I have our C160 setup to use the external CRES service.
I have a outgoing Policy #1 (named Cisco-registered-envelope) which applies to a couple of LDAP groups. There is an associated content policy that has a condition of =="[SEND SECURE]" in the Subject Header, with the end/final action being Encrypt and Deliver Now.
I have a 2nd outgoing Policy which applies to everyone at "ourdomain.org" and has no content policies associated with it( Disabled)
For emails containing the correct "condition", the system correctly encrypts the email.
However, I get random encryption for outgoing emails that don't meet the "encryption" content policy.
When looking at the history details of one of the encrypted messages (that shouldn't have been) it lists:
Message 52241 matched per-recipient policy Cisco-registered-envelope for outbound mail policies
From a user standpoint, both policies include the same sets of users, it's just that the Policy (Cisco-registered-envelope) contains an outgoing content filter (named Email_encryption) with the required condition of =="[SEND SECURE]" in the Subject Header.
I don't understand what is causing the encryption rule to be invoked for emails not containing the =="[SEND SECURE]" in the Subject Header.
Current AsyncOS Version: 7.0.1-010
Thanks in advance for your help.
the problem lies in the subject rule being an regular expression, and the square brakets ( ) are special characters. You'd need to rewrite the condition like this:
"\[SEND SECURE \]"
After submitting, the result should look like this:
subject == "\\[SEND SECURE \\]"
And should work as expected. For an explanation, an expression like [ abcdef... ] will match any single letter within the brakets.