• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 803
  • Last Modified:

FOPE outbound encryption policy

I have created an outboud policy in fope to encrypt messages being sent to internal addresses on the company domain. It is not working.

A) Can FOPE encrypt messages for internal addresses?
B) Please provide an example policy if this is possible.

Thanks in advance.
  • 2
  • 2
1 Solution
Dave HoweSoftware and Hardware EngineerCommented:
Not sure what you are asking. FOPE is a cloud/web hosted service similar to mimecast and mailcontrol, that sits between your exchange server and the internet allowing (amongst other things) Exchange Hosted Encryption (which while named confusingly isn't hosted in your Exchange, but in the FOPE instance, and more closely resembles the cisco CRES and zixmail services)

So the solution looks like:

[your exchange] == TLS encrypted tunnel == [FOPE] == OppTLS smtp == [The Internet]

internal mail never leaves exchange, never passes though FOPE, so never has any FOPE policies applied.
UnitedPresAuthor Commented:
Thanks for your response Mr. Howe,

This confirms that we can not create a policy in FOPE as the internal mail does not leave our exchange box.

Is there a way procedure to send an encyrted message internally?
Dave HoweSoftware and Hardware EngineerCommented:
  You *could* do such a thing, but not sure why you would want to.  All traffic between outlook and exchange (or the browser and webaccess) should be encrypted; FOPE does edge-router encryption (in that, mail leaving FOPE for the internet is encrypted, and arriving from the internet is decrypted) and once it is in exchange isn't encrypted at all.

  You *can* enforce use of s/mime via group policy; that will require that your users *and* everyone else they talk to all have s/mime digital certificates, and isn't compatible with FOPE encryption (in that all messages will already be required to be s/mime encrypted).

You could also use a datasink/transport agent to enforce use of s/mime internally, but that would just cause non-encrypted mails to fail (and not force-encrypt them) which would inconvenience your internal users for no good effect.
UnitedPresAuthor Commented:
Mr. Howe,

Thank you for responding. I feel you have answered my questions and appreciate your time.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now