Solved: Bypass Cisco email encryption and DLP for specific domains

WhereIsMyCIDR · ‎05-21-2018

Hi. We've implemented DLP & Cisco Email encryption for any content that our business requires encrypted, however we've recently implemented Required TLS betwee one of our business partners and would like to bypass DLP & Email encryption to ONLY those specific domains.

Is this possible to do on the ESA/IronPort and how can we go about implementing this if it is?

Thanks

dmccabej · ‎05-21-2018

If you're getting into content filters now as well, then what Ken mentioned would definitely be the way to go. You should setup a new mail policy specific to those receiving domains, and then just disable any filters/DLP policies for that mail policy only so they would not be applied. Also, for any TLS required connections, if TLS fails then there would be a rejection and an NDR should be returned to the sender.

Thanks!

-Dennis M.

View solution in original post

Ken Stieers · ‎05-21-2018

When you say email encryption, do you mean PXE/CRES? Are you using a content filter to pick which messages to encrypt?

Assuming the answer's are yes, go to Ougoing Mail policies and create a new policy. Use the recipient domain as the recipient filter, and then you can turn off DLP and the content filter.

dmccabej · ‎05-21-2018

Hello,

There are multiple ways to do this, but the easiest would probably be by just adding the recipient domain(s) to the exclusion list within the DLP policy. You'll want to make sure you select 'Is Not' from the drop-down menu so that the policy only applies if the recipient is not within that list. This should bypass any DLP policies you wish to exclude for these specific recipients.

Another being what Ken has mentioned above by just creating a new mail policy for these recipients, and just not selecting the particular content filters or DLP policies.

Thanks!

-Dennis M.

WhereIsMyCIDR · ‎05-21-2018

Thanks Dennis & Ken . That was very helpful.

Our users are also using keywords to send out encrypted emails. Is there a way to bypass that encryption regardless if the users inputs the keyword to those specific domains?

Also in the event that TLS fails is there a away to prevent the message from being sent to remote party and send an alert to the administrator ?

Ken Stieers · ‎05-21-2018

I think that's default behavior for "TLS required"

dmccabej · ‎05-21-2018

If you're getting into content filters now as well, then what Ken mentioned would definitely be the way to go. You should setup a new mail policy specific to those receiving domains, and then just disable any filters/DLP policies for that mail policy only so they would not be applied. Also, for any TLS required connections, if TLS fails then there would be a rejection and an NDR should be returned to the sender.

Thanks!

-Dennis M.

WhereIsMyCIDR · ‎05-21-2018

Thank you Ken & Dennis for your help.

WhereIsMyCIDR · ‎05-23-2018

Hey guys. Is there a way to alert and end user if the message they sent failed due to TLS not working?

We need to let our users know in situations where they send urgent emails but are not aware of TLS not working.