a specific size? [Y]>
                        Please enter minimum image size to scan in pixels, representing either height or width of
                        a given image.
                        [100]>
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-153
                                                                                               Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
oldmessage
Description
                        Displays the mid and headers of the oldest non-quarantine message on the system.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode..
                        Batch Command: This command does not support a batch format.
Example
                        In the following example, an older messages are displayed:
                        mail3.example.com> oldmessage
rate
Description
                        Monitor message throughput
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> rate
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-154
 Chapter 3   The Commands: Reference Examples
                                                                                                     Mail Delivery Configuration/Monitoring
redirectrecipients
Description
                        Redirect all messages to another relay host.
             Warning    Redirecting messages to a receiving domain that has /dev/null as its destination results in the loss of
                        messages. The CLI does not display a warning if you redirect mail to such a domain. Check the SMTP
                        route for the receiving domain before redirecting messages.
             Warning    Redirecting recipients to a host or IP address that is not prepared to accept large volumes of SMTP
                        mail from this host will cause messages to bounce and possibly result in the loss of mail.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the redirectrecipients command can be used to perform all the fuctions of the
                        traditional CLI command.
                            Redirects all mail to another host name or IP address
Example
                        The following example redirects all mail to the example2.com host.
                        mail3.example.com> redirectrecipients
                        Please enter the hostname or IP address of the machine you want to send all mail to.
                        []> example2.com
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-155
                                                                                       Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
Are you sure you want to redirect all mail in the queue to "example2.com"? [N]> y
resetcounters
Description
                        Reset all of the counters in the system
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> resetcounters
removemessage
Description
                        Attempts to safely remove a message for a given message ID.
                        The removemessage command can only remove messages that are in the work queue, retry queue, or a
                        destination queue. Note that depending on the state of the system, valid and active messages may not be
                        in any of those queues.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        example.com> removemessage
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-156
 Chapter 3   The Commands: Reference Examples
                                                                                                   Mail Delivery Configuration/Monitoring
showmessage
Description
                        Shows the message and message body for a specified message ID.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        example.com> showmessage
showrecipients
Description
                        Show messages from the queue by recipient host, Envelope From address, or all messages.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does support a batch format.
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-157
                                                                                         Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
Batch Format
                        The batch format of the showrecipients command can be used to perform all the fuctions of the
                        traditional CLI command.
                             Find messages by a recipient host name
showrecipients all
Example
                        The following example shows messages in the queue for all recipient hosts.
                        mail3.example.com> showrecipients
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-158
 Chapter 3   The Commands: Reference Examples
                                                                                                     Mail Delivery Configuration/Monitoring
status
                        The status command is used to display the system status of your appliance. Using the detail option
                        (status detail) displays additional information.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> status detail
                        Gauges:                                                    Current
                          Connections
                            Current Inbound Conn.                                        0
                            Current Outbound Conn.                                       0
                          Queue
                            Active Recipients                                            2
                            Messages In Work Queue                                       0
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-159
                                                                                                   Chapter 3     The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
tophosts
Description
                        To get immediate information about the email queue and determine if a particular recipient host has
                        delivery problems  such as a queue buildup  use the tophosts command. The tophosts command
                        returns a list of the top 20 recipient hosts in the queue. The list can be sorted by a number of different
                        statistics, including active recipients, connections out, delivered recipients, soft bounced events, and
                        hard bounced recipients.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> tophosts
                        1. Active Recipients
                        2. Connections Out
                        3. Delivered Recipients
                        4. Hard Bounced Recipients
                        5. Soft Bounced Events
                        [1]> 1
                        1*     example.com                                    2          0           0               0             0
                        2      the.encryption.queue                           0          0           0               0             0
                        3      the.euq.queue                                  0          0           0               0             0
                        4      the.euq.release.queue                          0          0           0               0             0
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-160
 Chapter 3   The Commands: Reference Examples
                                                                                                    Mail Delivery Configuration/Monitoring
topin
Description
                        Display the top hosts by number of incoming connections
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> topin
unsubscribe
Description
                        Update the global unsubscribe list
Usage
                        Commit: This command requires a commit.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-161
                                                                                       Chapter 3   The Commands: Reference Examples
   Mail Delivery Configuration/Monitoring
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        In this example, the address user@example.net is added to the Global Unsubscribe list, and the feature
                        is configured to hard bounce messages. Messages sent to this address will be bounced; the appliance will
                        bounce the message immediately prior to delivery.
                        mail3.example.com> unsubscribe
mail3.example.com> commit
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-162
 Chapter 3   The Commands: Reference Examples
                                                                                                 Networking Configuration / Network Tools
workqueue
Description
                        Display and/or alter work queue pause status
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> workqueue
                        Status:   Operational
                        Messages: 1243
Manually pause work queue? This will only affect unprocessed messages. [N]> y
               Note     Entering a reason is optional. If you do not enter a reason, the system logs the reason as operator
                        paused.
                        Status:   Operational
                        Messages: 1243
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-163
                                                                                       Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
                            netstat
                            nslookup
                            packetcapture
                            ping
                            ping6
                            routeconfig
                            setgateway
                            sethostname
                            smtproutes
                            sslconfig
                            sslv3config
                            telnet
                            traceroute
                            traceroute6
etherconfig
Description
                        Configure Ethernet settings, including media settings, NIC pairing, VLAN configuration, and DSR
                        configuration.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> etherconfig
VLAN interfaces:
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-164
Chapter 3   The Commands: Reference Examples
                                                                                            Networking Configuration / Network Tools
                       Enter the name or number of the ethernet interface you wish bind to:
                       1. Data 1
                       2. Data 2
                       3. Management
                       [1]> 1
                       VLAN interfaces:
                       1. VLAN   12 (Data 1)
                       Ethernet interfaces:
                       1. Data 1 default mtu 1500
                       2. Data 2 default mtu 1500
                       3. Management default mtu 1500
                       4. VLAN   12 default mtu 1500
                       Enter the name or number of the ethernet interface you wish to edit.
                       []> pair1
                       Enter the name or number of the ethernet interface you wish to edit.
                       []> 12
                       Enter the name or number of the ethernet interface you wish to edit.
                       []> 2
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                               3-165
                                                                                       Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
                        Please enter a non-default (1500) MTU value for the Data 2 interface.
                        []> 1200
                        Ethernet interfaces:
                        1. Data 1 default mtu 1500
                        2. Data 2 mtu 1200
                        3. Management default mtu 1500
                        4. VLAN   12 default mtu 1500
interfaceconfig
Description
                        Configure the interface. You can create, edit, or delete interfaces. You can enable FTP, change an IP
                        address, and configure Ethernet IP addresses.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the interfaceconfig command can be used to perform all the fuctions of the
                        traditional CLI command.
                            Creating a new interface
<ethernet interface>
<hostname>
--ip=IPv4 Address/Netmask
[--ftp[=<port>]]
[--telnet[=<port>]]
[--ssh[=<port>]]
[--http][=<port>]
[--https[=<port>]]
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-166
 Chapter 3   The Commands: Reference Examples
                                                                                                  Networking Configuration / Network Tools
[--euq_http[=<port>]]
[--euq_https][=<port>]
[--ccs[=<port>]].
Deleting an interface
Would you like to configure an IPv4 address for this interface (y/n)? [Y]>
Would you like to configure an IPv6 address for this interface (y/n)? [N]> n
                        Ethernet interface:
                        1. Data 1
                        2. Data 2
                        3. Management
                        [3]>
                        Hostname:
                        [mail.example.com]>
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-167
                                                                                       Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
Do you want to enable AsyncOS API (Monitoring) HTTP on this interface? [N]> y
                        Which port do you want to use for AsyncOS API (Monitoring) HTTP?
                        [6080]>
Do you want to enable AsyncOS API (Monitoring) HTTPS on this interface? [N]> y
                        Which port do you want to use for AsyncOS API (Monitoring) HTTPS?
                        [6443]>
                        The "Demo" certificate is currently configured. You may use "Demo", but this will not be
                        secure. To assure privacy, run "certconfig" first.
                        Both HTTP and HTTPS are enabled for this interface, should HTTP requests redirect to the
                        secure service? [Y]>
                        You have edited the interface you are currently logged into. Are you sure you want to
                        change it? [Y]>
nslookup
Description
                        Use the nslookup command to check the DNS functionality.
                        The nslookup command can confirm that the appliance is able to reach and resolve hostnames and IP
                        addresses from a working DNS (domain name service) server.
                        Table 3-10            nslookup Command Query Types
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-168
 Chapter 3   The Commands: Reference Examples
                                                                                                    Networking Configuration / Network Tools
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        mail.example.com> nslookup
AAAA=2001:420:54ff:ff06::95 TTL=30m
netstat
Description
                        Use the netstat command to displays network connections (both incoming and outgoing), routing
                        tables, and a number of network interface statistics. Note that this version will not support all arguments.
                        Specifically, you cannot use -a, -A, -g, -m, -M, -N, -s. The command was designed to be run in interactive
                        mode, so that you may enter netstat, then choose from five options to report on. You can also specify the
                        interface to listen on and the interval for display.
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-169
                                                                                         Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format
Example
                        example.com> netstat
                        Choose the information you want to display:
                        1. List of active sockets.
                        2. State of network interfaces.
                        3. Contents of routing tables.
                        4. Size of the listen queues.
                        5. Packet traffic information.
                        [1]> 2
                        Select the ethernet interface whose state you wish to display:
                        1. Data 1
                        2. Data 2
                        3. Management
                        4. ALL
                        []> 1
                        Show the number of bytes in and out? [N]>
                        Show the number of dropped packets? [N]> y
                        Name    Mtu Network        Address             Ipkts Ierrs     Opkts
                        Oerrs Coll Drop
                        Data 1 1500 197.19.1/24    example.com      30536     -         5                   -
                        -     -
                        example.com>
packetcapture
Description
                        Use the netstat command to displays network connections (both incoming and outgoing), routing
                        tables, and a number of network interface statistics. Note that this version will not support all arguments.
                        Specifically, you cannot use -a, -A, -g, -m, -M, -N, -s. The command was designed to be run in interactive
                        mode, so that you may enter netstat, then choose from five options to report on. You can also specify the
                        interface to listen on and the interval for display.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format
Example
                        mail.example.com> packetcapture
                        Capture Information:
                          Status:                      No capture running
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-170
Chapter 3   The Commands: Reference Examples
                                                                                              Networking Configuration / Network Tools
                       Current Settings:
                         Maximum File Size:    200 MB
                         Limit:                None (Run Indefinitely)
                         Interface(s):         ALL
                         Filter:               (tcp port 25)
                       Capture Information:
                         File Name:            C100V-421C73B18CFB05784A83-B03A99E71ED8-20150312-105256.cap
                         File Size:            0 of 200M
                         Duration:             0s
                         Limit:                None (Run Indefinitely)
                         Interface(s):         ALL
                         Filter:               (tcp port 25)
                       Capture Information:
                         File Name:            C100V-421C73B18CFB05784A83-B03A99E71ED8-20150312-105256.cap
                         File Size:            24 of 200M
                         Duration:             10s
                         Limit:                None (Run Indefinitely)
                         Interface(s):         ALL
                         Filter:               (tcp port 25)
                       Enter maximum allowable size for the capture file (in MB)
                       [200]>
                       Do you want to stop the capture when the file size is reached? (If not, a new file will be
                       started and the older capture data will be discarded.)
