General Settings
Configure how Uptrust Gateway should process emails.
Uptrust Status
This informs you of the current status of the Uptrust Gateway server. It should always be up and running.
Uptrust Protection
This allows you to effectively switch the email processing on and off. When active, all emails are processed as configured. When inactive, all processing will be bypassed, and Uptrust Gateway will effectively act as if it wasn’t there.
Protection standard
Specify which of the two protection standards S/MIME and PGP should be used by Uptrust Gateway.
S/MIME
Uptrust Gateway uses only S/MIME to encrypt emails.
PGP
Uptrust Gateway uses only PGP to encrypt emails.
S/MIME preferred
Uptrust Gateway uses S/MIME to encrypt emails, but if not possible will fall back to PGP.
PGP preferred
Uptrust Gateway uses PGP to encrypt emails, but if not possible will fall back to PGP.
Server-side Protection
When active, Uptrust Gateway handles the encryption and decryption of emails on behalf of the mail clients. This is a great option to start protecting your communication with email encryption while the mail clients have not yet been set up to support email encryption. The main advantage is that the emails that are stored on the mail server will be encrypted, yet the mail clients will still be able to read them.
When inactive, this means the encryption and decryption will be handled by the mail clients. However, emails that have not been encrypted by the sender will still be encrypted by Uptrust Gateway, so they are stored securely on the mail server.
When Uptrust Gateway encrypts emails, it always attempts to use the recipient’s or sender’s keys to do so. However, if they are not available, Uptrust Gateway will fall back to using a domain key for encryption. Therefore, it is important that a domain key is configured for the user domain (or one for each user domain if there are multiple).
Only when server-side is active, the following additional settings apply:
Fallback Behavior
What to do if an email could not be encrypted for any reason
Do not send and return error message
If encryption fails for whatever reason, Uptrust Gateway will abort processing the email, and instead return an error message to the sender.
Send unencrypted
If encryption fails for whatever reason, Uptrust Gateway will continue to send the email unencrypted. This option is not recommend and should be used for testing only.
Protection Indicators
When active, Uptrust Gateway decrypts encrypted emails and then inserts icons (small images) into the emails that indicate to the receiving user that the emails had originally been encrypted. When emails have been signed, Uptrust Gateway validates and removes the signatures and then inserts an icon that indicates that the emails had originally been signed.
Available options are
Always
Indicator icons will be inserted into all emails, effectively indicating both encrypted and/or signed and unencrypted and/or unsigned emails.
Only protected
Indicator icons will be inserted only into emails that had been encrypted and/or signed.
Never
No indicators will be inserted.
Indicator Location
When protection indicators are configured to be inserted, there are two options as to where to insert them:
Message body
An indicator icon will be inserted at the beginning of the message body of the email.
Subject field
A text will be prepended to the subject of the email.
Check PGP/inline
When active, checks incoming emails for PGP/inline parts.
Note that PGP/inline is considered unsafe, because PGP/inline encrypted message parts can be mixed with unencrypted parts, and PGP/inline signatures can sign only part of the email. This is very confusing, and users will be unable to tell the protected from the unprotected part, consequently assuming that all of the email was protected.
We therefore do not recommend to enable PGP/inline unless absolutely necessary.