I don't believe this is possible because of the email workflow but I want to cover all bases.
Here is the scenario:
- We have 2 IronPort C350's. I have one that handles all normal outbound mail flow and the other handles CRE encryption as well as being set to TLS preferred for all outbound mail
-I have several outbound content filters set on the first box that will send to alt host (the second box) for either CRE encryption or simply delivered via TLS preferred.
-The filters that do not use CRE encryption are basically for SSN and HIPAA term matches from (careless) internal users who do not choose end-to-end encryption.
I was wondering if it were possible to have a rule set up on the second box to basically act on failed TLS requests for outbound messages and use CRE encryption?
Another option I was looking at was setting TLS to required and then setting up a rule to notify the internal sender of failed TLS.
My third option ( and the one I think I'll end up having to use) is to set the filters up to use CRE encryption instead.
Any insight into this would be greatly appreciated. Thanks![/list]