                       [N]>
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-171
                                                                                       Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
                        Current Settings:
                          Maximum File Size:           200 MB
                          Limit:                       None (Run Indefinitely)
                          Interface(s):                ALL
                          Filter:                      (tcp port 25)
ping
Description
                             The ping command allows you to test connectivity to a network host from the appliance.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> ping
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-172
 Chapter 3   The Commands: Reference Examples
                                                                                                  Networking Configuration / Network Tools
ping6
Description
                        Ping a network host using IPv6
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> ping6
routeconfig
Description
                        The routeconfig command allows you to create, edit, and delete static routes for TCP/IP traffic. By
                        default, traffic is routed through the default gateway set with the setgateway command. However,
                        AsyncOS allows specific routing based on destination.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-173
                                                                                                     Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
                        Routes consist of a nickname (for future reference), a destination, and a gateway. A gateway (the next
                        hop) is an IP address such as 10.1.1.2. The destination can be one of two things:
                            an IP address, such as 192.168.14.32
                            a subnet using CIDR notation. For example, 192.168.5.0/24 means the entire class C network from
                             192.168.5.0 to 192.168.5.255.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the smtproutes command can be used to perform all the fuctions of the traditional
                        CLI command. You can choose whether to use IPv4 or IPv6 addresses for the route.
                            Creating a static route:
                                                    Argument                           Description
                                                    4|6                                The IP version (IPv4 or IPv6) to apply this command
                                                                                       to. For clear and print this option can be omitted
                                                                                       and the command applies to both versions.
                                                    name                               The name of the route.
                                                    destination_address                The IP or CIDR address to match on for outgoing IP
                                                                                       traffic.
                                                    gateway_ip                         The IP address to send this traffic to.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-174
 Chapter 3   The Commands: Reference Examples
                                                                                                     Networking Configuration / Network Tools
Example
                        mail3.example.com> routeconfig
                        1. IPv4
                        2. IPv6
                        [1]>
mail3.example.com> routeconfig
                        1. IPv4
                        2. IPv6
                                                            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        3-175
                                                                                       Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
[1]> 2
setgateway
Description
                        The setgateway command configures the default next-hop intermediary through which packets should
                        be routed. Alternate (non-default) gateways are configured using the routeconfig command.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> setgateway
                        Warning: setting an incorrect default gateway may cause the current connection to be
                        interrupted when the changes are committed.
                        Enter new default gateway:
                        [10.1.1.1]> 192.168.20.1
mail3.example.com> commit
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-176
 Chapter 3   The Commands: Reference Examples
                                                                                                 Networking Configuration / Network Tools
sethostname
Description
                        The hostname is used to identify the system at the CLI prompt. You must enter a fully-qualified
                        hostname. The sethostname command sets the name of the Email Security appliance. The new hostname
                        does not take effect until you issue the commit command.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        oldname.example.com> sethostname
[oldname.example.com]> mail3.example.com
oldname.example.com>
                        For the hostname change to take effect, you must enter the commit command. After you have successfully
                        committed the hostname change, the new name appears in the CLI prompt:
                        oldname.example.com> commit
smtproutes
Description
                        Set up permanent domain redirections.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-177
                                                                                       Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format.
Batch Format
                        The batch format of the smtproutes command can be used to perform all the fuctions of the traditional
                        CLI command.
                            Creating a new SMTP route
smtproutes clear
smtproutes print
Example
                        In the following example, the smptroutes command is used to construct a route (mapping) for the
                        domain example.com to relay1.example.com, relay2.example.com, and backup-relay.example.com.
                        Use /pri=# to specify a destination priority. THE # should be from 0-65535, with larger numbers
                        indicating decreasing priority. If unspecified, the priority defaults to 0.
                        (Note that you may have constructed the same mapping during the systemsetup command when you
                        configured the InboundMail public listener.)
                        mail3.example.com> smtproutes
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-178
 Chapter 3   The Commands: Reference Examples
                                                                                                 Networking Configuration / Network Tools
                        Enter the domain for which you want to set up a permanent route.
                        Partial hostnames such as ".example.com" are allowed.
                        Use "ALL" for the default route.
                        []> example.com
                        Enter the destination hosts, separated by commas, which you want mail
                        for example.com to be delivered.
                        Enter USEDNS by itself to use normal DNS resolution for this route.
                        Enter /dev/null by itself if you wish to discard the mail.
                        Enclose in square brackets to force resolution via address (A)
                        records, ignoring any MX records.
                        []> relay1.example.com/pri=10, relay2.example.com, backup-relay.example.com
sslconfig
Description
                        Configure SSL settings for the appliance.
Usage
                        Commit: This command requires a commit.
                        Cluster Management:This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> sslconfig
                        sslconfig settings:
                          GUI HTTPS method: sslv3tlsv1
                          GUI HTTPS ciphers:
                                RC4-SHA
                                RC4-MD5
                                ALL
                          Inbound SMTP method: sslv3tlsv1
                          Inbound SMTP ciphers:
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-179
                                                                                      Chapter 3   The Commands: Reference Examples
  Networking Configuration / Network Tools
                                RC4-SHA
                                RC4-MD5
                                ALL
                          Outbound SMTP method: sslv3tlsv1
                          Outbound SMTP ciphers:
                                RC4-SHA
                                RC4-MD5
                                ALL
                       sslconfig settings:
                         GUI HTTPS method: sslv2sslv3tlsv1
                         GUI HTTPS ciphers:
                               RC4-SHA
                               RC4-MD5
                               ALL
                         Inbound SMTP method: sslv3tlsv1
                         Inbound SMTP ciphers:
                               RC4-SHA
                               RC4-MD5
                               ALL
                         Outbound SMTP method: sslv3tlsv1
                         Outbound SMTP ciphers:
                               RC4-SHA
                               RC4-MD5
                               ALL
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-180
 Chapter 3   The Commands: Reference Examples
                                                                                                 Networking Configuration / Network Tools
                        sslconfig settings:
                          GUI HTTPS method: sslv2sslv3tlsv1
                          GUI HTTPS ciphers:
                                RC4-SHA
                                RC4-MD5
                                ALL
                          Inbound SMTP method: sslv2sslv3tlsv1
                          Inbound SMTP ciphers:
                                RC4-SHA
                                RC4-MD5
                                ALL
                          Outbound SMTP method: sslv3tlsv1
                          Outbound SMTP ciphers:
                                RC4-SHA
                                RC4-MD5
                                ALL
sslv3config
Description
                        Enable or disable SSLv3 settings for the appliance.
Usage
                        Commit: This command requires a commit.
                        Cluster Management:This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        The following example shows how to disable SSLv3 for End User Quarantine.
                        mail.example.com> sslv3config
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-181
                                                                                       Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
                        2. LDAP Service
                        3. Updater Service
                        4. Web Security Service
                        [1]>
telnet
Description
                        Connect to a remote host
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> telnet
                        Trying 193.168.1.1...
                        Connected to 193.168.1.1.
                        Escape character is '^]'.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-182
 Chapter 3   The Commands: Reference Examples
                                                                                                 Networking Configuration / Network Tools
traceroute
Description
                        Use the traceroute command to test connectivity to a network host using IPV4 from the appliance and
                        debug routing issues with network hops.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> traceroute
                        Please enter the host to which you want to trace the route.
                        []> 10.1.1.1
traceroute6
Description
                        Use the traceroute6 command to test connectivity to a network host using IPV6 from the appliance
                        and debug routing issues with network hops.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-183
                                                                                       Chapter 3   The Commands: Reference Examples
   Networking Configuration / Network Tools
Example
                        mail.example.com> traceroute6
                        Please enter the host to which you want to trace the route.
                        []> example.com
                        Please enter the host to which you want to trace the route.
                        []> example.com
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-184
 Chapter 3   The Commands: Reference Examples
                                                                                                                            Outbreak Filters
Outbreak Filters
                        This section contains the following CLI commands:
                            outbreakconfig
                            outbreakflush
                            outbreakstatus
                            outbreakupdate
outbreakconfig
Description
                        Use the outbreakconfig command to configure the Outbreak Filter feature. You perform the following
                        actions using this command:
                            Enable Outbreak Filters globally
                            Enable Adaptive Rules scanning
                            Set a maximum size for files to scan (note that you are entering the size in bytes)
                            Enable alerts for the Outbreak Filter
                            Enable Logging of URLs
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail.example.com> outbreakconfig
                        Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or back
                        down below), meaning that new messages of
                        certain types could be quarantined or will no longer be quarantined, respectively.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-185
                                                                                        Chapter 3   The Commands: Reference Examples
   Outbreak Filters
[524288]>
Do you want to use adaptive rules to compute the threat level of messages? [Y]>
                         The Outbreak Filters feature is now globally enabled on the system. You must use the
                         'policyconfig' command in the CLI or the Email
                         Security Manager in the GUI to enable Outbreak Filters for the desired Incoming and
                         Outgoing Mail Policies.
outbreakflush
Description
                         Clear the cached Outbreak Rules.
Usage
                         Commit: This command does not require a commit.
                         Cluster Management: This command is restricted to machine mode.
                         Batch Command: This command does not support a batch format.
Example
                         mail3.example.com> outbreakflush
                         Warning - This command removes the current set of Outbreak Filter Rules, leaving your
                         network exposed until the next rule download. Run "outbreakupdate force" command to
                         immediately download Outbreak Filter Rules.
Are you sure that you want to clear the current rules? [N]> y
mail3.example.com>
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-186
 Chapter 3   The Commands: Reference Examples
                                                                                                                           Outbreak Filters
outbreakstatus
Description
                        The outbreakstatus command shows the current Outbreak Filters feature settings, including whether
                        the Outbreak Filters feature is enabled, any Outbreak Rules, and the current threshold.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> outbreakstatus
                        Outbreak Filter Rules with higher threat levels pose greater risks.
                        (5 = highest threat, 1 = lowest threat)
mail3.example.com>
outbreakupdate
Description
                        Requests an immediate update of CASE rules and engine core.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto).
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-187
                                                                                        Chapter 3   The Commands: Reference Examples
    Policy Enforcement
Example
                         elroy.run> outbreakupdate
Policy Enforcement
                         This section contains the following CLI commands:
                             dictionaryconfig
                             exceptionconfig
                             filters
                             policyconfig
                             quarantineconfig
                             scanconfig
                             stripheaders
                             textconfig
dictionaryconfig
Description
                         Configure content dictionaries
Usage
                         Commit: This command requires a commit.
                         Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                         Batch Command: This command does not support a batch format.
Example
                         Use dictionaryconfig -> new to create dictionaries, and dictionaryconfig -> delete to remove
                         dictionaries.
Creating a Dictionary
                         example.com> dictionaryconfig
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-188
  Chapter 3   The Commands: Reference Examples
                                                                                                                        Policy Enforcement
Creating a Dictionary 2
                         In this example, a new dictionary named secret_words is created to contain the term codename. Once
                         the dictionary has been entered, the edit -> settings subcommand is used to define the case-sensitivity
                         and word boundary detection for words in the dictionary.
                         mail3.example.com> dictionaryconfig
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-189
                                                                                      Chapter 3   The Commands: Reference Examples
  Policy Enforcement
                       []> edit
                       Enter the number of the dictionary you want to edit:
                       1. secret_words
                       []> 1
Do you want to ignore case when matching using this dictionary? [Y]>
Do you want strings in this dictionary to only match complete words? [Y]>
mail3.example.com> commit
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-190
 Chapter 3   The Commands: Reference Examples
                                                                                                                      Policy Enforcement
Importing Dictionaries
                         In the example below, using the dictionaryconfig command, 84 terms in the profanity.txt text file
                         are imported as Unicode (UTF-8) into a dictionary named profanity.
                         mail3.example.com> dictionaryconfig
Exporting Dictionaries
                         In the example below, using the dictionaryconfig command, the secret_words dictionary is exported
                         to a text file named secret_words_export.txt
                         mail3.example.com> dictionaryconfig
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-191
                                                                                       Chapter 3   The Commands: Reference Examples
   Policy Enforcement
[]> edit
mail3.example.com> dictionaryconfig
exceptionconfig
Description
                        Use the exceptionconfig command in the CLI to create the domain exception table. In this example,
                        the email address admin@zzzaaazzz.com is added to the domain exception table with a policy of
                        Allow.
