Community
Hello everyone,
Could anyone help me with how to configure Axigen with a McAfee DLP Prevent machine?
Axigen should send each email to the DLP Prevent machine that will put a header (X-RCIS-Action) and send it back to Axigen which depending on the type of header’s value will send that email or not (or any specific action).
I kept trying with the rules of Acceptance & Routing, but nothing functional came out.
Thank you!
Hello Vlad,
Please correct me if I have understood wrong the needed integration:
1/ Hosted accounts are sending authenticated messages via an Axigen server
2/ For external recipients, Axigen server will route authenticated messages to the DLP server
3/ DLP server will add a custom header and return the message to Axigen server
4/ Axigen will detect that the message is received from DLP server (based on specific conditions)
5/ Depending on the custom header content the message is rejected (with a custom explanation) or is delivered to the intended external recipient
BR,
Ioan
Hello Ioan,
All the best,
Vlad
Hello Vlad,
Thanks for above clarifications.
Based on them I’ll try to use some of our test instances to simulate this integration and come back with my findings.
Just to be sure that you will be able to test it - could you please confirm that you have access to a test Axigen instance and to the DLP service?
Or your question is just to have a preliminary answer from our side?
BR,
Ioan
Hello,
I confirm that I have access to both instances to test it (Axigen & DLP).
BR,
Vlad
Hello Vlad,
One more question: checking the How McAfee DLP Prevent protects email traffic from their guide could you please confirm that DLP service could be configured to send back the message to Axigen via an authenticated session (eg: with a dedicated user and password)?
I’m referring to step #3, more specifically to:
X-RCIS-Action header and sends the message to the configured Smart Host (MTA server).Please advice.
BR,
Ioan
Hello Ioan,
The DLP service can send the message back to Axigen through an authenticated session, but we currently use an unauthenticated session until the flow is successfully completed.
The first step that I hope to solve and that I can’t see in the logs as being successful is for Axigen to send each email to the DLP service. Even if I added to the “Outgoing delivery settings” the DLP machine’s IP that accepts sessions on port 25…
BR,
Vlad
Hello Vlad,
The mentioned task is quite simple if you define an advance routing rule with the action: Recipient > Recipient relay host = [<smtp_relay_ip>]
Note the square brackets that will prevent any unneeded DNS lookups when you enter an IP address instead of a hostname.
*** Long post from here - please bear with me ***
Now, I have made some tests for your requested setup (with an Axigen standalone installation) and here are my comments:
1/ the best option is to configure DLP to send back the message via an authenticated SMP session.
There are several causes like: automatic disabling checks for SPF, DNSBL, etc
So, let’s say you will create a dedicate user for DLP service - in my example I assumed it is called dlp.user@domain.tld
2/ you have to configure the relay logic via advance routing rules and processing the DLP header via a sieve filter as only here we have access to header’s content.
Assuming that your DLP service is running an SMTP service at 192.168.100.10 let’s configure the SMTP part:
WebAdmin > Security & Filtering > Acceptance & Routing > Advance Settings > Add new rule
Now, let’s made some manual changes to that rule in order to add some more conditions for the messages that should be relayed to the DLP service. For this please edit the filters/smtpFilters.script from Axigen working directory and identify + change the relay-to-DLP method like below:
method relay-to-DLP {
if (
allOf (
not (
is (authUser, "")
),
not (
isCase (mailFrom, "<>")
),
not (
is (authUser, "dlp.user@domain.tld")
)
)
) {
set (currentRcptRelayHost, "[192.168.100.10]");
}
}
After this change please restart Axigen service and from this moment all authenticated sessions that not belong to dlp.user@domain.tld will be routed to the DLP service, excluding the NDR messages that are send by will null sender.
Note: when manual changes are made into an advance routing rule please avoid further edits from WebAdmin as you will lose your previous changes
Let’s now continue with processing the header added by the DLP service. For this task please create a new file, called dlp.sieve, and place it in the filters sub-directory from Axigen working directory. The content of this file should be like:
require ["reject", "replace", "envelope", "vacation", "tagsubject", "body", "relational", "axidate", "addressbook", "restoremessage", "markmessage", "feature", "iConfirmation"];
##Filter id=11 name="DLP-BLOCK" enabled=1
if true {
if allof (
envelope :objecttype :contains ["From"] ["local"],
header :is ["X-RCIS-Action"] ["BLOCK"]
) {
reject "rejected by internal DLP policy";
stop;
}
}
##Filter id=12 name="DLP-QUAR" enabled=1
if true {
if allof (
envelope :objecttype :contains ["From"] ["local"],
header :is ["X-RCIS-Action"] ["QUAR"]
) {
quarantine "quarantined by internal DLP policy";
stop;
}
}
##Filter id=13 name="DLP-not-ALLOW" enabled=1
if true {
if allof (
envelope :objecttype :contains ["From"] ["local"],
header :contains ["X-RCIS-Action"] [""],
not header :is ["X-RCIS-Action"] ["ALLOW"]
) {
reject "unknown response from DLP service";
stop;
}
}
the scope being to take specific actions (reject or quarantine) only for messages sent by local hosted accounts.
