Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1721
Views
5
Helpful
1
Replies

"Mandatory TLS" header tag in Cisco ESA

Go to solution
Stephen Hogan
Level 1
Level 1

‎04-20-2021 08:25 AM

I have enforced TLS on select domains on my ESA. I'd like to add a custom header tag on that says something like "Enforced TLS" to make it easier to see if an email came or went via enforced TLS vs. opportunistic. Is there a way to do it, preferably via the GUI?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
marc.luescherFRE
Spotlight
Spotlight

‎04-20-2021 11:32 AM

Hi Stephen,

 

for a business unit we did the opposite, warning them when an email was not secured by TLS and added a header.

 

Something like this might work:

GUI_Add_TLS_Status_ESMTP: if (rcpt-to == "marc.luescher@testdomain.com") AND (header("Received") != "ESMTP") { add-heading("External_Warning_noTLSESMTP"); }

 

While testing you will see that other keywords are being used instead of ESMTP for TLS. Since you want it in the GUI you might need to created a dictionary with all discovered keywords and then just check against that.

 

I hope that helps

 

 

-Marc

View solution in original post

0 Helpful
1 Reply 1

Go to solution
marc.luescherFRE
Spotlight
Spotlight

‎04-20-2021 11:32 AM

Hi Stephen,

 

for a business unit we did the opposite, warning them when an email was not secured by TLS and added a header.

 

Something like this might work:

GUI_Add_TLS_Status_ESMTP: if (rcpt-to == "marc.luescher@testdomain.com") AND (header("Received") != "ESMTP") { add-heading("External_Warning_noTLSESMTP"); }

 

While testing you will see that other keywords are being used instead of ESMTP for TLS. Since you want it in the GUI you might need to created a dictionary with all discovered keywords and then just check against that.

 

I hope that helps

 

 

-Marc

0 Helpful
Customers Also Viewed These Support Documents