Usage
                        Commit: This command requires a commit.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-192
 Chapter 3   The Commands: Reference Examples
                                                                                                                     Policy Enforcement
                        Cluster Management: This command can be used in all three machine modes (cluster, group,
                        machine)..
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> exceptionconfig
                        Enter a domain, sub-domain, user, or email address for which you wish to
                        provide an exception:
                        []> mail.partner.com
                        Enter a domain, sub-domain, user, or email address for which you wish to
                        provide an exception:
                        []> admin@zzzaaazzz.com
filters
Description
                        Configure message processing options.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to machine mode.
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-193
                                                                                       Chapter 3   The Commands: Reference Examples
   Policy Enforcement
Example
                        In this example, the filter command is used to create three new filters:
                            The first filter is named big_messages. It uses the body-size rule to drop messages larger than 10
                             megabytes.
                            The second filter is named no_mp3s. It uses the attachment-filename rule to drop messages that
                             contain attachments with the filename extension of .mp3.
                            The third filter is named mailfrompm. It uses mail-from rule examines all mail from
                             postmaster@example.com and blind-carbon copies administrator@example.com.
                        Using the filter -> list subcommand, the filters are listed to confirm that they are active and valid,
                        and then the first and last filters are switched in position using the move subcommand. Finally, the
                        changes are committed so that the filters take effect.
                        mail3.example.com> filters
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-194
 Chapter 3   The Commands: Reference Examples
                                                                                                                        Policy Enforcement
policyconfig
Description
                        Configure per recipient or sender based policies.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Examples
                            Creating an Incoming Mail Policy to Drop Spam Messages and Archive Suspected Spam Messages,
                             page 3-196
                            Creating a Policy for the Sales Team, page 3-198
                            Creating a Policy for the Engineering Team, page 3-200
                            Creating the scan_for_confidential Content Filter, page 3-202
                            Creating the no_mp3s and ex_employee Content Filters, page 3-206
                            Enabling Content Filters for Specific Policies, page 3-211
                            DLP Policies for Default Outgoing Policy, page 3-214
                            Create an Incoming Policy to Drop the Messages Identified as Bulk Email or Social Network Email,
                             page 3-216
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-195
                                                                                                Chapter 3   The Commands: Reference Examples
    Policy Enforcement
Creating an Incoming Mail Policy to Drop Spam Messages and Archive Suspected Spam Messages
                         In this example, the policyconfig -> edit -> antispam subcommand is used to edit the Anti-Spam
                         settings for the default incoming mail policy. (Note that this same configuration is available in the GUI
                         from the Email Security Manager feature.)
                             First, messages positively identified as spam are chosen not to be archived; they will be dropped.
                             Messages that are suspected to be spam are chosen to be archived. They will also be sent to the Spam
                              Quarantine installed on the server named quarantine.example.com. The text [quarantined:
                              possible spam] is prepended to the subject line and a special header of X-quarantined: true is
                              configured to be added to these suspect messages. In this scenario, Administrators and end-users can
                              check the quarantine for false positives, and an administrator can adjust, if necessary, the suspected
                              spam threshold.
                         Finally, the changes are committed.
                         mail3.example.com> policyconfig
Policy Summaries:
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-196
Chapter 3   The Commands: Reference Examples
                                                                                                                   Policy Enforcement
                       1. DELIVER
                       2. DROP
                       3. BOUNCE
                       4. IRONPORT QUARANTINE
                       What do you want to do with messages identified as spam?
                       [1]> 2
                       What score would you like to set for the IronPort Anti-Spam suspect spam threshold?
                       [50]> 50
                       1. PREPEND
                       2. APPEND
                       3. NONE
                       Do you want to add text to the subject of messages identified as SUSPECTED spam?
                       [1]> 1
Do you want to add a custom header to messages identified as SUSPECTED spam? [N]> y
Policy Summaries:
                                                    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-197
                                                                                                Chapter 3   The Commands: Reference Examples
    Policy Enforcement
mail3.example.com> commit
                         Begin entering policy members. The following types of entries are allowed:
                         Username entries such as joe@, domain entries such as @example.com, sub-domain
                         entries such as @.example.com, LDAP group memberships such as ldap(Engineers)
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-198
Chapter 3   The Commands: Reference Examples
                                                                                                                   Policy Enforcement
[]> ldap(sales)
                       1. DELIVER
                       2. DROP
                       3. BOUNCE
                       4. IRONPORT QUARANTINE
                       What do you want to do with messages identified as spam?
                       [1]> 2
                       What score would you like to set for the IronPort Anti-Spam suspect spam
                       threshold?
                       [50]> 50
                       1. PREPEND
                       2. APPEND
                       3. NONE
                       Do you want to add text to the subject of messages identified as SUSPECTED
                       spam?
                       [1]> 3
Do you want to add a custom header to messages identified as SUSPECTED spam? [N]> n
                                                    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-199
                                                                                                Chapter 3   The Commands: Reference Examples
    Policy Enforcement
Would you like to enable Outbreak Filters for this policy? [Y]> y
                         Then, create the policy for the engineering team (three individual email recipients), specifying that .dwg
                         files are exempt from Outbreak Filter scanning.
                         Begin entering policy members. The following types of entries are allowed:
                         Username entries such as joe@, domain entries such as @example.com, sub-domain entries
                         such as @.example.com, LDAP group memberships such as ldap(Engineers)
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-200
Chapter 3   The Commands: Reference Examples
                                                                                                                   Policy Enforcement
[]> bob@example.com
Would you like to enable Outbreak Filters for this policy? [Y]> y
                       Would you like to modify the list of file extensions that bypass
                       Outbreak Filters? [N]> y
                                                    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-201
                                                                                                Chapter 3   The Commands: Reference Examples
    Policy Enforcement
                         Next, create three new content filters to be used in the Incoming Mail Overview policy table.
                         In the CLI, the filters subcommand of the policyconfig command is the equivalent of the Incoming
                         Content Filters GUI page. When you create content filters in the CLI, you must use the save
                         subcommand to save the filter and return to the policyconfig command.
                         First, create the scan_for_confidential content filter:
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-202
Chapter 3   The Commands: Reference Examples
                                                                                                                      Policy Enforcement
[]> filters
No filters defined.
                       Conditions:
                       Always Run
                       Actions:
                       No actions defined yet.
                       Description:
                       scan all incoming mail for the string 'confidential'
                       1. Condition
                       2. Action
                       [1]> 1
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-203
                                                                                      Chapter 3   The Commands: Reference Examples
  Policy Enforcement
                       Conditions:
                       body-contains("confidential", 1)
                       Actions:
                       No actions defined yet.
                       Description:
                       scan all incoming mail for the string 'confidential'
                       1. Condition
                       2. Action
                       [1]> 2
                       1. Bcc
                       2. Notify
                       3. Redirect To Alternate Email Address
                       4. Redirect To Alternate Host
                       5. Insert A Custom Header
                       6. Insert A Message Tag
                       7. Strip A Header
                       8. Send From Specific IP Interface
                       9. Drop Attachments By Content
                       10. Drop Attachments By Name
                       11. Drop Attachments By MIME Type
                       12. Drop Attachments By File Type
                       13. Drop Attachments By Size
                       14. Send To System Quarantine
                       15. Duplicate And Send To System Quarantine
                       16. Add Log Entry
                       17. Drop (Final Action)
                       18. Bounce (Final Action)
                       19. Skip Remaining Content Filters (Final Action)
                       20. Encrypt (Final Action)
                       21. Encrypt on Delivery
                       22. Skip Outbreak Filters check
                       [1]> 1
Do you want to edit the subject line used on the Bcc message? [N]> y
Do you want to edit the return path of the Bcc message? [N]> n
                       Conditions:
                       body-contains("confidential", 1)
                       Actions:
                       bcc ("hr@example.com", "[message matched confidential filter]")
Description:
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-204
Chapter 3   The Commands: Reference Examples
                                                                                                                      Policy Enforcement
                       1. Condition
                       2. Action
                       [1]> 2
                       1. Bcc
                       2. Notify
                       3. Redirect To Alternate Email Address
                       4. Redirect To Alternate Host
                       5. Insert A Custom Header
                       6. Insert A Message Tag
                       7. Strip A Header
                       8. Send From Specific IP Interface
                       9. Drop Attachments By Content
                       10. Drop Attachments By Name
                       11. Drop Attachments By MIME Type
                       12. Drop Attachments By File Type
                       13. Drop Attachments By Size
                       14. Send To System Quarantine
                       15. Duplicate And Send To System Quarantine
                       16. Add Log Entry
                       17. Drop (Final Action)
                       18. Bounce (Final Action)
                       19. Skip Remaining Content Filters (Final Action)
                       20. Encrypt (Final Action)
                       21. Encrypt on Delivery
                       22. Skip Outbreak Filters check
                       [1]> 14
                       1. Policy
                       [1]> 1
                       Conditions:
                       body-contains("confidential", 1)
                       Actions:
                       bcc ("hr@example.com", "[message matched confidential filter]")
                       quarantine ("Policy")
                       Description:
                       scan all incoming mail for the string 'confidential'
                       Defined filters:
                       1. scan_for_confidential: scan all incoming mail for the string 'confidential'
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-205
                                                                                        Chapter 3   The Commands: Reference Examples
    Policy Enforcement
                         Conditions:
                         Always Run
                         Actions:
                         No actions defined yet.
                         Description:
                         strip all MP3 attachments
                         1. Condition
                         2. Action
                         [1]> 2
                         1. Bcc
                         2. Notify
                         3. Redirect To Alternate Email Address
                         4. Redirect To Alternate Host
                         5. Insert A Custom Header
                         6. Insert A Message Tag
                         7. Strip A Header
                         8. Send From Specific IP Interface
                         9. Drop Attachments By Content
                         10. Drop Attachments By Name
                         11. Drop Attachments By MIME Type
                         12. Drop Attachments By File Type
                         13. Drop Attachments By Size
                         14. Send To System Quarantine
                         15. Duplicate And Send To System Quarantine
                         16. Add Log Entry
                         17. Drop (Final Action)
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-206
Chapter 3   The Commands: Reference Examples
                                                                                                                      Policy Enforcement
Do you want to enter specific text to use in place of any stripped attachments?[N]> n
                       Conditions:
                       Always Run
                       Actions:
                       drop-attachments-by-filetype("mp3")
                       Description:
                       strip all MP3 attachments
                       Defined filters:
                       1. scan_for_confidential: scan all incoming mail for the string 'confidential'
                       2. no_mp3s: strip all MP3 attachments
                       Conditions:
                       Always Run
                       Actions:
                       No actions defined yet.
                       Description:
                       bounce messages intended for Doug
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-207
                                                                                      Chapter 3   The Commands: Reference Examples
  Policy Enforcement
[]> add
                       1. Condition
                       2. Action
                       [1]> 1
                       Conditions:
                       rcpt-to == "doug"
                       Actions:
                       No actions defined yet.
