Re: Ex 07 Route outbound email differently based on sender?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance



"Mark Arnold [MVP]" wrote:

Sorry, I should have been more clear. It's more of a secure mail function
instead of an actual encryption product. The need is for certain people to
have the ability to send secure email, but it's not allways to predefined set
of specific domains/users.

What we're looking at is using the PGP Universal Gateway Email system. What
happens is that if a user needs to send something secure, they put a specific
string in the subject. If the outgoing gateway sees this string in the
subject, then routes the content of the email to a web server and sends an
regular email to the original recipient. The email that the recipient gets
then lets the recipient know that they need access the web site on our server
with the appropriate credentials to see the email.

The problem is that we're only licensed on the PGP product for 100 users.
However the gateway requires a license for each user whose mail passes
through the gateway. That's why we're looking at a method to limit who is
sent through that relay.

And what do PGP say about this then? Exchange 2007 will redirect
messages to an address given a subject line. You would put the PGP
people in a DG and then create the HT rule saying where messages are
FROM <DG> and contain <subject> redirect to <address>. Obviously
you'll create a contact for this address. One assumes it's something
like pgp.gateway@xxxxxxxxxxxxxx and you create a connector for
pgp.domain.com so that any mail for that ficticous domain goes to an
IP address on the internal network. That way you don't have to worry
about MX records etc.


I think I'm not explaining this right. The email does not get re-routed to
a different user.

Here's the scenario: I, as a user "Mike@xxxxxxxxxxxx" need to send a
"secure" message to john@xxxxxxxxxxxxxxx I create the email, prefix the
subject with the word "[secure]", then send it.

The email leaves the hub transport server and goes to the an internal server
on our network with the PGP software. The PGP software sees the word
"[secure]", then takes the email moves it to a web server on our DMZ. It
then sends a new message to John@xxxxxxxxxxxxxx with the message that there
is a secure message stored at www.securemail.spitball.com and that he needs
to access it.

The problem is that 4,900 of our users don't have the option of using the
[secure] functionality, so we don't want Exchange to send it to the
smarthost/relay for them. The problem is that the PGP software on the relay
counts every user it processes as a licensed user, whether they use the PGP
function or not, so the first 100 users that send email through the relay
will use up our 100 seats.

Regarding PGP, we are working with them, but the last tech we talked to said
to "just create a new send connector set up for only the users in the
"pgpusers" A/D group". When we told him that it didn't seem to be possible
in Exchange 2007, he wasn't aware of that and was going to research it. I
gather that the normal arrangement that a company implements this is that it
is available for all users, so there's not an issue to route everybody
through it.

.

Relevant Pages

  • RE: PGP email encryption
    ... There IS a web client to PGP, and one way to use "email encryption" in PGP ... is to have the PGP server catch the ... > someone receives a notification that a secure email message has been sent ...
    (Security-Basics)
  • Re: PGP email encryption
    ... > for the easiest way to send encrypted emails over the internet. ... > secured email server with web access. ... secured email server is NOT the same as a pgp server ... > someone receives a notification that a secure email message has been sent to ...
    (Security-Basics)
  • Re: Accessing corporate servers through the web..
    ... Telnet communications not secure ... Terminal Services (win 2K server) ... PGP / XML GATEWAY APPLIANCE ... The Presidio integrates PGP data encryption and XML Web Services security to ...
    (Security-Basics)
  • Re: Server Side PGP Encryption for Email - to send form results?
    ... I have found a host that offers the server side pgp and I had a pretty good ... I will be putting my form on ssl and storing the results on the secure ... > RSA x509 and Open PGP standards. ...
    (microsoft.public.frontpage.programming)
  • Re: Access to Vigay.com
    ... PGP remains secure irrespective of how many ... The actual PGP algorithm is currently extremely secure and that won't ... lot easier with modern security systems to steal the car when you can ... security, which is believing in a false sense of high security. ...
    (comp.sys.acorn.misc)