Staff & Editor

Technical Note: Encrypting incoming/outgoing emails only for credit card number pattern

Forum|Forum|10 years ago
September 10, 2015
0 replies
1691 views

Description

This article describes an example of encrypting incoming/outgoing emails with credit card pattern.

Scope

FortiMail 5.0 onwards. The version used in this article is v5.2.2 build 425.

Solution

FortiMail is configured in Server Mode.

Protected Domains configured:

somu.local
test.local

Users configured under protected domains:

somu.local
user
user2
test.local
test

The FortiMail IP address is 172.31.19.177.

Configuring Domains:

Configuring Users:

Enable the IBE encryption:

Configuring the Dictionary Profile:

Configuring the Content Profile:

On the content profile, the action should be configured as encrypt. Under the action profile, the encrypt profile should be IBE_Pull, and under Content Monitor and Filtering, it is necessary to select the Dictionary Profile which was created earlier.

Configure the IP policy and Outgoing Recipient policy:

Authenticate with user password, then the real contents can be viewed.

Domain configuration:

get system status
Version:            FortiMail-400C v5.2,build425,141127 (5.2.2 GA)

config domain
edit somu.local
    config profile authentication radius
    end
    config user mail

edit user

set type local

set password ENC FOpyx2PNXG6zMv96Ljd3h8mSfvcGPbxQ7NRHDRTVSjfvZzrqXNQyIcVrHV7bTMo+R6DdHGMvUAkrH3WXaaj+g+mNtI8BpZtFXeCGHULMEAg2TmzL

set type local

set password ENC pUFm+E0TZHTSivLlGGhAk6NcQze6Waskn8aLCbTNVYG+ox/HitlmfBNKHJDXQPCUdahJGIOz5342+PdI3BVWcmJKmR0zM302OKLI04t/wR8Fv6uw

next
    end
    config user group
    end
    config customized-message

edit report-quarantine-summary

config variable

end

config email-template

end

next
    end
    config profile antivirus-action
    end
    config profile antivirus
    end
    config profile antispam-action
    end
    config profile antispam
    end
    config profile content-action
    end
    config profile content
    end
    config profile resource
    end
    config policy recipient
    end
    config domain-setting

config sender-addr-rate-ctrl-exempt

end
    end
    config cal resource
    end

next
edit test.local

config profile authentication radius
end

config user mail

edit test

set type local
set password ENC TvDIWJ9rfOGyBQyyZ2xmer41BPPNSkZ8LhrFHTphIH8xG48U4panUOgwFozpfK/TPB9LiuJ1HTGmilOF3qIHzQLH4gUMCXX/ZiYefuaW5RaSRSZ/

end

config customized-message

edit report-quarantine-summary

config variable
        end
        config email-template
        end
next

end

config profile antivirus-action

end

config profile antivirus

end

config profile antispam-action

end

config profile antispam

end
config profile content-action

end

config profile content

end

config profile resource
end

config policy recipient

end

config domain-setting

config sender-addr-rate-ctrl-exempt

end

config cal resource

end

next
end

Configuring users:

config domain
edit somu.local
config user mail
edit user
set type local
set password ENC viTAVSbDK14ejJZIkiVNupemg4gcSTn3c7txZKTpAvcOvUPK87kpMTh3TZ/lL68kl4nTgdsusSnX47em0qOrJIqiqLj3dLY0yCsoUwYWTOJAiYxL

set type local

set password ENC LzbgcChFMz1iV6t3D0fHiy+2xIcNqpPaG2vBgXpVA0fxrdvMh+iqn8v0/SY3qyF8BGloVegjBHlubLy0ExuX0jK09vRO37Qq+srm6Q/YoexEHz/i
next
end

For test.local:

config domain
edit test.local
config user mail
edit test
set type local
set password ENC hSTTadsBtS8SA6x0v5pSAfTAz9mYfVhbj+Iqk8ugqZf8H+DvBf9I4MSLgs6DbWScL+cfg+duF5FH4/57h3pza8kvbdAZIUMnzPeRSr1fj8mqvCVk
next
end

Configuring Content Action Profile:

config profile content-action
edit encrypt
set direction outgoing
set action encryption
set encryption-profile IBE_Pull
next
end

Configuring Content Profile:

config profile content

edit outbound_credit_card

set direction outgoing

config attachment-name

edit *.bat

edit *.com
              next
      edit *.dll
       next
      edit *.doc
      next
      edit *.exe
      next
      edit *.gz
      next
      edit *.hta
      next
      edit *.ppt
         next
      edit *.rar
      next
      edit *.scr
      next
      edit *.tar
      next
      edit *.tgz
      next
      edit *.vb?
      next
      edit *.wps
      next
      edit *.xl?
      next
      edit *.zip
      next
      edit *.pif
      next
     end

set action-default encrypt

config monitor

edit 1

set dictionary-profile credit_card_dictionary

set action Encrypt_Pull_Outbound

set scan-pdf enable

set scan-msoffice enable

set scan-archive enable

next
end

Configuring Dictionary Profile:

config profile dictionary
edit credit_card_dictionary
config item
edit 1
set pattern-type CANSIN
set pattern-max-limit enable
set pattern-status disable
next
edit 2
set pattern-type USSSN
set pattern-max-limit enable
set pattern-status disable
next
edit 3
set pattern-type CreditCard
set pattern-max-limit enable
next
edit 4
set pattern-type ABAROUTING
set pattern-max-limit enable
set pattern-status disable
next
edit 5
set pattern-type CUSIP
set pattern-max-limit enable

set pattern-status disable

next
edit 6

set pattern-type ISIN

set pattern-max-limit enable

set pattern-status disable

next
end

Configuring IP Policy:

config policy ip
edit 1
set profile-session Inbound_Session
set profile-content outbound_credit_card
next
end

Configuring Outgoing recipient policy:

config policy recipient
edit 1
set direction outgoing
set profile-content outbound_credit_card
next
end

Now try to send a mail from user@somu.local to test@test.local with a credit card (fake) 4539665237127925 number in body of the email, when the logs are verified on the FortiMail the email can be seen to be encrypted.

If tested with .docx or zip/rar file with .docx inside, it should encrypt the emails.

To open the encrypted email, select https://172.31.19.177. A similar authentication prompt to the one shown below should be seen.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded