Third-party application message encryption

Email Encryption | TRITON AP-EMAIL | Updated: 02-May-2016


Applies To:	TRITON AP-EMAIL v8.2

TRITON AP-EMAIL supports the use of third-party software for message encryption. Enable this encryption method by selecting the Third-party application option in the Encryption method drop-down list (Settings > Inbound/Outbound > Encryption).

The third-party application must support the use of x-headers for communication with the Email module.

TRITON AP-EMAIL can be configured to add an x-header to a message that triggers an encryption policy. Other x-headers can indicate encryption success or failure. These x-headers facilitate communication between the email protection system and the third-party encryption software. You must ensure that the x-header settings made in the Email module Encryption page match the corresponding settings in the third-party software configuration. See TRITON AP-EMAIL Administrator Help for information about configuring the Email module for a third-party encryption application.

You also need to configure an outbound email DLP policy in the Data module. See Data Security Manager Help for details about configuring an email DLP policy with an encryption action plan. See Creating an email DLP policy for encryption for a sample email DLP policy configuration.

Preparations for using third-party application encryption also involve the following tasks:

Setting the encryption gateway IP address

Setting the encryption gateway options

Setting the encryption gateway IP address

Perform the following steps in the TRITON Manager Email module to configure the encryption gateway IP address:

In the Settings > Inbound/Outbound > IP Groups page, click Encryption Gateway in the IP Address Group List.

In the IP Address Group box, enter the IP address of your encryption gateway machine in the IP address field.

Click the arrow button to add the address to the Added IP Addresses list.

Click OK.

Setting the encryption gateway options

Perform the following steps in the Email module to configure the encryption gateway options:

In the Settings > Inbound/Outbound > Encryption page, select Third-party application from the Encryption method drop-down list.

In the Add Encryption Server area, enter the IP address (or hostname) and port of your encryption gateway server.

Mark the Enable MX lookup check box to enable the MX lookup function.

Important

If you entered an IP address in the previous step, the MX lookup option is not available.

If you entered a hostname in the previous step, this option is available.

Mark the Enable MX lookup check box for encrypted message routing based on the hostname MX record.

If you do not mark this check box, encrypted message routing is based on the hostname A record.

Click the arrow button to add this information to the Encryption Server List.

Ensure that Encryption Gateway is displayed in the Encrypted IP address group drop-down list. This selection helps to prevent the creation of an email routing loop.

If you want users to present credentials to view encrypted mail, mark the Require authentication check box and supply the desired user name and password in the appropriate fields. Authentication must be supported and configured on your encryption server to use this function.

In the Encryption X-header field, enter the header name and value that you created in your third-party application using the following format:

header name:value

In the Encryption success X-header field, enter the header name and value that you created in your third-party application for the encryption success header using the format shown in the previous step.

In the Encryption failure X-header field, enter the header name and value that you created in your third-party application for the encryption failure header using the format shown in step 7.

10.

Click OK.