OUTGOING MAIL POLICY FOR DLP POLICY CAUSES CRES TO STOP WORKING

Answered Question
Apr 1st, 2014
User Badges:

I have created 10 policies using DLP policy manager. Created a content filter with 3 conditions and 1 action. Up until here it is configured correctly. Its when i create outgoing mail policy when things with cres cease to work.

 

I create 2 outgoing mail policies both below the encryption policy but above the default policy. The first is a policy with anti spam disabled, anti virus as all deliver, content filter as the new content filter name and the rest as disabled.

 

The second policy is where the dlp is implemented, again anti spam as disabled anti virus as above, content filter contains both content filters the one old one new and dlp ive assigned all the dlp policies created dlp policy manager,

 

The dlp policy works as it should be but prevents the cres from working. As soon as both outgoing mail policies are removed the cres works!!

The position of outgoing mail are correct. The test emails for cres are not case sensitive.

 

The content filter contains regex of (?!)\[Secure]\.*    The other actions are open and closed brackets.

 

 

 

Correct Answer by Jacqueline Fleming about 3 years 4 months ago

  

I understand that once you create Outgoing Mail Policies, the Filters that handle CRES encryption based on Subject tagging stop working.  I also noted that you describe each feature as being on a different Outgoing Mail Policy, i.e.:

 

1 Encryption only

2 DLP only

 

I suspect the issue is related to which Outgoing Mail Policy is being matched for each message.  You see, it is a 'first match wins' style table.  I'll elaborate with an example:

 

1 User Group A has CRES Filter + 5 DLP Policies tailored for User Group A

2 User Group B has CRES Filter + 5 DLP Policies tailored for User Group B

 

- If Sender's address is declared in User Group A, User Group B will never be evaluated even if Recipients are in User Group B.

- If all Recipients are in User Group A, the settings for User Group B will be used even if the Sender is declared there.

- If an email is sent to Recipients from each group, the email will be split into two copies.  One copy will be processed based on Group A's configuration and sent to the Recipients on User Group A.  The other copy will use the settings for User Group B and deliver only to User Group B's matching Recipients.

 

The main takeaway for your specific situation is that the CRES Filter will only run if the email matches the policy where the CRES Filter is enabled.  I suggest checking which Outgoing Mail Policy was used on some emails that were missed and then see if that policy has the CRES Filter enabled.  You can check which policy was actually used by searching Tracking or the mail_logs to get message details.  Here is more info on that:

 

http://tools.cisco.com/squish/B23C7

 

I hope this helps! :)

 

- Jackie

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jacqueline Fleming Tue, 04/01/2014 - 16:21
User Badges:
  • Cisco Employee,

  

I understand that once you create Outgoing Mail Policies, the Filters that handle CRES encryption based on Subject tagging stop working.  I also noted that you describe each feature as being on a different Outgoing Mail Policy, i.e.:

 

1 Encryption only

2 DLP only

 

I suspect the issue is related to which Outgoing Mail Policy is being matched for each message.  You see, it is a 'first match wins' style table.  I'll elaborate with an example:

 

1 User Group A has CRES Filter + 5 DLP Policies tailored for User Group A

2 User Group B has CRES Filter + 5 DLP Policies tailored for User Group B

 

- If Sender's address is declared in User Group A, User Group B will never be evaluated even if Recipients are in User Group B.

- If all Recipients are in User Group A, the settings for User Group B will be used even if the Sender is declared there.

- If an email is sent to Recipients from each group, the email will be split into two copies.  One copy will be processed based on Group A's configuration and sent to the Recipients on User Group A.  The other copy will use the settings for User Group B and deliver only to User Group B's matching Recipients.

 

The main takeaway for your specific situation is that the CRES Filter will only run if the email matches the policy where the CRES Filter is enabled.  I suggest checking which Outgoing Mail Policy was used on some emails that were missed and then see if that policy has the CRES Filter enabled.  You can check which policy was actually used by searching Tracking or the mail_logs to get message details.  Here is more info on that:

 

http://tools.cisco.com/squish/B23C7

 

I hope this helps! :)

 

- Jackie

Actions

This Discussion