Create a global allow rule to quarantine all Encypted / Password protected files, create a second exception rule to allow users of a group to have them delivered.
Moved to our IronMail area for housekeeping.
I would start with the same steps you did:
A) Create a group full of the users that you want to allow to have encrypted files. (Compliance --> Compliance Advanced --> Group Manager)
B) Create a Default Attachment Analysis rule looking for the password protected/encrypted files, and set to quarantine. (Compliance --> Compliance Advanced --> Attachment Analysis --> Manage Rules)
But a better way to apply the rule is:
A) Go to Compliance --> Compliance Advanced --> Attachment Analysis --> Apply Rules.
B) Click on Add New
C) On "Apply To" select User Group, in the next box choose the group you have for this.
D) Check the "Exclude" box. This says apply the rule to everyone EXCEPT those in the selected group.
E) Save the policy
Creating a global rule to block and a separate rule with the exclude will cause the rule to be applied to everyone, which does not appear to be the intended effect.
Thats great, how would you be able to specify FROM addresses to this rule.
IE Only addresses allow the send these file types to your organization?