When a Cisco Email Security Appliance (ESA) is configured to use the Cisco Registered Envelope Service (CRES) and cannot reach the CRES key servers, it treats the situation as a temporary delivery failure. The message is not dropped or sent in clear text. Instead, the ESA places the message into its delivery queue. The appliance will then periodically attempt to re-establish communication with the CRES server and process the message. This is standard Mail Transfer Agent (MTA) behavior for transient failures, ensuring that security policies are not violated and messages are not lost due to temporary network or service issues.

B. It is sent in clear text: This would violate the explicit security policy requiring encryption and is therefore an insecure "fail-open" action that the ESA avoids by default.

C. It is dropped and an error message is sent to the sender: This is a hard failure action. The ESA's default behavior for a temporary service unavailability is to requeue and retry, not to immediately drop the message.

D. It is encrypted by a Cisco encryption appliance: The ESA is the encryption appliance in this scenario, and it is configured to use CRES. It will not automatically switch to a different encryption method.

1. Cisco Email Security Appliance Best Practices

Recommendations

and Troubleshooting Guide: In the "Troubleshooting Cisco Email Encryption" section

it is explained that if the ESA cannot contact the CRES key server

it will queue the mail for a configurable amount of time and retry. This behavior is consistent with standard MTA retry schedules for delivery. (Reference found in discussions of mail queues and encryption failures).

2. Cisco Email Security Appliance Configuration Guide

14.0: The chapter "Configuring Appliances to Use Cisco Secure Email Encryption Service" describes the communication flow between the ESA and the CRES key server. A failure in this communication is handled by the ESA's mail delivery subsystem

which queues messages for later retry upon temporary failures

as detailed in the "Mail Policies" and "Delivery Control" sections of the guide. The message remains in the delivery queue until it can be processed or it expires.