https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-for-email/m-p/157331#M51613 <P>Actually the decryption of SMTP<STRONG>s </STRONG>works the same way as the normal SSL/TLS Decryption. The difference is that you need to set up inbound Inspection (because otherwise the external mailservers will not trust your certificate) with the certificate which you use on your mailserver. Outgoing E-Mails can be decrypted with the normal forward decryption, there you only need to install your decryption root cert on your mailserver.</P> Fri, 19 May 2017 07:33:51 GMT Remo 2017-05-19T07:33:51Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-for-email/m-p/157309#M51610 <P>Hi,</P><P>&nbsp;</P><P>Do we need to&nbsp;enable SSL decryption simply for reading SMTP messages?</P><P>&nbsp;</P><P><SPAN>We have created a profile under Objects and attached it to incoming mail policy but attachments with extension&nbsp;dll, bat, exe file all get through and see nothing in Wildfire submissions.</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks in advance.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="FileBlock.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/9294i9766ECD2BE5B65EA/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="FileBlock.png" alt="FileBlock.png" /></span></SPAN></P> Fri, 19 May 2017 03:28:59 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-for-email/m-p/157309#M51610 Farzana 2017-05-19T03:28:59Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-for-email/m-p/157329#M51612 <P>Ignore this then <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 19 May 2017 07:36:51 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-for-email/m-p/157329#M51612 santonic 2017-05-19T07:36:51Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-for-email/m-p/157331#M51613 <P>Actually the decryption of SMTP<STRONG>s </STRONG>works the same way as the normal SSL/TLS Decryption. The difference is that you need to set up inbound Inspection (because otherwise the external mailservers will not trust your certificate) with the certificate which you use on your mailserver. Outgoing E-Mails can be decrypted with the normal forward decryption, there you only need to install your decryption root cert on your mailserver.</P> Fri, 19 May 2017 07:33:51 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-for-email/m-p/157331#M51613 Remo 2017-05-19T07:33:51Z