DLP Violation smime.p7s Signature

Hi Guys,

our customer has the following issue with Sophos Central Mail 

Incoming mails are getting blocked due to DLP violations because of the file ending .p7s - which comes with the mail signatures.

If the customer accepts the mail the certificate gets invalid with the information the mail content had been changed.

Sometimes the customer as well gets error messages with outgoing mails due to the message "cannot verify signature".

I already read some community threads about some identical issues - there have been some information about a ongoing bug from sophos:



Are there any new information how to solve this problen and allow mails with the attachements ending .p7s?

thanks in advance

Kind regards


  • The issue is produced by the Sophos default DLP rule. This contains "certificates", which contains .cer . P7s is like a docx a more compact version of multiple files. Therefore the product uses a true file type detection and unpack this p7s, finding a cer in it and blocks it. 

    The only viable solution would be to build a own DLP rule and exclude cert as unwanted files. 


  • Hi LuCar,

    thank you for thois quick response.

    Well the customer checked the stuation with a own DLP rule and it is working 50% percent.

    The mails are coning to the mailbox but are shown as "not trustworthy"

    The bigger issue are the outbound mails, which are gping to be sent from the customer.

    I f he sents an email from his account/domain the message gets marked woth the informytion "

    WARNING – cannot verify signature“"

    or it gets mafked with the information "no trustworthy signature"

    Even with an outbound rule nothing changed

    any ideas?

    Thanks in advance

    Kind regards