On 10/22/2016 12:09 PM, Dino Edwards wrote: > I'm guessing I can enable DLP and assign patterns on the domain level > instead of just a sender level. It seems I got a little further, I > can get it to quarantine test SSN messages but now EVERY outgoing > email is quarantined by the DLP whether it contains an SSN or not. I > must be missing something
The problem with a SSN is that it has no structure other than being a nine-digit number. So if for whatever reason your email contains a nine-digit number, the DLP engine flags this number as a SSN. Unfortunately the only solution to this problem is to modify the SSN reg exp to only match if there is some other text around the number (for example the word social, ssn or whatever). The DLP engine should send a warning (if configured) to report which number was detected. By using the "extract text" tool (admin -> other -> extract text) you can see what text the DLP actually sees while scanning (you need to upload a complete MIME formatted email). Kind regards, Martijn Brinkers >> -----Original Message----- From: users-boun...@lists.djigzo.com >> [mailto:users- boun...@lists.djigzo.com] On Behalf Of Martijn >> Brinkers Sent: Friday, October 21, 2016 5:58 PM To: >> users@lists.djigzo.com Subject: Re: [Djigzo users] DLP not working >> >> >> On 10/21/2016 11:37 PM, Dino Edwards wrote: >>> Trying to get DLP to work. Enabled DLP for the domain, imported >>> patterns from the website and sent a test email with a test >>> social security number. The email gets delivered to its >>> destination. I get the following in the MPA log. What stands out >>> the is the line that says DLP is disabled for recipient. I didn't >>> think I had to configure the recipient for DLP. >> >> See figure 100 (MPA mail flow for DLP) from the administration >> guide: >> >> https://www.ciphermail.com/documents/html/administration-guide/#pf77 >> >> >> If DLP is not enabled ("Enable pattern scanning" option) for the recipient >> and/or sender, DLP is skipped. You need to enabled DLP on global >> level. The DLP patterns should only be defined for the sender. The >> reason why DLP should be enabled for sender and recipient is that >> it provides the greatest flexibility. >> >> Kind regards, >> >> Martijn Brinkers >> >> >>> INFO incoming; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; >>> Recipients: [recipi...@outsidedomain.tld]; Originator: >>> origina...@mydomain.tld; Sender: origina...@mydomain.tld; Remote >>> address: 192.168.xxx.xxx; Subject: test DLP again; Message-ID: >>> <aa65fc19-1484-c5b8-dd55-86b8b5cc8...@deeztek.com>; >>> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] 21 >>> Oct 2016 17:21:22 | INFO Subject filter is disabled for the >>> sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipie >>> nts: [recipi...@outsidedomain.tld] >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread >>> #0] >>> >>> 21 Oct 2016 17:21:22 | INFO To external recipient(s); MailID: >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: >>> [recipi...@outsidedomain.tld] >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread >>> #0] >>> >>> 21 Oct 2016 17:21:22 | INFO DLP is disabled for the >>> recipient(s); MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; >>> Recipients: [recipi...@outsidedomain.tld] >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread >>> #0] >>> >>> 21 Oct 2016 17:21:22 | INFO "force encrypt header trigger" is >>> disabled for the sender; MailID: >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: >>> [recipi...@outsidedomain.tld] >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread >>> #0] >>> >>> 21 Oct 2016 17:21:22 | INFO "encrypt mode" is "no encryption" for >>> the sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; >>> Recipients: [recipi...@outsidedomain.tld] >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread >>> #0] >>> >>> 21 Oct 2016 17:21:22 | INFO Force signing header not allowed for >>> sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; >>> Recipients: [recipi...@outsidedomain.tld] >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread >>> #0] >>> >>> 21 Oct 2016 17:21:22 | INFO "sign subject trigger" is disabled >>> for the sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; >>> Recipients: [recipi...@outsidedomain.tld] >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread >>> #0] >>> >>> 21 Oct 2016 17:21:22 | INFO "only sign when encrypt" is enabled >>> for the sender. Signing will be skipped; MailID: >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: >>> [recipi...@outsidedomain.tld] >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread >>> #0] >>> >>> 21 Oct 2016 17:21:22 | INFO Message handling is finished. Sending >>> to final recipient(s); MailID: >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: >>> [recipi...@outsidedomain.tld]; Originator: >>> origina...@mydomain.tld; Sender: origina...@mydomain.tld; Remote >>> address: 192.168.xxx.xxx; Subject: test DLP again; Message-ID: >>> <aa65fc19-1484-c5b8-dd55-86b8b5cc8...@deeztek.com>; >>> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] >>> >>> Thanks in advance >> _______________________________________________ >>> Users mailing list Users@lists.djigzo.com >>> https://lists.djigzo.com/lists/listinfo/users >>> >> >> >> -- CipherMail email encryption >> >> Email encryption with support for S/MIME, OpenPGP, PDF encryption >> and secure webmail pull. >> >> https://www.ciphermail.com >> >> Twitter: http://twitter.com/CipherMail >> >> -- CipherMail email encryption >> >> Email encryption with support for S/MIME, OpenPGP, PDF encryption >> and secure webmail pull. >> >> https://www.ciphermail.com >> >> Twitter: http://twitter.com/CipherMail >> _______________________________________________ Users mailing list >> Users@lists.djigzo.com >> https://lists.djigzo.com/lists/listinfo/users -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
