Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
501502503504505506507508509510
19-20
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 19 S/MIME Security Services
S/MIME Certificate Requirements
Step 4 Under S/MIME Decryption/Verification, do the following:
Enable S/MIME decryption and verification.
Choose whether to retain or remove the digital signature from the messages after S/MIME
verification. If you do not want your end users to know about S/MIME gateway verification, select
Remove.
For triple wrapped messages, only the inner signature is retained or removed.
Step 5 Submit and commit your changes.
Tip If S/MIME Decryption and Verification is enabled in the Mail Flow Policies, all the S/MIME messages
are delivered irrespective of the status of the decryption and verification. If you want to configure an
action for handling S/MIME Decrypted or Verified Messages, you can use the message filter
rules—
smime-gateway-verified and smime-gateway. For more information, see Configuring an Action
for S/MIME Decrypted or Verified Message, page 19-20.
Configuring an Action for S/MIME Decrypted or Verified Message
After Email Security appliance performs S/MIME decryption, verification, or both, you may want to
take different actions depending on the results. You can use the message filter
rules—
smime-gateway-verified and smime-gateway to perform actions on the messages based on the
result of decryption, verification, or both. For more information, see Chapter 9, “Using Message Filters
to Enforce Email Policies.
Note You can also use the content filter conditions—S/MIME Gateway Message and S/MIME Gateway
Verified to perform actions on the messages based on the result of decryption, verification, or both. For
more information, see Chapter 11, “Content Filters.
Example: Quarantine S/MIME Messages that failed Verification, Decryption, or Both
The following message filter checks if the message is an S/MIME message and quarantines it if the
verification or decryption using S/MIME fails.
quarantine_smime_messages:if (smime-gateway-message and not smime-gateway-verified) {
quarantine("Policy"); }
S/MIME Certificate Requirements
Certificate Requirements for Signing, page 19-21
Certificate Requirements for Encryption, page 19-21