Solved: Thank you Sir, this was

iccuCisco · ‎03-13-2014

I would like to setup our IronPort to encrypt a message is the user places a keyword in the subject line IE "secure" as an example.

Thank you

Stephen

Robert Sherwin · ‎03-13-2014

. Steps on how to enable IronPort Email Encryption on IronPort Appliance:

From GUI,

Under Security Services, Select IronPort Email Encryption, Enable IronPort Email Encryption by clicking on Edit Settings button.
Create a new Encryption Profile by clicking on Add Encryption Profile button.
For Key Service Type: Choose Cisco Registered Envelope Service or IronPort Encryption Appliance (if IronPort Encryption Appliance is purchased)
Click on Submit and Commit Changes.
After the IronPort Encryption Profile has been created, you will be given the option to Provision it to the CRES server. You should see a Provision button next to the new profile. Click on the Provision button.

II. Creating an outgoing content filter to implement the Encryption Profile:

From GUI,

Under Mail Policies, Select Outgoing Content Filters, Click on Add Filter button. Add a new filter with condition as subject == "Secure:" and Action as Encrypt and Deliver. Click on Submit button.
Under Mail Policies, Select Outgoing Mail Policies, and enable this new filter in the default mail policy or appropriate mail policies.
Commit changes.

*You can make the trigger ANYTHING you wish... I would recommend using the regular expression option for case sensitvity (?i)... so it would be similar

Subject Header: Contains: (?i)\[SEND SECURE\] -OR- (?i)\[encrypt\] -OR- (?i)\[keyword of choice\]

III. How to test if Encryption is working

To test, generate a new mail with Secure: in the subject and send the email to a web account (i.e. Hotmail, Yahoo, Gmail) and see if it gets encrypted.
Check the mail logs as described below to ensure that the message is getting encrypted via the Outgoing Content Filter.

IV. Validating Encryption filter processing in the mail_logs

The following mail_log entries show that the messages matched the encryption filter called Encrypt_Message.

Wed Oct 22 17:06:46 2008 Info: MID 116 was generated based on MID 115 by encrypt filter 'Encrypt_Message'
Wed Oct 22 17:07:22 2008 Info: MID 118 was generated based on MID 117 by encrypt filter 'Encrypt_Message'
Wed Oct 22 17:31:21 2008 Info: MID 120 was generated based on MID 119 by encrypt filter 'Encrypt_Message'

I hope this helps!

-Robert

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Cheers,
Robert Sherwin

View solution in original post

Robert Sherwin · ‎03-13-2014

. Steps on how to enable IronPort Email Encryption on IronPort Appliance:

From GUI,

Under Security Services, Select IronPort Email Encryption, Enable IronPort Email Encryption by clicking on Edit Settings button.
Create a new Encryption Profile by clicking on Add Encryption Profile button.
For Key Service Type: Choose Cisco Registered Envelope Service or IronPort Encryption Appliance (if IronPort Encryption Appliance is purchased)
Click on Submit and Commit Changes.
After the IronPort Encryption Profile has been created, you will be given the option to Provision it to the CRES server. You should see a Provision button next to the new profile. Click on the Provision button.

II. Creating an outgoing content filter to implement the Encryption Profile:

From GUI,

Under Mail Policies, Select Outgoing Content Filters, Click on Add Filter button. Add a new filter with condition as subject == "Secure:" and Action as Encrypt and Deliver. Click on Submit button.
Under Mail Policies, Select Outgoing Mail Policies, and enable this new filter in the default mail policy or appropriate mail policies.
Commit changes.

*You can make the trigger ANYTHING you wish... I would recommend using the regular expression option for case sensitvity (?i)... so it would be similar

Subject Header: Contains: (?i)\[SEND SECURE\] -OR- (?i)\[encrypt\] -OR- (?i)\[keyword of choice\]

III. How to test if Encryption is working

To test, generate a new mail with Secure: in the subject and send the email to a web account (i.e. Hotmail, Yahoo, Gmail) and see if it gets encrypted.
Check the mail logs as described below to ensure that the message is getting encrypted via the Outgoing Content Filter.

IV. Validating Encryption filter processing in the mail_logs

The following mail_log entries show that the messages matched the encryption filter called Encrypt_Message.

Wed Oct 22 17:06:46 2008 Info: MID 116 was generated based on MID 115 by encrypt filter 'Encrypt_Message'
Wed Oct 22 17:07:22 2008 Info: MID 118 was generated based on MID 117 by encrypt filter 'Encrypt_Message'
Wed Oct 22 17:31:21 2008 Info: MID 120 was generated based on MID 119 by encrypt filter 'Encrypt_Message'

I hope this helps!

-Robert

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Cheers,
Robert Sherwin

iccuCisco · ‎03-13-2014

Thank you Sir, this was extremely helpful....

dangolds · ‎05-11-2017

Using a keyword in the Subject line to encrypt is recommended because it is easy but might look messy to the recipient. So, to make it look neat, and still cause replies and forwards to get encrypted, you might also consider adding the following logic which leverages the Sensitivity header:

Conditions (if one or more applies):

If Other Header "Sensitivity" contains "(?i)confidential"

If Subject 'begins with' "(?i)\*encrypt\*"

Actions:

Add/Edit Header "Sensitivity" value "confidential"

Edit/Replace Header "Subject" search for "(?i)\*encrypt\*/s?" replace with blank

Encrypt on Delivery

Keyword in Subject Line to Encrypt Message