You should be able to determine where the encryption is being done by checking the message or content filters that mark out the emails for encryption (based on subject or whatever you use). If they have an action Encrypt or Encrypt on Delivery then it is trying to encrypt on the ESA. If that were the case then there would be an encryption profile defined in the GUI (security services > ironport encryption) and in that profile it would show you the notification text in a preview window and you could change that by creating a new text resource (mail policies > text resources). This would appear not to be the case however as there is no encryption license on the ESA. So the other option is that the IEA is doing the encryption and the IEA has been customised so that the PostXMessage.html is not in the default location. If you are able to log into the IEA admin GUI then go to the configuration tab and navigate to SMTP adaptor > router rulesets > encrypt > applications > registered envelope. In there go to the message personalisation tab. Look for a field called Outgoing HTML Body File. By default it says PostXMessage.html. If the filename is different look for that file in /usr/local/postx/server/conf on the IEA (using admin CLI). If there is a directory before that filename e.g. it says branding/PostXMessage.html then that directory is rooted in /usr/local/posts/server/conf. If it starts with a / then you have to navigate from root. If you are familiary with Linux directories that will help. If you still have no joy Jeff ping me dave @ two-square.co.uk as I am very familiar with this whole area.
... View more