How to configure Ironport to Use an external Encrpytion server

REJR77 · ‎04-01-2015

Hi,

We would like to use an external encryption server to encrypt our emails.

The Ironport would still be the MX for our domain, and the encryption server would be in the same DMZ as the Ironport.

Here is the setup we would like to implement:

Incoming emails:

- Ironport check the connexion (senderbase)

- If encrypted (how to detect the mail as encrypted) the mail is not scan AV / SPAM

- the is it goes to the decryption server

- then back to Ironport to scan AV/spam

- then goes to exchange

- If not encrypted the email is scanned AV/Spam

- then goes to Exchange for delivery

Outgoing emails:

- Exchange to Ironport

- Scan AV/Spam

- If needs to be encrypted (with header detected)

- then goes to encryption server

- then back to ironport (no scan AV/Spam ) and delivery to Internet

-If does not need to be encrypted

- then send to Internet

Is it possible to configure the Ironport to get this behaviour? and how? I still facing problems with the different flows....

Any idea would be very helpfull

Regards

RD

proxyadmins · ‎04-02-2015

For incomig mails you can create a message filter like the following one:

route_pgp_smime_encrypted_data:
if (recv-listener == "your listener") AND (encrypted) AND (remote-ip != "IP of your encryption gw")
{
alt-mailhost ("IP of your encryption gw");
}

Greets

Jörg

REJR77 · ‎04-08-2015

For incoming mails I think it works fine, but for outgoing I think I'm going to scan mails that are encrypted....

regards