This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web portal for email encryption?

Is there an option for recipients of encrypted email to see it on the sophos web portal?  We've had numerous complaints about how SPX works.  The first complaint is how browsers interact with the PDF.  Many of the people we email are using web mail like gmail or hotmail and use either chrome or IE.  They don't have any problems opening the pdf in the browser but if I have an attachment as part of the pdf, the browser won't recognize that.  The far end has to download the attachment to the desktop and open it with a pdf reader like acrobat in order to see the attachment in the pdf.  Trying to explain that to all the different end users and the far end is tedious and wasteful.  The second issue is that if the far end forgets their password then any files I've sent in the past are now no good unless they remember that password.  

Other secure messaging systems use a web portal where the far end logs into to receive email and attachments.  I know the email appliance has a web portal ability, that's how they initially set their password or perform a secure reply.  It also has the ability to show quarantined items to end users (web mail style) so I know it's 90% there.

Does anyone know if there is a way to enable such a portal for encrypted email use similar to other messaging systems?  It would allow me to reset a password and not invalidate all previous messages/files and would be easier for the far end to see attachments.

Thanks!



This thread was automatically locked due to age.
Parents
  • Hello,

    Greetings.

    Configuring the SPX Portal

    Clicking Settings in the Portal section of the Policy: Encryption page opens the Configure SPX Portal dialog box. Here, you configure the URL used for the Secure PDF Exchange (SPX) email portal. By default, port 10443 is used for the (SPX) portal, and port 443 is used for the End User Web Quarantine.

    Note: By activating the SPX portal you give recipients a means of registering for an SPX password. If you want recipients to have the option of securely responding to encrypted messages, you must enable secure reply using the SPX Template wizard. For more information, see "Portal Settings".

    To configure the portal URL:

    1. Select either the Use hostname from SSL certificate (Recommended) if you want to use the hostname from the Email Appliance's SSL certificate, or select the Specify a custom hostname option and enter the hostname of the Email Appliance on which the SPX portal is located.
    2. Under Ports, select the port used for the SPX portal. Whichever port you select for the SPX Portal, the remaining port will automatically be selected for the End User Web Quarantine (the reverse is also true).
    3. Click OK.
    Note: You may need to add or configure a certificate for use with the SPX portal. See the certificates documentation for more information.

    Referring to your second issue : You can allow the end user to recover their password.

    Go to configuration > policy > encryption > spx encryption > edit spx template ( refer attachment ) and select the password recovery/reset option. ( for more details, click on ? when you land on edit spx template page )

    Important: Recipients should understand that a new password only applies to encrypted messages received after the password has been reset or changed. Recipients must use the password that was active during the period that encrypted messages were sent in order to access those messages

    Referring to your first issue : browser interaction with pdf

    This is a known issue which may get addressed in future releases. 

    Below article might as well be helpful in future :

    https://community.sophos.com/kb/en-US/121314

    Let me know if you have any further questions.

    Regards,

    Aiman Ansari | Network & Security Engineer 

  • I really feel that you didn't read my original post or at least did not understand the intent of it.  I already have the SPX portal setup, I know that users can reset their password through that portal, and I know that there is an issue with viewing PDFs in browsers.  The problem is that the whole push based encryption doesn't work well and isn't user friendly.  Sophos needs to create a pull based system that is easier for end users to access and use.  The purpose of the post is to raise awareness to that fact.  If no one complains then the product is assumed to good when in fact there are things that can be improved.  There are many good things about the email appliance, really my only complaint (which is so severe that I've looked at other products) is the encryption portal (pull vs. pushed).  If you're unaware of what pull vs. pushed means it is:

    1.  push -- what sophos does.  They send the end user an encrypted file that is password protected.

    2.  pull - the end user gets a link that they click on and then they directed to a secure portal site where they log in and then can view their secure messages.  The advantages of a pull based system is that they don't need special software and if they need a password reset they don't loose access to all the previous documents.  

Reply
  • I really feel that you didn't read my original post or at least did not understand the intent of it.  I already have the SPX portal setup, I know that users can reset their password through that portal, and I know that there is an issue with viewing PDFs in browsers.  The problem is that the whole push based encryption doesn't work well and isn't user friendly.  Sophos needs to create a pull based system that is easier for end users to access and use.  The purpose of the post is to raise awareness to that fact.  If no one complains then the product is assumed to good when in fact there are things that can be improved.  There are many good things about the email appliance, really my only complaint (which is so severe that I've looked at other products) is the encryption portal (pull vs. pushed).  If you're unaware of what pull vs. pushed means it is:

    1.  push -- what sophos does.  They send the end user an encrypted file that is password protected.

    2.  pull - the end user gets a link that they click on and then they directed to a secure portal site where they log in and then can view their secure messages.  The advantages of a pull based system is that they don't need special software and if they need a password reset they don't loose access to all the previous documents.  

Children
  • I agree.  Using a pull technology is a much better option.  Currently we are sending an encrypted email and the customer can't remember their password. We then have to reset their password which then requires the email be sent again and the customer re-register.  This is a very slow and resource intensive way to handle this.