                       Description:
                       bounce messages intended for Doug
                       1. Condition
                       2. Action
                       [1]> 2
                       1. Bcc
                       2. Notify
                       3. Redirect To Alternate Email Address
                       4. Redirect To Alternate Host
                       5. Insert A Custom Header
                       6. Insert A Message Tag
                       7. Strip A Header
                       8. Send From Specific IP Interface
                       9. Drop Attachments By Content
                       10. Drop Attachments By Name
                       11. Drop Attachments By MIME Type
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-208
Chapter 3   The Commands: Reference Examples
                                                                                                                      Policy Enforcement
Do you want to edit the subject line used on the notification? [N]> y
                       Conditions:
                       rcpt-to == "doug"
                       Actions:
                       notify-copy ("joe@example.com", "message bounced for ex-employee of
                       example.com")
                       Description:
                       bounce messages intended for Doug
                       1. Condition
                       2. Action
                       [1]> 2
                       1. Bcc
                       2. Notify
                       3. Redirect To Alternate Email Address
                       4. Redirect To Alternate Host
                       5. Insert A Custom Header
                       6. Insert A Message Tag
                       7. Strip A Header
                       8. Send From Specific IP Interface
                       9. Drop Attachments By Content
                       10. Drop Attachments By Name
                       11. Drop Attachments By MIME Type
                       12. Drop Attachments By File Type
                       13. Drop Attachments By Size
                       14. Send To System Quarantine
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-209
                                                                                              Chapter 3   The Commands: Reference Examples
  Policy Enforcement
                       Conditions:
                       rcpt-to == "doug"
                       Actions:
                       notify-copy ("joe@example.com", "message bounced for ex-employee of
                       example.com")
                       bounce()
                       Description:
                       bounce messages intended for Doug
                       Defined filters:
                       1. scan_for_confidential: scan all incoming mail for the string 'confidential'
                       2. no_mp3s: strip all MP3 attachments
                       3. ex_employee: bounce messages intended for Doug
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-210
  Chapter 3   The Commands: Reference Examples
                                                                                                                             Policy Enforcement
                         Code Example illustrates how to enable the policies once again to enable the content filters for some
                         policies, but not for others.
                         Incoming Mail Policy Configuration
                         Name:        Anti-Spam:   Anti-Virus:              Advanced          Graymail:          Content           Outbreak
                         -----        ----------   ----------               Malware           ----------         Filter:           Filters:
                                                                            Protection:                          ----------        -----------
                                                                            ----------
Policy Summaries:
                                                              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                          3-211
                                                                                              Chapter 3   The Commands: Reference Examples
  Policy Enforcement
                       1.            scan_for_confidential
                       2.            no_mp3s
                       3.            ex_employee
                       Enter the     filter to toggle on/off, or press enter to finish:
                       []> 1
                       1. Active     scan_for_confidential
                       2.            no_mp3s
                       3.            ex_employee
                       Enter the     filter to toggle on/off, or press enter to finish:
                       []> 2
                       1. Active     scan_for_confidential
                       2. Active     no_mp3s
                       3.            ex_employee
                       Enter the     filter to toggle on/off, or press enter to finish:
                       []> 3
                       1. Active     scan_for_confidential
                       2. Active     no_mp3s
                       3. Active     ex_employee
                       Enter the     filter to toggle on/off, or press enter to finish:
                       []>
Policy Summaries:
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-212
Chapter 3   The Commands: Reference Examples
                                                                                                                           Policy Enforcement
Policy Summaries:
                       Anti-Spam: Default
                       Anti-Virus: Default
                       Graymail Detection: Unsubscribe - Default
                       Content Filters: Default
                       Outbreak Filters: Enabled. Bypass extensions: dwg
                       1.           scan_for_confidential
                       2.           no_mp3s
                       3.           ex_employee
                       Enter the    filter to toggle on/off, or press enter to finish:
                       []> 1
                       1. Active    scan_for_confidential
                       2.           no_mp3s
                       3.           ex_employee
                       Enter the    filter to toggle on/off, or press enter to finish:
                       []> 3
                                                            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        3-213
                                                                                                Chapter 3   The Commands: Reference Examples
    Policy Enforcement
                         1. Active     scan_for_confidential
                         2.            no_mp3s
                         3. Active     ex_employee
                         Enter the     filter to toggle on/off, or press enter to finish:
                         []>
Policy Summaries:
                         Anti-Spam: Default
                         Anti-Virus: Default
                         Graymail Detection: Unsubscribe - Default
                         Content Filters: Enabled. Filters: scan_for_confidential, ex_employee
                         Outbreak Filters: Enabled. Bypass extensions: dwg
               Note      The CLI does not contain the notion of adding a new content filter within an individual policy. Rather,
                         the filters subcommand forces you to manage all content filters from within one subsection of the
                         policyconfig command. For that reason, adding the drop_large_attachments has been omitted from
                         this example.
                         This illustrates how to enable DLP policies on the default outgoing policy.
                         mail3.example.com> policyconfig
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-214
Chapter 3   The Commands: Reference Examples
                                                                                                                             Policy Enforcement
Policy Summaries:
                       Anti-Spam: Off
                       Anti-Virus: Off
                       Graymail Detection: Unsubscribe - Disabled
                       Content Filters: Off (No content filters have been created)
                       Outbreak Filters: Off
                       DLP: Off
                       1.            California AB-1298
                       2.            Suspicious Transmission - Zip Files
                       3.            Restricted Files
                       Enter the     policy to toggle on/off, or press enter to finish:
                       []> 1
                                                              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                          3-215
                                                                                                Chapter 3   The Commands: Reference Examples
    Policy Enforcement
Policy Summaries:
                         Anti-Spam: Off
                         Anti-Virus: Off
                         Graymail Detection: Unsubscribe - Disabled
                         Content Filters: Off (No content filters have been created)
                         Outbreak Filters: Off
                         DLP: Enabled. Policies: California AB-1298, Suspicious Transmission - Zip
                         Files, Restricted Files
Create an Incoming Policy to Drop the Messages Identified as Bulk Email or Social Network Email
                         mail.example.com> policyconfig
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-216
Chapter 3   The Commands: Reference Examples
                                                                                                                       Policy Enforcement
Policy Summaries:
                       Anti-Spam: Off
                       Graymail Detection: Off
                       Content Filters: Off (No content filters have been created)
                       Do you want to perform Safe Unsubscribe action only for unsigned messages (recommended)?
                       [Y]>
Do you want to enable actions on messages identified as Social Networking Email? [N]> y
                       1. DELIVER
                       2. DROP
                       3. BOUNCE
                       What do you want to do with messages identified as Social Networking Email?
                       [1]> 2
                       1. DELIVER
                       2. DROP
                       3. BOUNCE
                       What do you want to do with messages identified as Bulk Email?
                       [1]> 2
Policy Summaries:
Anti-Spam: Off
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-217
                                                                                                Chapter 3   The Commands: Reference Examples
   Policy Enforcement
quarantineconfig
Description
                        Configure system quarantines.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> quarantineconfig
                        Retention period for this quarantine. (Use 'd' for days or 'h' for hours or 'm' for
                        'minutes'.):
                        []> 15d
                        1. Delete
                        2. Release
                        Enter default action for quarantine:
                        [1]> 2
                        Do you want to modify the subject of messages that are released because
                        "HRQuarantine" overflows? [N]>
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-218
 Chapter 3   The Commands: Reference Examples
                                                                                                                        Policy Enforcement
                        Do you want add a custom header to messages that are released because
                        "HRQuarantine" overflows? [N]>
                        Do you want to strip all attachments from messages that are released
                        because "HRQuarantine" overflows? [N]>
Do you want default action to apply automatically when quarantine space fills up? [Y]>
               Note     You will only be prompted to give users access to the quarantine if guest or operator users have already
                        been created on the system.
                        A quarantine's user list only contains users belonging to the Operators or Guests groups. Users in the
                        Administrators group always have full access to the quarantine. When managing the user list, the NEW
                        command is suppressed if all the Operator/Guest users are already on the quarantine's user list. Similarly,
                        DELETE is suppressed if there are no users to delete.
scanconfig
Description
                        Configure attachment scanning policy
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-219
                                                                                        Chapter 3   The Commands: Reference Examples
   Policy Enforcement
Example
                        In this example, the scanconfig command sets these parameters:
                            MIME types of video/*, audio/*, image/* are skipped (not scanned for content).
                            Nested (recursive) archive attachments up to 10 levels are scanned. (The default is 5 levels.)
                            The maximum size for attachments to be scanned is 25 megabytes; anything larger will be skipped.
                             (The default is 5 megabytes.)
                            The document metadata is scannned.
                            Attachment scanning timeout is set at 180 seconds.
                            Attachments that were not scanned are assumed to not match the search pattern. (This is the default
                             behavior.)
                            ASCII encoding is configured for use when none is specified for plain body text or anything with
                             MIME type plain/text or plain/html.
              Note      When setting the assume the attachment matches the search pattern to Y, messages that cannot be
                        scanned will cause the message filter rule to evaluate to true. This could result in unexpected behavior,
                        such as the quarantining of messages that do not match a dictionary, but were quarantined because their
                        content could not be correctly scanned. This setting does not apply to RSA Email DLP scanning.
                        mail3.example.com> scanconfig
                        There are currently 5 attachment type mappings configured to be SKIPPED.
                        Choose the operation you want to perform:
                        - NEW - Add a new entry.
                        - DELETE - Remove an entry.
                        - SETUP - Configure scanning behavior.
                        - IMPORT - Load mappings from a file.
                        - EXPORT - Save mappings to a file.
                        - PRINT - Display the list.
                        - CLEAR - Remove all entries.
                        - SMIME - Configure S/MIME unpacking.
                        []> setup
                        1. Scan only attachments with MIME types or fingerprints in the list.
                        2. Skip attachments with MIME types or fingerprints in the list.
                        Choose one:
                        [2]> 2
                        If a message has attachments that were not scanned for any reason (e.g.
                        because of size, depth limits, or scanning timeout), assume the attachment matches the
                        search pattern? [N]> n
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-220
 Chapter 3   The Commands: Reference Examples
                                                                                                                         Policy Enforcement
                        If a message could not be deconstructed into its component parts in order to remove
                        specified attachments, the system should:
                        1. Deliver
                        2. Bounce
                        3. Drop
                        [1]>
                        Configure encoding to use when none is specified for plain body text or
                        anything with MIME type plain/text or plain/html.
                        1. US-ASCII
                        2. Unicode (UTF-8)
                        3. Unicode (UTF-16)
                        4. Western European/Latin-1 (ISO 8859-1)
                        5. Western European/Latin-1 (Windows CP1252)
                        6. Traditional Chinese (Big 5)
                        7. Simplified Chinese (GB 2312)
                        8. Simplified Chinese (HZ GB 2312)
                        9. Korean (ISO 2022-KR)
                        10. Korean (KS-C-5601/EUC-KR)
                        11. Japanese (Shift-JIS (X0123))
                        12. Japanese (ISO-2022-JP)
                        13. Japanese (EUC)
                        [1]> 1
                        []> print
                        1. Fingerprint          Image
                        2. Fingerprint          Media
                        3. MIME Type            audio/*
                        4. MIME Type            image/*
                        5. MIME Type            video/*
stripheaders
Description
                        Define a list of message headers to remove.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-221
                                                                                       Chapter 3   The Commands: Reference Examples
   Policy Enforcement
Example
                        mail3.example.com> stripheaders
                        Enter the list of headers you wish to strip from the messages before they are delivered.
                        Separate multiple headers with commas.
                        []> Delivered-To
mail3.example.com>
textconfig
Description
                        Configure text resources such as anti-virus alert templates, message disclaimers, and notification
                        templates, including DLP, bounce, and encryption notifications.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        Use textconfig -> NEW to create text resources, and textconfig > delete to remove them.
                        mail3.example.com> textconfig
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-222
Chapter 3   The Commands: Reference Examples
                                                                                                                     Policy Enforcement
                       Enter or paste the message disclaimer here. Enter '.' on a blank line to end.
                       This message was sent from an IronPort(tm) Email Security appliance.
                       .
                       Use textconfig -> EDIT to modify an existing text resource. You can change the encoding or replace
                       the text of the selected text resource.
