We have a IronPort C350 with the IronPort encryption appliance running 6.5.5 and need to make a change to the notification email that recpients receive when getting a secure email. The notification message I'm referring to starts out "You have received a secure email...". So far I have been able to possible determine that the HTML message being referenced is called PostXMessage.html but I cannot seem to figure out how to change it. I reached out to support and was given some instructions on how to change it, alas, it did not work. They instructed me to use an SCP client and navigate to:
/usr/local/postx/server_6.5.5/conf/ and modify the PostXMessage.html and PostXMessage.txt files then restart the SMTP service. I uploaded new PostXMessage.html and PostXMessage.txt files but neither a restart of the SMTP service or a reboot of the appliance seems to be getting the changes reflected in the notification message. What am I doing wrong?
It depends where you are doing the encryption. You can use the IEA as just the key server and perform the encryption on the ESA, or you can route the email to the IEA where it can do both the encryption and act as the key server.
If you are encrypting on the ESA then the notification text is held on the ESA as a text resource, which you can modify using the admin GUI. If you are encrypting on the IEA then the instructions you have already been given would apply. As they seem to have had no effect I wouldconclude you are encrypting on the ESA.
This is the base of my confusion it would seem. I don't see any applicable text resources on the ESA that would apply so I'm led to believe it's being done on the ISA and since the directions on the ISA don't seem to be working it would appear that, based on what you have said, that the ISA isn't doing the encryption.
Whats even more odd is that on the ESA when I go to Security Services>IronPort EMail Encryption I get the message that the feature key has expired or is unavailable which leads me to think that the ISA is actually doing it.
I have extremely limited knowledge of how this works since I inherited it and it's outdated...
Any other information, suggestions, or ideas is certainly welcome..
You should be able to determine where the encryption is being done by checking the message or content filters that mark out the emails for encryption (based on subject or whatever you use). If they have an action Encrypt or Encrypt on Delivery then it is trying to encrypt on the ESA. If that were the case then there would be an encryption profile defined in the GUI (security services > ironport encryption) and in that profile it would show you the notification text in a preview window and you could change that by creating a new text resource (mail policies > text resources). This would appear not to be the case however as there is no encryption license on the ESA.
So the other option is that the IEA is doing the encryption and the IEA has been customised so that the PostXMessage.html is not in the default location. If you are able to log into the IEA admin GUI then go to the configuration tab and navigate to SMTP adaptor > router rulesets > encrypt > applications > registered envelope. In there go to the message personalisation tab. Look for a field called Outgoing HTML Body File. By default it says PostXMessage.html. If the filename is different look for that file in /usr/local/postx/server/conf on the IEA (using admin CLI). If there is a directory before that filename e.g. it says branding/PostXMessage.html then that directory is rooted in /usr/local/posts/server/conf. If it starts with a / then you have to navigate from root. If you are familiary with Linux directories that will help.
If you still have no joy Jeff ping me dave @ two-square.co.uk as I am very familiar with this whole area.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :