Knowledge Base Home

Call Support


Search the Knowledge Base

Skip to end of metadata
Go to start of metadata

Environment

Netmail Secure 5.x

Synopsis

I installed SecureSend (also known as Netmail Encrypt), and I now need to get the policies set up on Netmail Secure so that emails get encrypted/decrypted.

Solution

Note: You will need to be scanning both incoming and outgoing mail with Netmail Secure for this to work properly.

Mail Route Policy

You will need to create a mail route policy so that the content filters (see below for instructions on how to create these) know the location to which they need to send messages that match the filter.

1. Go to Netmail Platform > Secure > Policies > Mail Route.

2. Click Create Mail Route Policy.

3. Give the policy a meaningful and easily identifiable name.

4. Only the Delivery section of the policy needs to be used. Click Add route under the Delivery section.

5. Leave the Type as SMTP. The IP address should be the IP address of your SecureSend (Netmail Encrypt) server. This is all that needs to be modified here.

6. Click OK.

7. Click Save Changes.

When you are done, you should have something similar to this on your screen:

 

Note: If you have have multiple SecureSend (Netmail Encrypt) servers, you can add multiple routes under Delivery which will allow use of all the servers.

Inbound Content Filter Policy

This policy allows for messages sent from another domain that have been encrypted by SecureSend (Netmail Encrypt) to be decrypted by SecureSend (Netmail Encrypt).

1. Go to Netmail Platform > Secure > Policies > Content Filter.

2. Click Create Content Filter.

3. Name the new policy.

4. Click Create.

5. On the Actions tab, complete the following:

  • Select Relay through secure route.
  • In the dropdown, select the Mail Route policy you created previously.

Your screen should look something like this:

6. Click Save Changes.

7. On the Criteria tab, modify the Filter Values section:

  • Filter Type: Header Keywords
  • Filter Value: Custom
    • In the first field, enter content-type 
    • In the second field, enter *pkcs7*

Your screen should look like this:

8. Click Save Changes.

Outbound Policy

This policy allows for messages from your domain with [secure] in the subject to be sent to the SecureSend (Netmail Encrypt) server.

1. Go to Netmail Platform > Secure > Policies > Content Filter.

2. Click Create Content Filter Policy.

3. Name the the policy.

4. Click Create.

5. On Actions tab, complete the following:

  • Select Relay through secure route.
  • In the dropdown, select the Mail Route you created in first section.

Your screen should look something like this:

6. Click Save Changes.

7. On the Criteria tab, complete the following in the Filter Values section:

  • Filter type: Header Keywords
  • Filter Value: Subject
    • In the text box, enter ("[")(secure)("]")
      *This must be typed exactly as you see it here.

Your screen should look like this:


8. Click Save Changes.

Tip: You can add extra filter values here if you want more than just messages with [secure] in the subject to be sent to the SecureSend (Netmail Encrypt) server. An example of this would be if you want all mail sent to certain domains sent through the encryption server.

Here is an example of what that would look like:

You could also add other subject keywords to send through SecureSend, but only [secure] will be replaced by [Netmail SecureSend]: on outbound messages.

Example:
If you added the subject keyword [secure_this] and sent an email with [secure_this] in the subject line, then would be a test message.
The recipient would see the subject [Netmail SecureSend]: [secure_this] this is a test message

If you were to send the same message with [secure] in the subject line, this would be a test message.
The recipient would see the subject [Netmail SecureSend]: this is a test message 

Assign Content Filter Policies to the Domain

The policies you have created will not be used until they are assigned to a domain.

1. Go to Netmail Platform > Secure > Domains. From here, you can assign default policies to all domains in the system. Alternatively, you can select a particular domain to which you want to assign the policies, and the policies apply only to that domain.

2. Click Assign Policy.

3. In the popup window, complete the following:

  • Type: Content filter
  • Direction: Inbound
  • Policy: Select the inbound content filter policy you created earlier

Your window should look something like this:

4. Click Assign.

5. Click Assign Policy again.

6. In the popup window, complete the following:

  • Type: Content Filter
  • Direction: Outgoing
  • Policy: Select the outbound policy you created earlier

Your window should look something like this:

 

7. Click Assign.

8. Click Save Changes.

When you are done, your Policies in Effect section should look similar to this:

 

Testing

Testing of the inbound content filter is not possible unless you know another domain running SecureSend (Netmail Encrypt) to which you can send you an encrypted message.

To test outbound encryption, you just need to send a message with [secure] in the subject to an external domain.

Example subject: [secure] This is an encrypted message test
The recipient should receive a message with a subject like this: [Netmail SecureSend]: This is an encrypted message test

If the recipient does not have SecureSend (Netmail Encrypt), the body of the message will resemble the following:

"Jon Slater" <js@ecryptedexample.com> has sent you a secure email message.

Please click on the following link to retrieve your message:

https://securesend.encryptedexample.com/login/8ba62029

Important: The "Header Keyword" value is not case sensitive and can be typed in the subject line in any way. For example, the following variations of the header keyword [secure] are all acceptable:

  • [secure] (all lowercase)
  • [SECURE] (all uppercase)
  • [Secure] (only first letter capitalized)
  • [secure]nextword (no space after the ending bracket)
  • Sample [secure] message subject (anywhere in the subject line)
  • [SeCuRe] (camel case)

 

If the SecureSend (Netmail Encrypt) server uses Netmail Secure to send mail, you will want to add the IP address of the SecureSend server to the List policy in use. Otherwise, you could create a mail loop.

Notes


Help us improve!
Is this article helpful?
Is it well written?
Is the content complete?