Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
TRITON AP-DATA Email Gateway Help > Handling encrypted messages
Handling encrypted messages
Administrator Help | TRITON AP-DATA Email Gateway | Version 8.3.x
An email content policy configured in the Data module may specify that a message should be encrypted for delivery. If you want to encrypt specific outbound messages, you must create an email DLP policy that includes an encryption action plan in the Data module (Main > Policy Management > DLP Policies).
The following types of message encryption are supported:
*
Mandatory Transport Layer Security (TLS) encryption
*
Third-party encryption application
Use the Settings > Inbound/Outbound > Encryption page to specify the type of encryption you want to use.
Mandatory Transport Layer Security (TLS) encryption
TLS is an Internet protocol that provides security for all email transmissions. The client and server negotiate a secure "handshake" connection for the transmission to occur, provided both the client and the server support the same version of TLS.
In the Email Gateway, if you select only TLS for message encryption and the client and server cannot negotiate a secure TLS connection, the message is sent to a delayed message queue for a later delivery attempt. Select Transport Layer Security (TLS) in the Encryption method drop-down list and the Use TLS only (no backup encryption method; message is queued for later delivery attempt) option to use only TLS for message encryption.
If you select TLS for message encryption, you can designate a third-party application as a backup method, in case the TLS connection fails. Specifying a backup option allows you a second opportunity for message encryption in the event of an unsuccessful TLS connection. If both the TLS and backup connections fail, the message is sent to a delayed message queue for a later connection attempt.
Select the Transport Layer Security (TLS) option in the Encryption method drop-down list to enable TLS encryption. Then mark Use third-party application as backup encryption method to use that backup method.
Third-party encryption application
The email protection system supports the use of third-party software for email encryption. The third-party application used must support the use of x-headers for communication with the email system.
You can also specify third-party application encryption as a backup encryption method if mandatory TLS encryption is selected. See Mandatory Transport Layer Security (TLS) encryption for details.
The email protection system can be configured to add an x-header to a message that triggers a DLP encryption policy. Other x-headers indicate encryption success or failure. These x-headers facilitate communication between the email system and the encryption software. You must ensure that the x-header settings made in the Encryption page match the corresponding settings in the third-party software configuration.
X-header settings are entered on the Settings > Inbound/Outbound > Encryption page. Select Third-party application in the Encryption method drop-down list to configure the use of external encryption software. Use the following steps to configure third-party application encryption:
1.
Add encryption servers (up to 32) to the Encryption Server List:
a.
Enter each server's IP address or hostname and port number.
b.
If you want to use the MX lookup feature, mark the Enable MX lookup check box.
c.
Click the arrow to the right of the Add Encryption Server box to add the server to the Encryption Server List.
If you want to delete a server from the list, select it and click Remove.
2.
In the Encrypted IP address group drop-down list, specify an IP address group if encrypted email is configured to route back to the email software. Default is Encryption Gateway.
3.
If you want users to present credentials to view encrypted mail, mark the Require authentication check box and supply the desired user name and password in the appropriate fields. Authentication must be supported and configured on your encryption server to use this function.
4.
In the Encryption X-Header field, specify an x-header to be added to a message that should be encrypted. This x-header value must also be set and enabled on your encryption server.
5.
In the Encryption Success X-Header field, specify an x-header to be added to a message that has been successfully encrypted. This x-header value must also be set and enabled on your encryption server.
6.
In the Encryption Failure X-Header field, specify an x-header to be added to a message for which encryption has failed. This x-header value must also be set and enabled on your encryption server.
7.
Select any desired encryption failure options:
*
Mark the Send notification to original sender check box if you want to enable that option.
In the Notification Details section, enter the notification message subject and content in the appropriate fields. Mark the Attach original message check box if you want the original message included as an attachment to the notification message.
*
Select Deliver message (default) if you want the message that failed the encryption operation delivered.
*
Select Drop message if you do not want the message that failed the encryption operation delivered.
 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
TRITON AP-DATA Email Gateway Help > Handling encrypted messages
Copyright 2016 Forcepoint LLC. All rights reserved.