I just realized that it thinks the User-Agent in the header of the email is triggering the DLP:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 It triggers on the "20100101" part which is a bit odd since it's only a 8 digit number but nevertheless it's a regex issue like you said. I guess setting the threshold higher maybe a better solution. Now next problem is this. Even if I specify [encrypt] in the subject, the DLP still quarantines. How ould I configure DLP to allow encrypted outbound messages with SSNs in them? > -----Original Message----- > From: users-boun...@lists.djigzo.com [mailto:users- > boun...@lists.djigzo.com] On Behalf Of Martijn Brinkers > Sent: Saturday, October 22, 2016 6:17 AM > To: users@lists.djigzo.com > Subject: Re: [Djigzo users] DLP not working > > On 10/22/2016 12:09 PM, Dino Edwards wrote: > > I'm guessing I can enable DLP and assign patterns on the domain level > > instead of just a sender level. It seems I got a little further, I can > > get it to quarantine test SSN messages but now EVERY outgoing email is > > quarantined by the DLP whether it contains an SSN or not. I must be > > missing something > > The problem with a SSN is that it has no structure other than being a nine- > digit number. So if for whatever reason your email contains a nine-digit > number, the DLP engine flags this number as a SSN. > Unfortunately the only solution to this problem is to modify the SSN reg exp > to only match if there is some other text around the number (for example > the word social, ssn or whatever). The DLP engine should send a warning (if > configured) to report which number was detected. By using the "extract > text" tool (admin -> other -> extract text) you can see what text the DLP > actually sees while scanning (you need to upload a complete MIME > formatted email). > > Kind regards, > > Martijn Brinkers > > > > >> -----Original Message----- From: users-boun...@lists.djigzo.com > >> [mailto:users- boun...@lists.djigzo.com] On Behalf Of Martijn > >> Brinkers Sent: Friday, October 21, 2016 5:58 PM To: > >> users@lists.djigzo.com Subject: Re: [Djigzo users] DLP not working > >> > >> > >> On 10/21/2016 11:37 PM, Dino Edwards wrote: > >>> Trying to get DLP to work. Enabled DLP for the domain, imported > >>> patterns from the website and sent a test email with a test social > >>> security number. The email gets delivered to its destination. I get > >>> the following in the MPA log. What stands out the is the line that > >>> says DLP is disabled for recipient. I didn't think I had to > >>> configure the recipient for DLP. > >> > >> See figure 100 (MPA mail flow for DLP) from the administration > >> guide: > >> > >> https://www.ciphermail.com/documents/html/administration- > guide/#pf77 > >> > >> > >> > If DLP is not enabled ("Enable pattern scanning" option) for the recipient > >> and/or sender, DLP is skipped. You need to enabled DLP on global > >> level. The DLP patterns should only be defined for the sender. The > >> reason why DLP should be enabled for sender and recipient is that it > >> provides the greatest flexibility. > >> > >> Kind regards, > >> > >> Martijn Brinkers > >> > >> > >>> INFO incoming; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [recipi...@outsidedomain.tld]; Originator: > >>> origina...@mydomain.tld; Sender: origina...@mydomain.tld; Remote > >>> address: 192.168.xxx.xxx; Subject: test DLP again; Message-ID: > >>> <aa65fc19-1484-c5b8-dd55-86b8b5cc8...@deeztek.com>; > >>> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] 21 Oct > >>> 2016 17:21:22 | INFO Subject filter is disabled for the sender; > >>> MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipie > >>> nts: [recipi...@outsidedomain.tld] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO To external recipient(s); MailID: > >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: > >>> [recipi...@outsidedomain.tld] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO DLP is disabled for the recipient(s); > >>> MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [recipi...@outsidedomain.tld] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO "force encrypt header trigger" is > >>> disabled for the sender; MailID: > >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: > >>> [recipi...@outsidedomain.tld] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO "encrypt mode" is "no encryption" for > >>> the sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [recipi...@outsidedomain.tld] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO Force signing header not allowed for > >>> sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [recipi...@outsidedomain.tld] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO "sign subject trigger" is disabled for > >>> the sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [recipi...@outsidedomain.tld] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO "only sign when encrypt" is enabled for > >>> the sender. Signing will be skipped; MailID: > >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: > >>> [recipi...@outsidedomain.tld] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO Message handling is finished. Sending to > >>> final recipient(s); MailID: > >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: > >>> [recipi...@outsidedomain.tld]; Originator: > >>> origina...@mydomain.tld; Sender: origina...@mydomain.tld; Remote > >>> address: 192.168.xxx.xxx; Subject: test DLP again; Message-ID: > >>> <aa65fc19-1484-c5b8-dd55-86b8b5cc8...@deeztek.com>; > >>> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] > >>> > >>> Thanks in advance > >> _______________________________________________ > >>> Users mailing list Users@lists.djigzo.com > >>> https://lists.djigzo.com/lists/listinfo/users > >>> > >> > >> > >> -- CipherMail email encryption > >> > >> Email encryption with support for S/MIME, OpenPGP, PDF encryption and > >> secure webmail pull. > >> > >> https://www.ciphermail.com > >> > >> Twitter: http://twitter.com/CipherMail > >> > >> -- CipherMail email encryption > >> > >> Email encryption with support for S/MIME, OpenPGP, PDF encryption and > >> secure webmail pull. > >> > >> https://www.ciphermail.com > >> > >> Twitter: http://twitter.com/CipherMail > >> _______________________________________________ Users > mailing list > >> Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users > > > -- > CipherMail email encryption > > Email encryption with support for S/MIME, OpenPGP, PDF encryption and > secure webmail pull. > > https://www.ciphermail.com > > Twitter: http://twitter.com/CipherMail > _______________________________________________ > Users mailing list > Users@lists.djigzo.com > https://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
