Cisco Cisco Email Security Appliance C170 Betriebsanweisung

Based on the destination controls specified for a domain, your Cisco IronPort appliance can securely 
relay a message over a TLS connection instead of encrypting it, if a TLS connection is available. The 
appliance decides whether to encrypt the message or send it over a TLS connection based on the TLS 
setting in the destination controls (Required, Preferred, or None) and the action defined in the encryption 
content filter.

When creating the content filter, you can specify whether to always encrypt a message or to attempt to 
send it over a TLS connection first, and if a TLS connection is unavailable, to encrypt the message. 

 shows you how an Email Security appliance will send a message based on the TLS settings 

for a domain’s destination controls, if the encryption control filter attempts to send the message over a 
TLS connection first.

For more information on enabling TLS on destination controls, see the “Customizing Listeners” chapter 
in the Cisco IronPort AsyncOS for Email Advanced Configuration Guide.

Go to Mail Policies > Outgoing Content Filters.

In the Filters section, click Add Filter.

In the Conditions section, click Add Condition.

Add a condition to filter the messages that you want to encrypt. For example, to encrypt sensitive 
material, you might add a condition that identifies messages containing particular words or phrases, such 
as “Confidential,” in the subject or body.

Click OK.

For more details about building conditions, see 

Optionally, click Add Action and select Add Header to insert an encryption header into the messages 
to specify an additional encryption setting.

For more information about encryption headers, see 

In the Actions section, click Add Action.

Select Encrypt and Deliver Now (Final Action). 

Encrypt envelope and send

Encrypt envelope and send

Send over TLS

Encrypt envelope and send

Send over TLS

Retry/bounce message