This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do configure SPX right?

How to setup SPX?

Call me stupid, but I can't get it working 
I followed the instructions as following How to Configure Email Encryption with SPX on the Sophos UTM
I configured the Zimbra server to relay on the UTM 9.3 . I see the mail going through the spool in 
Mail Manager. I set in the SPX template to generate an one-time password for every mail and still 
the mail is send NOT encrypted (or an encrypted PDF).
Also the SPX Portal (port 10444) is not accessible... this is driving me craxy!
Any suggestions what I miss configured?

Then I made a DLP rule to use SPX when a "magic" word is used, now I see in the mail spool 
"SPX encrypted" and the receiver receives an e-mail with the PDF. But when the receiver want to reply to it, 
he's redirected to the UTM on port 10444 it isn't active...

Is SPX not working transparently? I thought when an e-mail send the mail spool will "see" that it's needed to be encrypted
and also the SPX Portal should be accessible when this is configured in the SPX template...

What should I check or configured to use SPX?


This thread was automatically locked due to age.
Parents
  • SPX does work transparently and you've set it using the trigger word "magic" is correct. So when the mail passes through the UTM if the word "magic" appears then it'll encrypt the contents into PDF and fire it on to the recipient. When the user clicks reply then yes they do goto that portal to type in a reply and as of 9.3 they'll be able to attach files as well.

    Have you tried forwarding the PDF back to yourself so its internal, open it, click Reply and see if it opens the portal?

    Goto Email Protection -> SPX Encryption -> SPX Config, scroll to the bottom and check

    hostname: so normally the UTM host name that you setup at the beginning.
    Listen Address: Any
    Port: 10444
    Allowed networks: Any (if you want anyone anywhere to get to it)

    Are you using SMTP with or without profiles on this UTM?

    Do you have a 3rd party certificate assigned to the UTM under Management -> Webadmin Settings -> HTTPS Certificate

    Btw if you want to trigger SPX Encryption just by subject then use ^ before the trigger word, so ^magic in the subject would encrypt it but the word magic in the email body wouldn't.
  • Where do I set the trigger word(s)?  How?

Reply Children
  • For the portal to be enabled, you need to modify your SPX Template. 

    Email Protection... SPX Encryption... SPX Templates (tab)

    At the bottom, expand "SPX Portal Settings" and check the box for "Enable SPX reply portal".

    I am confused by your question about magic words because I thought you had already done this.

    Email Protection... SMTP... Data Protection (tab)...

    1) Data Protection Policy.

    Ensure that "action on match" is "Use SPX Encryption"

    2) Sophos Content Control Rules (optional)

    There are a lot of rules here.   Use the two pull-down fields to display different sections of the list(s), and choose the ones that you want

    3) Custom Rules (optional)

    Use Regular Expressions to search the message.   It probably searches the raw content, which includes all of the headers and HTML tags, so beware of configuring false positives. 

    Also on 

    Email Protection... SPX Encryption... SPX Configuration (tab)

    "Prefer SPX" checkbox only applies if you are using SPX and one of the other supported methods (S/MIME or PGP).    Those require cooperating senders and receivers, so if both apply, I would avoid SPX, so I suggest leaving the box unchecked.   But you probably are not using either of them, so the setting does not matter.