Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Under S/MIME Decryption/Verification, do the following:

Enable S/MIME decryption and verification.

Choose whether to retain or remove the digital signature from the messages after S/MIME 
verification. If you do not want your end users to know about S/MIME gateway verification, select 
Remove.

For triple wrapped messages, only the inner signature is retained or removed.

Submit and commit your changes.

If S/MIME Decryption and Verification is enabled in the Mail Flow Policies, all the S/MIME messages 
are delivered irrespective of the status of the decryption and verification. If you want to configure an 
action for handling S/MIME Decrypted or Verified Messages, you can use the message filter 
rules—

smime-gateway-verified 

and 

smime-gateway

. For more information, see 

After Email Security appliance performs S/MIME decryption, verification, or both, you may want to 
take different actions depending on the results. You can use the message filter 
rules—

smime-gateway-verified 

and 

smime-gateway

 to perform actions on the messages based on the 

result of decryption, verification, or both. For more information, see 

You can also use the content filter conditions—S/MIME Gateway Message and S/MIME Gateway 
Verified to perform actions on the messages based on the result of decryption, verification, or both. For 
more information, see 

The following message filter checks if the message is an S/MIME message and quarantines it if the 
verification or decryption using S/MIME fails.

quarantine_smime_messages:if (smime-gateway-message and not smime-gateway-verified) { 

quarantine("Policy"); }