I just realized that it thinks the User-Agent in the header of the email is triggering the DLP:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 It triggers on the "20100101" part which is a bit odd since it's only a 8 digit number but nevertheless it's a regex issue like you said. I guess setting the threshold higher maybe a better solution. Now next problem is this. Even if I specify [encrypt] in the subject, the DLP still quarantines. How ould I configure DLP to allow encrypted outbound messages with SSNs in them? > -----Original Message----- > From: [email protected] [mailto:users- > [email protected]] On Behalf Of Martijn Brinkers > Sent: Saturday, October 22, 2016 6:17 AM > To: [email protected] > Subject: Re: [Djigzo users] DLP not working > > On 10/22/2016 12:09 PM, Dino Edwards wrote: > > I'm guessing I can enable DLP and assign patterns on the domain level > > instead of just a sender level. It seems I got a little further, I can > > get it to quarantine test SSN messages but now EVERY outgoing email is > > quarantined by the DLP whether it contains an SSN or not. I must be > > missing something > > The problem with a SSN is that it has no structure other than being a nine- > digit number. So if for whatever reason your email contains a nine-digit > number, the DLP engine flags this number as a SSN. > Unfortunately the only solution to this problem is to modify the SSN reg exp > to only match if there is some other text around the number (for example > the word social, ssn or whatever). The DLP engine should send a warning (if > configured) to report which number was detected. By using the "extract > text" tool (admin -> other -> extract text) you can see what text the DLP > actually sees while scanning (you need to upload a complete MIME > formatted email). > > Kind regards, > > Martijn Brinkers > > > > >> -----Original Message----- From: [email protected] > >> [mailto:users- [email protected]] On Behalf Of Martijn > >> Brinkers Sent: Friday, October 21, 2016 5:58 PM To: > >> [email protected] Subject: Re: [Djigzo users] DLP not working > >> > >> > >> On 10/21/2016 11:37 PM, Dino Edwards wrote: > >>> Trying to get DLP to work. Enabled DLP for the domain, imported > >>> patterns from the website and sent a test email with a test social > >>> security number. The email gets delivered to its destination. I get > >>> the following in the MPA log. What stands out the is the line that > >>> says DLP is disabled for recipient. I didn't think I had to > >>> configure the recipient for DLP. > >> > >> See figure 100 (MPA mail flow for DLP) from the administration > >> guide: > >> > >> https://www.ciphermail.com/documents/html/administration- > guide/#pf77 > >> > >> > >> > If DLP is not enabled ("Enable pattern scanning" option) for the recipient > >> and/or sender, DLP is skipped. You need to enabled DLP on global > >> level. The DLP patterns should only be defined for the sender. The > >> reason why DLP should be enabled for sender and recipient is that it > >> provides the greatest flexibility. > >> > >> Kind regards, > >> > >> Martijn Brinkers > >> > >> > >>> INFO incoming; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [[email protected]]; Originator: > >>> [email protected]; Sender: [email protected]; Remote > >>> address: 192.168.xxx.xxx; Subject: test DLP again; Message-ID: > >>> <[email protected]>; > >>> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] 21 Oct > >>> 2016 17:21:22 | INFO Subject filter is disabled for the sender; > >>> MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipie > >>> nts: [[email protected]] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO To external recipient(s); MailID: > >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: > >>> [[email protected]] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO DLP is disabled for the recipient(s); > >>> MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [[email protected]] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO "force encrypt header trigger" is > >>> disabled for the sender; MailID: > >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: > >>> [[email protected]] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO "encrypt mode" is "no encryption" for > >>> the sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [[email protected]] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO Force signing header not allowed for > >>> sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [[email protected]] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO "sign subject trigger" is disabled for > >>> the sender; MailID: ed379da5-1e86-47f4-a227-5fa0d52a969d; > >>> Recipients: [[email protected]] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO "only sign when encrypt" is enabled for > >>> the sender. Signing will be skipped; MailID: > >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: > >>> [[email protected]] > >>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > >>> > >>> 21 Oct 2016 17:21:22 | INFO Message handling is finished. Sending to > >>> final recipient(s); MailID: > >>> ed379da5-1e86-47f4-a227-5fa0d52a969d; Recipients: > >>> [[email protected]]; Originator: > >>> [email protected]; Sender: [email protected]; Remote > >>> address: 192.168.xxx.xxx; Subject: test DLP again; Message-ID: > >>> <[email protected]>; > >>> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] > >>> > >>> Thanks in advance > >> _______________________________________________ > >>> Users mailing list [email protected] > >>> https://lists.djigzo.com/lists/listinfo/users > >>> > >> > >> > >> -- CipherMail email encryption > >> > >> Email encryption with support for S/MIME, OpenPGP, PDF encryption and > >> secure webmail pull. > >> > >> https://www.ciphermail.com > >> > >> Twitter: http://twitter.com/CipherMail > >> > >> -- CipherMail email encryption > >> > >> Email encryption with support for S/MIME, OpenPGP, PDF encryption and > >> secure webmail pull. > >> > >> https://www.ciphermail.com > >> > >> Twitter: http://twitter.com/CipherMail > >> _______________________________________________ Users > mailing list > >> [email protected] https://lists.djigzo.com/lists/listinfo/users > > > -- > CipherMail email encryption > > Email encryption with support for S/MIME, OpenPGP, PDF encryption and > secure webmail pull. > > https://www.ciphermail.com > > Twitter: http://twitter.com/CipherMail > _______________________________________________ > Users mailing list > [email protected] > https://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
