Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SED with Web Email Protection Policy

Created: 27 Mar 2014 | 12 comments
rojopipe's picture

Hi Guys,

Can I enforce a policy with SED that emails with a label are sent through Symantec Web Email Proection ..??

Thank you.

Operating Systems:

Comments 12 CommentsJump to latest comment

Alex_CST's picture

Yes.  You can use any of the other criterion ([WEB] in subject for example)

Create another policy chain and call it Outbound: Web Messenger Only

Inside that chain create a rule that is always true to send via Web Email Protection.

Then go to your normal outbound rule you created at the start and when it hits whatever criteria you want, select it to "Goto Chain: Outbound: Web Messenger Only"

Done!

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Hyodo's picture

Do I need to have a outbound proxy for the Web Messenger to work ??

rojopipe's picture

Thanks ALEX_CST,

I have a doubt, public keys must be in SED in SEMS or both..??

Regards,

dcats's picture

Hi rojopipe,

If you have public keys for the recipient you shouldn't be needing the Web Messenger because you can send the message secured and the owner of the key will be able to decrypt it.

Rgs,
dcats

Alex_CST's picture

Web Messenger is for sending emails to recipients with no encryption.  So there's no key exchange at all.  Web Messenger is traditionally used as a KNF (Key Not Found) option.  

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

rojopipe's picture

Hi Dcats / Alex_CST,

I'm confused.

Please correct me if I'm wrong:

1. When I use SED, I must have recipient's public key to encrypt messages.
2. The public key can be stored in SED and/or SEMS so I can encrypt messages sent to SED.
3. If using Web Messenger or PDF messenger not use keys.
4. By submitting a notification of Web Messenger is created and saved a public key of the recipient in SEMS.

5. If 3 and 4 are true, the key of the item 4 ,what is it used..?

Thanks.

Anthony_Betow's picture

Hi Rojopipe,

When the SEMS server sends a link to an External user with Web Messenger.  The external user creates a mailbox on your SEMS server during first setup.  Once this is done the server creates a key pair for the external user.  Everytime you send a message to the external user then the server encrypts to the users key even though it is on the server.  SEMS lets the user know that they have a secure message.

Web messenger does use keys for external users but it is all managed by the server.

Thanks

Anthony  

dcats's picture

Hi rojopipe,

As all of this is handled by SEMS, the recipient doesn't have the private key to decrypt the message.
Depending on the configuration of the Consumer policy they can have other delivery options available, but that's another chapter. :-)

Rgs,
dcats

rojopipe's picture

Thank you very much for all.

A question more: How can i avoid double authentication to Web Messenger users, I think that's a security breach.

Regards

dcats's picture

Hi rojopipe,

What do you mean by double authentication?
Are they asked to enter their credentials twice or they can open concurrent sessions?

To the best of my knowledge none of these should be happening. For the last one, please see: Unable to login to Symantec Web Email Protection using consecutive sessions (formerly Known as Web Messenger) - TECH183654.

Do you have a Customization in place? If so, please set it back to the Simple (default) and test again.

Rgs,
dcats

rojopipe's picture

Hi Dcats,

A few days ago, we updated SEMS to version 3.3.2 and since then allows the simultaneous authentication of the same user.

I was reviewing the path /var/lib/ovid/customization and found the following:

ten files with .sh extension

one file with .sh.rpmsave extension

one file with .sh.rpmsav extension

and one file with .rnd extension

is tthat normally..?

Thanks.

dcats's picture

Hi rojopipe,

I meant WEP customization, not the server.
Services > Web Messenger/Web Email Protection > Add Templates

For instance: Unable to Apply Existing Customized Templates to Web Messenger - TECH170307
 

Rgs,
dcats