File Share Encryption

There is a group in Symantec Encryption management Server. Say, "ABC"
The group has some members.

Please advise:-

1. How to configure the policy in such a way that when the users within the group ABC send emails to each other, the emails should be encrypted automatically?
2. Can we not have the encrypt button in outlook and still get all the emails encrypted between the users of this group?
3. How can we disable the notification box that appears saying the mail was sent secured ot not?

 

Hi Mehmood,

1. Ensure the Mail Policy for Outbound chain is correctly configured. By default the first rule is "No Encryption for Regular Internal Users", the action is "Send clear".
- Disable that rule (Toggle Status For Selected).
- Add a new rule, name it and move it to the top (#1).
- Insert the same or similar Conditions (you can create new dictionaries, if required) and for action select "Send (encrypted/signed).

See HOW TO: Create Policy Chains to Set Mail Policy in PGP Universal Server 3.x - HOWTO59417
Attention: incorrect Mail Policies can disrupt your mail flow!!

2. Yes, Consumers > Consumer Policy > select the policy > Desktop (button) > Messaging and Keys (tab) > uncheck the "Enable encrypt and sign buttons in Outlook MAPI for Windows.
The behaviour of these buttons is controlled by Mail Policy and they will only work if defined there.
HOW TO: Configure User Mail Policy for Encrypt and Sign Buttons - HOWTO42124

3. See HOW TO: Change PGP Notifier Settings via PGP Universal Server Policy - HOWTO42028


Rgs,
dcats

Thank you Dcats.

Done 1 & 2. .   will do 3 later.

I have created a new dictionary with the user emails of the group ABC, and its working fine as i wanted.

 

Scenario: If i need to configure same requirement for a different group, say "XYZ". how do i do that?

When users of the group ABC send emails among themselves the emails should be encryped automatically, and unencrypted to eveyone including members of XYZ .

Similiary, when users of the group XYZ send emails among themselves the emails should be encryped automatically, and unencrypted to eveyone including members of ABC.

 

 

You 1st answer is certainly solution to my question. Would we be able to continue conversation on this thread if I mark it as solution now. :)

Hi Mehmood,

I think we would, but the thread will be locked after some time (not sure how long), but there's no problem with that. You can mark it after. ;-)

Regarding this last question I dont know if it would work because the server will find keys to all the users and, I'm not sure if the defined action will take into consideration the conditions defined. I mean, if once the conditions are matched if the action is applied to the message as a whole or on a by recipient basis.


I can roughly think of this:
Start the attempt of selective encryption with the Outbound chain and if it doesn't work, attempt to implement the selective decryption with the Inbound chain. You may even need to create new Policy Chains.

Attention you may inadvertently create a mail loop!

When creating the new rules (which must be in the top of the chain):
In the conditions impose the mix of recipient ABC/sender XYZ. In the Actions define send clear and force a way to continue processing (add a message header that can be used later or a log entry).

Create a new rule for the mix recipient XYZ/sender ABC and also send in clear and force a way to continue processing.

Then, have the rule for the recipient/sender in the same group (within the group ABC to ABC or XYZ to XYZ) to send encrypted for the same group.

I'm not sure if the above rule would finish processing or there is the need to add another to, if found that message header, deliver the message and finish processing.


I will attempt to verify this, but even if it will work it is not a scalable configuration.


Rgs,
dcats

Hello Dcats, How about if I create 4 rules in the outbound chain? Please check the file attached, I have inserted snaps of policy chain.

Regards

Hi Mehmood,

That's what I started testing, but the mail server in my test environment decided to not cooperate...
When starting, I noticed that the send action implies the "Finishes processing", thus you cannot configure continue processing as I was thinking initially.

I would try what you configured, my doubt is if it applies the rule only to the addresses matching in the conditions or to the full message.

You can quickly check the behavior with some emails sent from and to:

• ABC -> ABC
• XYZ -> XYZ
• ABC -> ABC & XYZ
• XYZ -> ABC & XYZ

I think it will stop processing the message as soon as one rule can be applied.


Rgs,
dcats

Hello Dcats, I guess that if an email is sent from ABC to ABC & XYZ, then the recipients in the dictionary ABC will receive the email encrypted and recipients in the dictionary XYX will receive it unencrypted.

Hi Mehmood,

That's what I'm not sure. I'm afraid it may execute the configured action for the first rule it matches.
Only testing could give an answer.

I see two possible unfavorable outcomes for what you need to achieve.
If the document you sent would represent the order of the rules, it may:
- match the first rule (send encrypted) to every recipient or;
- not match any of these rules because there is no condition which includes both groups (ABC and XYZ) as recipients.

Rgs,
dcats