Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Mail Encryption: One-Way / Clientless ( SPX )

A system whereby customers can encrypt messages with the recipient having no in-place method to decrypt them, such as is currently possible with Smime/pgp setups.. Allows encryption to satisfy needs of many companies that do not havfe setup relationships with key exchanges and such, like Health Care, Government, Education etc... it should be very easy to use.

44 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Gert Hansen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      • Christian commented  ·   ·  Flag as inappropriate

        Are there any news about this feature? This is one of the most missing features, we've got. Are there any release plans for 9.2?

        Best regards,

      • Anonymous commented  ·   ·  Flag as inappropriate

        Maybe it can be done like this:
        1. Astaro checks if the public key already exists in the local database
        3. If not, Astaro send only an unencrypted notification email out, which includes a link to the user portal. (Password by SMS for example)
        4. In the user portal, two option
        Option 1: Use a Web Frontend (similar to Hotmail, Gmail, etc.) to view and reply
        Option 2: The Astaro creats a S/MIME or PGP Key and the User can download it and install it on his local computer. After the Astaro send the encrypted email out.

      • Jürgen Roth commented  ·   ·  Flag as inappropriate

        We have to establish a secure mail transport to a large company.
        Because every company has its own implementation, it's currently not possible to establish this! What we need is at minimum one of the following:
        * A domain wide PGP Key for the internal domain.
        * A domain wide PGP Key for the external Domain and a policy to use this key for all recipients in this domain (we got a public key for “”).

        * A policy to make STARTTLS mandatory for a domain.
        * A check if the hostname of the mail exchanger is the same as the CN of the certificate.

        * A way to modify the recipients address: e.g. change “USERNAME” to <> (use the users email address as real name and change the email address to a gateways email address)

        It would be gratefully if there will be more flexibility in the email encryption with flexibility of regex in policies and also to modify email addresses.
        An automated email to the admin for certificates that are at the end of life would also be gratefully!

      • Sascha Paris commented  ·   ·  Flag as inappropriate

        This could for example be done via HTTPS portal where customer has to register to view/download encrypted document or to send encrypted PDFs. However, it should work with "standard" equipment on a daily use PC without the need to install additional Software. This would be really helpful to acceptance of mail encryption.

      • andre commented  ·   ·  Flag as inappropriate

        Djigzo i.e. can send PDF with encryption (password) and send password via SMS. You could do the same with ZIP i.e.

      • Hagen von Eitzen commented  ·   ·  Flag as inappropriate

        Isn't at last server-to-server encryption (TLS) already available?
        Although I agree that a domain-wide key would be desireable, the consequences would be (if uses astaro with this feature):
        - can sign (with domain-wide signature) outgoing mail; the local admin has to make sure that nobody can forge a coworkers sender address (this shouldn't be a problem)
        - anybody@anywhere can encrypt mail to with domain-wide encryption; they have to be aware, though, that e.g. secretaries with access to the recipients mailbox can read the mail (sometimes this is a bug, sometimes a feature)

        However, any mail in the opposite direction still requires a key exchange as usual, though this is no problem for replys to incoming (signed) mails.

      • Paolo commented  ·   ·  Flag as inappropriate

        Yes and on the encryption session you will need to do man-in-the-middle in able to accomplish other products do this astaro ofcourse

      • Bob Alfson commented  ·   ·  Flag as inappropriate

        Sorry, I don't understand. What good is encryption if the recipient doesn't need special tools?

      • sven commented  ·   ·  Flag as inappropriate

        I hope I got the point right: Would this be support for PGP/Inline (or PGP/Classic)?

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.