Has anyone installed PostX? Any experience?

Unanswered Question
Sep 13th, 2007
User Badges:

We are looking for a very simple mail-encryption solution for us and our customers.

IOHO, all the known solutions are far too complicated for the end-users or not available for OS X or mailclient Y.

Whats about PostX? Has anyone implemented this solution on a Ironport-device? Could someone post his experience?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Donald Nash Thu, 09/13/2007 - 19:38
User Badges:

We don't have it installed here, but I did get a sample encrypted message sent to me. It's quite nicely done. You just extract the HTML blob containing the encrypted message and open it up in your browser. It's my understanding that they use JavaScript to decrypt the message. The key is stored on a key server, and you are prompted to authenticate in order to access it. No muss, no fuss. There is even a "reply" button on the decrypted page, which basically just fires off a "mailto:" link for your mail program to handle.

From the sending end, you use something like a message filter to target which messages get encrypted. Before AsyncOS 5.5, you'd need to redirect such messages to a standalone PostX encryption appliance, but as of 5.5 the encryption ability is built in to AsyncOS. You can either run your own key server or have IronPort host your keys for you. At least, that's how it was explained to me. I have no idea what sort of management burden is associated with either of those two choices.

cireland_ironport Wed, 10/17/2007 - 20:55
User Badges:

I am an engineer for Coleman Technologies, Inc, and IronPort partner and have done a few on C-Series box email encryption installs out in the field and just finished our implementation on our internal box.

The install is pretty straight forward and very simple. Once your C-series is provisioned for Luxor (5.5 code) and your box has been upgraded (the admin interface is changed and is much cleaner with drop down menus) you would then go under "Security Services" and then choose the new "IronPort Email Encryption" option. Read through the ULA and accept.

You will then be taken to the "IronPort Email Encryption Settings" page where you will create a profile by clicking the "Add Encryption Profile" button. Give the profile a name (I typically use the domain of the company, so for our case ctiusa.com).

For key service type select "Cisco Registered Envelope Service", and select High or Medium message security (medium = No password entry required if recipient credentials are cached), then submit and commit.

Once you've done that click on the provision button next to the profile you've just created. Once your profile has been provisioned (the button will now say "re-provision") then you will setup an outbound content filter to trigger the encryption.

If anyone has any specific questions just shoot me an email at [email protected] and i'd be more than happy to answer.

Regards,

Chris

Actions

This Discussion