This feature applies to the Barracuda Email Security Gateway running version 6.x and higher.
If you have a Barracuda Message Archiver, you can choose to archive encrypted emails that pass through the Barracuda Email Security Gateway, as well as replies to those emails. From the BASIC > Administration page, enter the IP address of the Barracuda Message Archiver in the Email Encryption Service section.
Archiving Replies to Encrypted Emails
Any replies to encrypted message go, as usual, to the Barracuda Message Center. The Barracuda Email Security Gateway then collects the reply from the Barracuda Message center and proxies it to the Barracuda Message Archiver. For an illustration of encrypted mail flow (not including the archiving feature), see the diagram in How to Use DLP and Encryption of Outbound Mail.
Note that encrypted messages are not sent in encrypted format to the Barracuda Message Archiver. Therefore, to protect sensitive mail, Barracuda strongly recommends that:
- This email traffic from the Barracuda Email Security Gateway to the Barracuda Message Archiver be sent over internal networks. The Barracuda Message Archiver will support SMTP/TLS for encrypted transmission of the emails if both the Barracuda Email Security Gateway and the Barracuda Message Archiver are configured to use this protocol:
- On the Barracuda Email Security Gateway, set Enable SMTP over TLS/SSL to Yes on the ADVANCED > Email Protocol page.
- For configuring the Barracuda Message Archiver to receive messages via SMTP over TLS, please contact Barracuda Networks Technical Support.
You enable the Secondary Authentication feature on the Barracuda Message Archiver from the BASIC > Administration page. Secondary Authorization allows an additional password to be required of both Admins and Auditors before executing any action that could expose message data, including messages that were originally sent encrypted. You can assign the secondary password to a 2nd administrator, which must be used before the content of these email messages can be viewed. Note that the Secondary Authorization feature is not limited for use with managing encrypted mail - if you enable it, it will apply to managing all archived mail.