Can anyone tell me requirements and tasks required to implement bi-directional Email encryption on appliance ES4000
Thanks
This thread was automatically locked due to age.
Can anyone tell me requirements and tasks required to implement bi-directional Email encryption on appliance ES4000
Thanks
HI Mark,
this is the instructions for the Sophos Email Appliance
Are you referring to TLS (transport of emails) or SPX encrypted email pdf's? The most secure way to send email is to configure both SPX and TLS.. See below.
TLS:
Configuration / Policy / Encryption
ensure TLS is enabled.
under the advanced section at the bottom..
Enter the domain, select sub domains if required.. change the incoming and outgoing messages require encryption OR require and validate
**** NOTE: if encryption fails or the certificate fails to be validated mail will pile up in the mail queues. Ensure the domain is properly set up before setting this up.
SPX:
You will require configuration in the UI and Some rules to ensure it works correctly.
UI: under the same encryption menu click on the spx tab.
Note: the portal port number .. this must be accessible from the internet to the appliance.
create your template and password settings.
once that is all done:
on exchange, ensure there is a "send" connector sending all outbound mail through the appliance
then in the appliance create the following rule:
This example will encrypt all mail that is either flagged as "company-confidential" (you can use the outlook plugin, or manually set the sensitivity in the email properties) OR mail with the word *encrypt* in the subject line.
Add SPX rule
under configuration \ policy \ data control or additional policy \ outbound
add
rule type:
messages matching specific words or phrases
enable advanced policy
next
rule config:
click on the regular expressions tab
.* (period star, no spaces etc)
add
next
message attributes : (2 rules)
#1
select header
Name Subject (note the capital S is important)
check off "is (exact match)"
value : *encrypt* (or what ever keyword you like) you can also use the contains sub string if you want to look for *encrypt encrypt [encrypt] etc)
apply
#2
Header
Name Sensitivity (note the capital again)
check off "is exact match"
value company-confidential (all lower case)
apply
you will now see a check box at the bottom of the rule.. make sure you click "One of the message attributes must be present"
so the rule in the window should read..
Header is:'Subject: *encrypt*'
OR Header is: Sensitivity: company-confidential
next
select users
next
main action
encrypt using spx, select your template and you will probably want to check off all 3 boxes..
additional actions
next
rule description
name it save it.
once your dropped back to the list of policies use the arrows ^ to move it to the top and click save order.
HI Mark,
this is the instructions for the Sophos Email Appliance
Are you referring to TLS (transport of emails) or SPX encrypted email pdf's? The most secure way to send email is to configure both SPX and TLS.. See below.
TLS:
Configuration / Policy / Encryption
ensure TLS is enabled.
under the advanced section at the bottom..
Enter the domain, select sub domains if required.. change the incoming and outgoing messages require encryption OR require and validate
**** NOTE: if encryption fails or the certificate fails to be validated mail will pile up in the mail queues. Ensure the domain is properly set up before setting this up.
SPX:
You will require configuration in the UI and Some rules to ensure it works correctly.
UI: under the same encryption menu click on the spx tab.
Note: the portal port number .. this must be accessible from the internet to the appliance.
create your template and password settings.
once that is all done:
on exchange, ensure there is a "send" connector sending all outbound mail through the appliance
then in the appliance create the following rule:
This example will encrypt all mail that is either flagged as "company-confidential" (you can use the outlook plugin, or manually set the sensitivity in the email properties) OR mail with the word *encrypt* in the subject line.
Add SPX rule
under configuration \ policy \ data control or additional policy \ outbound
add
rule type:
messages matching specific words or phrases
enable advanced policy
next
rule config:
click on the regular expressions tab
.* (period star, no spaces etc)
add
next
message attributes : (2 rules)
#1
select header
Name Subject (note the capital S is important)
check off "is (exact match)"
value : *encrypt* (or what ever keyword you like) you can also use the contains sub string if you want to look for *encrypt encrypt [encrypt] etc)
apply
#2
Header
Name Sensitivity (note the capital again)
check off "is exact match"
value company-confidential (all lower case)
apply
you will now see a check box at the bottom of the rule.. make sure you click "One of the message attributes must be present"
so the rule in the window should read..
Header is:'Subject: *encrypt*'
OR Header is: Sensitivity: company-confidential
next
select users
next
main action
encrypt using spx, select your template and you will probably want to check off all 3 boxes..
additional actions
next
rule description
name it save it.
once your dropped back to the list of policies use the arrows ^ to move it to the top and click save order.
Perfect many thanks for your help
