Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 17 subscribers
  • Views 7895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP violation

Stephen Stern

Emails keep getting quartered in under DLP violation, however the file is not in the policy! Support haven't come back to me in weeks and seem to ignore my emails.

 

Any ideas ?

 
Policy:
Base Policy
Rule:
Attachment file types (Inbound)
Category:
Attachment file types
 
  • smime.p7s:
    • Certificates

     



Added tags
[edited by: Raphael Alganes at 7:34 AM (GMT -7) on 24 May 2023]
  • 0

    Could be related to the DLP Policy (Sophos recommended files)? Because this Policy will actually hit on S/MIME Signed Emails.

    As you know, a S/MIME Email will have a certificate attached to it. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes, turns out the Sophos knows about the issue with default policy including the extension, but their document/KB which states which extensions it blocks doesn't state it as one of them.

    Using a custom policy list and unticking certificates category may have resolved it.

Unfiltered HTML