Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CRES encrypted mails even without the 'key' word

Hi

We have CRES enabled, and it does send out encrypted mails when we type in our "key" word in the subject or body.

The issue is at times, when the selected user sends non-encrypted mails, the subject and the body of the email does not contain

any of the "key" words, it even then encrypts the mail and sends it accross.

We have observed this for a couple of users, so we removed these users from the Allowed list of users, who can encrypt their email,

and re-inserted these users to encrypt, the mail, it works fine for them now.

But now again another set of users are complaining of the mails being sent out as encrypted, thought they are not having any

"key" words that are needed to send out the mail as encrypted.

Any one faced this kind of issue or any work around for this, kindly advise.

Regards,

Tauseef

3 REPLIES
New Member

CRES encrypted mails even without the 'key' word

Do you use content filters and does your key word by any chance include square backets? Like [send secure]?

If so you need to remember that the key word field is a regex field so something like [send secure] will encrypt every email that contains an S, E, N, D, C, U or R, which is quite a lot.  You have to escape the [ ] characters in the regex field.

Hope this helps, Dave

New Member

CRES encrypted mails even without the 'key' word

Hi David,

I agree with your observation, but this is not it.

As I mentioned, its happening only for specific users, not all users.

For instance if I send out a normal mail to a user@user.com , it goes out as a normal mail.

But when the spcific user who has an issue, sends it out to the same normal mail to  user@user.com, it goes out as encrypted !!

CRES encrypted mails even without the 'key' word

Hi Tauseef,

I would recommend you to use the Message Tracking so you can understand the message flow. The message is probably triggering the Encryption action.

You could also use the Trace feature at:

System Administration -> Trace

So you can simulate a message and how the Cisco ESA will handle the message.

If you are not confortable sharing the config (policies/filters) and the tracking in the forum, I would suggest you to open a TAC ticket so an Engineer can assist you identifying what is causing the message to be encrypted.

I would say your Cisco ESA will not encrypt the message without a clear command to do so. The only question remaining is what is causing the action to encrypt to be triggered. I believe you know, but action can be triggered in a message filter, in a content filter and in a DLP policy. There is another option, using the Plug-in for encryptign the message locally but since you did not mention this, I am guessing this is out f the list. I would recommend reviewing the configuration and the message tracking data. That way you can determine what is causing the messages to be encryted.

If you need further assistance from the forum, please share more data.

I hope this helps.

-Valter

431
Views
0
Helpful
3
Replies
CreatePlease login to create content