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-223
                                                                                       Chapter 3   The Commands: Reference Examples
   Policy Enforcement
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-224
Chapter 3   The Commands: Reference Examples
                                                                                                                     Logging and Alerts
mail3.example.com> textconfig
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-225
                                                                                         Chapter 3   The Commands: Reference Examples
   Logging and Alerts
alertconfig
Description
                        Configure email alerts.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-226
 Chapter 3   The Commands: Reference Examples
                                                                                                                         Logging and Alerts
displayalerts
Description
                        Display the last n alerts sent by the appliance
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        > displayalerts
--------------------------------------------------------------------------------
                        10 Mar 2015 11:33:36 +0000    The updater could not validate the server certificate.
                        Server certificate not validated - unable to get local issuer
                        certificate
                        Last message occurred 28 times between Tue Mar 10 10:34:57 2015 and Tue Mar 10 11:32:24
                        2015.
                        10 Mar 2015 11:23:39 +0000         The updater has been unable to communicate with the update
                        server for at least 1h.
                        Last message occurred 8 times between Tue Mar 10 10:29:57 2015 and Tue Mar 10 11:18:24
                        2015.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-227
                                                                                          Chapter 3   The Commands: Reference Examples
   Logging and Alerts
                        10 Mar 2015 10:33:36 +0000    The updater could not validate the server certificate.
                        Server certificate not validated - unable to get local issuer
                        certificate
                        Last message occurred 26 times between Tue Mar 10 09:33:55 2015 and Tue Mar 10 10:29:57
                        2015.
                        10 Mar 2015 10:23:39 +0000                The updater has been unable to communicate with the update
                        server for at least 1h.
                        Last message occurred 9 times between Tue Mar 10 09:26:54 2015 and Tue Mar 10 10:22:56
                        2015.
findevent
Description
                        Find events in mail log files
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-228
 Chapter 3   The Commands: Reference Examples
                                                                                                                      Logging and Alerts
                        Available mail log files, listed by log file start time. Specify multiple log files by
                        separating with commas or specify a range with a dash:
                        1. Thu Feb 19 05:18:02 2015
                        [1]>
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-229
                                                                                       Chapter 3   The Commands: Reference Examples
   Logging and Alerts
grep
Description
                        Searches for text in a log file.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
                        The grep command can be used to search for text strings within logs. Use the following syntax when
                        you run the grep command:
grep [-C count] [-e regex] [-i] [-p] [-t] [regex] log_name
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-230
 Chapter 3   The Commands: Reference Examples
                                                                                                                          Logging and Alerts
                        Use the following options when you run the grep command:
                        Table 3-12         grep Command Options
                         Option                                 Description
                         -C                                     Provides lines of context around the grep
                                                                pattern found. Enter a value to specify the
                                                                number of lines to include.
                         -e                                     Enter a regular expression.
                         -i                                     Ignores case sensitivities.
                         -p                                     Paginates the output.
                         -t                                     Runs the grep command over the tail of the log
                                                                file.
                         regex                                  Enter a regular expression.
Example of grep
                        The following example shows a search for the text string clean or viral within the antivirus logs. The
                        grep command includes a regex expression:
                        mail3.example.com> grep "CLEAN\\|VIRAL" antivirus
                        Fri Jun 9 21:50:25      2006   Info:   sophos   antivirus    -   MID   1 - Result 'CLEAN' ()
                        Fri Jun 9 21:53:15      2006   Info:   sophos   antivirus    -   MID   2 - Result 'CLEAN' ()
                        Fri Jun 9 22:47:41      2006   Info:   sophos   antivirus    -   MID   3 - Result 'CLEAN' ()
                        Fri Jun 9 22:47:41      2006   Info:   sophos   antivirus    -   MID   4 - Result 'CLEAN' ()
                        Fri Jun 9 22:47:41      2006   Info:   sophos   antivirus    -   MID   5 - Result 'CLEAN' ()
                        Fri Jun 9 22:47:41      2006   Info:   sophos   antivirus    -   MID   6 - Result 'CLEAN' ()
                        Fri Jun 9 22:47:42      2006   Info:   sophos   antivirus    -   MID   12 - Result 'CLEAN' ()
                        Fri Jun 9 22:53:04      2006   Info:   sophos   antivirus    -   MID   18 - Result 'VIRAL' ()
                        Fri Jun 9 22:53:05      2006   Info:   sophos   antivirus    -   MID   16 - Result 'VIRAL' ()
                        Fri Jun 9 22:53:06      2006   Info:   sophos   antivirus    -   MID   19 - Result 'VIRAL' ()
                        Fri Jun 9 22:53:07      2006   Info:   sophos   antivirus    -   MID   21 - Result 'VIRAL' ()
                        Fri Jun 9 22:53:08      2006   Info:   sophos   antivirus    -   MID   20 - Result 'VIRAL' ()
                        Fri Jun 9 22:53:08      2006   Info:   sophos   antivirus    -   MID   22 - Result 'VIRAL' ()
                        mail3.example.com>
logconfig
Description
                        Configure access to log files.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-231
                                                                                       Chapter 3   The Commands: Reference Examples
   Logging and Alerts
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-232
Chapter 3   The Commands: Reference Examples
                                                                                                                      Logging and Alerts
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-233
                                                                                       Chapter 3   The Commands: Reference Examples
   Logging and Alerts
                        []> new
                        Choose the log file type for this subscription:
                        1. IronPort Text Mail Logs
                        2. qmail Format Mail Logs
                        3. Delivery Logs
                        4. Bounce Logs
                        5. Status Logs
                        6. Domain Debug Logs
                        7. Injection Debug Logs
                        8. SMTP Conversation Logs
                        9. System Logs
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-234
Chapter 3   The Commands: Reference Examples
                                                                                                                      Logging and Alerts
                       Protocol:
                       1. SSH1
                       2. SSH2
                       [2]> 2
                       Do you want to automatically scan the host for its SSH key, or enter it
                       manually?
                       1. Automatically scan.
                       2. Enter manually.
                       [1]> 1
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-235
                                                                                               Chapter 3   The Commands: Reference Examples
  Logging and Alerts
                       SSH2:dsa
                       10.1.1.1 ssh-dss
                       AAAAB3NzaC1kc3MAAACBALwGi4IlWLDVndbIwEsArt9LVE2ts5yE9JBTSdUwLvoq0G3FRqifrce92zgyHtc/ZWyXav
                       UTIM3Xd1bpiEcscMp2XKpSnPPx21y8bqkpJsSCQcM8zZMDjnOPm8ghiwHXYh7oNEUJCCPnPxAy44rlJ5Yz4x9eIoAL
                       p0dHU0GR+j1NAAAAFQDQi5GY/X9PlDM3fPMvEx7wc0edlwAAAIB9cgMTEFP1WTAGrlRtbowZP5zWZtVDTxLhdXzjlo
                       4+bB4hBR7DKuc80+naAFnThyH/J8R3WlJVF79M5geKJbXzuJGDK3Zwl3UYefPqBqXp2O1zLRQSJYx1WhwYz/rooopN
                       1BnF4sh12mtq3tde1176bQgtwaQA4wKO15k3zOWsPwAAAIAicRYat3y+Blv/V6wdE6BBk+oULv3eK38gafuip4WMBx
                       kG9GO6EQi8nss82oznwWBy/pITRQfh4MBmlxTF4VEY00sARrlZtuUJC1QGQvCgh7Nd3YNais2CSbEKBEaIOTF6+SX2
                       RNpcUF3Wg5ygw92xtqQPKMcZeLtK2ZJRkhC+Vw==
                       Protocol:
                       1. SSH1
                       2. SSH2
                       [2]> 2
                       SSH1:rsa
                       10.1.1.1 1024 35
                       122606420764474441178474079962066753259278682648965870690129496065430424463013457294798980
                       627829828033793152226448694514316218272814453986931612508282328008815740072109975632356478
                       532128816187806830746328234327778100131128176672666244511191783747965898000855947022484692
                       079466697707373948871554575173520565607
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-236
 Chapter 3   The Commands: Reference Examples
                                                                                                                       Logging and Alerts
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-237
                                                                                      Chapter 3   The Commands: Reference Examples
  Logging and Alerts
                       Log level:
                       1. Critical
                       2. Warning
                       3. Information
                       4. Debug
                       5. Trace
                       [3]> 2
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-238
 Chapter 3   The Commands: Reference Examples
                                                                                                                     Logging and Alerts
rollovernow
Description
                        Roll over a log file.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> rollovernow
snmpconfig
Description
                        Configure SNMP.
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-239
                                                                                       Chapter 3   The Commands: Reference Examples
   Logging and Alerts
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        In the following example, the snmpconfig command is used to enable SNMP on the PublicNet
                        interface on port 161. A passphrase for version 3 is entered and then re-entered for confirmation. The
                        system is configured to service version 1 and 2 requests, and the community string public is entered for
                        GET requests from those versions 1 and 2. The trap target of snmp-monitor.example.com is entered.
                        Finally, system location and contact information is entered.
                        mail3.example.com> snmpconfig
                        Enter the Trap target (IP address). Enter "None" to disable traps.
                        [None]> snmp-monitor.example.com
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-240
 Chapter 3   The Commands: Reference Examples
                                                                                                                        Logging and Alerts
                        Enter number or numbers of traps to disable. Separate multiple numbers with commas.
                        []> 1,8
mail3.example.com>
tail
Description
                        Continuously display the end of a log file. The tail command also accepts the name or number of a log
                        to view as a parameter: tail 9 or tail mail_logs.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> tail
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-241
                                                                                            Chapter 3   The Commands: Reference Examples
  Reporting
Reporting
                         This section contains the following CLI commands:
                             reportingconfig
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-242
 Chapter 3   The Commands: Reference Examples
                                                                                                                                        Reporting
reportingconfig
Usage
                        Commit: This command requires a commit.
                        Filters remove specific sets of centralized reporting data from the "last year" reports.
                        Data from the reporting groups selected below will not be recorded.
                        1. No Filtering enabled
                        2. IP Connection Level Detail.
                        3. User Detail.
                        4. Mail Traffic Detail.
                        Choose which groups to filter, you can specify multiple filters by entering a comma
                        separated list:
                        []> 2, 3
                                                              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                            3-243
                                                                                         Chapter 3   The Commands: Reference Examples
   Reporting
                          reporting data
                          - DOMAIN - Configure domain report settings.
                          - MODE - Enable/disable centralized reporting.
                          []>
                          If you have configured HAT REJECT policy on all remote appliances providing reporting data
                          to this appliance to occur at the message recipient level then of domain reports.
                          Use message recipient HAT REJECT information for domain reports? [N]> y
                          An alert will be sent if reporting data has not been fetched from an appliance after 360
                          minutes.
                          Would you like timeout alerts to be enabled? [Y]> y
               CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-244
 Chapter 3   The Commands: Reference Examples
                                                                                                                              Reporting
                        While in centralized mode the C-series will store reporting data for the M-series to
                        collect. If the M-series does not collect that data then eventually the C-series will
                        begin to overwrite the oldest data with new data.
                        A maximum of 24 hours of reporting data will be stored.
                        How many hours of reporting data should be stored before data loss?
                        [24]> 48
                                                    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-245
                                                                                      Chapter 3   The Commands: Reference Examples
   Senderbase
Senderbase
                       This section contains the following CLI commands:
                           sbstatus
                           senderbaseconfig
sbstatus
Description
                       Display status of SenderBase queries.
Usage
                       Commit: This command requires a commit.
                       Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                       Batch Command: This command does not support a batch format.
Example
                       mail3.example.com> sbstatus
                       If the appliance is unable to contact the SenderBase Reputation Service, or the service has never been
                       contacted, the following is displayed:
                       mail3.example.com> sbstatus
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-246
 Chapter 3   The Commands: Reference Examples
                                                                                                             SMTP Services Configuration
senderbaseconfig
Description
                        Configure SenderBase connection settings.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> senderbaseconfig
                        Do you want to share statistical data with the SenderBase Information Service
                        (recommended)? [Y]>
callaheadconfig
Description
                        Add, edit, and remove SMTP Call-Ahead profiles
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-247
                                                                                       Chapter 3   The Commands: Reference Examples
   SMTP Services Configuration
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        In the following example you can create a new SMTP call-ahead profile for delivery host.
                        > callaheadconfig
                        Advanced Settings:
                          MAIL FROM Address: <>
                          Interface: Auto
                          Timeout Value: 30
                          Validation Failure Action: ACCEPT
                          Temporary Failure Action: REJECT with same code
                          Maximum number of connections: 5
                          Maximum number of validation queries: 1000
                          Cache size: 10000
                          Cache TTL: 900
                        Do you want to change advanced settings? [N]> n
                        In the following example you can create a new SMTP call-ahead profile for call ahead server.
                        > callaheadconfig
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-248
 Chapter 3   The Commands: Reference Examples
                                                                                                              SMTP Services Configuration
                        Advanced Settings:
                          MAIL FROM Address: <>
                          Interface: Auto
                          Timeout Value: 30
                          Validation Failure Action: ACCEPT
                          Temporary Failure Action: REJECT with same code
                          Maximum number of connections: 5
                          Maximum number of validation queries: 1000
                          Cache size: 10000
                          Cache TTL: 900
                        Do you want to change advanced settings? [N]> n
listenerconfig
Description
                        The listenerconfig command allows you to create, edit, and delete a listener. AsyncOS requires that you
                        specify criteria that messages must meet in order to be accepted and then relayed to recipient hosts 
                        either internal to your network or to external recipients on the Internet.
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-249
                                                                                               Chapter 3   The Commands: Reference Examples
   SMTP Services Configuration
                        These qualifying criteria are defined in listeners; collectively, they define and enforce your mail flow
                        policies. Listeners also define how the appliance communicates with the system that is injecting email.
                        Table 3-14          listenerconfig Commands
                                             Unique nickname you supply for the listener, for future reference.
                                             The names you define for listeners are case-sensitive. AsyncOS does
                        Name                 not allow you to create two identical listener names.
                                             Listeners are assigned to IP interfaces. All IP interfaces must be
                                             configured using the systemstartup command or the
                                             interfaceconfig command before you create and assign a listener
                        IP Interface         to it.
                                             The mail protocol is used for email receiving: either ESMTP or
                        Mail protocol        QMQP
                                             The specific IP
                                             port used for
                                             connections to the
                                             listener. by default
                                             SMTP uses port
                                             25 and QMQP
                        IP Port              uses port 628.
                                             Public                   Public and private listeners are used for most
                                             Private                  configurations. By convention, private listeners
                                                                      are intended to be used for private (internal)
                                                                      networks, while public listeners contain default
                                                                      characteristics for receiving email from the
                                                                      Internet.
                                             Blackhole                Blackhole listeners can be used for testing or
                                                                      troubleshooting purposes. When you create a
                                                                      blackhole listener, you choose whether
                                                                      messages are written to disk or not before they
                                                                      are deleted. (See the Testing and
                                                                      Troubleshooting chapter of the User Guide for
                                                                      AsyncOS for Cisco Email Security Appliances
                        Listener Type:                                for more information.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-250
 Chapter 3   The Commands: Reference Examples
                                                                                                                 SMTP Services Configuration
Deleting a listener:
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-251
                                                                                      Chapter 3   The Commands: Reference Examples
  SMTP Services Configuration
Rename a sendergroup
Deleting a policy
Deleting all user defined sendergroups and policies from the HAT
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-252
Chapter 3   The Commands: Reference Examples
                                                                                                                  SMTP Services Configuration
                        Argument                                                   Description
                                                                                   Accept, Relay, Reject, TCP Refuse, or
                                                                                   Continue. When selecting a behavior for use
                                                                                   with a sendergroup, additional behaviors of the
                                                                                   form Policy: FOO are available (where FOO is
                        <behavior>                                                 the name of policy).
                                                                                   The filename to use with importing and exporting
                        <filename>                                                 the hostaccess tables.
                        <group>                                                    A sendergroup <name>.
                        <host>                                                     A single entity of a <host_list>
                                                                                   Enter the hosts to add. Hosts can be formatted as
                                                                                   follows:
                                                                                   CIDR addresses (10.1.1.0/24)
                                                                                   IP address ranges (10.1.1.10-20)
                                                                                   IP Subnets (10.2.3)
                                                                                   Hostname (crm.example.com)
                                                                                   Partial Hostname (.example.com)
                                                                                   Sender Base Reputation Score range (7.5:10.0)
                                                                                   Senderbase Network Owner IDS (SBO:12345)
                                                                                   Remote blacklist queries
                                                                                   (dnslist[query.blacklist.example]
                        <host_list>                                                Note      Separate multiple hosts with commas
                                                                                   The name of the sendergroup or policy. HAT labels
                                                                                   must start with a letter or underscore, followed by
                                                                                   any number of letters, numbers, underscores or
                        <name>                                                     hyphens.
                                                            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                        3-253
                                                                                                 Chapter 3   The Commands: Reference Examples
  SMTP Services Configuration
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-254
 Chapter 3   The Commands: Reference Examples
                                                                                                                      SMTP Services Configuration
                                                                CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                            3-255
                                                                                               Chapter 3   The Commands: Reference Examples
   SMTP Services Configuration
Exporting a RAT
                        Argument                                    Description
                                                                    Enter the hosts to add. Hosts can be formatted as
                                                                    follows:
                                                                    CIDR addresses (10.1.1.0/24)
                                                                    Hostname (crm.example.com)
                                                                    Partial Hostname (.example.com)
                                                                    Usernames (postmaster@)
                                                                    Full email addresses (joe@example.com,
                                                                    joe@[1.2.3.4]
                                                                    Note     Separate multiple hosts with commas
                        <rat_addr>
                                              --action              Action to apply to address(es). Either Accept or
                        <options>                                   Reject. Default is Accept.
                                              --cust_resp           Specify a custom SMTP response. No or SMTP
                                                                    acceptance response string.
                                              --resp_code           Custom SMTP response code. Default is 250 for
                                                                    Accept actions, 550 for Reject.
                                              --bypass_rc           Bypass receiving control. Default is No.
                                              --bypass_la           Bypass LDAP Accept query. Either Yes or
                                                                    No.
                        A private listener type is chosen and named OutboundMail. It is specified to run on the PrivateNet IP
                        interface, using the SMTP protocol over port 25. The default values for the Host Access Policy for this
                        listener are then accepted.
                        mail3.example.com> listenerconfig
                        Currently configured listeners:
                        1. InboundMail (on PublicNet, 192.168.2.1) SMTP TCP Port 25 Public
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-256
Chapter 3   The Commands: Reference Examples
                                                                                                         SMTP Services Configuration
                       Choose a protocol.
                       1. SMTP
                       2. QMQP
                       [1]> 1
                       Please specify the systems allowed to relay email through the IronPort C60.
                       Hostnames such as "example.com" are allowed.
                       Partial hostnames such as ".example.com" are allowed.
                       IP addresses, IP address ranges, and partial IP addresses are allowed.
                       Separate multiple entries with commas.
                       []> .example.com
                       Do you want to enable rate limiting for this listener? (Rate limiting defines the maximum
                       number of recipients per hour you are willing to receive from a remote domain.)    [N]> n
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                               3-257
                                                                                       Chapter 3   The Commands: Reference Examples
   SMTP Services Configuration
Example - Customizing the Host Acess Table (HAT ) for a listener via Export and Import
                        Many of the subcommands within the listenerconfig command allow you to import and export data in
                        order to make large configuration changes without having to enter data piecemeal in the CLI.
                        These steps use the CLI to modify the Host Access Table (HAT) of a listener by exporting, modifying,
                        and importing a file. You can also use the HAT CLI editor or the GUI to customize the HAT for a listener.
                        For more information, see the Configuring the Gateway to Receive Mail and Using Mail Flow
                        Monitor chapters in the User Guide for AsyncOS for Cisco Email Security Appliances.
                        To customize a HAT for a listener you have defined via export and import:
            Step 1      Use the hostaccess -> export subcommands of listenerconfig to export the default HAT to a file.
                        In the following example, the HAT for the public listener InboundMail is printed, and then exported to
                        a file named inbound.HAT.txt
                        mail3.example.com> listenerconfig
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-258
Chapter 3   The Commands: Reference Examples
                                                                                                          SMTP Services Configuration
                       $BLOCKED
                           REJECT {}
                       $TRUSTED
                           ACCEPT {
                                tls = "off"
                                dhap_limit = 0
                                max_rcpts_per_hour = -1
                                virus_check = "on"
                                max_msgs_per_session = 5000
                                spam_check = "off"
                                use_sb = "off"
                                max_message_size = 104857600
                                max_rcpts_per_msg = 5000
                                max_concurrency = 600
                           }
                       $ACCEPTED
                           ACCEPT {}
                       $THROTTLED
                           ACCEPT {
                                tls = "off"
                                dhap_limit = 0
                                max_rcpts_per_hour = 1
                                virus_check = "on"
                                                    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-259
                                                                                      Chapter 3   The Commands: Reference Examples
  SMTP Services Configuration
                                  max_msgs_per_session = 10
                                  spam_check = "on"
                                  use_sb = "on"
                                  max_message_size = 1048576
                                  max_rcpts_per_msg = 25
                                  max_concurrency = 10
                           }
                       WHITELIST:
                               $TRUSTED (My trusted senders have no anti-spam or rate limiting)
                       BLACKLIST:
                               $BLOCKED (Spammers are rejected)
                       SUSPECTLIST:
                               $THROTTLED (Suspicious senders are throttled)
                       UNKNOWNLIST:
                               $ACCEPTED (Reviewed but undecided, continue normal acceptance)
                       ALL
                             $ACCEPTED (Everyone else)
[]> export
           Step 2      Outside of the Command Line Interface (CLI), get the file inbound.HAT.txt.
           Step 3      With a text editor, create new HAT entries in the file.
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-260
Chapter 3   The Commands: Reference Examples
                                                                                                                SMTP Services Configuration
In this example, the following entries are added to the HAT above the ALL entry:
                                               spamdomain.com        REJECT
                                               .spamdomain.com       REJECT
                                               251.192.1.            TCPREFUSE
                                               169.254.10.10         RELAY
                                The first two entries reject all connections from the remote hosts in the domain spamdomain.com
                                  and any subdomain of spamdomain.com.
                                The third line refuses connections from any host with an IP address of 251.192.1.x.
                                The fourth line allows the remote host with the IP address of 169.254.10.10 to use the Email
                                  Security appliance as an SMTP relay for all of its outbound email to the Internet
                       Note      The order that rules appear in the HAT is important. The HAT is read from top to bottom for each
                                 host that attempts to connect to the listener. If a rule matches a connecting host, the action is
                                 taken for that connection immediately. You should place all custom entries in the HAT above an
                                 ALL host definition. You can also use the HAT CLI editor or the GUI to customize the HAT for
                                 a listener. For more information, see the Configuring the Gateway to Receive Mail and Using
                                 Mail Flow Monitor chapters in the User Guide for AsyncOS for Cisco Email Security
                                 Appliances.
             Step 4    Save the file and place it in the configuration directory for the interface so that it can be imported. (See
                       Appendix B, Accessing the Appliance, for more information.)
             Step 5    Use the hostaccess -> import subcommand of listenerconfig to import the edited Host Access Table
                       file.