After you create the new file please change the ownership to axigen user or double check that the mentioned user have read access to it.
In order to place this new sieve filter in the message processing flow please execute the following CLI commands:
config server
config filters
add scriptfilter name dlp file dlp.sieve
done
add ActiveFilter priority 10 filterName dlp filterType script
set applyOn (local relay)
done
commit
save config
quit
Just to be sure that the new filter is set correctly please check the output of the CLI list activefilters (from server-filters context) that should look similar with:
config server
config filters
list activefilters
The list of Active Filters:
priority | filterName | filterType
---------------------------------------
2 | AV:Tnef | socket
10 | dlp | script
195 | WASieveServer | script
My tests were made using Axigen WebMail interface and the flow was the expected one - in case this is not happening in your case or you like to made any changes please let us know (at one moment we may have to switch the discussion on the dedicated support channel but I’ll let you know if / when this is needed).
HTH,
Ioan
Hello Vlad,
When you get everything to work, would you mind if you’d share with our Community the steps you took to configure the McAfee Side? Ideally with some screenshots 
Thank you in advance.
Bogdan
Greetings,
I have followed your steps, but I tried to adapt to the McAfee’s requirements because:
Smart Host (Axigen) must support LOGIN mechanism for authentication on port 587
For emails received on port 587, the DLP appliance expects the inbound MTA to use LOGIN mechanism to provide the user name and password details. DLP appliance then connects to port 587 of the outbound MTA (Axigen). It then uses these logon credentials (via LOGIN mechanism) while delivering the email.
The authentication of user name and password sent by the inbound MTA typically happens in the Smart Host (Axigen) when the appliance delivers the email to the Smart Host. The DLP appliance doesn’t store the user name and password details.
So I opened as listeners 0.0.0.0:587 and ::: 587 and configured smtpFilters.script like this (I still believe that the parameters in the method WA_Routing_basic should belong to the relay-to-DLP rule).
method relay-to-DLP {
if (
allOf (
not (
is (authUser, "")
),
not (
isCase (mailFrom, "<>")
),
not (
is (authUser, "dlpadmin")
)
)
) {
set (currentRcptRelayHost, "[<DLP_IP>]");
}
}
method Check_DomainKeys_and_DKIM {
call (checkDomainKeys);
call (checkDKIM);
}
method WA_Routing_basic {
set (sslEnabled, "no");
set (authUser, "dlpadmin");
set (authPasswd, "dlpadmin");
set (plainConnAuthTypes, "login ");
set (secureConnAuthTypes, "login ");
set (allowStartTLS, "yes");
set (allowedSSLVersions, "tls11 tls12 tls13 ");
}
After this configuration no email can be sent with the following error:
Your message did not reach some or all of the intended recipients.
Subject: X
Sent: 18-Jun-21
The following recipient(s) cannot be reached:
'mail@domain.tld' on 18-Jun-21
552 Mail rejected by the processing module: <IP>: <mail@domain.tld>: Delivery not allowed to <domain>
I tried even without authentication as follows:
method relay-to-DLP {
if (
anyOf (
not ( ipRange (remoteSmtpIP, "<DLP_IP>")
)
)
) {
set (currentRcptRelayHost, "[<DLP_IP>]");
}
I am sure we can share this knowledge with the community.
Thank you for the guidance provided!
BR,
Vlad
Hello Vlad,
So, basically you are saying that Axigen should send the message to DLP via an authenticated session (on port 587) and DLP will use the same credentials when sending back the message (with the specific header added).
Please let us know if this is correct so the needed changes should be evaluated.
Thx,
Ioan
Hello Ioan,
Yes, the DLP service doesn’t store any auth credentials that’s why they don’t need to be added on its side. The auth is performed via Login mechanism on Smart Host.
BUT, we can avoid the session authentication for the moment, I just want to connect them initially. Possible security measures can be added after, I suppose 
Thank you!
Vlad
Hello Vlad,
After latest updates from your side I’ve made some more tests and below you will find two additional advance routing rules that have to be added. Before that, please remove your setup for “smart relay” as Axigen have to delivery the messages to DLP in a specific scenario and in all the other cases the messages have to be delivered locally / sent to the MX gateways of the recipient domain.
SMTP additional rules:
1/ Set authentication credentials when connecting to DLP service
relay-to-DLP-auth
[192.168.100.10]
dlp.user@domain.tld and password = dlp.password
2/ Allow sending authenticated messages with other sender (mail from) than the authenticated one
192.168.100.10
Lastly, in order to connect to DLP on port 587 please modify the relay-to-DLP action mentioned before from:
Recipient relay host = [192.168.100.10]
to:
Recipient relay host = [192.168.100.10]:587
Looking forward for your feedback.
BR,
Ioan
Hello Ioan,
I went through the additional steps suggested above, but it seems that authentication fails at some point (line 93) as can be seen in the following:
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: [<Axigen-IP>:25] connection accepted from [<gateway>:43302]
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 220 axigen.domain.tld Axigen ESMTP ready
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: << EHLO <Host_machine>
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Set remote delivery to all
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Set max data size to 10240 KB
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Set max received headers to 30
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Maximum recipient count set to 1000
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Wait for processing response at least 10 seconds
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: STARTTLS extension allowed
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: 8BIT MIME accepted
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: BINARY DATA extension allowed
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: PIPELINING extension allowed
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: DSN extension denied
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Set local delivery to all
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-axigen.domain.tld Axigen ESMTP hello
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-PIPELINING
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-8BITMIME
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-BINARYMIME
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-CHUNKING
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-SIZE 10485760
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-STARTTLS
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250-HELP
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250 OK
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: << AUTH DIGEST-MD5
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 334 <TOKEN>=
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: << SASL client response
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 334 <TOKEN>==
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: << SASL client response
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 235 Authentication successful
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: session from [<gateway>] authenticated by <user1@domain.tld>
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: << MAIL FROM: <user1@domain.tld>
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Created new queue item with id 0002CF92
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: SPF result for MAIL FROM <user1@domain.tld@domain.tld> issued from EHLO domain <<Host_machine>> connected from <<gateway>>: Pass (spfHeader = ''; spfExplanation = 'SPF pass for authenticated connection')
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250 Sender accepted
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: << RCPT TO: <user2@domain.tld>
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Set relay host name to <[192.168.100.10]:587>
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Change relay host for <user2@domain.tld> to <[192.168.100.10]:587>
2021-06-22 11:30:33 +0300 08 axigen SMTP-IN:00000014: Use relay host <[192.168.100.10]:587> for delivering mail 0002CF92 to <user2@domain.tld>
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 250 Recipient accepted
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: << DATA
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 354 Ready to receive data; remember <CRLF>.<CRLF>
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: << 2261 bytes and final dot read
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Shepherd thread received signal for processing
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> state to RECEIVED
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set mail state to PROCESSING
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Start processing mail
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> state to PROCESSING
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Start filter AV:Tnef of type socket filter from server
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Processing started
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Shepherd thread finished processing signal
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Filter AXI-TNEF(127.0.0.1:8888):[PASS]: pass - no changes
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Finished filtering mail object 02CF92 with filter: AV:Tnef of type socket filter from server
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> data version to 1
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> state to PROCESSING
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Start filter dlp of type script filter from server
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Keep requested for <user2@domain.tld>
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Finished filtering mail object 02CF92 with filter: dlp of type script filter from server
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> state to PROCESSING
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Start filter text appender
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Finished filtering mail object 02CF92 with filter: text appender
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> data version to 2
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> state to PROCESSING
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Start filter onProcessing event
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Finished filtering mail object 02CF92 with filter: onProcessing event
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> state to PROCESSING
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set recipient <user2@domain.tld> state to PROCESSED - RELAY
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set mail state to PROCESSED
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Processing finished
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Shepherd thread received signal for delivery
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Shepherd thread finished delivery signal
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Start mail delivery
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set mail state to SENDING
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Start remote delivery for 1 recipients in domain [192.168.100.10]
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Automatic migration relay for mail 02CF92 to [192.168.100.10]:587
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Use plain connection
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: STARTTLS extension allowed
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Allowed ssl versions set to: tls11 tls12 tls13
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set AUTH user to <dlpadmin>
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set AUTH password to *****
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Relay mail using default host: <[192.168.100.10]:587>
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Relay mail: add host 192.168.100.10 with priority 0
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Use 192.168.100.10 to relay mail 02CF92 for domain [192.168.100.10]
2021-06-22 11:30:33 +0300 08 axigen SMTP-OUT:00000003: Relay mail 02CF92: connecting to 192.168.100.10:587
2021-06-22 11:30:33 +0300 08 axigen SMTP-OUT:00000003: Relay mail 02CF92: connected to 192.168.100.10:587
2021-06-22 11:30:33 +0300 16 axigen SMTP-OUT:00000003: << 220 DLP-machine.domain.tld PVA/SMTP Ready.
2021-06-22 11:30:33 +0300 16 axigen SMTP-OUT:00000003: >> EHLO axigen.domain.tld
2021-06-22 11:30:33 +0300 16 axigen SMTP-OUT:00000003: << 250-Requested mail action okay, completed.
