Hi Philip,

Philip Hart · ‎08-24-2016

Excuse my immaturity with the Email Security via Ironport C170. My task is to have all outgoing mail to seek TLS verification with destination... if found then great, message sent. IF NOT verified then Ironport sends as encrypted.

My logic is this - please assist:

Current TLS setting is Preferred - I would need to Edit Destination Controls and change TLS Support from “Preferred” to “Preferred – Verified”

After changing the Destination Controls, I would need add a filter to the Outgoing Content Filer that specifies “use message encryption if TLS verification fails", Is that correct?

Is so, can you share an example of the content filer language I would need?

- lastly, would I need to change anything elsewhere?

Thank you!

Libin Varghese · ‎08-25-2016

Hi Philip,

TLS can be configured for outbound emails from Mail Policies -> Destination Controls

Below is an article for your reference:
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118844-technote-esa-00.html

Section: Activate Outbound TLS

For the second part, you would need to add a content filter using the Action: Encrypt on Delivery/ Encrypt and Deliver Now (Final Action) -> Encryption Rule: Only use message encryption if TLS fails.

Encrypt message on delivery means that the message continues to the next stage of processing, and when all processing is complete, the message is encrypted and delivered.

We would recommend adding suitable conditions for this filter if you would like to implement this only for certain users.

Regards

Libin

If / Then for TLS