Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
18-8
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 18 Cisco Email Encryption
Determining Which Messages to Encrypt
Step 5
Click Commit Changes.
Updating to the Latest Version of the PXE Engine
The Cisco Email Encryption Settings page displays the current versions of the PXE engine and the
Domain Mappings file used by your appliance. You can use the Security Services > Service Updates
page (or the
Domain Mappings file used by your appliance. You can use the Security Services > Service Updates
page (or the
updateconfig
command in the CLI) to configure the Email Security appliance to
automatically update the PXE engine. For more information, see
You can also manually update the engine using the Update Now button of the PXE Engine Updates
section of IronPort Email Encryption Settings page (or the
section of IronPort Email Encryption Settings page (or the
encryptionupdate
command in the CLI).
Determining Which Messages to Encrypt
After you create an encryption profile, you need to create an outgoing content filter that determines
which email messages should be encrypted. The content filter scans outgoing email and determines if
the message matches the conditions specified. Once the content filter determines a message matches the
condition, the Cisco Email Security appliance encrypts the message and sends the generated key to the
key server. It uses settings specified in the encryption profile to determine the key server to use and other
encryption settings.
which email messages should be encrypted. The content filter scans outgoing email and determines if
the message matches the conditions specified. Once the content filter determines a message matches the
condition, the Cisco Email Security appliance encrypts the message and sends the generated key to the
key server. It uses settings specified in the encryption profile to determine the key server to use and other
encryption settings.
You can also encrypt messages after they are released after Data Loss Prevention scanning. For more
information, see
information, see
Using a TLS Connection as an Alternative to Encryption
Based on the destination controls specified for a domain, your Email Security appliance can securely
relay a message over a TLS connection instead of encrypting it, if a TLS connection is available. The
appliance decides whether to encrypt the message or send it over a TLS connection based on the TLS
setting in the destination controls (Required, Preferred, or None) and the action defined in the encryption
content filter.
relay a message over a TLS connection instead of encrypting it, if a TLS connection is available. The
appliance decides whether to encrypt the message or send it over a TLS connection based on the TLS
setting in the destination controls (Required, Preferred, or None) and the action defined in the encryption
content filter.
When creating the content filter, you can specify whether to always encrypt a message or to attempt to
send it over a TLS connection first, and if a TLS connection is unavailable, to encrypt the message.
send it over a TLS connection first, and if a TLS connection is unavailable, to encrypt the message.
shows you how an Email Security appliance will send a message based on the TLS settings
for a domain’s destination controls, if the encryption control filter attempts to send the message over a
TLS connection first.
TLS connection first.
Table 18-2
TLS Support on ESA Appliances
Destination Controls TLS Setting
Action if TLS Connection
Available
Available
Action if TLS Connection
Unavailable
Unavailable
None
Encrypt envelope and send
Encrypt envelope and send
TLS Preferred
Send over TLS
Encrypt envelope and send
TLS Required
Send over TLS
Retry/bounce message