                       In the following example, the edited file named inbound.HAT.txt is imported into the HAT for the
                       InboundMail listener. The new entries are printed using the print subcommand.
                       mail3.example.com> listenerconfig
                       Name: InboundMail
                       Type: Public
                       Interface: PublicNet (192.168.2.1/24) TCP Port 25
                       Protocol: SMTP
                       Default Domain:
                       Max Concurrency: 1000 (TCP Queue: 50)
                       Domain Map: Disabled
                       TLS: No
                       SMTP Authentication: Disabled
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-261
                                                                                      Chapter 3   The Commands: Reference Examples
  SMTP Services Configuration
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-262
Chapter 3   The Commands: Reference Examples
                                                                                                          SMTP Services Configuration
                       $ACCEPTED
                           ACCEPT
                       $THROTTLED
                           ACCEPT {
                                spam_check = "on"
                                max_msgs_per_session = 10
                                max_concurrency = 10
                                max_rcpts_per_msg = 25
                                max_rcpts_per_hour = 1
                                dhap_limit = 0
                                virus_check = "on"
                                max_message_size = 1048576
                                use_sb = "on"
                                tls = "off"
                           }
                       $TRUSTED
                           ACCEPT {
                                spam_check = "off"
                                max_msgs_per_session = 5000
                                max_concurrency = 600
                                max_rcpts_per_msg = 5000
                                max_rcpts_per_hour = -1
                                dhap_limit = 0
                                virus_check = "on"
                                max_message_size = 104857600
                                use_sb = "off"
                                tls = "off"
                           }
                       $BLOCKED
                           REJECT
                       WHITELIST:
                               $TRUSTED (My trusted senders have no anti-spam scanning or rate limiting)
                       BLACKLIST:
                               $BLOCKED (Spammers are rejected)
                       SUSPECTLIST:
                               $THROTTLED (Suspicious senders are throttled)
                       UNKNOWNLIST:
                               $ACCEPTED (Reviewed but undecided, continue normal acceptance)
                       spamdomain.com
                           REJECT (reject the domain "spamdomain.com")
                       .spamdomain.com
                           REJECT (reject all subdomains of ".spamdomain.com")
                                                    CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                3-263
                                                                                       Chapter 3   The Commands: Reference Examples
   SMTP Services Configuration
                        251.192.1.
                            TCPREFUSE (TCPREFUSE the IP addresses in "251.192.1")
                        169.254.10.10
                            RELAY (RELAY the address 169.254.10.10)
                        ALL
                              $ACCEPTED (Everyone else)
Remember to issue the commit command after you import so that the configuration change takes effect.
Example - Enabling Public Key Harvesting and S/MIME Decryption and Verification
                        The following example shows how to:
                             Retrieve (harvest) public key from the incoming S/MIME signed messages
                             Enable S/MIME decryption and verification
                        mail.example.com> listenerconfig
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-264
Chapter 3   The Commands: Reference Examples
                                                                                                         SMTP Services Configuration
                       Name: MyListener
                       Type: Public
                       Interface: Management (172.29.181.70/24) TCP Port 25
                       Protocol: SMTP
                       Default Domain: <none configured>
                       Max Concurrent Connections: 50 (TCP Queue: 50)
                       Domain Map: Disabled
                       TLS: No
                       SMTP Authentication: Disabled
                       Bounce Profile: Default
                       Use SenderBase For Reputation Filters and IP Profiling: Yes
                       Footer: None
                       Heading: None
                       SMTP Call-Ahead: Disabled
                       LDAP: Off
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                               3-265
                                                                                              Chapter 3   The Commands: Reference Examples
  SMTP Services Configuration
                       Enter the default maximum message size. Add a trailing k for kilobytes, M for megabytes,
                       or no letter for b
                       [10M]>
                       Enter the maximum number of concurrent connections allowed from a single IP address.
                       [10]>
Do you want to enable Directory Harvest Attack Prevention per host? [Y]>
                       Enter the maximum number of invalid recipients per hour from a remote host.
                       [25]>
                       Enter the SMTP code to use in the response. 550 is the standard code.
                       [550]>
                       Enter your custom SMTP response.                Press Enter on a blank line to finish.
                       custom_response
Would you like to use SenderBase for flow control by default? [Y]>
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-266
Chapter 3   The Commands: Reference Examples
                                                                                                         SMTP Services Configuration
Would you like to enable use of the domain exception table? [N]>
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                               3-267
                                                                                          Chapter 3   The Commands: Reference Examples
   SMTP Services Configuration
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-268
 Chapter 3   The Commands: Reference Examples
                                                                                                                SMTP Services Configuration
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-269
                                                                                                 Chapter 3   The Commands: Reference Examples
  SMTP Services Configuration
                       Optionally, you can configure the appliance to return a third-party response from the SPF publisher
                       domain if the REJECT action is taken for Neutral, SoftFail, or Fail verification result. By default, the
                       appliance returns the following response:
                          550-#5.7.1 SPF unauthorized mail is prohibited.
                       To enable these SPF/SIDF settings, use the listenerconfig -> edit subcommand and select a listener.
                       Then use the hostaccess -> default subcommand to edit the Host Access Tables default settings.
                       Answer yes to the following prompts to configure the SPF controls:
                       The following SPF control settings are available for the Host Access Table:
                       Table 3-18          SPF Control Settings
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-270
 Chapter 3   The Commands: Reference Examples
                                                                                                                SMTP Services Configuration
                        The following example shows a user configuring the SPF/SIDF verification using the SPF Only
                        conformance level. The appliance performs the HELO identity check and accepts the None and Neutral
                        verification results and rejects the others. The CLI prompts for the SMTP actions are the same for all
                        identity types. The user does not define the SMTP actions for the MAIL FROM identity. The appliance
                        automatically accepts all verification results for the identity. The appliance uses the default reject code
                        and text for all REJECT results.
Would you like to change SMTP actions taken as result of the SPF verification? [N]> y
Would you like to change SMTP actions taken for the HELO identity? [N]> y
                                                          CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                      3-271
                                                                                       Chapter 3   The Commands: Reference Examples
   SMTP Services Configuration
Would you like to change SMTP actions taken for the MAIL FROM identity? [N]> n
Would you like to change SMTP response settings for the REJECT action? [N]> n
                        The following shows how the SPF/SIDF settings are displayed for the listeners Default Policy
                        Parameters.
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-272
 Chapter 3   The Commands: Reference Examples
                                                                                                           SMTP Services Configuration
                        Name: Listener 1
                        Type: Public
                        Interface: Management (172.29.181.70/24) TCP Port 25
                        Protocol: SMTP
                        Default Domain: <none configured>
                        Max Concurrent Connections: 300 (TCP Queue: 50)
                        Domain Map: Disabled
                        TLS: No
                        SMTP Authentication: Disabled
                        Bounce Profile: Default
                        Use SenderBase For Reputation Filters and IP Profiling: Yes
                        Footer: None
                        Heading: None
                        SMTP Call-Ahead: Disabled
                        LDAP: Off
                                                     CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-273
                                                                                             Chapter 3   The Commands: Reference Examples
  SMTP Services Configuration
                       Enter the default maximum message size. Add a trailing k for kilobytes, M for megabytes,
                       or no letter for bytes.
                       [20M]>
                       Enter the maximum number of concurrent connections allowed from a single IP address.
                       [10]>
Do you want to enable Directory Harvest Attack Prevention per host? [Y]>
                       Enter the maximum number of invalid recipients per hour from a remote host.
                       [25]>
                       Enter the SMTP code to use in the response. 550 is the standard code.
                       [550]>
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-274
Chapter 3   The Commands: Reference Examples
                                                                                                         SMTP Services Configuration
Enter your custom SMTP response. Press Enter on a blank line to finish.
Would you like to use SenderBase for flow control by default? [Y]>
[1]> 1
Would you like to specify a custom SMTP response for malformed envelope senders? [Y]>
                       Enter the SMTP code to use in the response. 553 is the standard code.
                       [553]>
Enter your custom SMTP response. Press Enter on a blank line to finish.
                       Would you like to specify a custom SMTP response for envelope sender domains which do not
                       resolve? [Y]>
                       Enter the SMTP code to use in the response. 451 is the standard code.
                       [451]>
Enter your custom SMTP response. Press Enter on a blank line to finish.
                       Would you like to specify a custom SMTP response for envelope sender domains which do not
                       exist? [Y]>
                       Enter the SMTP code to use in the response. 553 is the standard code.
                       [553]>
Enter your custom SMTP response. Press Enter on a blank line to finish.
Would you like to enable use of the domain exception table? [N]>
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                               3-275
                                                                                           Chapter 3   The Commands: Reference Examples
  SMTP Services Configuration
                       ==========================
                       Maximum Message Size: 20M
                       Maximum Number Of Concurrent Connections From A Single IP: 10
                       Maximum Number Of Messages Per Connection: 10
                       Maximum Number Of Recipients Per Message: 50
                       Directory Harvest Attack Prevention: Enabled
                       Maximum Number Of Invalid Recipients Per Hour: 25
                       Maximum Number Of Recipients Per Hour: Disabled
                       Maximum Number of Recipients per Envelope Sender: Disabled
                       Use SenderBase for Flow Control: Yes
                       Spam Detection Enabled: Yes
                       Virus Detection Enabled: Yes
                       Allow TLS Connections: No
                       Allow SMTP Authentication: No
                       Require TLS To Offer SMTP authentication: No
                       DKIM/DomainKeys Signing Enabled: No
                       DKIM Verification Enabled: No
                       SPF/SIDF Verification Enabled: No
                       DMARC Verification Enabled: Yes
                         DMARC Verification Profile: DEFAULT
                         Aggregate reports: Yes
                       Envelope Sender DNS Verification Enabled: Yes
                       Domain Exception Table Enabled: No
                       Accept untagged bounces: No
                       Name: Listener 1
                       Type: Public
                       Interface: Management (172.29.181.70/24) TCP Port 25
                       Protocol: SMTP
                       Default Domain: <none configured>
                       Max Concurrent Connections: 300 (TCP Queue: 50)
                       Domain Map: Disabled
                       TLS: No
                       SMTP Authentication: Disabled
                       Bounce Profile: Default
                       Use SenderBase For Reputation Filters and IP Profiling: Yes
                       Footer: None
                       Heading: None
                       SMTP Call-Ahead: Disabled
                       LDAP: Off
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-276
 Chapter 3   The Commands: Reference Examples
                                                                                                                 SMTP Services Configuration
mail.example.com>
localeconfig
Description
                        Configure multi-lingual settings
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> localeconfig
                        If a non-ASCII header is not properly tagged with a character set, impose the encoding of
                        the body on the header during processing and final representation of the message? (Many
                        MUAs create non-RFC-compliant headers that are then handled in an undefined way. Imposing
                        the encoding of the body on the header may encode the header more precisely.) [Y]>
                        When there is an encoding mismatch between the message body and a footer, the system
                        initially attempts to encode the entire message in the same encoding as the message body.
                        If the system cannot combine the message body and the footer in the same encoding, do you
                                                           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                       3-277
                                                                                       Chapter 3   The Commands: Reference Examples
   SMTP Services Configuration
                        want the system to failover and attempt to encode the entire message using the encoding of
                        the message footer? (When this feature is enabled, the system will attempt to display the
                        footer "in-line" rather than defaulting to adding it as an attachment.) [N]> y
[]>mail3.example.com>
smtpauthconfig
Description
                        Configure SMTP Auth outgoing and forwarding profiles.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        In the following example, the smtpauthconfig command is used to create a new, forwarding-based
                        profile for the server smtp2.example.com:
                        mail3.example.com> smtpauthconfig
[]> forward
                        Enter a port:
                        [25]>
             CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-278
 Chapter 3   The Commands: Reference Examples
                                                                                                                              System Setup
Would you like to enter another forwarding server to this group? [N]>
mail3.example.com> commit
               Note     You may specify more than one forwarding server in a profile. SASL mechanisms CRAM-MD5 and
                        DIGEST-MD5 are not supported between the Email Security appliance and a forwarding server.
