Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Secure Message? Where is it?

Up until recently we used the old Sophos Email Appliance, and were able to add a keyword to the subject line to force SPX encryption (where it would encrypt as a PDF with a password).  

I'm having a hard time trying to replicate this now that we've moved to Sophos Email in Sophos Central.  I would really like to utilize the Portal Encryption, but I don't see that option anywhere in Sophos Central.  Is this a separate licensed product?  I can't find much information about it.  

I also am having a hard time understanding the settings in the "Base Policy - Secure Message" area.  Currently for outbound settings we have it set to Secure using TLS, Prefer TLS 1.3, and also "Allow unencrypted delivery".  This was checked by default, even though it says "not recommended".  In the logs, 90% of our outgoing emails say "Secure message", and the other 10% say "Legitimate".  If I turn off "Allow unencrypted delivery", will those messages fail?  I'm unsure really what the difference is here.



This thread was automatically locked due to age.
Parents
  • David,

    you can use Data Control to create the policy that uses keywords to enforce PDF encryption which all our customers have access to. If you would like Portal Encryption with customization that is a separate license CEMA-PE-ADDON, please contact your sales team.

    It is likely that those 10% would fail, while I can't say without looking deeper but Prefer TLS 1.3 will downgrade TLS versions if 1.3 is not available and if you uncheck "Allow unencrypted delivery" if TLS cannot be established it would fail to send those messages.

  • On a related, but also unrelated question . If we use "Prefer TLS 1.3", does it also "Require TLS 1.2", or does preferring TLS 1.3 still allow TLS 1.0 and 1.1? Ideally, we'd rather require TLS 1.2 but if 1.3 is available, use that.

  • Preferred TLS requires 1.2 and above. We will remove complete support for 1.0 and 1.1 by end of year.

Reply Children