"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article shows you how to set up a web service that integrates with your existing authentication system to issue SPX passwords. The passwords are based on supplied email address/password combinations. These passwords are required for decryption of messages that have been encrypted using the Email Appliance's SPX encryption.
Note: Sophos Technical Support does not officially support the development of custom web services. For additional assistance with customization, contact your account manager to receive guidance from Sophos Professional Services.
Copyright (c) 2009, Sophos Group
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Configuring the email appliance to issue passwords using a web service requires a number major steps, each of which is described in detail below. You must add the web service application to IIS, configure IIS to use the service, configure HTTPS (recommended), set up authentication, configure the web service application, configure the appliance to use the service, and test the service.
Although it is possible to perform authentication without HTTPS, Sophos recommends that it be enabled.
Note: SPX configuration in the Email Appliance has support for Basic Access Authentication using Active Directory or Anonymous Authentication, both with the option of using HTTPS. This example covers Anonymous Authentication only. For information about Basic Access Authentication on IIS Server 7, see the Microsoft documentation.
The application can be integrated with most authentication infrastructures, whether it be database (MSSQL, MYSQL, Oracle, etc), LDAP (Active Directory, OpenLDAP, etc), or other means (for example, text files). The only requirement is that the passwords can be retrieved and transmitted to the Email Appliance for use with encrypted messages.
In this example, the script will attempt to retrieve passwords from a CSV file containing one email address and password combination on each line. In each entry, the two values must be separated by a comma, and there should be no spaces. For example:
<add key="csvFile" value="C:\passwords.csv" />
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.