System Setup
systemsetup
Description
                        First time system setup as well as re-installation of the system.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-279
                                                                                      Chapter 3   The Commands: Reference Examples
   System Setup
Example
                       mail3.example.com> systemsetup
                       WARNING: The system setup wizard will completely delete any existing
                       'listeners' and all associated settings including the 'Host Access Table' -
                       mail operations may be interrupted.
                       Before you begin, please reset the administrator password to a new value.
                       Old password:
                       New password:
                       Retype new password:
                       *****
                       You will now configure the network settings for the IronPort C100.
                       Please create a fully qualified hostname for the IronPort C100 appliance
                       (Ex: "ironport-C100.example.com"):
                       []> ironport-C100.example.com
*****
                       You will now assign an IP address for the "Data 1" interface.
                       Please create a nickname for the "Data 1" interface (Ex: "Data 1"):
                       []> Data 1
                       Enter the static IP address for "Data 1" on the "Data 1" interface? (Ex:
                       "192.168.1.1"):
                       []> 192.168.1.1
*****
Would you like to assign a second IP address for the "Data 1" interface? [Y]> n
*****
Do you want to enable the web interface on the Data 1 interface? [Y]> y
*****
                       Do you want the IronPort C100 to use the Internet's root DNS servers or would
                       you like it to use your own DNS servers?
                       1. Use Internet root DNS servers
                       2. Use my own DNS servers
                       [1]> 2
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-280
Chapter 3   The Commands: Reference Examples
                                                                                                                        System Setup
*****
                       You are now going to configure how the IronPort C100 accepts mail by creating a
                       "Listener".
                       Please create a name for this listener (Ex: "MailInterface"):
                       []> InboundMail
Enter the domain names or specific email addresses you want to accept mail for.
Would you like to configure SMTP routes for example.com, .example.com? [Y]> n
                       Please specify the systems allowed to relay email through the IronPort C100.
                       Hostnames such as "example.com" are allowed.
                       Partial hostnames such as ".example.com" are allowed.
                       IP addresses, IP address ranges, and partial IP addresses are allowed.
                       Separate multiple entries with commas.
                       []> example.com, .example.com
                       Do you want to enable rate limiting for this listener? (Rate limiting defines
                       the maximum number of recipients per hour you are willing to receive from a
                       remote domain.) [Y]> y
                       Enter the maximum number of recipients per hour to accept from a remote domain.
                       []> 1000
                                                   CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                               3-281
                                                                                     Chapter 3   The Commands: Reference Examples
  System Setup
*****
Do you want to use Anti-Spam scanning in the default Incoming Mail policy? [Y]> y
                      IronPort Anti-Spam configured globally for the IronPort C100 appliance. Use the
                      policyconfig command (CLI) or Mail Policies (GUI) to customize the IronPort
                      settings for each listener.
*****
                      Do you want to use Anti-Virus scanning in the default Incoming and Outgoing
                      Mail policies? [Y]> y
                      1. McAfee Anti-Virus
                      2. Sophos Anti-Virus
                      Enter the number of the Anti-Virus engine you would like to use on the default
                      Incoming and Outgoing Mail policies.
                      []> 2
*****
                      Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or back
                      down below), meaning that new messages of certain types could be quarantined or will no
                      longer be quarantined, respectively.
*****
           CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
3-282
Chapter 3   The Commands: Reference Examples
                                                                                                                           System Setup
(Recommended) [Y]> y
*****
*****
                       Please enter the fully qualified hostname or IP address of your NTP server, or
                       press Enter to use time.ironport.com:
                       [time.ironport.com]>
*****
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-283
                                                                                        Chapter 3   The Commands: Reference Examples
   URL Filtering
URL Filtering
                         This section contains the following CLI commands:
                             aggregatorconfig
                             urllistconfig
                             webcacheflush
                             websecurityadvancedconfig
                             websecurityconfig
                             websecuritydiagnostics
aggregatorconfig
Description
                         Configure address for Cisco Aggregator Server on the Email Security appliance. This server provides
                         details of the end users who clicked on rewritten URLs and the action (allowed, blocked or unknown)
                         associated with each user click.
Usage
                         Commit: This command requires a commit.
                         Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                         Batch Command: This command does not support a batch format.
Example
                         mail.example.com> aggregatorconfig
urllistconfig
Description
                         Configure or import whitelists of URLs that will not be evaluated by URL filtering features. These lists
                         are not used by the Outbreak Filters feature.
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-284
 Chapter 3   The Commands: Reference Examples
                                                                                                                            URL Filtering
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format.
Example
                        > urllistconfig
                        No URL lists configured.
                        Choose the operation you want to perform:
                        NEW - Create a new URL list-
                        []> new
                        Do you want to import a URL list?
                        [N]>
                        Enter a name for the URL list
                        []> sample
                        Enter the URL domains that need to be skipped from scanning for URL Filtering.
                        Enter one URL domain per line and '.' to finish.
                        cisco.com
                        ironport.com/*
                        *.example.com
                        10.2.4.5/24
                        [2001:DB8::1]
                        URL list sample added.
                        There are currently 4 URL lists configured.
                        Choose the operation you want to perform:
                        - NEW - Create a new URL whitelist.
                        - EDIT - Modify an existing URL whitelist.
                        - DELETE - Delete an existing URL whitelist.
                        []>EDIT
                        Choose the operation to edit the URL whitelist:
                        Assign new name to the imported list? (By default, name stored in the
                        file will be applied to the list)
                        [N] > Y
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-285
                                                                                        Chapter 3   The Commands: Reference Examples
   URL Filtering
webcacheflush
Description
                         Flush the cache used by URL filtering features. Use this command if you change the certificate that is
                         used for communication with Cisco Web Security Services. Generally, you will use this command only
                         at the direction of Cisco support.
Usage
                         Commit: This command does not require a commit.
                         Cluster Management: This command is restricted to machine mode.
                         Batch Command: This command does not support a batch format.
Example
                         > webcacheflush
                         Web Security cache has been flushed.
websecurityadvancedconfig
Description
                         Configure advanced settings for URL filtering.
               Note      Except to change timeout values for troubleshooting purposes, use this command only under the
                         direction of Cisco support.
                         The timeout value is the value, in seconds, for communication with the cloud services that provide
                         reputation and category for URLs.
Usage
                         Commit: This command requires a commit.
                         Cluster Management: This command is restricted to machine mode.
                         Batch Command: This command supports a batch format.
Batch Format
                         For the batch format, see the CLI inline help.
Example
                         > websecurityadvancedconfig
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-286
 Chapter 3   The Commands: Reference Examples
                                                                                                                             URL Filtering
                        Enter URL lookup timeout (includes any DNS lookup time) in seconds:
                        [15]>
websecurityconfig
Description
                        Configure basic settings for URL filtering (URL reputation and URL category features.)
                        Normally, certificate management is automatic. Unless directed to do otherwise by Cisco TAC, you
                        should select No at the prompt to set a certificate.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command supports a batch format. See the inline CLI help for more details. Use
                        the help command to access the inline help for this command.
Example
                        mail.example.com> websecurityconfig
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                     3-287
                                                                                        Chapter 3   The Commands: Reference Examples
   URL Filtering
                         1. urllist1
                         2. urllist2
                         3. No URL list
                         Enter the number of URL list
                         [1]> 1
mail.example.com> websecurityconfig
websecuritydiagnostics
Description
                         View diagnostic statistics related to URL filtering.
Usage
                         Commit: This command does not require a commit.
                         Cluster Management: This command is restricted to machine mode.
                         Batch Command: This command does not support a batch format.
Example
                         mail.example.com> websecuritydiagnostics
                         Response Time
                              Minimum: None
                              Average: 0.0
                              Maximum: None
              CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-288
 Chapter 3   The Commands: Reference Examples
                                                                                                                        User Management
User Management
                        This section contains the following CLI commands:
                            userconfig
                            password or passwd
                            last
                            who
                            whoami
userconfig
Description
                        Manage user accounts and connections to external authentication sources.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command is restricted to cluster mode.
                        Batch Command: This command supports a batch format. See the inline CLI help for more details. Use
                        the help command to access the inline help for this command, for example,
                        mail.example.com> userconfig help
                        Users:
                        1. admin - "Administrator" (admin)
                                                       CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                  3-289
                                                                                      Chapter 3   The Commands: Reference Examples
   User Management
                       Users:
                       1. admin - "Administrator" (admin)
                       2. helpdesk - "HELP DESK" (helpdesk)
                       Users:
                       1. admin - "Administrator" (admin)
                       2. hdesk_user - "Helpdesk User" (helpdesk)
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-290
 Chapter 3   The Commands: Reference Examples
                                                                                                                       User Management
                        Please enter the timeout in seconds for how long the external authentication credentials
                        will be cached. (Enter '0' to disable expiration of
                        authentication credentials altogether when using one time passwords.)
                        [0]> 30
                        Please enter timeout in seconds for receiving a valid reply from the server:
                        [5]>
                        1. CHAP
                        2. PAP
                        Select authentication type:
                        [2]>
password or passwd
Description
                        Change your password.
                                                      CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                 3-291
                                                                                                 Chapter 3     The Commands: Reference Examples
   User Management
Usage
                       Commit: This command requires a commit.
                       Cluster Management: This command is restricted to cluster mode.
            Note       The passwd command is a special case because it needs to be usable by guest users who can only ever
                       be in machine mode. If a guest user issues the passwd command on a machine in a cluster, it will not
                       print the warning message but will instead just silently operate on the cluster level data without changing
                       the user's mode. All other users will get the above written behavior (consistent with the other restricted
                       configuration commands).
Example
                       mail3.example.com> password
last
Description
                       The last command displays who has recently logged into the system. By default, it shows all users who
                       have logged into the system
Usage
                       Commit: This command does not require a commit.
                       Cluster Management: This command is restricted to machine mode.
                       Batch Command: This command does not support a batch format.
Example
                       elroy.run> last
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-292
 Chapter 3   The Commands: Reference Examples
                                                                                                                         User Management
who
Description
                        The who command lists all users who are logged into the system via the CLI, the time of login, the idle
                        time, and the remote host from which the user is logged in.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto). This command requires access to the local file
                        system.
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> who
whoami
Description
                        The whoami command displays the username and full name of the user currently logged in, and which
                        groups the user belongs to.
Usage
                        Commit: This command requires a commit.
                        Cluster Management: This command can be used in all three machine modes (cluster, group, machine).
                        Batch Command: This command does not support a batch format.
Example
                        mail3.example.com> whoami
Username: admin
                                                        CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                   3-293
                                                                                      Chapter 3   The Commands: Reference Examples
   Virtual Appliance Management
loadlicense
Description
                       Loads an XML license for a virtual appliance. You can load from a file or copy and paste. For complete
                       information, see the Cisco Content Security Virtual Appliance Installation Guide available from
                       http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-li
                       st.html.
                       This command is available to users with Admin or Operator privileges.
Usage
                       Commit: This command does not require a commit.
                       Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                       host (i.e., the specific machine you are logged onto).
                       Batch Command: This command does not support a batch format.
Example
                       mail.example.com> loadlicense
            CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
 3-294
 Chapter 3   The Commands: Reference Examples
                                                                                                             Virtual Appliance Management
showlicense
Description
                        Displays information about the current virtual appliance license. Additional details are available using
                        the featurekey command.
                        This command is available to users with Admin or Operator privileges.
Usage
                        Commit: This command does not require a commit.
                        Cluster Management: This command is restricted to machine mode. It is further restricted to the login
                        host (i.e., the specific machine you are logged onto).
                        Batch Command: This command supports a batch format.
Batch Format
                        The syntax of this command is: showlicense
Example
                        mail.example.com> showlicense
                                                         CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
                                                                                                                                    3-295