I have our C160 setup to use the external CRES service.
I have a outgoing Policy #1 (named Cisco-registered-envelope) which applies to a couple of LDAP groups. There is an associated content policy that has a condition of =="[SEND SECURE]" in the Subject Header, with the end/final action being Encrypt and Deliver Now.
I have a 2nd outgoing Policy which applies to everyone at "ourdomain.org" and has no content policies associated with it( Disabled)
For emails containing the correct "condition", the system correctly encrypts the email.
However, I get random encryption for outgoing emails that don't meet the "encryption" content policy.
When looking at the history details of one of the encrypted messages (that shouldn't have been) it lists:
Message 52241 matched per-recipient policy Cisco-registered-envelope for outbound mail policies
From a user standpoint, both policies include the same sets of users, it's just that the Policy (Cisco-registered-envelope) contains an outgoing content filter (named Email_encryption) with the required condition of =="[SEND SECURE]" in the Subject Header.
I don't understand what is causing the encryption rule to be invoked for emails not containing the =="[SEND SECURE]" in the Subject Header.
1. LDAP-Group-match (if the sender belongs to this group, then this policy is applied to the emali
2. Default (catch all)....any sender not in the Group #1, then they will be assigned this Outgoing Mail Policy.
There is an outgoing content filter that looks for the "flag", "Send Secure", in the subject. If it's there, then encrypt the message.
If the "flag", is not there, encryption does not occur.
2. Default (catch-all)
No encryption should occur for emails assigned to this outgoing mail policy since the "outgoing content filters" are disabled.
If the above statements are correct, then I think the messages that are getting encrypted are some how matching outgoing policy #1 and that content filter.
If you can still find the MID output for those "incorrectly" encrypted messages, you should see a place that shows which "outgoing mail policy" was assigned to the message. If you need assistance on this, please obtain the MID for that message and paste the results in this thread and I'll see if I can help.
Has anyone successfully used the “Sensitivity: Company-Confidential” option by modifying the .xml file? I have edited per the documentation but when I look at the message headers, I don't see a "Sensitivity" header being added to the message.
I believe that is the same header that the documentation was referring to. Supposedly you
can tweak the Ironport .xml file on the user's PC and Ironport Outlook plugin will mark that header for the end user (rather than prepending SEND SECURE) and the filter on the appliance will encrypt the message. I tried modifying the xml file but when I view headers on the message but I don't see that it is being modified. I'm just curious if anybody had gotten it working or if it was buggy. Thx.
It would also be nice if the Outlook Plug-In checked to see if the string already exists in the e-mail. We have a lot of e-mail going through with the subject line being [Send Secure] Re: [Send Secure] [Send Secure] Fwd: [Send Secure]. Or something like that.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...