Wondered whether someone could explain whether the scenario that I describe below is acheivable and the technologies that I would need to implement along side our Ironport.
A little background. I am new a Technical Author new on a site, they have Ironport installed.. The install guy is long gone and there are no leads internally for me to follow with regards presales type questions around ironport.
My client has a new requirement to recieve encrypted emails, from specifically known senders. There are around 50. At the moment the senders send their emails encrypted, the ironport blocks their progression into our network due spam/malware checks not being run. an admin, on a daily basis, releases these emails so they hit the recipient mailbox, the reciever opens them, they have on a couple of occassions recieved junk type email through this method.
My question is, is it possible to get the ironport to decrypt these messages, run them through it's malware/spam filtering, re-encrypt them and then forward them onto the mailbox. Reading through the documentation on the Cisco Ironport website, it looks like it's achievable...
the IronPort appliances do not support any decryption, and works only as a gateway that processes mailflow. They can access a lot of archive types, however if something is password protected or encrypted, it will deal with those messages according to the rules set, but there is no way to access the actual content.
What you probably have read about is the Encryption Appliance (IEA) which supports en-/decryption of PGP and SMIME.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...