Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 17 subscribers
  • Views 1761 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP Violation smime.p7s Signature

Christopher Rettig

Hi Guys,

our customer has the following issue with Sophos Central Mail 

Incoming mails are getting blocked due to DLP violations because of the file ending .p7s - which comes with the mail signatures.

If the customer accepts the mail the certificate gets invalid with the information the mail content had been changed.

Sometimes the customer as well gets error messages with outgoing mails due to the message "cannot verify signature".

I already read some community threads about some identical issues - there have been some information about a ongoing bug from sophos:

XGE-17869

XGE-15978

Are there any new information how to solve this problen and allow mails with the attachements ending .p7s?

thanks in advance

Kind regards

Christopher



Added tags
[edited by: Raphael Alganes at 7:46 AM (GMT -7) on 30 May 2023]
Parents
  • 0

    The issue is produced by the Sophos default DLP rule. This contains "certificates", which contains .cer . P7s is like a docx a more compact version of multiple files. Therefore the product uses a true file type detection and unpack this p7s, finding a cer in it and blocks it. 

    The only viable solution would be to build a own DLP rule and exclude cert as unwanted files. 

    __________________________________________________________________________________________________________________

Reply
  • 0

    The issue is produced by the Sophos default DLP rule. This contains "certificates", which contains .cer . P7s is like a docx a more compact version of multiple files. Therefore the product uses a true file type detection and unpack this p7s, finding a cer in it and blocks it. 

    The only viable solution would be to build a own DLP rule and exclude cert as unwanted files. 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    Hi LuCar,

    thank you for thois quick response.

    Well the customer checked the stuation with a own DLP rule and it is working 50% percent.

    The mails are coning to the mailbox but are shown as "not trustworthy"

    The bigger issue are the outbound mails, which are gping to be sent from the customer.

    I f he sents an email from his account/domain the message gets marked woth the informytion "

    WARNING – cannot verify signature“"

    or it gets mafked with the information "no trustworthy signature"

    Even with an outbound rule nothing changed

    any ideas?

    Thanks in advance

    Kind regards

    Christopher

Unfiltered HTML