MailSealer Policies

With policies you can define when an e-mail is to be encrypted and/or signed.

  • If a policy is set to force, other policies also matching the sender/recipients are ignored
  • E-Mail addresses can be either set complete or with wildcards, e.g. *@domain.tld or * for all
  • It is recommended to use a well describing comment for policies, to be able to check in the lg to see wheter this policy was applied

  • For incoming E-Mails the option "Forward message untouched" can be used, if the E-Mail is supposed to be encrypted directly at the client
  • Messages with invalid signatures can be bounced back to the sender if set (in the Verify Tab)

For outbound policies, various options are possible to define how the appliance should process the signing and encryption

Signature Settings:

  • Force signature: The e-mail must be signed in all cases. If there is no signature (public key) for the sender, the e-mail is not sent but bounced back to the sender.
  • Sign if possible: If a signature (public key) is available, the e-mail is sent with signature. Otherwise it is sent without signature. The sender is not informed in this case.
  • Do not sign: The e-mail is sent without signature.

Encryption Settings:

  • Force encryption (for all recipients): The e-mail must be encrypted for all recipients.
    If encryption is not possible for one or more recipients (e.g. no public key available), the e-mail is not send to anyone but bounced back to the sender.
  • Encrypt if possible (bounce unencrypted): The e-mail is supposed to be sent encrypted.
    If this is not possible for some recipients, the e-mail is not send to them and the sender gets notified. Recipients with a successful encryption will receive the encrypted e-mail.
  • Encrypt if possible (send unencrypted): The e-mail is supposed to be sent encrypted.
    If this is not possible for some recipients, the e-mail is sent unencrypted, in plain text, to them.
    Recipients with a successful encryption will receives the encrypted e-mail. The sender is not informed in this case.
  • Do not encrypt: The e-mail is send unencrypted.

Gateway Certificate Settings:

  • No gateway certificate: A gateway certificate is not used.
  • Fallback gateway certificate: If the sender does not have an own certificate, the gateway certificate is used.
  • Force gateway certificate: Only the gateway certificate is used.

The following table shows the processing of the MailSealer policies in detail with all possible combinations of the supplied options: