DLP regex (Martijn Brinkers)

Gateway
1

Hi Martijn,

···

Am 13.04.18 um 12:00 schrieb users-request(a)lists.djigzo.com:

The DLP patterns are a sender only property. That means that only the
DLP patterns configured for the sender are taking into account. The main
reason this was designed to be a sender only setting is that it's
unclear how to handle recipient specific DLP rules if there are multiple
recipients of a message. You can configure the DLP rule for the sender.
However that means that if the message is sent to some other domain by
that sender that the DLP fires as well. If you do not want that you can
disable DLP checking by default for all domains and only enable it for
the sender and recipient domain you want the rule for. You might get
more flexibility by editing the xml mail flow file though.

thanks for your answer; but this wasn't my question :wink:

my question was: I'm looking for a way that will drop the delivery for
outgoing mails NOT having the word 'redfox:' in the body, something like
a inverted badword. Is there something in place to build a rule like this?

best regards
René

2

This is not support out of the box. However by modifying dlp.xml you
might be able to get what you need.

dlp.xml describes the steps for DLP scanning.

The SenderRegExpPolicyChecker mailet checks the DLP policy and depending
on which policy is violated, the email will be handled by the next steps.

<mailet match="All" class="SenderRegExpPolicyChecker">
     <log> DLP checking the message </log>
     <warnProcessor> dlp-warn </warnProcessor>
     <mustEncryptProcessor> dlp-must-encrypt </mustEncryptProcessor>
     <quarantineProcessor> dlp-quarantine </quarantineProcessor>
     <blockProcessor> dlp-block </blockProcessor>
     <errorProcessor> dlp-error </errorProcessor>
     <delayEvaluationProcessor> dlp-delayed-evaluation
</delayEvaluationProcessor>
</mailet>

If no policy is violated, the flow "falls through" and the next step
will be the post-dlp processor.

<!-- no policy was violated -->
<mailet match="All" class="GotoProcessor">
     <processor> post-dlp </processor>
</mailet>

If you change post-dlp to for example dlp-block, the end result will be
that if no DLP rule is violated, the message will be blocked. You can
change this to whatever behavior your want.

Kind regards,

Martijn Brinkers

···

On 13-04-18 14:01, René Sasse via Users wrote:

Hi Martijn,

Am 13.04.18 um 12:00 schrieb users-request(a)lists.djigzo.com:

The DLP patterns are a sender only property. That means that only the
DLP patterns configured for the sender are taking into account. The main
reason this was designed to be a sender only setting is that it's
unclear how to handle recipient specific DLP rules if there are multiple
recipients of a message. You can configure the DLP rule for the sender.
However that means that if the message is sent to some other domain by
that sender that the DLP fires as well. If you do not want that you can
disable DLP checking by default for all domains and only enable it for
the sender and recipient domain you want the rule for. You might get
more flexibility by editing the xml mail flow file though.

thanks for your answer; but this wasn't my question :wink:

my question was: I'm looking for a way that will drop the delivery for
outgoing mails NOT having the word 'redfox:' in the body, something like
a inverted badword. Is there something in place to build a rule like this?

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

Twitter: http://twitter.com/CipherMail