Encryption
Secure PDF exchange (SPX) is clientless email encryption that converts email and attachments to a PDF file and encrypts it with a password.
XG Firewall encrypts outbound emails based on the domain and content you specify in the SMTP policies. Recipients can decrypt emails and then read them, using a PDF reader on their devices, including mobile phone platforms with PDF file support, for example, Android, iOS, Blackberry, and Windows.
To reply, recipients must click the reply button in SPX-encrypted emails and go to the SPX reply portal.
Applying SPX encryption in MTA mode
You can specify SPX encryption in SMTP route and scan policies and . XG Firewall only applies SPX templates when you configure an SMTP route and scan policy. If you specify more than one method of applying SPX encryption, XG Firewall applies encryption settings in the following order:
- Outbound emails from protected domains: XG Firewall applies the specified SPX template to outbound emails from the protected domains you specify in the SMTP route and scan policy.
- Data control list: If you specify an SPX template for data protection in an SMTP route and scan policy, XG Firewall applies it to the matching data. It does this only if you haven’t specified an SPX template under Domains and routing target.
- Password type specified in
SPX templates: For emails that
don't match the protected domains or the data control list, XG Firewall applies the SPX template for the password type you
specify.
To apply this SPX template in MTA mode, you must select the template in the SMTP route and scan policy under Domains and routing target or Data control list. If you don't want to specify a protected domain, you can use a dummy domain, such as example.com.
SPX configuration
Specify the SPX template, password, reply, and notification settings.
|
Name |
Description |
|---|---|
|
Default SPX template |
The template is applied if senders SPX-encrypt emails, and if you don't select SPX encryption in the SMTP policy. Select None if you don’t want to encrypt emails. |
|
Keep unused password for |
The period for which passwords remain valid if no SPX-encrypted email is sent to a specific recipient. For example, if you specify three days, the password expires at midnight at the end of the third day. |
|
Allow secure reply for |
The number of days within which recipients can reply to SPX-encrypted email, using the SPX reply portal. |
|
Send error notification to |
Recipients of the SPX error notification. Error messages are listed in the SMTP log. |
|
Allow password registration for |
The link to the password registration portal expires at the end of this period. |
SPX portal settings
Specify the password registration settings.
|
Name |
Description |
|---|---|
| Hostname |
IP address or domain on which the password registration portal is hosted. |
| Allowed networks |
Networks from which password registration requests are accepted. Set this to Any if you want all recipients of SPX-encrypted emails to access the SPX portal. |
| Port |
Port on which the SPX password registration portal listens. Default: 8094 |
CAPTCHA: Users signing in to the SPX portal will always need to enter a CAPTCHA. The CAPTCHA is always active for the SPX portal and can't be turned off.