Sophos Mail Advanced - Enforce TLS and optional Push encryption

Question

Hello community, 
 we have migrated from Sophos UTM to Sophos Mail Advanced. 
 On our UTM, we could configure transport encryption to TLS 1.2. Additionally, each internal user could choose to send an email using Sophos SPX for end-to-end encryption. 
 While the rule set in Sophos Mail Advanced is straightforward, I am having difficulty understanding how to replicate our UTM configuration there. What I want to achieve: 
 - Sending with TLS 1.3/1.2 - Receiving with TLS 1.3/1.2 - Optional: Utilizing Push Encryption when a keyword is mentioned. 
 What is the best pracitise for doing this? 
 Thank you

LuCar Toni · Accepted Answer

Central Email essentially gives you the option to use TLS everytime and fallback, if TLS is not available. 
 
 So you can use the "Fallback" option here. 
 Push means essentially SPX / PDF Encryption. 
 This secures the encryption way everytime, if triggered. 
 You can decide based on Subject line here or via a DLP Rule when to trigger an encryption event. 
 Then CEMA will try to perform TLS Encryption, to send the Email, and if TLS is not available, it will fallback to Push. 
 You can also switch around and say, you only want to use Push when triggered.

Sophos Mail Advanced - Enforce TLS and optional Push encryption

Top Replies