46
5.1 User preferences
5 USERS
domainencryption; b)forwarded email canbe decrypted and, c) email handling
with multiple recipients is faster because only one key is required for decryp-
tion.
Eventhoughnon-strict mode iseasier from amanagement perspective, it is
not as secure as “strict” mode. In non-strict mode, if an external attacker gets
hold of an encrypted message, the attacker can resend the message to an
internal accomplice, i.e., someone from inside the company who has access
to an internal mail box and who works closely with the attacker. Because the
message will decrypted with any available key, the message will be delivered
decrypted to the insider even though the insider was not the original recipient.
In “strict” mode, additional checks will be done to make sure that the message
will only bedecryptedif the recipient has avaliddecryptionkey. A messagewill
only be decryptedfor arecipientif the certificateassociated withthe private key
for decryption is valid, trusted, not revoked and if one of the following is true:
(a) the recipient has acertificate and privatekeywith amatchingemailaddress
and the message can be decrypted with this private key or,
(b) the recipient has a certificate and privatekey andthe certificate is explicitly
associated with the user and the message can be decrypted with the
private key or,
(c) the recipient is from a domain and the domain has an explicitly associated
certificate and private key and the message can be decrypted with this
private key.
If in strict mode, every recipient for which none of the above rules apply, will
receive the message in encrypted form.
Whether or not to use strict mode depends mostly on whether you trust your
internal users. If you do not trust all internal users, it’s better to enable strict
mode. If all internal users can be trusted, running in non-strict mode might be
somewhat easier to manage.
Note: strict mode can be enabled and/or disabled per domain and per recip-
ient. Although it’s advised to only change the global strict settings, there are
situations where it can be helpful to enable ordisable strict mode per recipient.
For example, suppose the global strict mode is enabled. However, because
of email archiving purposes, the front-end SMTP server sends a copy (bcc)
of every incoming email to the email archiver. Since the gateway is in strict
mode, encrypted message won’t be decrypted by the gateway when delivered
to the email archiver. By disabling strict mode for the email archiver recipient,
incoming email delivered to the email archiver will be decrypted.
Max. message size (S | R) If the email message is larger than the speci-
fied maximum messagesize (inbytes) the message will not be S/MIME signed
or encrypted. Large S/MIME messages can sometimes not be handled by
S/MIME email clients. Another reason for limiting the size of S/MIME mes-
sages is that encrypting and signing of large email messages can be resource
intensive.
25