Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1063
Views
0
Helpful
3
Replies

CRES encrypted mails even without the 'key' word

tad.190804
Level 1
Level 1

‎09-30-2013 03:25 AM

Hi

We have CRES enabled, and it does send out encrypted mails when we type in our "key" word in the subject or body.

The issue is at times, when the selected user sends non-encrypted mails, the subject and the body of the email does not contain

any of the "key" words, it even then encrypts the mail and sends it accross.

We have observed this for a couple of users, so we removed these users from the Allowed list of users, who can encrypt their email,

and re-inserted these users to encrypt, the mail, it works fine for them now.

But now again another set of users are complaining of the mails being sent out as encrypted, thought they are not having any

"key" words that are needed to send out the mail as encrypted.

Any one faced this kind of issue or any work around for this, kindly advise.

Regards,

Tauseef

Labels:
0 Helpful
3 Replies 3

David Miller
Level 1
Level 1

‎09-30-2013 03:40 AM

Do you use content filters and does your key word by any chance include square backets? Like [send secure]?

If so you need to remember that the key word field is a regex field so something like [send secure] will encrypt every email that contains an S, E, N, D, C, U or R, which is quite a lot.  You have to escape the [ ] characters in the regex field.

Hope this helps, Dave

0 Helpful

tad.190804
Level 1
Level 1
In response to David Miller

‎09-30-2013 04:50 AM

Hi David,

I agree with your observation, but this is not it.

As I mentioned, its happening only for specific users, not all users.

For instance if I send out a normal mail to a user@user.com , it goes out as a normal mail.

But when the spcific user who has an issue, sends it out to the same normal mail to  user@user.com, it goes out as encrypted !!

0 Helpful

Valter Da Costa
Cisco Employee
Cisco Employee

‎09-30-2013 08:58 AM

Hi Tauseef,

I would recommend you to use the Message Tracking so you can understand the message flow. The message is probably triggering the Encryption action.

You could also use the Trace feature at:

System Administration -> Trace

So you can simulate a message and how the Cisco ESA will handle the message.

If you are not confortable sharing the config (policies/filters) and the tracking in the forum, I would suggest you to open a TAC ticket so an Engineer can assist you identifying what is causing the message to be encrypted.

I would say your Cisco ESA will not encrypt the message without a clear command to do so. The only question remaining is what is causing the action to encrypt to be triggered. I believe you know, but action can be triggered in a message filter, in a content filter and in a DLP policy. There is another option, using the Plug-in for encryptign the message locally but since you did not mention this, I am guessing this is out f the list. I would recommend reviewing the configuration and the message tracking data. That way you can determine what is causing the messages to be encryted.

If you need further assistance from the forum, please share more data.

I hope this helps.

-Valter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents