I have SPX enabled on my UTM (9.4.x) and it's working great if I use the Custom Rule keyword that I setup, but it's not working correctly when I try and send a test email to check the functionality of the Sophos CCLs that I've selected. Below is a test email I sent that came through without encryption. I have "Banking routing numbers with qualifying terms [Global]" and "Social Security Numbers [USA]" both checked under the Sophos CCLs (along with several others), but it doesn't seem to work.
********************
Testing for things like SSN 123-45-6789 or Routing 052000113
********************
Headers:
Received: from BN6PR04MB1106.namprd04.prod.outlook.com (10.173.199.11) by
DM5PR04MB1117.namprd04.prod.outlook.com (10.173.172.151) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.218.12 via Mailbox Transport; Fri, 10 Nov 2017 16:17:16 +0000
Received: from BN3PR0401CA0017.namprd04.prod.outlook.com (10.162.159.155) by
BN6PR04MB1106.namprd04.prod.outlook.com (10.173.199.11) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.197.13; Fri, 10 Nov 2017 16:17:14 +0000
Received: from CO1NAM05FT048.eop-nam05.prod.protection.outlook.com
(2a01:111:f400:7e50::203) by BN3PR0401CA0017.outlook.office365.com
(2a01:111:e400:51d1::27) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.218.12 via Frontend
Transport; Fri, 10 Nov 2017 16:17:14 +0000
Authentication-Results: spf=pass (sender IP is xx.xx.xx.xx)
smtp.mailfrom=xxxxxxxxxxx.com; xxxxxxxxxxx.com; dkim=none (message
not signed) header.d=none;xxxxxxxxxxx.com; dmarc=pass action=none
header.from=xxxxxxxxxxx.com;
Received-SPF: Pass (protection.outlook.com: domain of xxxxxxxxxxx.com
designates xx.xx.xx.xx as permitted sender) receiver=protection.outlook.com;
client-ip=xx.xx.xx.xx; helo=asg.xxxxxxxxxxx.com;
Received: from asg.xxxxxxxxxxx.com (xx.xx.xx.xx) by
CO1NAM05FT048.mail.protection.outlook.com (10.152.96.163) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.218.12 via Frontend Transport; Fri, 10 Nov 2017 16:17:13 +0000
Received: from exch.xxxxxxxxxxx.local ([xx.xx.xx.xx]:53813 helo=mail.xxxxxxxxxxx.com)
by asg.xxxxxxxxxxx.com with esmtps (TLSv1.2:AES256-SHA:256)
(Exim 4.82_1-5b7a7c0-XX)
(envelope-from <nkodak@xxxxxxxxxxx.com>)
id 1eDBzQ-0007Yy-10
for nathan@xxxxxxxxxxx.com; Fri, 10 Nov 2017 11:17:08 -0500
Received: from EXCH.xxxxxxxxxxx.local (10.10.10.24) by
EXCH.xxxxxxxxxxx.local (xx.xx.xx.xx) with Microsoft SMTP Server
(TLS) id 15.0.1210.3; Fri, 10 Nov 2017 11:17:08 -0500
Received: from EXCH.xxxxxxxxxxx.local ([::1]) by
EXCH.xxxxxxxxxxx.local ([::1]) with mapi id 15.00.1210.000; Fri, 10
Nov 2017 11:17:08 -0500
From: Nathan Kodak <nkodak@xxxxxxxxxxx.com>
To: "nathan@xxxxxxxxxxx.com" <nathan@xxxxxxxxxxx.com>
Subject: Test for SPX
Thread-Topic: Test for SPX
Thread-Index: AQHTWj9aKUk6Mn1WjEyfENqxDV2KuQ==
Date: Fri, 10 Nov 2017 16:17:07 +0000
Message-ID: <cc68eee5ae1d4e2c9c99a90228e3b147@EXCH.xxxxxxxxxx.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [xx.xx.xx.xx]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Return-Path: nkodak@xxxxxxxxxxxxxx.com
This thread was automatically locked due to age.