Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
2
Replies

Network Listener Disclaimer Breaks SMime emails

Greg Hopp
Level 1
Level 1

‎10-21-2015 10:29 AM

C170 ESA Ironport:

So I created a disclaimer on our inbound network listener that brands every email coming thru that listener with a warning that it comes from outside the org.

However, that now breaks smime encrypted email that I get from my IPS/IDS monitoring service.  Any suggestions on how I can remedy this situation?  The supposition is that my ESA breaks the email by either putting the disclaimer on it or trying to.  The email I end up getting just contains the text version of the disclaimer, and the error message I get when clicking the smime.p7m file is "This file cannot be previewed because there is no previewer installed for it".

 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Mathew Huynh
Cisco Employee
Cisco Employee

‎10-21-2015 06:25 PM

Hey Greg,

 

From what I have found on this topic of modifying an s/mime signed email:

Generally speaking, emails using S/MIME should not be modified by filters, for example by adding a disclaimer.  Doing so will at the very least break the signing.  S/MIME signing is based on the original content and structure of the email, so if a signed email is modified, the signing is no longer valid.

 

Furthermore, emails that are encrypted with S/MIME or use 'opaque' S/MIME signing (i.e. p7m files) may not be automatically recognized by S/MIME software on the receiving end if they are modified.  In the case of a p7m S/MIME email, the contents of the email, including attachments, are contained within the .p7m file.  If the structure is re-organized when we add the disclaimer stamping, this .p7m file may no longer be in a place where the MUA software that handles the S/MIME can properly understand it.

 

To summarize, S/MIME emails should not have disclaimers stamped on them for several reasons:

 

  • It breaks the signing
  • It can break the email entirely if using .p7m S/MIME signing or S/MIME encryption

It's important to be clear that these are intrinsic limitations of the technology, not just the ESA.  All signing technology will have problems if it is modified after signing, and S/MIME is no exception.

 

Regards,

Matthew

 

 

0 Helpful

Greg Hopp
Level 1
Level 1
In response to Mathew Huynh

‎10-23-2015 11:51 AM

Thanks Matthew, you have confirmed my suspicion.  Do you have any recommendation on how I can receive this email unmolested by the disclaimer stamp?  We like being able to tell at a glance that the email came from outside the org but I need to receive these encrypted emails too.


Greg

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents