How does GFI MailEssentials handle encrypted email traffic, inbound or outbound?
MailEssentials is not involved with email traffic, but will only scan what receives from the server and releases to the pickup folder of the SMTP server where MailEssentials is installed, or blocks/quarantines the emails if any of the engines or filters are triggered.
MailEssentials will decompress and decrypt any compressed and encrypted data (e.g. zip files, s-mime, etc) and will make the information on the decrypted and compressed data available to all the modules that require this information.
The information on the data in the compressed or encrypted files is shown in a PFI (Packed File Interface). This interface will provide information on the file name, file path, location of the file in memory, File Type, and Content-Type.
One issue observed when dealing with encrypted emails is described in the Unable to open HTML Attachments from Office 365 Encrypted Emails article, caused by the HTML Sanitizer. It is our recommendation to prevent GFI MailEssentials from modifying the email is to whitelist the emails in the HTML Sanitizer and also disable rule ID's 7 and 10 in Exploit List of Email Exploit Engine. The procedure is as follows:
- 1. Open the GFI MailEssentials Configuration console.
- 2. Expand the EmailSecurity node, then click on the HTML Sanitizer to open its properties.
- 3. Select the Whitelist tab and make an entry for the address that is sending the emails.
- 4. Expand the Email Exploit Engine branch and point to Email Exploit Engine.
- 5. Check off rule ID's 7 and 10, then hit the Disable Selected button at the top.
- 6. Hit OK and exit the console. Send a test email to confirm the operation is successful.