Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member



We have just set up CRES on our C370 During testing the first email sent for CRES encryption is sat in a que, have we missed something in the setup.






New Member

What does the output of the

What does the output of the following command show:

ESA> hoststatus the.encryption.queue


Also grep the mail logs for PXE to see what is happening:

ESA> grep PXE mail_logs


The encryption logs may also prove useful:

ESA> grep "Thu Jun 19" encryption

Cisco Employee

Andrew - You did complete

Andrew - 

You did complete similar, correct?

I. Steps on how to enable IronPort Email Encryption on IronPort Appliance:
From GUI:
Under Security Services, Select IronPort Email Encryption, Enable IronPort Email Encryption by clicking on Edit Settings button.
Create a new Encryption Profile by clicking on Add Encryption Profile button.
For Key Service Type: Choose Cisco Registered Envelope Service or IronPort Encryption Appliance (if IronPort Encryption Appliance is purchased)
Click on Submit and Commit Changes.
After the IronPort Encryption Profile has been created, you will be given the option to Provision it to the CRES server. You should see a Provision button next to the new profile. Click on the Provision button.

II. Creating an outgoing content filter to implement the Encryption Profile:
From GUI:
Under Mail Policies, Select Outgoing Content Filters, Click on Add Filter button. Add a new filter with condition as subject == "Secure:" and Action as Encrypt and Deliver. Click on Submit button.
Under Mail Policies, Select Outgoing Mail Policies, and enable this new filter in the default mail policy or appropriate mail policies.
Commit changes.

III.  How to test if Encryption is working
To test, generate a new mail with Secure: in the subject and send the email to a web account (i.e. Hotmail, Yahoo, Gmail) and see if it gets encrypted.
Check the mail logs as described below to ensure that the message is getting encrypted via the Outgoing Content Filter.

IV.  Validating Encryption filter processing in the mail_logs
The following mail_log entries show that the messages matched the encryption filter called Encrypt_Message.

Wed Oct 22 17:06:46 2008 Info: MID 116 was generated based on MID 115 by encrypt filter 'Encrypt_Message'
Wed Oct 22 17:07:22 2008 Info: MID 118 was generated based on MID 117 by encrypt filter 'Encrypt_Message'
Wed Oct 22 17:31:21 2008 Info: MID 120 was generated based on MID 119 by encrypt filter 'Encrypt_Message'

I hope this helps!



(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)