Solved: Content Filter

kevinsweeting · ‎08-22-2012

Good Afternoon,

We are having an issue with the Content filter from within the IronPort C150 webconsole.

A few months ago we upgraded from Exchange 2003 to Exchange 2010, we've just noticed that our encryption filter is not working for outbound email.

The conditions we have set for this filter is:

EncryptEmail: if (header("X-Envelope-Encrypt")) { encrypt ("somehost.com", "$Subject"); }

So in exchange 2003 we were able to send an email in outlook, using the flags "High Importance" and "Confidential" together and this would have activated the filter in ironport to encrypt the email to send securely.

Since moving to Exchange 2010 the above no longer works and does not get activated when both flags (high importance and confidential) are used together.

We can use an alternative by putting "[SendSecure]" in the subject line of each email we send out, this alternative still works.

Even though we have an alternative that works we would still like to use the previous method as well.

Any ideas on how to fix it?

Kind Regards,

K

stojanr · ‎08-23-2012

Hello Kevin,

check the headers that get inserted in your emails when you check both "High Importance" and "Confidential" . If those headers don't include X-Envelope-Encrypt, then the emails won't get encrypted, which is what is probably happening.

Also, are you using some message filters to insert the "X-Envelope-Encrypt" header ? Because that doesn't look like somethin either Outlook or Exchange would actually insert.

View solution in original post

Knuto0815 · ‎08-27-2012

Hello Kevin.

As stojanr pointed out you should have a look at the message filters and find out what they are doing. Beware: message filter <> content filter !

Having a quick look at an email having both flags set there are two headers which seem to be the suspects you are looking for: Importance: high and Sensivity: company-confidential. Add a filter at the right place with the right conditions and actions to get it back working.

Just read the parts of the handbook concerning the mail pipeline, message filters and content filters and you will see that this is quite well documented and not that hard to do. A filter which might fit might be:

EncryptEmailByHeader: if (header('Importance') == 'high') AND (header('Sensivity') == 'company-confidential') { insert-header('X-Envelope-Encrypt', 'YES'); }

View solution in original post

stojanr · ‎08-23-2012

Hello Kevin,

check the headers that get inserted in your emails when you check both "High Importance" and "Confidential" . If those headers don't include X-Envelope-Encrypt, then the emails won't get encrypted, which is what is probably happening.

Also, are you using some message filters to insert the "X-Envelope-Encrypt" header ? Because that doesn't look like somethin either Outlook or Exchange would actually insert.

kevinsweeting · ‎08-24-2012

Morning Stojanr

Thank you for your reply.

I've checked a few test emails with both the "High Importance" and "Confidential" options enabled. Looking at the header of these emails im not seeing a "X-Envelope-Encrypt" anywhere in the header.

Would you be able to point me in the right direction as to where i could check to see if we are using a message filter that would be inserting the "X-Envelope-Encrypt" in the emails header.

The only place i am seeing the "X-Envelope-Encrypt" is on the IronPort C150 Webconsole. There is a filter called "EncryptEmail" which has the rule of "EncryptEmail: if (header("X-Envelope-Encrypt")) { encrypt ("somehost.com", "$Subject"); } .

Hmm... reading the description of this entry it says the below:

Encrypt outbound email traffic when [SendSecure] is found in Subject line or the Outlook > Options > Sensitivity > Is set to High and Confidential. A message filter removes the [SendSecure] and inserts a X-Envelope-Encryp that we trigger on this content filter.

Though when i sent an email using the [SendSecure] in the subject line. The email is sent securely but when i look in the header of this email i still see no signs of the "X-Envelope-Encryp" even though it did work.

I would like for our users to have both this method of [SendSecure] in the subject which already works, but i would also like for them to have it where they can set the flag for the email to be both "High Importance" and "Confidential" at the same time, to trigger the email to be secure.

Are you able to advise on how i can do this?

Much thanks,
K

Knuto0815 · ‎08-27-2012

Hello Kevin.

As stojanr pointed out you should have a look at the message filters and find out what they are doing. Beware: message filter <> content filter !

Having a quick look at an email having both flags set there are two headers which seem to be the suspects you are looking for: Importance: high and Sensivity: company-confidential. Add a filter at the right place with the right conditions and actions to get it back working.

Just read the parts of the handbook concerning the mail pipeline, message filters and content filters and you will see that this is quite well documented and not that hard to do. A filter which might fit might be:

EncryptEmailByHeader: if (header('Importance') == 'high') AND (header('Sensivity') == 'company-confidential') { insert-header('X-Envelope-Encrypt', 'YES'); }