Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 11082 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPX with Exchange 2010 for internal encryption

tlaier

Hi,

we use the email appliance for several years now and haven't used the SPX before as we used PGP. Now we want to provide mail encryption for all with Sophos SPX. We want to be able to also encrypt mails from internal to internal. (mailbox to mailbox)

As we have a gateway solution implemented yet, we now have the problem to get the internal traffic also over one SPX appliance. How can this achieved?

I have no possibility to configure the send connector to route all mails with header "confidential" to the internal SPX-appliance. And if I route all traffic over the appliance, how do I avoid bounces?

Is there a white paper with a szenario for internal encryption and not only gateway encryption?

Any hint is welcome ;)

Thanks in advance

Torsten

:41481


This thread was automatically locked due to age.
  • 0

    Hi Torsten,

    here's just my thought, I do not know if this scenario will be work, never tried before.

    Since the SEA only encrypt the outbound SMTP message, then you will need the SEA to sit between the client and the mail server. I don't think you can use the existing SEA that act as the email gateway to do the internal encryption.

    CLIENT ------------ SEA ------------ MAIL SERVER

    You need to configure the mail client to send using SMTP.

    On the SEA you need to configure is as open relay SMTP, probably by adding the IP CLIENT to Internal Mail Hosts list or the Trusted Relay List.

    Then you you would also need to set the Outbound Mail Proxy, and set your MAIL Server as the Mail Proxy.

    And since you use Exchange and assumed you're using microsoft outlook, the client would probably would lose some feature if you change from using RPC to SMTP. :-( .

    Regards,

    Antonius A

    :41499
  • 0

    Hi Antonius,

    unfortunately this is no option for me. As you mentioned I would have to switch from RPC to SMTP and what would I do with the external clients which are connected via RPC over https?

    I thought about a SMTP-connector for the Exchange. Something that routes the "confidential" traffic over a connector to the SPX and the SPX back to the Exchanges. I don't know but it seems that the SPX is only for external communications. We do have some internal communications which have to be encrypted.

    Maybe this is a feature request to get the SPX also for internal use working.

    I have already tried to implement one SPX between the CAS-Server and the TransportServer and build up something like a connector to route all traffic through the SPX, but I am afraid of bouncing mails.

    Thanks and regards

    Torsten

    :41505
  • 0

    Wow.  This is an interesting topic as I have never thought about doing this.  So excuse my ignorance as I am learning.  So the ultimate goal and benefit here would be for all internal email to be encrypted in the event it leaves the network (outbound email) it will automatically be encrypted?

    Is this the reasoning behind encrypting internal email in your scenario?

    I haven't really given it that much thought as I thought internal email communication on Exchange was already secure.

    I am trying to determine if there is an issue or concern I haven't thought of and myself being a one-man IT department likes having someone as a technology sounding board.

    Very interesting topic and subject.

    Thanks for the insight and additional reasoning on this topic.

    :42155
Unfiltered HTML