2021-06-22 11:30:33 +0300 16 axigen SMTP-OUT:00000003: << 250 AUTH LOGIN
2021-06-22 11:30:33 +0300 08 axigen SMTP-OUT:00000003: Start sending mail 02CF92
2021-06-22 11:30:33 +0300 16 axigen SMTP-OUT:00000003: >> MAIL FROM:<user1@domain.tld>
2021-06-22 11:30:33 +0300 16 axigen SMTP-OUT:00000003: << 530 Authentication required.
2021-06-22 11:30:33 +0300 08 axigen SMTP-OUT:00000003: Negative reply to MAIL command: Authentication required.
2021-06-22 11:30:33 +0300 08 axigen SMTP-OUT:00000003: Set recipient <user2@domain.tld> state to RELAY ERROR
2021-06-22 11:30:33 +0300 08 axigen SMTP-OUT:00000003: Delivery attempt completed for mail 02CF92; schedule for cleanup
2021-06-22 11:30:33 +0300 08 axigen SMTP-OUT:00000003: Set mail state to SENT
2021-06-22 11:30:33 +0300 16 axigen SMTP-OUT:00000003: >> QUIT
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Shepherd thread received signal for cleanup
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Mail removed from queue
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Set mail state to REMOVED
2021-06-22 11:30:33 +0300 04 axigen SMTP-IN:00000014: Reject mail <003801d76740$de0f46f0$9a2dd4d0$@domain.tld>: processing error (Authentication required.)
2021-06-22 11:30:33 +0300 16 axigen SMTP-IN:00000014: >> 552 Mail rejected by the processing module: Authentication required.
2021-06-22 11:30:33 +0300 16 axigen SMTP-OUT:00000003: << 221 Closing connection.
2021-06-22 11:30:33 +0300 08 axigen SMTP-OUT:00000003: Disconnected from 192.168.100.10
2021-06-22 11:30:33 +0300 08 axigen PROCESSING:0002CF92: Shepherd thread finished cleanup signal
2021-06-22 11:30:35 +0300 08 axigen JOBLOG:B000002D: user1+INBOX@domain.tld[headers]: Sort index update finished (1 inserts, 0 deletes, 0 updates, 27.137788 ms)
2021-06-22 11:30:36 +0300 08 axigen IMAP:00000016: [<Axigen-IP>:143] connection accepted from [<gateway>:60807]
2021-06-22 11:30:36 +0300 08 axigen IMAP:00000016: User [user1@domain.tld] successfully authorized!
2021-06-22 11:30:36 +0300 08 axigen JOBLOG:B0000041: user1+Sent@domain.tld[headers]: Sort index update finished (1 inserts, 0 deletes, 0 updates, 43.154857 ms)
2021-06-22 11:30:36 +0300 16 axigen SMTP-IN:00000014: << QUIT
2021-06-22 11:30:36 +0300 16 axigen SMTP-IN:00000014: >> 221-axigen.domain.tld Axigen ESMTP is closing connection
2021-06-22 11:30:36 +0300 16 axigen SMTP-IN:00000014: >> 221 Good bye
BR,
Vlad
Hello Vlad,
From the above log lines it is clear that Axigen is not sending the message to DLP using an authenticated session.
Could you please check sending a message via WebMail interface?
This is what I’ve used in my tests and I like to see if somehow it is different from receiving the original message via an authenticated SMTP session instead of the WebMail client.
BR,
Ioan
Hello Vlad,
Disregard my previous message as I think I’ve found the culprit.
Please add 2 new actions into relay-DLP-auth SMTP advanced routing rule as follows:
It looks like your DLP service is not using StartTLS (thus you will have a plain connection) and only support LOGIN type auth.
Please let us know if with this workaround all is routed fine. If this is the case than some security tweaks could be checks (like enforcing StartTLS on DLP side).
Looking forward for your feedback.
BR,
Ioan
Hello Ioan,
I managed to establish a functional connection between Axigen and the DLP service after some changes on Axigen and the deactivation of Authenticated Mail Submission on port 587 on the McAfee side.
The DLP service displays the incident that violated the policy and it also blocks that message by sending a mail to the sender with “552 Mail rejected by the processing module: : Mail rejected by the processing module: rejected by internal DLP policy”. Also, emails that do not violate the policy are allowed to pass and the X-RCIS-Action: ALLOW header is added.
I will also follow your last suggestions because a connection with a secure authentication is often preferable.
I keep you updated.
BR,
Vlad
Hello Ioan,
I can confirm to you that I have successfully made after your last suggestions, but with a few adjustments, a secure authentication and the transmission with the suite ECDHE-RSA-AES128-GCM-SHA256.
On this occasion I discovered several capabilities of the Axigen server which is very customizable!!
Thank you Ioan and good luck further!