I just realized that it thinks the User-Agent in the header of the email is triggering the
DLP:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
It triggers on the "20100101" part which is a bit odd since it's only a 8
digit number but nevertheless it's a regex issue like you said.
I guess setting the threshold higher maybe a better solution. Now next problem is this.
Even if I specify [encrypt] in the subject, the DLP still quarantines. How ould I
configure DLP to allow encrypted outbound messages with SSNs in them?
-----Original Message-----
From: users-bounces(a)lists.djigzo.com [mailto:users-
bounces(a)lists.djigzo.com] On Behalf Of Martijn Brinkers
Sent: Saturday, October 22, 2016 6:17 AM
To: users(a)lists.djigzo.com
Subject: Re: [Djigzo users] DLP not working
On 10/22/2016 12:09 PM, Dino Edwards wrote:
I'm guessing I can enable DLP and assign
patterns on the domain level
instead of just a sender level. It seems I got a little further, I can
get it to quarantine test SSN messages but now EVERY outgoing email is
quarantined by the DLP whether it contains an SSN or not. I must be
missing something
The problem with a SSN is that it has no structure other than being a nine-
digit number. So if for whatever reason your email contains a nine-digit
number, the DLP engine flags this number as a SSN.
Unfortunately the only solution to this problem is to modify the SSN reg exp
to only match if there is some other text around the number (for example
the word social, ssn or whatever). The DLP engine should send a warning (if
configured) to report which number was detected. By using the "extract
text" tool (admin -> other -> extract text) you can see what text the DLP
actually sees while scanning (you need to upload a complete MIME
formatted email).
Kind regards,
Martijn Brinkers
> -----Original Message----- From:
users-bounces(a)lists.djigzo.com
> [mailto:users- bounces(a)lists.djigzo.com] On Behalf Of Martijn
> Brinkers Sent: Friday, October 21, 2016 5:58 PM To:
> users(a)lists.djigzo.com Subject: Re: [Djigzo users] DLP not working
>
>
> On 10/21/2016 11:37 PM, Dino Edwards wrote:
>> Trying to get DLP to work. Enabled DLP for the domain, imported
>> patterns from the website and sent a test email with a test social
>> security number. The email gets delivered to its destination. I get
>> the following in the MPA log. What stands out the is the line that
>> says DLP is disabled for recipient. I didn't think I had to
>> configure the recipient for DLP.
>
> See figure 100 (MPA mail flow for DLP) from the administration
> guide:
>
>
https://www.ciphermail.com/documents/html/administration- guide/#pf77
>
>
>
If DLP is not enabled ("Enable pattern scanning" option) for the
recipient
> and/or sender, DLP is skipped. You need to
enabled DLP on global
> level. The DLP patterns should only be defined for the sender. The
> reason why DLP should be enabled for sender and recipient is that it
> provides the greatest flexibility.
>
> Kind regards,
>
> Martijn Brinkers
>
>
>> INFO incoming; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d;
>> Recipients: [recipient(a)outsidedomain.tld]; Originator:
>> originator(a)mydomain.tld; Sender: originator(a)mydomain.tld; Remote
>> address: 192.168.xxx.xxx; Subject: test DLP again; Message-ID:
>> <aa65fc19-1484-c5b8-dd55-86b8b5cc8860(a)deeztek.com>om>;
>> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] 21 Oct
>> 2016 17:21:22 | INFO Subject filter is disabled for the sender;
>> MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipie
>> nts: [recipient(a)outsidedomain.tld]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
>>
>> 21 Oct 2016 17:21:22 | INFO To external recipient(s); MailID:
>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients:
>> [recipient(a)outsidedomain.tld]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
>>
>> 21 Oct 2016 17:21:22 | INFO DLP is disabled for the recipient(s);
>> MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d;
>> Recipients: [recipient(a)outsidedomain.tld]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
>>
>> 21 Oct 2016 17:21:22 | INFO "force encrypt header trigger" is
>> disabled for the sender; MailID:
>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients:
>> [recipient(a)outsidedomain.tld]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
>>
>> 21 Oct 2016 17:21:22 | INFO "encrypt mode" is "no encryption"
for
>> the sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d;
>> Recipients: [recipient(a)outsidedomain.tld]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
>>
>> 21 Oct 2016 17:21:22 | INFO Force signing header not allowed for
>> sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d;
>> Recipients: [recipient(a)outsidedomain.tld]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
>>
>> 21 Oct 2016 17:21:22 | INFO "sign subject trigger" is disabled for
>> the sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d;
>> Recipients: [recipient(a)outsidedomain.tld]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
>>
>> 21 Oct 2016 17:21:22 | INFO "only sign when encrypt" is enabled for
>> the sender. Signing will be skipped; MailID:
>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients:
>> [recipient(a)outsidedomain.tld]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
>>
>> 21 Oct 2016 17:21:22 | INFO Message handling is finished. Sending to
>> final recipient(s); MailID:
>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients:
>> [recipient(a)outsidedomain.tld]; Originator:
>> originator(a)mydomain.tld; Sender: originator(a)mydomain.tld; Remote
>> address: 192.168.xxx.xxx; Subject: test DLP again; Message-ID:
>> <aa65fc19-1484-c5b8-dd55-86b8b5cc8860(a)deeztek.com>om>;
>> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
>>
>> Thanks in advance
> _______________________________________________
>> Users mailing list Users(a)lists.djigzo.com
>>
https://lists.djigzo.com/lists/listinfo/users
>>
>
>
> -- CipherMail email encryption
>
> Email encryption with support for S/MIME, OpenPGP, PDF encryption and
> secure webmail pull.
>
>
https://www.ciphermail.com
>
> Twitter:
http://twitter.com/CipherMail
>
> -- CipherMail email encryption
>
> Email encryption with support for S/MIME, OpenPGP, PDF encryption and
> secure webmail pull.
>
>
https://www.ciphermail.com
>
> Twitter:
http://twitter.com/CipherMail
> _______________________________________________ Users
mailing list
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter:
http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users