Add SPX Templates (MTA)

This feature requires a subscription in Sophos XG Firewall. It can be configured but cannot be enforced without a valid Email Protection subscription.

This feature is applicable to Sophos XG Firewall devices where MTA Mode is enabled .

This page allows you to define new SPX Templates or modify existing templates.

  1. Go to Device Configuration > Protect > Email > Encryption > SPX Templates and click Add.
    Note Ensure that MTA Mode is selected for Encryption page. Click Turn Off Legacy Mode to switch to MTA Mode.
  2. Enter parameter values for the following basic settings.
    Specify the name to uniquely identify the template.
    Specify details of the template.
    Organization Name
    Specify the organization name to be displayed on notifications concerning SPX, sent to the administrator or the email sender, depending on your settings.
    PDF Encryption
    Select the encryption standard of the PDF file.
    Page Size
    Select the page size of the PDF file.
  3. Enter Password Settings.
    Password Type
    Select how you want to generate the password for accessing the encrypted email message. Depending on which type you select, the sender always has to take care of transferring the password in a safe way to the recipient, except for Specified by recipient.

    Available Options:

    Specified by Sender:

    Select if the email sender should provide the password. In this case, the sender has to enter the password into the Subject field, using the following format: [secure:<password>]<subject text> where <password> is the password to open the encrypted PDF file and <subject text> is the random subject. Of course, the password will be removed by the SFOS device before the email is sent to the recipient.

    Generated one-time password for every email:

    The SFOS device automatically creates a new password for each affected email. A Notification Email is sent to the Sender containing instructions and the one-time generated password.

    The HTML content of this Email can be customized from Notification Subject and Notification Body. You can reset to the default content by clicking Reset button.

    Generated and stored for recipient:

    The SFOS device automatically creates a recipient-specific password when the first email is sent to a recipient. This password will be sent to the sender. With the next email, the same password is used automatically. The password will expire when it is not used for a configured time period, and it can be reset by the administrator.

    The HTML content of this Sender Notification Email can be customized from Notification Subject and Notification Body. You can reset to the default content by clicking Reset button.

    Specified by recipient:

    Select if the email recipient should provide the password. In this case, the recipient receives a Notification Email containing link leading to the Password Registration Portal to register a password and Sender receives a failure notification. After registration, the recipient is able to view the current encrypted mail and any future encrypted mails using the same password from this or other senders from the same organization.

    Note The Recipient's password generated via Specified by recipient method and Generated and stored for recipient are mutually exclusive. Recipient will have to use the respective password when Email is received after SPX Encryption using different methods.
  4. Specify Recipient Instructions:
    Instructions for Recipient

    The body of the email that is sent from the SFOS device to the email recipient containing instructions concerning the encrypted email. Simple HTML markup and hyperlinks are allowed. You can also use variables, e.g.,

    Figure: Add SPX Templates
    The Default SPX Template on this tab contains all available variables and provides a useful example of recipient instructions. The variables used are:
    • ENVELOPE_TO: The Recipient for whom password is generated.
    • PASSWORD: The password to open SPX encrypted Email
    • ORGANIZATION_NAME: The name provided in Organization Name field.
    • SENDER: The Sender of the Email.
    • REG_LINK: Link of the Registration Portal for registering the password.
  5. Enable SPX Portal Settings:
    Enable SPX Reply Portal
    Click to enable users to securely reply to SPX-encrypted emails using the SPX Reply Portal. You can also select the option Include Original Body in Reply to include original body.
  6. Click Save to save the settings.