Desktop Email Encryption

 View Only
  • 1.  Howto Gmail, Outlook 2013 x32, Pgp desktop encryption 10.3.2

    Posted Aug 10, 2014 07:14 PM

    Hi.

    Cant make it work. please write step by step for gmail and outlook 2013 with pgp desktop encryption 10.3.2

    plus settings for outlook.com accaunt.

    thanks.



  • 2.  RE: Howto Gmail, Outlook 2013 x32, Pgp desktop encryption 10.3.2

    Broadcom Employee
    Posted Aug 12, 2014 08:50 AM

    Hi, SergeyGymilev

    Have a look into this thread:

    https://www-secure.symantec.com/connect/blogs/using-pgp-desktop-apple-mail-and-gmail

    and this KB to see if can be of any help:

    HOW TO: Use Gmail with PGP Desktop 10 for Windows
    http://www.symantec.com/docs/HOWTO42108

    HTH



  • 3.  RE: Howto Gmail, Outlook 2013 x32, Pgp desktop encryption 10.3.2

    Posted Nov 27, 2014 07:42 PM

    Actually, I don't think any of the references above will help you much. The problem with Gmail and some other email services is their use of encrypted connection directly from the client. When Google moved away from using the non-encrypted pop,imap and smtp, you cannot use the PGP desktop anymore to proxy the connection. 

    There is however a workaround to this, and I have this currently running in my lab setup.

    You will need a secondary MTA on a different computer that will handle the communication between Gmail and the LAN. In my case I use hMailserver. It can download message from Gmail with SSL pop3 and send out with smtp SSL on 465. You will end up with a local mailbox of your google mail on this MTA. 

    Next, configure your email client to connect to this MTA using the non-encrypted ports (25/143/110). Since the PGP Desktop can see what is going on in the proxied the connection, it will encrypt according to your policy. Inbound emails will work the same. 

    If you need more details around this, let me know, and I will be happy to post my full setup.

    Regards, H.

     



  • 4.  RE: Howto Gmail, Outlook 2013 x32, Pgp desktop encryption 10.3.2

    Broadcom Employee
    Posted Nov 28, 2014 02:36 AM

    Hi harnor,

    As you have got this setting in place if you wish you might share them so anybody interested in this thread can have a look.



  • 5.  RE: Howto Gmail, Outlook 2013 x32, Pgp desktop encryption 10.3.2
    Best Answer

    Posted Dec 03, 2014 11:14 AM

    Certainly Adam, 

    This setup has been tested with Desktop 10.3.2 as well as Symantec Encryption Server 3.3.2 in Internal placement. 

    First of all, setup your GMail account to allow POP3 access. Next, setup a MTA that can do the encrypted traffic with GMAIL while having unencrypted traffic on the LAN. 

    1) Setup your MTA that can both poll and send messages to GMAIL on a separate host.

    I used hMailserver for this sitting in a VM (http://www.hmailserver.com)

    Configure the domain gmail.com, and add your email account. Example harnor@gmail.com.
    You can use the same password as your gmail account or pick another. 

    In the account setting, select the external accounts tab, add an account - let's call it GMAIL. Fill in the server information type =POP3, server address = pop.gmail.com - port 995, Connection security=SSL/TLS, and add your username and password on gmail.

    Set a download frequency, and set retrieve date from Received header. Select "Do not delete messages". 

    This setup should create a copy of your messages in your gmail account locally on this MTA host, and you can now retrieve message from GMAIL via this host without an encrypted connection. 

     

    Under Setting - Protocols, select SMTP. Add route = Gmail.com, and configure SMTP host = smtp.gmail.com, port 465, connection security SSL/TLS.  Also select when a sender and recipient matches a route, treat them as local. In the delivery tab, select server requires authentication and add your gmail username and password below. 

    You have now setup a SMTP relay to GMAIL.

    Setup relay privileges in Advanced - IP ranges - add you LAN range or your PC with priority > Internet, and allow connections SMTP, IMAP (or POP if you prefer), and Allow deliveries from Local -> Local + external and External -> Local. Turn off SMTP authentication and SSL/TLS 

    2) User Mail client: Thunderbird

    Account setting:
    Incoming:IMAP mail server, port 143, server: use the IP address/DNS name of your MTA in step 1. SSL=None,
    Outgoing: Smtp server = same as for incoming, port 25, SSL = None. 

    You should now be able to retrieve and send your GMAIL message through this account. Test this first before adding PGP Desktop or the Encryption server to the mail flow. 

    3) Desktop configuration (alternative 1)

    Enable Secure mail (PGP options)

    Configure the Account Properties with your gmail address, incoming and outgoing server is both the MTA you set up in step 1, Username = your gmail address, and add you default key. 

    You may have to close and restart your email client to let PGP Desktop proxy the connection. 

    4) PGP server encryption (alternative 2 - instead of desktop). 

    Configure the server for internal placement. Managed domain is gmail.com. 
    Mail proxies:
    SMTP Outbound = proxy mail to SMTP server (IP address /DNS from your MTA in step 1), 
    StartTLS disable.
    IMAP Proxy peer = you MTA's IP address/DNS from step 1. StartTLS disable.
    Mail policies: Oubound - Disable rule for Passthrough if User did not authenticate. 
    (If you configure SMTP authentication on the MTA you can leave this rule in place.)

    Then configure your email client to use the DNS name of the PGP Server for the IMAP mail server and the SMTP server. 

     

     

    That's all of it. Most of the work was related to setting up this frontend MTA that does the talking to GMail, while your email client only talks to your internal MTA on the unencrypted ports 143 / 25. 

    The benefit of this setup is that you get a local copy of all your email on the frontend MTA, although some people may find this unecessary. If you don't want this copy, use POP3 in your email client instead and set the MTA's external account setting to delete messages after x days. 

    In my setup I have used the domain gmail.com as an example. I have my own hosted domain at Google and it works well with this too. 

    Anything unclear or if you have problems with this setup, let me know, and I will try to explain. 

    Regards, H.