On the SPX Encryption > SPX Templates tab you can modify the existing Default Sophos Template, and you can define new SPX templates. If using SMTP Simple mode, a global SPX template can be selected for all SMTP users on the SMTP > Global tab. If using SMTP Profile mode, you can assign different SPX templates to different SMTP profiles on the SMTP Profiles tab.
To configure SPX encryption, proceed as follows:
Click New SPX Template.
The Add SPX Template dialog box opens.
Tip – The Sophos Default Template contains useful settings and example texts. Therefore you should consider to clone the existing template using its Clone button instead of creating a new template from scratch.
Make the following settings:
Template name: Enter a descriptive name for the template.
Make the following basic settings:
Comment (optional): Add a description or other information.
Organization name: The organization name will be displayed on notifications concerning SPX, sent to the administrator or the email sender, depending on your settings.
PDF cover page: Select if you want the encrypted PDF file to have an additional first page. You can use the default page or a custom page. In case of the custom page, upload a one page PDF file via the Folder icon.
PDF encryption: Select the encryption mode of the PDF file. Note that some PDF viewers cannot read AES / 256 encrypted PDF files.
Label languages: Select the display language of the labels in the email forwarded to the recipient. The email contains fields such as From, To, Sender, or Subject, for example.
Page size: Select the page size of the PDF file.
Remove Sophos logos: Enable this option to replace the default Sophos logo with your company logo specified on the Management > Customization > General tab. The logo will be displayed in two places: on the footer of the encryption email sent to the recipient and in the footer of the reply message generated via the Reply button in the PDF file.
Password type: Select how you want to generate the password for accessing the encrypted email message. Dependent on which type you select, the sender always has to take care of transferring the password in a safe way to the recipient, except for Specified by recipient.
- Generated one-time password for every email: Sophos UTM on AWS automatically creates a new password for each affected email. This password will be sent to the sender.
- Generated and stored for recipient: Sophos UTM on AWS automatically creates a recipient-specific password when the first email is sent to a recipient. This password will be sent to the sender. With the next email, the same password is used automatically. The password will expire when it is not used for a certain time, and you can reset it, see the SPX Configuration tab.
Specified by sender: Select if the email sender should provide the password himself. In this case, the sender has to enter the password into the Subject field, using the following format: [secure:<password>]<subject text> where <password> is the password to open the encrypted PDF file and <subject text> is the random subject. Of course, the password will be removed by Sophos UTM on AWS before the email is sent to the recipient.
Note – A template with this option should not be used in combination with Data Protection. With Data Protection, the sender does not know beforehand that an email will be encrypted and thus will not enter the password into the Subject field. When Sophos UTM on AWS tries to SPX encrypt an email with no password specified, the sender will receive an error message with the information that the password is missing.
Specified by recipient: Select if the email recipient should provide the password by himself. In this case, the recipient receives a link leading to Sophos UTM on AWS Portal to register with a password. After registration the recipient is able to view the current encrypted mail and any future encrypted mails using the same password from this or other senders from the same organization. In case the recipient did not provide a password, the mail is displayed on the Email Protection > Mail Manager > Global tab.
Note – The password type Specified by recipient does not work after the Generated and stored for recipient type was used in the same template before. The sent email will still use the generated password. In this case, you need to reset the password for the given users on the Email Protection > SPX Encryption > SPX Configuration tab.
Notification Subject (not with the Specified by sender option): The subject of the email that is sent from Sophos UTM on AWS to the email sender containing the password. Here you can use variables, e.g. %%ENVELOPE_TO%%, for the recipient's name.
Notification Body (not with the Specified by sender option): The body of the email that is sent from Sophos UTM on AWS to the email sender containing the password. Here you can use variables, e.g., %%GENERATED_PASSWORD%%, for the password.
Tip – The Sophos Default SPX Template on this tab contains all available variables and gives a useful example of a notification.
Make the following recipient instructions settings:
Instructions for recipient: The body of the email that is sent from Sophos UTM on AWS to the email recipient containing instructions concerning the encrypted email. Simple HTML markup and hyperlinks are allowed. You can also use variables, e.g., %%ORGANIZATION_NAME%%.
Tip – The Sophos Default SPX Template on this tab contains possible variables which gives a useful example of recipient instructions.
Header image/Footer image: Select if the email from Sophos UTM on AWS to the email recipient should have a header and/or a footer image. You can use the default image, which is an orange envelope with an appropriate text, or a custom image. In case of the custom image, upload a JPG, GIF, or PNG file via the Folder icon. The recommended size is 752 x 69 pixels.
Enable SPX reply portal: If enabled, the encrypted PDF file sent to the recipient will contain a Reply button. With this button the recipient can access the SPX reply portal to send an encrypted email reply to the sender.
Include original body into reply: If enabled, the reply from the recipient will automatically contain the body of the original email.
Portal header image/Portal footer image: Select if the SPX reply portal should have a header and/or a footer image. You can use the default image, which is an orange envelope with an appropriate text, or a custom image. In case of the custom image, upload a JPG, GIF, or PNG file via the Folder icon. The recommended size is 752 x 69 pixels.
The SPX template will be created and appears on the SPX Templates list.
Note – The notification sender is the mail address which is configured in Management > Notifications > Sender.
To either edit or delete an SPX template, click the corresponding buttons.
Variables for SPX Templates
You can use the following variables in SPX templates for Password Settings and Recipient Instructions.
Password notification for options Generated one-time password for every email and Generated and stored for recipient:
%%ENVELOPE_TO%%: Email address of recipient
%%GENERATED_PASSWORD%%: Password which was generated
Password notification for option Specified by recipient:
%%ORGANIZATION_NAME%%: Organization name from template
%%HEADER_FROM_SANITIZED%%: Original sender display name (or if not present, envelope sender)
%%REGISTRATION_URL%%: URL address which should be used to register the password.
- %%ORGANIZATION_NAME%%: Organization name from template
- %%HEADER_FROM_SANITIZED%%: Original sender display name (or if not present, envelope sender)